. /////////////////////////////////////////////////////////////////////////////
.set previousversion "4.72"
-.set version "4.73"
+.set version "4.74"
.set ACL "access control lists (ACLs)"
.set I " "
<bookinfo>
<title>Specification of the Exim Mail Transfer Agent</title>
<titleabbrev>The Exim MTA</titleabbrev>
-<date>29 May 2010</date>
+<date>21 Jan 2011</date>
<author><firstname>Exim</firstname><surname>Maintainers</surname></author>
<authorinitials>EM</authorinitials>
<revhistory><revision>
- <revnumber>4.73</revnumber>
- <date>19 Nov 2010</date>
+ <revnumber>4.74</revnumber>
+ <date>21 Jan 2011</date>
<authorinitials>EM</authorinitials>
</revision></revhistory>
-<copyright><year>2009</year><holder>University of Cambridge</holder></copyright>
+<copyright><year>2011</year><holder>University of Cambridge</holder></copyright>
</bookinfo>
.literal off
directory containing certificate files. This does not work with GnuTLS; the
option must be set to the name of a single file if you are using GnuTLS.
+These certificates should be for the certificate authorities trusted, rather
+than the public cert of individual clients. With both OpenSSL and GnuTLS, if
+the value is a file then the certificates are sent by Exim as a server to
+connecting clients, defining the list of accepted certificate authorities.
+Thus the values defined should be considered public data. To avoid this,
+use OpenSSL with a directory.
+
.option tls_verify_hosts main "host list&!!" unset
.cindex "TLS" "client certificate verification"