[exim-cvs] Document $tls_in_ocsp, $tls_out_ocsp

Pàgina inicial
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
A: exim-cvs
Assumpte: [exim-cvs] Document $tls_in_ocsp, $tls_out_ocsp
Gitweb: http://git.exim.org/exim.git/commitdiff/a4b62fcfa0fc6c06d453ffbe0a6fb43788d41fa1
Commit:     a4b62fcfa0fc6c06d453ffbe0a6fb43788d41fa1
Parent:     8864c2c44f08ddca092d70135843fc69cd95f178
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Aug 4 14:55:55 2014 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Aug 4 15:21:23 2014 +0100


    Document $tls_in_ocsp, $tls_out_ocsp
---
 doc/doc-docbook/spec.xfpt |   24 ++++++++++++++++++++++++
 1 files changed, 24 insertions(+), 0 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 2a9b3ba..52c0f74 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -12421,6 +12421,26 @@ and then set to the outgoing cipher suite if one is negotiated. See chapter
&<<CHAPTLS>>& for details of TLS support and chapter &<<CHAPsmtptrans>>& for
details of the &(smtp)& transport.

+.new
+.vitem &$tls_in_ocsp$&
+.vindex "&$tls_in_ocsp$&"
+When a message is received from a remote client connection
+the result of any OCSP request from the client is encoded in this variable:
+.code
+0 OCSP proof was not requested (default value)
+1 No response to request
+2 Response not verified
+3 Verification failed
+4 Verification succeeded
+.endd
+
+.vitem &$tls_out_ocsp$&
+.vindex "&$tls_out_ocsp$&"
+When a message is sent to a remote host connection
+the result of any OCSP request made is encoded in this variable.
+See &$tls_in_ocsp$& for values.
+.wen
+
.vitem &$tls_in_peerdn$&
.vindex "&$tls_in_peerdn$&"
.vindex "&$tls_peerdn$&"
@@ -26247,6 +26267,10 @@ file named by &%tls_ocsp_file%&.
Note that the proof only covers the terminal server certificate,
not any of the chain from CA to it.

+.new
+There is no current way to staple a proof for a client certificate.
+.wen
+
.code
A helper script "ocsp_fetch.pl" for fetching a proof from a CA
OCSP server is supplied. The server URL may be included in the