https://bugs.exim.org/show_bug.cgi?id=2350
Git Commit <g...@exim.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |g...@exim.org --- Comment #8 from Git Commit <g...@exim.org> --- Git commit: https://git.exim.org/exim.git/commitdiff/e41242f9612adaedadd5f3607b202f32ca086b4f commit e41242f9612adaedadd5f3607b202f32ca086b4f Author: Jeremy Harris <jgh146...@wizmail.org> AuthorDate: Mon Jul 15 10:53:35 2019 +0100 Commit: Jeremy Harris <jgh146...@wizmail.org> CommitDate: Mon Jul 15 10:53:35 2019 +0100 Docs: add note on unusablility of must-staple certs by clients. Bug 2350 --- doc/doc-docbook/spec.xfpt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 5463cc1..37ada75 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -28478,6 +28478,13 @@ transport provide the client with a certificate, which is passed to the server if it requests it. If the server is Exim, it will request a certificate only if &%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. +.new +Do not use a certificate which has the OCSP-must-staple extension, +for client use (they are usable for server use). +As TLS has no means for the client to staple before TLS 1.3 it will result +in failed connections. +.wen + If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it specifies a collection of expected server certificates. These may be -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##