From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Tue, 13 May 2014 14:38:14 +0000 (+0100)
Subject: Add doc notes on verifying self-signing hosts
X-Git-Tag: exim-4_83_RC1~25
X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/3faae4c075bd1054f3e199051f146d886c8abf0f?ds=sidebyside

Add doc notes on verifying self-signing hosts
---

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index e512f2b4a..03ec8980c 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -23266,6 +23266,11 @@ in clear.
 This option gives a list of hosts for which, on encrypted connections,
 certificate verification will be tried but need not succeed.
 The &%tls_verify_certificates%& option must also be set.
+Note that unless the host is in this list
+TLS connections will be denied to hosts using self-signed certificates
+when &%tls_verify_certificates%& is set.
+The &$tls_out_certificate_verified$& variable is set when
+certificate verification succeeds.
 
 
 .option tls_verify_certificates smtp string&!! unset