From 7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1 Mon Sep 17 00:00:00 2001
From: Manuel Mausz <manuel@mausz.at>
Date: Wed, 27 Jun 2018 01:06:16 +0200
Subject: OpenSSL 1.1 compatibility

This adds compatibility for OpenSSL 1.1

Since renegotiation is removed from TLS 1.3 we also removed support for
authentication via client certificates (control/tlsclients). In general
this is still supported by TLS 1.3 however I'm just lazy and we don't
need this feature anyway.

This also adds optional support for OpenSSL configuration commands for
qmail-smtpd and qmail-remote. Commands are loaded from control/opensslconf.
For a list of supported commands see
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS
---
 qmail-smtpd.8 | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'qmail-smtpd.8')

diff --git a/qmail-smtpd.8 b/qmail-smtpd.8
index 05d1239..5920dd9 100644
--- a/qmail-smtpd.8
+++ b/qmail-smtpd.8
@@ -294,16 +294,6 @@ Number of seconds
 will wait for each new buffer of data from the remote SMTP client.
 Default: 1200.
 
-.TP 5
-.I tlsclients
-A list of email addresses. When relay rules would reject an incoming message,
-.B qmail-smtpd
-can allow it if the client presents a certificate that can be verified against
-the CA list in
-.I clientca.pem
-and the certificate email address is in
-.IR tlsclients .
-
 .TP 5
 .I tlsserverciphers
 A set of OpenSSL cipher strings. Multiple ciphers contained in a
-- 
cgit v1.2.3