From 163774f065a38bfef6e9523770caca664f644966 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 20 Dec 2014 13:21:58 +0000
Subject: [PATCH] base.m4: Use certlists including the issuer, rather than bare
 certificates.

These work better with DANE TLSA records, coming soon.  (Maybe.)
---
 base.m4 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/base.m4 b/base.m4
index e74803d..73c454b 100644
--- a/base.m4
+++ b/base.m4
@@ -89,7 +89,7 @@ SECTION(global, bounce)m4_dnl
 delay_warning = 1h : 24h : 2d
 
 SECTION(global, tls)m4_dnl
-tls_certificate = CONF_sysconf_dir/server.cert
+tls_certificate = CONF_sysconf_dir/server.certlist
 tls_privatekey = CONF_sysconf_dir/server.key
 tls_advertise_hosts = ${if exists {CONF_sysconf_dir/server.key} {*}{}}
 tls_dhparam = CONF_ca_dir/dh-param-2048.pem
@@ -414,7 +414,7 @@ smtp_dhbits_2048:
 smtp_local:
 	driver = smtp
 	hosts_require_tls = *
-	tls_certificate = CONF_sysconf_dir/client.cert
+	tls_certificate = CONF_sysconf_dir/client.certlist
 	tls_privatekey = CONF_sysconf_dir/client.key
 	tls_verify_certificates = CONF_ca_dir/ca.cert
 	tls_require_ciphers = CONF_good_ciphers
-- 
2.11.0