.cindex "TLS" "server certificate; location of"
.cindex "certificate" "server, location of"
The value of this option is expanded, and must then be a list of absolute paths to
-files which contains the server's certificates. Commonly only one file is
-needed.
+files which contain the server's certificates (in PEM format).
+Commonly only one file is needed.
The server's private key is also
assumed to be in this file if &%tls_privatekey%& is unset. See chapter
&<<CHAPTLS>>& for further details.
Section &<<SECID136>>& contains further information.
+.new
+This option should not be used when other message-handling software
+may duplicate messages by making hardlinks to the files. When that is done Exim
+will count the message size once for each filename, in contrast with the actual
+disk usage. When the option is not set, calculating total usage requires
+a system-call per file to get the size; the number of links is then available also
+as is used to adjust the effective size.
+.wen
+
.option quota_warn_message appendfile string&!! "see below"
See below for the use of this option. If it is not set when
attacks in the string (&`../`& or SQL), and ensuring that a valid filename
can always be referenced; it is important to remember that &$tls_in_sni$& is
arbitrary unverified data provided prior to authentication.
-Further, the initial certificate is loaded before SNI is arrived, so
+Further, the initial certificate is loaded before SNI has arrived, so
an expansion for &%tls_certificate%& must have a default which is used
when &$tls_in_sni$& is empty.