From: Heiko Schlittermann (HS12-RIPE) Date: Sat, 10 Oct 2020 16:56:50 +0000 (+0200) Subject: Docs: Mention issues with TLS client cert and Exim <= 4.85 X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/0694f91e89112483d7ffb8312471b132c2acce77?ds=inline Docs: Mention issues with TLS client cert and Exim <= 4.85 * cb1d783072c488a4a558607b2ee122efba95aa4b * 8c40856083f3a2e89350ab3aacfb95256fbadd9d > Author: Jeremy Harris > Date: Sun Nov 23 16:10:30 2014 +0000 > > Support use of system default CA bundle --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 74c9b083c..c865e111b 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -18489,7 +18489,9 @@ than the public cert of individual clients. With both OpenSSL and GnuTLS, if the value is a file then the certificates are sent by Exim as a server to connecting clients, defining the list of accepted certificate authorities. Thus the values defined should be considered public data. To avoid this, -use the explicit directory version. +use the explicit directory version. (If your peer is Exim up to 4.85, +using GnuTLS, you may need to send the CAs (thus using the file +variant). Otherwise the peer doesn't send its certificate.) See &<>& for discussion of when this option might be re-expanded.