From: Jeremy Harris Date: Sat, 2 Dec 2017 20:10:18 +0000 (+0000) Subject: Docs: add notes on lack of multiple-OCSP-proof support X-Git-Tag: exim-4_90_RC4~6 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=be9f79c9eb112904d53840958f9f97019136a640;p=exim.git Docs: add notes on lack of multiple-OCSP-proof support This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e3ac7f3b9..285849122 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17138,6 +17138,8 @@ separator in the usual way to avoid confusion under IPv6. &*Note*&: Under current versions of OpenSSL, when a list of more than one file is used, the &$tls_in_ourcert$& veriable is unreliable. + +&*Note*&: OCSP stapling is not usable when a list of more than one file is used. .wen If the option contains &$tls_out_sni$& and Exim is built against OpenSSL, then @@ -17279,6 +17281,11 @@ Certificate Authority. Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later). +.new +&*Note*&: There is currently no support for multiple OCSP proofs to match the +multiple certificates facility. +.wen + .option tls_on_connect_ports main "string list" unset .cindex SSMTP