[exim-cvs] Docs: Mention issues with TLS client cert and Exi…

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Docs: Mention issues with TLS client cert and Exim <= 4.85
Gitweb: https://git.exim.org/exim.git/commitdiff/0694f91e89112483d7ffb8312471b132c2acce77
Commit:     0694f91e89112483d7ffb8312471b132c2acce77
Parent:     7e8793815bb43f97a022c6b71850206dbbd5d378
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Sat Oct 10 18:56:50 2020 +0200
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Sun Oct 11 11:10:55 2020 +0200


    Docs: Mention issues with TLS client cert and Exim <= 4.85


    * cb1d783072c488a4a558607b2ee122efba95aa4b
    * 8c40856083f3a2e89350ab3aacfb95256fbadd9d


    > Author: Jeremy Harris <jgh146exb@???>
    > Date:   Sun Nov 23 16:10:30 2014 +0000
    >
    >    Support use of system default CA bundle
---
 doc/doc-docbook/spec.xfpt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 74c9b08..c865e11 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -18489,7 +18489,9 @@ than the public cert of individual clients. With both OpenSSL and GnuTLS, if
the value is a file then the certificates are sent by Exim as a server to
connecting clients, defining the list of accepted certificate authorities.
Thus the values defined should be considered public data. To avoid this,
-use the explicit directory version.
+use the explicit directory version. (If your peer is Exim up to 4.85,
+using GnuTLS, you may need to send the CAs (thus using the file
+variant). Otherwise the peer doesn't send its certificate.)

See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.