projects / exim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 9196d5b)
Docs: add notes on library version limitations on OCSP stapling. Bug 1664
authorJeremy Harris <jgh146exb@wizmail.org>
Sun, 2 Aug 2015 13:33:56 +0000 (14:33 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Sun, 2 Aug 2015 13:33:56 +0000 (14:33 +0100)
doc/doc-docbook/spec.xfpt patch | blob | blame | history
doc/doc-txt/ChangeLog patch | blob | blame | history

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index e1eaf3f70e973613a2a165889f000cdd4751d340..69a810c0c5d7a8dfb3de88dde31c27ecdc58632c 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -16668,6 +16668,10 @@ must if set expand to the absolute path to a file which contains a current
 status proof for the server's certificate, as obtained from the
 Certificate Authority.
 
 status proof for the server's certificate, as obtained from the
 Certificate Authority.
 
+.new
+Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later).
+.wen
+
 
 .option tls_on_connect_ports main "string list" unset
 .cindex SSMTP
 
 .option tls_on_connect_ports main "string list" unset
 .cindex SSMTP
@@ -26754,7 +26758,9 @@ starts retrying to fetch an OCSP proof some time before its current
 proof expires.  The downside is that it requires server support.
 
 Unless Exim is built with the support disabled,
 proof expires.  The downside is that it requires server support.
 
 Unless Exim is built with the support disabled,
-or with GnuTLS earlier than version 3.1.3,
+.new
+or with GnuTLS earlier than version 3.3.16 / 3.4.8
+.wen
 support for OCSP stapling is included.
 
 There is a global option called &%tls_ocsp_file%&.
 support for OCSP stapling is included.
 
 There is a global option called &%tls_ocsp_file%&.
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 654361af1dba214b913f8b0a00d510e2ae8522ca..45eea03195aca4948c6c8209e3bb4b45c7514de4 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -4,6 +4,10 @@ Change log file for Exim from version 4.21
 
 Exim version 4.87
 -----------------
 
 Exim version 4.87
 -----------------
+JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
+      and 3.4.4 - once the server is enabled to respond to an OCSP request
+      it does even when not requested, resulting in a stapling non-aware
+      client dropping the TLS connection.
 
 
 Exim version 4.86
 
 
 Exim version 4.86
Unnamed repository; edit this file 'description' to name the repository.