Docs: add note on unusablility of must-staple certs by clients. Bug 2350

[users/jgh/exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index b2f9dccc07cc1ae4829fcd7a604af6f6e78e6a69..37ada7514fb783d15f9c219176f624210b20adfe 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -12759,6 +12759,16 @@ or if not set, the value of &$qualify_domain$&.
 .cindex queues named
 The name of the spool queue in use; empty for the default queue.
 
 .cindex queues named
 The name of the spool queue in use; empty for the default queue.
 

+.new
+.vitem &$r_...$&
+.vindex &$r_...$&
+.cindex router variables
+Values can be placed in these variables by the &%set%& option of a router.
+They can be given any name that starts with &$r_$&.
+The values persist for the address being handled through subsequent routers
+and the eventual transport.
+.wen
+

 .vitem &$rcpt_count$&
 .vindex "&$rcpt_count$&"
 When a message is being received by SMTP, this variable contains the number of
 .vitem &$rcpt_count$&
 .vindex "&$rcpt_count$&"
 When a message is being received by SMTP, this variable contains the number of


@@ -18078,6 +18088,10 @@ file = ${extract{mailbox}{$address_data}}
 This makes the configuration file less messy, and also reduces the number of
 lookups (though Exim does cache lookups).
 
 This makes the configuration file less messy, and also reduces the number of
 lookups (though Exim does cache lookups).
 

+.new
+See also the &%set%& option below.
+.wen
+

 .vindex "&$sender_address_data$&"
 .vindex "&$address_data$&"
 The &%address_data%& facility is also useful as a means of passing information
 .vindex "&$sender_address_data$&"
 .vindex "&$address_data$&"
 The &%address_data%& facility is also useful as a means of passing information


@@ -18992,6 +19006,33 @@ SMTP VRFY command is enabled, it must be used after MAIL if the sender address
 matters.
 
 
 matters.
 
 

+.new
+.option set routers "string list" unset
+.cindex router variables
+This option may be used multiple times on a router;
+because of this the list aspect is mostly irrelevant.
+The list separator is a colon but can be changed in the
+usual way.
+
+Each list-element given must be of the form $"name = value"$
+and the names used must start with the string &"r_"&.
+Values containing colons should either have them doubled, or
+the entire list should be prefixed with a list-separator change.
+When a router runs, the strings are evaluated in order,
+to create variables which are added to the set associated with
+the address.
+The variable is set with the expansion of the value.
+The variables can be used by the router options
+(not including any preconditions)
+and by the transport.
+Later definitions of a given named variable will override former ones.
+Varible use is via the usual &$r_...$& syntax.
+
+This is similar to the &%address_data%& option, except that
+many independent variables can be used, with choice of naming.
+.wen
+
+

 .option translate_ip_address routers string&!! unset
 .cindex "IP address" "translating"
 .cindex "packet radio"
 .option translate_ip_address routers string&!! unset
 .cindex "IP address" "translating"
 .cindex "packet radio"


@@ -28437,6 +28478,13 @@ transport provide the client with a certificate, which is passed to the server
 if it requests it. If the server is Exim, it will request a certificate only if
 &%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client.
 
 if it requests it. If the server is Exim, it will request a certificate only if
 &%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client.
 

+.new
+Do not use a certificate which has the OCSP-must-staple extension,
+for client use (they are usable for server use).
+As TLS has no means for the client to staple before TLS 1.3 it will result
+in failed connections.
+.wen
+

 If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it
 specifies a collection of expected server certificates.
 These may be
 If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it
 specifies a collection of expected server certificates.
 These may be