From dc4dc04e65b8011b9242c47099ab1f87f5143b3e Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 19 Mar 2014 20:14:24 +0000 Subject: [PATCH] Docs for transport tls_verify_hosts &c. --- doc/doc-docbook/spec.xfpt | 6 +++--- doc/doc-txt/ChangeLog | 1 - doc/doc-txt/NewStuff | 8 ++++---- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0f66180a2..8ddc3df51 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23030,7 +23030,7 @@ in clear. .option tls_try_verify_hosts smtp "host list&!! unset .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" -For OpenSSL only, this option gives a list of hosts for which, on encrypted connections, +This option gives a list of hosts for which, on encrypted connections, certificate verification will be tried but need not succeed. The &%tls_verify_certificates%& option must also be set. @@ -23049,7 +23049,7 @@ single file if you are using GnuTLS. The values of &$host$& and &$host_address$& are set to the name and address of the server during the expansion of this option. See chapter &<>& for details of TLS. -For back-compatability, or when GnuTLS is used, +For back-compatability, if neither tls_verify_hosts nor tls_try_verify_hosts are set and certificate verification fails the TLS connection is closed. @@ -23057,7 +23057,7 @@ and certificate verification fails the TLS connection is closed. .option tls_verify_hosts smtp "host list&!! unset .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" -For OpenSSL only, this option gives a list of hosts for which. on encrypted connections, +This option gives a list of hosts for which. on encrypted connections, certificate verification must succeed. The &%tls_verify_certificates%& option must also be set. If both this option and &%tls_try_verify_hosts%& are unset diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 25e153e36..974b9579c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -57,7 +57,6 @@ JH/06 Log outbound-TLS and port details, subject to log selectors, for a JH/07 Add malware type "sock" for talking to simple daemon. JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport. - OpenSSL only. JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in routers/transports under cutthrough routing. diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 95b4119d1..c168cf2a7 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -27,10 +27,10 @@ Version 4.83 and a second regex to extract malware_name. The mail spoofile name can be included in the command line. - 5. When built with OpenSSL the smtp transport now supports options - "tls_verify_hosts" and "tls_try_verify_hosts". If either is set the - certificate verification is split from the encryption operation. The - default remains that a failed verification cancels the encryption. + 5. The smtp transport now supports options "tls_verify_hosts" and + "tls_try_verify_hosts". If either is set the certificate verification + is split from the encryption operation. The default remains that a failed + verification cancels the encryption. Version 4.82 -- 2.25.1