retitle 544472 clarify exim client TLS documentation severity 544472 minor thanks On 2009-09-01 Ivan Shmakov <[email protected]> wrote: [...] > However, the documentation is somewhat unclear on that matter:
> --cut: (exim4) Configuring an Exim client to use TLS -- > The `tls_certificate' and `tls_privatekey' options of the `smtp' > transport provide the client with a certificate, which is passed to the > server if it requests it. If the server is Exim, it will request a > certificate only if `tls_verify_hosts' or `tls_try_verify_hosts' > matches the client. *Note*: These options must be set in the `smtp' > transport for Exim to use TLS when it is operating as a client. Exim > does not assume that a server certificate (set by the global options of > the same name) should also be used when operating as a client. > If `tls_verify_certificates' is set, it must name a file or, for > OpenSSL only (not GnuTLS), a directory, that contains a collection of > expected server certificates. The client verifies the server's > certificate against this collection, taking into account any revoked > certificates that are in the list defined by `tls_crl'. > --cut: (exim4) Configuring an Exim client to use TLS -- > Since it's noted explicitly in the fragment above that the > `tls_certificate' and `tls_privatekey' options are to be set for > the transport, the lack of such a notice for > `tls_verify_certificates' made me assume that it's the global > option that's mentioned here. > Could this bug thus be reassigned to the documentation (or the > source?) with the severity downgraded (and probably retitled)? Hello, thank you for the pointer. I have made a preliminary patch and have forwarded this upstream to <http://bugs.exim.org/show_bug.cgi?id=888>. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
