diff options
author | Stefan Fritsch <sf@apache.org> | 2011-01-02 00:56:24 +0100 |
---|---|---|
committer | Stefan Fritsch <sf@apache.org> | 2011-01-02 00:56:24 +0100 |
commit | 7403827278ff4dc120b59f83c5237050a922ecd2 (patch) | |
tree | 830013733bbb1c49439b4d29d0717660354d97ee /docs | |
parent | update transformation (diff) | |
download | apache2-7403827278ff4dc120b59f83c5237050a922ecd2.tar.xz apache2-7403827278ff4dc120b59f83c5237050a922ecd2.zip |
Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
escape other special characters with backslashes. The old format can
still be used with the LegacyDNStringFormat argument to SSLOptions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1054323 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
-rw-r--r-- | docs/manual/mod/mod_ssl.xml | 19 | ||||
-rw-r--r-- | docs/manual/upgrading.xml | 6 |
2 files changed, 25 insertions, 0 deletions
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 13f0a969ea..4cbb1ba266 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -106,6 +106,10 @@ attribute. For example, where the server certificate subject DN included two OU fields, <code>SSL_SERVER_S_DN_OU_0</code> and <code>SSL_SERVER_S_DN_OU_1</code> could be used to reference each.</p> +<p>The format of the <em>*_DN</em> variables has changed in Apache HTTPD +2.3.11. See the <code>LegacyDNStringFormat</code> option for +<directive module="mod_ssl">SSLOptions</directive> for details.</p> + <p><code>SSL_CLIENT_V_REMAIN</code> is only available in version 2.1 and later.</p> @@ -1181,6 +1185,21 @@ The available <em>option</em>s are:</p> checks sometimes maybe not what the user expects, so enable this on a per-directory basis only, please.</p> </li> +<li><code>LegacyDNStringFormat</code> + <p> + This option influences how values of the + <code>SSL_{CLIENT,SERVER}_{I,S}_DN</code> variables are formatted. Since + version 2.3.11, Apache HTTPD uses a RFC 2253 compatible format by + default. This uses commas as delimiters between the attributes, allows the + use of non-ASCII characters (which are converted to UTF8), escapes + various special characters with backslashes, and sorts the attributes + with the "C" attribute last.</p> + + <p>If <code>LegacyDNStringFormat</code> is set, the old format will be + used which sorts the "C" attribute first, uses slashes as separators, and + does not handle non-ASCII and special characters in any consistent way. + </p> +</li> </ul> <example><title>Example</title> SSLOptions +FakeBasicAuth -StrictRequire<br /> diff --git a/docs/manual/upgrading.xml b/docs/manual/upgrading.xml index a5f385da7e..e2ce3f7739 100644 --- a/docs/manual/upgrading.xml +++ b/docs/manual/upgrading.xml @@ -236,6 +236,12 @@ <li><module>mod_auto_index</module>: will now extract titles and display descriptions for .xhtml files, which were previously ignored.</li> + + <li><module>mod_ssl</module>: The default format of the <code>*_DN</code> + variables has changed. The old format can still be used with the new + <code>LegacyDNStringFormat</code> argument to <directive + module="mod_ssl">SSLOptions</directive>.</li> + <li><program>htpasswd</program> now uses MD5 hash by default on all platforms.</li> |