On 2012-06-02 08:16, Phil Pennock wrote:
On the other hand the secondary feature (use of TLS by verify-callouts) *will* activate automatically.Please not unless specifically requested: TLS is quite heavy and that adds to the verify burden. Can you make this something that has to be enabled, either by "verify_tls" on the transports, or a flag on the ACL control modifier?
OK, I'll add a switch, defaulting "off". Because of the interaction between "pure" verify callouts and cutthrough deliveries neither the new control= nor the verify= really feels like the right place. I'll put it on the transport for now; can always move it later.
Did this help at all? Would it help if I did something similar for OpenSSL? We're 1/4 of the way there already, with the "callback" data structure used for SNI.
Keeping up with you has been a major effort :) There may be some tidying needed after I merge.
I favour $tls_in_* and $tls_out_* and keep the existing names, resetting as appropriate. Mark the existing names deprecated and state that we're likely to remove them in, say, Exim 5.
OK. -- Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
