diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-08-04 14:55:55 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-08-04 15:21:23 +0100 |
| commit | a4b62fcfa0fc6c06d453ffbe0a6fb43788d41fa1 (patch) | |
| tree | 37089f09a3a0e10b7ba96d9bc5801e92f5bfaa5c | |
| parent | 8864c2c44f08ddca092d70135843fc69cd95f178 (diff) | |
Document $tls_in_ocsp, $tls_out_ocsp
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 2a9b3ba62..52c0f742a 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -12421,6 +12421,26 @@ and then set to the outgoing cipher suite if one is negotiated. See chapter &<<CHAPTLS>>& for details of TLS support and chapter &<<CHAPsmtptrans>>& for details of the &(smtp)& transport. +.new +.vitem &$tls_in_ocsp$& +.vindex "&$tls_in_ocsp$&" +When a message is received from a remote client connection +the result of any OCSP request from the client is encoded in this variable: +.code +0 OCSP proof was not requested (default value) +1 No response to request +2 Response not verified +3 Verification failed +4 Verification succeeded +.endd + +.vitem &$tls_out_ocsp$& +.vindex "&$tls_out_ocsp$&" +When a message is sent to a remote host connection +the result of any OCSP request made is encoded in this variable. +See &$tls_in_ocsp$& for values. +.wen + .vitem &$tls_in_peerdn$& .vindex "&$tls_in_peerdn$&" .vindex "&$tls_peerdn$&" @@ -26247,6 +26267,10 @@ file named by &%tls_ocsp_file%&. Note that the proof only covers the terminal server certificate, not any of the chain from CA to it. +.new +There is no current way to staple a proof for a client certificate. +.wen + .code A helper script "ocsp_fetch.pl" for fetching a proof from a CA OCSP server is supplied. The server URL may be included in the |