From 9a5562015d6bac81e5f25351e2e6728b83f287f7 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 2 Dec 2017 20:10:18 +0000 Subject: [PATCH] Docs: add notes on lack of multiple-OCSP-proof support This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation --- doc/doc-docbook/spec.xfpt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e3ac7f3b9..285849122 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17138,6 +17138,8 @@ separator in the usual way to avoid confusion under IPv6. &*Note*&: Under current versions of OpenSSL, when a list of more than one file is used, the &$tls_in_ourcert$& veriable is unreliable. + +&*Note*&: OCSP stapling is not usable when a list of more than one file is used. .wen If the option contains &$tls_out_sni$& and Exim is built against OpenSSL, then @@ -17279,6 +17281,11 @@ Certificate Authority. Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later). +.new +&*Note*&: There is currently no support for multiple OCSP proofs to match the +multiple certificates facility. +.wen + .option tls_on_connect_ports main "string list" unset .cindex SSMTP -- 2.30.2