Expand on the existing documentation regarding TLS and certificates,

adding information important to operators of SMTP services used
by a number of Windows (and probably Unix) MUA packages.

This text has been approved by the author and will be included in
the next release of exim-4.  Another release of exim-3.3x is not
expected.

This change is based on an explanation of SSL certificates attributed
below, but was not a direct submission.  Errors are my own, etc.

Submitted by:	terry
Message-Id:	<3C3F3A93.C1ECF9B0@mindspring.com>

6 files changed, 132 insertions, 0 deletions

diff --git a/mail/exim-devel/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo b/mail/exim-devel/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo
new file mode 100644
index 000000000000..ed22783134b3
--- /dev/null
+++ b/mail/exim-devel/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo
@@ -0,0 +1,22 @@
+--- ../exim-texinfo-3.951/doc/spec.texinfo.orig	Tue Jun 12 12:20:49 2001
++++ ../exim-texinfo-3.951/doc/spec.texinfo	Tue Jan 15 17:19:46 2002
+@@ -20785,6 +20785,19 @@
+ may be adequate for all your requirements if you are mainly interested in
+ encrypting transfers, and not in secure identification.
+ 
++However, many clients require that the certificate presented by Exim be a user
++(also called "leaf" or "site") certificate, and not a self-signed certificate.
++In this case, the self-signed certificate described above must be installed on
++the client host as a trusted root certification authority and the certificate
++used by Exim must be a user certificate signed with that self-signed
++certificate.
++
++For information on creating self-signed CA certificates and using them to sign
++user certificates, see the "General implementation overview" chapter of the
++Open-source PKI Book, available online at:
++
++http://ospkibook.sourceforge.net/
++
+ 
+ 
+ 
diff --git a/mail/exim-devel/files/patch-doc::spec.txt b/mail/exim-devel/files/patch-doc::spec.txt
new file mode 100644
index 000000000000..4d7ad28cf598
--- /dev/null
+++ b/mail/exim-devel/files/patch-doc::spec.txt
@@ -0,0 +1,22 @@
+--- doc/spec.txt.orig	Wed Dec 19 13:50:32 2001
++++ doc/spec.txt	Tue Jan 15 15:52:05 2002
+@@ -14403,6 +14403,19 @@
+ be adequate for all your requirements if you are mainly interested in
+ encrypting transfers, and not in secure identification.
+ 
++However, many clients require that the certificate presented by Exim be a user
++(also called "leaf" or "site") certificate, and not a self-signed certificate.
++In this case, the self-signed certificate described above must be installed on
++the client host as a trusted root certification authority and the certificate
++used by Exim must be a user certificate signed with that self-signed
++certificate.
++
++For information on creating self-signed CA certificates and using them to sign
++user certificates, see the "General implementation overview" chapter of the
++Open-source PKI Book, available online at:
++
++     http://ospkibook.sourceforge.net/
++
+ 
+ 
+                   39. CUSTOMIZING ERROR AND WARNING MESSAGES
diff --git a/mail/exim-old/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo b/mail/exim-old/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo
new file mode 100644
index 000000000000..824276f27f63
--- /dev/null
+++ b/mail/exim-old/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo
@@ -0,0 +1,22 @@
+--- ../exim-texinfo-3.30/doc/spec.texinfo.orig	Tue Jun 12 12:20:49 2001
++++ ../exim-texinfo-3.30/doc/spec.texinfo	Tue Jan 15 17:19:46 2002
+@@ -20785,6 +20785,19 @@
+ may be adequate for all your requirements if you are mainly interested in
+ encrypting transfers, and not in secure identification.
+ 
++However, many clients require that the certificate presented by Exim be a user
++(also called "leaf" or "site") certificate, and not a self-signed certificate.
++In this case, the self-signed certificate described above must be installed on
++the client host as a trusted root certification authority and the certificate
++used by Exim must be a user certificate signed with that self-signed
++certificate.
++
++For information on creating self-signed CA certificates and using them to sign
++user certificates, see the "General implementation overview" chapter of the
++Open-source PKI Book, available online at:
++
++http://ospkibook.sourceforge.net/
++
+ 
+ 
+ 
diff --git a/mail/exim-old/files/patch-doc::spec.txt b/mail/exim-old/files/patch-doc::spec.txt
new file mode 100644
index 000000000000..4d7ad28cf598
--- /dev/null
+++ b/mail/exim-old/files/patch-doc::spec.txt
@@ -0,0 +1,22 @@
+--- doc/spec.txt.orig	Wed Dec 19 13:50:32 2001
++++ doc/spec.txt	Tue Jan 15 15:52:05 2002
+@@ -14403,6 +14403,19 @@
+ be adequate for all your requirements if you are mainly interested in
+ encrypting transfers, and not in secure identification.
+ 
++However, many clients require that the certificate presented by Exim be a user
++(also called "leaf" or "site") certificate, and not a self-signed certificate.
++In this case, the self-signed certificate described above must be installed on
++the client host as a trusted root certification authority and the certificate
++used by Exim must be a user certificate signed with that self-signed
++certificate.
++
++For information on creating self-signed CA certificates and using them to sign
++user certificates, see the "General implementation overview" chapter of the
++Open-source PKI Book, available online at:
++
++     http://ospkibook.sourceforge.net/
++
+ 
+ 
+                   39. CUSTOMIZING ERROR AND WARNING MESSAGES
diff --git a/mail/exim/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo b/mail/exim/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo
new file mode 100644
index 000000000000..824276f27f63
--- /dev/null
+++ b/mail/exim/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo
@@ -0,0 +1,22 @@
+--- ../exim-texinfo-3.30/doc/spec.texinfo.orig	Tue Jun 12 12:20:49 2001
++++ ../exim-texinfo-3.30/doc/spec.texinfo	Tue Jan 15 17:19:46 2002
+@@ -20785,6 +20785,19 @@
+ may be adequate for all your requirements if you are mainly interested in
+ encrypting transfers, and not in secure identification.
+ 
++However, many clients require that the certificate presented by Exim be a user
++(also called "leaf" or "site") certificate, and not a self-signed certificate.
++In this case, the self-signed certificate described above must be installed on
++the client host as a trusted root certification authority and the certificate
++used by Exim must be a user certificate signed with that self-signed
++certificate.
++
++For information on creating self-signed CA certificates and using them to sign
++user certificates, see the "General implementation overview" chapter of the
++Open-source PKI Book, available online at:
++
++http://ospkibook.sourceforge.net/
++
+ 
+ 
+ 
diff --git a/mail/exim/files/patch-doc::spec.txt b/mail/exim/files/patch-doc::spec.txt
new file mode 100644
index 000000000000..4d7ad28cf598
--- /dev/null
+++ b/mail/exim/files/patch-doc::spec.txt
@@ -0,0 +1,22 @@
+--- doc/spec.txt.orig	Wed Dec 19 13:50:32 2001
++++ doc/spec.txt	Tue Jan 15 15:52:05 2002
+@@ -14403,6 +14403,19 @@
+ be adequate for all your requirements if you are mainly interested in
+ encrypting transfers, and not in secure identification.
+ 
++However, many clients require that the certificate presented by Exim be a user
++(also called "leaf" or "site") certificate, and not a self-signed certificate.
++In this case, the self-signed certificate described above must be installed on
++the client host as a trusted root certification authority and the certificate
++used by Exim must be a user certificate signed with that self-signed
++certificate.
++
++For information on creating self-signed CA certificates and using them to sign
++user certificates, see the "General implementation overview" chapter of the
++Open-source PKI Book, available online at:
++
++     http://ospkibook.sourceforge.net/
++
+ 
+ 
+                   39. CUSTOMIZING ERROR AND WARNING MESSAGES