Mailing List Archive

[Bug 2350] OCSP stapling, client side
https://bugs.exim.org/show_bug.cgi?id=2350

Castro B <castro8583bennett@gmx.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |castro8583bennett@gmx.com

--- Comment #7 from Castro B <castro8583bennett@gmx.com> ---
Hi Torsten Why not jsut let it be right we can do anything anyways.

Castro B,
https://sparpedia.at

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2350] OCSP stapling, client side [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2350

Git Commit <git@exim.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |git@exim.org

--- Comment #8 from Git Commit <git@exim.org> ---
Git commit:
https://git.exim.org/exim.git/commitdiff/e41242f9612adaedadd5f3607b202f32ca086b4f

commit e41242f9612adaedadd5f3607b202f32ca086b4f
Author: Jeremy Harris <jgh146exb@wizmail.org>
AuthorDate: Mon Jul 15 10:53:35 2019 +0100
Commit: Jeremy Harris <jgh146exb@wizmail.org>
CommitDate: Mon Jul 15 10:53:35 2019 +0100

Docs: add note on unusablility of must-staple certs by clients. Bug 2350
---
doc/doc-docbook/spec.xfpt | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 5463cc1..37ada75 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -28478,6 +28478,13 @@ transport provide the client with a certificate, which
is passed to the server
if it requests it. If the server is Exim, it will request a certificate only
if
&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client.

+.new
+Do not use a certificate which has the OCSP-must-staple extension,
+for client use (they are usable for server use).
+As TLS has no means for the client to staple before TLS 1.3 it will result
+in failed connections.
+.wen
+
If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it
specifies a collection of expected server certificates.
These may be

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##