summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorStefan Fritsch <sf@apache.org>2011-01-02 00:56:24 +0100
committerStefan Fritsch <sf@apache.org>2011-01-02 00:56:24 +0100
commit7403827278ff4dc120b59f83c5237050a922ecd2 (patch)
tree830013733bbb1c49439b4d29d0717660354d97ee /docs
parentupdate transformation (diff)
downloadapache2-7403827278ff4dc120b59f83c5237050a922ecd2.tar.xz
apache2-7403827278ff4dc120b59f83c5237050a922ecd2.zip
Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and escape other special characters with backslashes. The old format can still be used with the LegacyDNStringFormat argument to SSLOptions. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1054323 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
-rw-r--r--docs/manual/mod/mod_ssl.xml19
-rw-r--r--docs/manual/upgrading.xml6
2 files changed, 25 insertions, 0 deletions
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 13f0a969ea..4cbb1ba266 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -106,6 +106,10 @@ attribute. For example, where the server certificate subject DN
included two OU fields, <code>SSL_SERVER_S_DN_OU_0</code> and
<code>SSL_SERVER_S_DN_OU_1</code> could be used to reference each.</p>
+<p>The format of the <em>*_DN</em> variables has changed in Apache HTTPD
+2.3.11. See the <code>LegacyDNStringFormat</code> option for
+<directive module="mod_ssl">SSLOptions</directive> for details.</p>
+
<p><code>SSL_CLIENT_V_REMAIN</code> is only available in version 2.1
and later.</p>
@@ -1181,6 +1185,21 @@ The available <em>option</em>s are:</p>
checks sometimes maybe not what the user expects, so enable this on a
per-directory basis only, please.</p>
</li>
+<li><code>LegacyDNStringFormat</code>
+ <p>
+ This option influences how values of the
+ <code>SSL_{CLIENT,SERVER}_{I,S}_DN</code> variables are formatted. Since
+ version 2.3.11, Apache HTTPD uses a RFC 2253 compatible format by
+ default. This uses commas as delimiters between the attributes, allows the
+ use of non-ASCII characters (which are converted to UTF8), escapes
+ various special characters with backslashes, and sorts the attributes
+ with the "C" attribute last.</p>
+
+ <p>If <code>LegacyDNStringFormat</code> is set, the old format will be
+ used which sorts the "C" attribute first, uses slashes as separators, and
+ does not handle non-ASCII and special characters in any consistent way.
+ </p>
+</li>
</ul>
<example><title>Example</title>
SSLOptions +FakeBasicAuth -StrictRequire<br />
diff --git a/docs/manual/upgrading.xml b/docs/manual/upgrading.xml
index a5f385da7e..e2ce3f7739 100644
--- a/docs/manual/upgrading.xml
+++ b/docs/manual/upgrading.xml
@@ -236,6 +236,12 @@
<li><module>mod_auto_index</module>: will now extract titles and
display descriptions for .xhtml files, which were previously
ignored.</li>
+
+ <li><module>mod_ssl</module>: The default format of the <code>*_DN</code>
+ variables has changed. The old format can still be used with the new
+ <code>LegacyDNStringFormat</code> argument to <directive
+ module="mod_ssl">SSLOptions</directive>.</li>
+
<li><program>htpasswd</program> now uses MD5 hash by default on
all platforms.</li>