From 0f9d3f8ba8cf8b559b74ba9166d8a436498651b4 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 12 Apr 2018 16:55:42 +0100 Subject: [PATCH] Docs: add known broken-version info for OpenSSL behavior --- doc/doc-docbook/spec.xfpt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 562fb09e4..d8f1573c9 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -12997,7 +12997,8 @@ It is only useful as the argument of a &%certextract%& expansion item, &%md5%&, &%sha1%& or &%sha256%& operator, or a &%def%& condition. -&*Note*&: Under current versions of OpenSSL, when a list of more than one +&*Note*&: Under versions of OpenSSL preceding 1.1.1, +when a list of more than one file is used for &%tls_certificate%&, this variable is not reliable. .vitem &$tls_in_peercert$& @@ -17237,7 +17238,8 @@ option in the relevant &(smtp)& transport. &*Note*&: If you use filenames based on IP addresses, change the list separator in the usual way to avoid confusion under IPv6. -&*Note*&: Under current versions of OpenSSL, when a list of more than one +&*Note*&: Under versions of OpenSSL preceding 1.1.1, +when a list of more than one file is used, the &$tls_in_ourcert$& variable is unreliable. &*Note*&: OCSP stapling is not usable under OpenSSL -- 2.25.1