https://bugs.exim.org/show_bug.cgi?id=1664
--- Comment #8 from Git Commit <[email protected]> --- Git commit: http://git.exim.org/exim.git/commitdiff/82d14d6a7ecbaf515d7feb30c351c92a4b429f43 commit 82d14d6a7ecbaf515d7feb30c351c92a4b429f43 Author: Jeremy Harris <[email protected]> AuthorDate: Sun Aug 2 14:33:56 2015 +0100 Commit: Jeremy Harris <[email protected]> CommitDate: Sun Aug 2 14:33:56 2015 +0100 Docs: add notes on library version limitations on OCSP stapling. Bug 1664 --- doc/doc-docbook/spec.xfpt | 8 +++++++- doc/doc-txt/ChangeLog | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e1eaf3f..69a810c 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -16668,6 +16668,10 @@ must if set expand to the absolute path to a file which contains a current status proof for the server's certificate, as obtained from the Certificate Authority. +.new +Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later). +.wen + .option tls_on_connect_ports main "string list" unset .cindex SSMTP @@ -26754,7 +26758,9 @@ starts retrying to fetch an OCSP proof some time before its current proof expires. The downside is that it requires server support. Unless Exim is built with the support disabled, -or with GnuTLS earlier than version 3.1.3, +.new +or with GnuTLS earlier than version 3.3.16 / 3.4.8 +.wen support for OCSP stapling is included. There is a global option called &%tls_ocsp_file%&. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 654361a..45eea03 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -4,6 +4,10 @@ Change log file for Exim from version 4.21 Exim version 4.87 ----------------- +JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16 + and 3.4.4 - once the server is enabled to respond to an OCSP request + it does even when not requested, resulting in a stapling non-aware + client dropping the TLS connection. Exim version 4.86 -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
