The next two lines are concerned with &'ident'& callbacks, as defined by RFC
1413 (hence their names):
+.new
.code
rfc1413_hosts = *
rfc1413_query_timeout = 0s
.endd
+.wen
These settings cause Exim to avoid ident callbacks for all incoming SMTP calls.
Few hosts offer RFC1413 service these days; calls have to be
terminated by a timeout and this needlessly delays the startup
&<<CHAPTLS>>& for details of TLS support and chapter &<<CHAPsmtptrans>>& for
details of the &(smtp)& transport.
+.new
+.vitem &$tls_in_ocsp$&
+.vindex "&$tls_in_ocsp$&"
+When a message is received from a remote client connection
+the result of any OCSP request from the client is encoded in this variable:
+.code
+0 OCSP proof was not requested (default value)
+1 No response to request
+2 Response not verified
+3 Verification failed
+4 Verification succeeded
+.endd
+
+.vitem &$tls_out_ocsp$&
+.vindex "&$tls_out_ocsp$&"
+When a message is sent to a remote host connection
+the result of any OCSP request made is encoded in this variable.
+See &$tls_in_ocsp$& for values.
+.wen
+
.vitem &$tls_in_peerdn$&
.vindex "&$tls_in_peerdn$&"
.vindex "&$tls_peerdn$&"
.scindex IIDdcotauth2 "authenticators" "&(dovecot)&"
This authenticator is an interface to the authentication facility of the
Dovecot POP/IMAP server, which can support a number of authentication methods.
+.new
+Note that Dovecot must be configured to use auth-client not auth-userdb.
+.wen
If you are using Dovecot to authenticate POP/IMAP clients, it might be helpful
to use the same mechanisms for SMTP authentication. This is a server
authenticator only. There is only one option:
Note that the proof only covers the terminal server certificate,
not any of the chain from CA to it.
+.new
+There is no current way to staple a proof for a client certificate.
+.wen
+
.code
A helper script "ocsp_fetch.pl" for fetching a proof from a CA
OCSP server is supplied. The server URL may be included in the
git://git.exim.org / users / jgh / exim.git / blobdiff