[exim-cvs] Docs for transport tls_verify_hosts &c.

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Docs for transport tls_verify_hosts &c.
Gitweb: http://git.exim.org/exim.git/commitdiff/dc4dc04e65b8011b9242c47099ab1f87f5143b3e
Commit:     dc4dc04e65b8011b9242c47099ab1f87f5143b3e
Parent:     52f93eed9f96e1630b181857289d5f2423f55cd7
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Mar 19 20:14:24 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Mar 19 20:14:24 2014 +0000


    Docs for transport tls_verify_hosts &c.
---
 doc/doc-docbook/spec.xfpt |    6 +++---
 doc/doc-txt/ChangeLog     |    1 -
 doc/doc-txt/NewStuff      |    8 ++++----
 3 files changed, 7 insertions(+), 8 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0f66180..8ddc3df 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -23030,7 +23030,7 @@ in clear.
.option tls_try_verify_hosts smtp "host list&!! unset
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
-For OpenSSL only, this option gives a list of hosts for which, on encrypted connections,
+This option gives a list of hosts for which, on encrypted connections,
certificate verification will be tried but need not succeed.
The &%tls_verify_certificates%& option must also be set.

@@ -23049,7 +23049,7 @@ single file if you are using GnuTLS. The values of &$host$& and
&$host_address$& are set to the name and address of the server during the
expansion of this option. See chapter &<<CHAPTLS>>& for details of TLS.

-For back-compatability, or when GnuTLS is used,
+For back-compatability,
if neither tls_verify_hosts nor tls_try_verify_hosts are set
and certificate verification fails the TLS connection is closed.

@@ -23057,7 +23057,7 @@ and certificate verification fails the TLS connection is closed.
.option tls_verify_hosts smtp "host list&!! unset
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
-For OpenSSL only, this option gives a list of hosts for which. on encrypted connections,
+This option gives a list of hosts for which. on encrypted connections,
certificate verification must succeed.
The &%tls_verify_certificates%& option must also be set.
If both this option and &%tls_try_verify_hosts%& are unset
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 25e153e..974b957 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -57,7 +57,6 @@ JH/06 Log outbound-TLS and port details, subject to log selectors, for a
JH/07 Add malware type "sock" for talking to simple daemon.

 JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
-      OpenSSL only.


 JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
       routers/transports under cutthrough routing.
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 95b4119..c168cf2 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -27,10 +27,10 @@ Version 4.83
     and a second regex to extract malware_name.  The mail spoofile name can
     be included in the command line.


- 5. When built with OpenSSL the smtp transport now supports options
-    "tls_verify_hosts" and "tls_try_verify_hosts".  If either is set the
-    certificate verification is split from the encryption operation. The
-    default remains that a failed verification cancels the encryption.
+ 5. The smtp transport now supports options "tls_verify_hosts" and
+    "tls_try_verify_hosts".  If either is set the certificate verification
+    is split from the encryption operation. The default remains that a failed
+    verification cancels the encryption.



Version 4.82