summaryrefslogtreecommitdiffstats
path: root/docs/manual/mod/mod_ssl.xml (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Treat non-leaf certificates present in SSLProxyMachineCertificateFileJoe Orton2020-12-171-3/+6
| | | | | | | | | | | | | | the same was as non-leaf certs are in SSLCertificateFile - use them to build the trusted cert chain for the end-entity (client) cert. * modules/ssl/ssl_engine_init.c (ssl_init_proxy_certs): For any non-leaf certificate present in the configured, trust as if used in SSLProxyMachineCertificateChainFile. Github: closes #151 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1884552 13f79535-47bb-0310-9956-ffa450edef68
* Document mod_ssl client certificate handling w/SSLProxyMachineCertificate*.Joe Orton2020-12-041-9/+32
| | | | | | | | | [skip ci] PR: 63936 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1884097 13f79535-47bb-0310-9956-ffa450edef68
* Document that HTTPS and SSL_TLS_SNI environment variables are always ↵Christophe Jaillet2020-10-021-10/+12
| | | | | | | | | | defined, regardless of 'SSLOptions StdEnvVars' . Fix some small style issues to improve syntax hightlight. PR 64783. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1882199 13f79535-47bb-0310-9956-ffa450edef68
* Document limitations for private key format inRainer Jung2020-08-181-0/+14
| | | | | | | | | SSLProxyMachineCertificateFile and SSLProxyMachineCertificatePath. PR 63935. [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1880958 13f79535-47bb-0310-9956-ffa450edef68
* Update docs for SSLRandomSeed deprecation in r1877467. [skip ci]Joe Orton2020-08-041-0/+7
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1880564 13f79535-47bb-0310-9956-ffa450edef68
* PKCS#11 URIs usable from 2.4.42 and later now. [skip ci]Joe Orton2020-02-201-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874243 13f79535-47bb-0310-9956-ffa450edef68
* Fix some typoChristophe Jaillet2019-12-011-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1870672 13f79535-47bb-0310-9956-ffa450edef68
* misplaced </usage> tag.Lucien Gentis2019-11-091-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869606 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: follow up to r1868645.Yann Ylavic2019-10-281-0/+25
| | | | | | | CHANGES entry and docs' note. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869077 13f79535-47bb-0310-9956-ffa450edef68
* 'flags' are optional in SSLCARevocationCheck. Update the syntax accordingly.Christophe Jaillet2019-06-161-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1861442 13f79535-47bb-0310-9956-ffa450edef68
* changed typo on "This module relies on OpenSSL to provide the cryptography ↵Luis Gil2019-02-201-1/+1
| | | | | | | | engine." to change cryptographic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1854000 13f79535-47bb-0310-9956-ffa450edef68
* Fix compatibility note, 'SSLPolicy' is not in 2.4.x yet.Christophe Jaillet2019-02-151-2/+2
| | | | | | + remove a trailing space to synch with 2.4.x git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853644 13f79535-47bb-0310-9956-ffa450edef68
* Fixing typos in documentation files. Luis Gil2019-01-291-1/+1
| | | | | | Bug issue https://bz.apache.org/bugzilla/show_bug.cgi?id=63122 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1852478 13f79535-47bb-0310-9956-ffa450edef68
* Add compatibility note missing in r1740967Christophe Jaillet2019-01-181-1/+18
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1851643 13f79535-47bb-0310-9956-ffa450edef68
* Remove garbage.Rainer Jung2018-10-021-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842639 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl.xml: fix TLS 1.3 RFC linkLuca Toscano2018-09-221-1/+1
| | | | | | | | Suggested by the IRC Freenode user 'a-ja' on #httpd-dev git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841639 13f79535-47bb-0310-9956-ffa450edef68
* Update docs and bump logno for PKCS#11 support change in r1835615.Joe Orton2018-07-111-9/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1835614 13f79535-47bb-0310-9956-ffa450edef68
* Synch with 2.4.xChristophe Jaillet2018-06-291-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834693 13f79535-47bb-0310-9956-ffa450edef68
* Be more consistent on how we display the paramters of a directiveChristophe Jaillet2018-06-291-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834692 13f79535-47bb-0310-9956-ffa450edef68
* Remove a compatibility note that is not relevant any more.Christophe Jaillet2018-06-231-1/+0
| | | | | | | The corresponding code was added in r1807709 but reverted in r1827760. The compatibility note was added as part of r1807869 but was not removed when the code has been axed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834220 13f79535-47bb-0310-9956-ffa450edef68
* Compat 2.4.24 for SSLOCSPEnable leaf (r1834089) and ResponseFieldSize ↵Yann Ylavic2018-06-221-0/+1
| | | | | | | | | (r1834093). This was already adjusted on merge to 2.4.x, no need to backport. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834106 13f79535-47bb-0310-9956-ffa450edef68
* Have code and doc consistent.Christophe Jaillet2018-05-271-2/+2
| | | | | | | | The SSLRandomSeed builtin, uses 128 bytes of stack, not 1kb of scoreboard data. See PR 54752 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832346 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add support for loading TLS certificates through the PKCS#11Joe Orton2018-05-081-4/+22
| | | | | | | | | | | | | | | | | | | | | | | engine. * modules/ssl/ssl_util.c (modssl_is_engine_id): Renamed from modssl_is_engine_key. * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCertificateKeyFile): Adjust accordingly. (ssl_cmd_SSLCertificateFile): Also allow ENGINE cert ids. * modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair): Rename from modssl_load_engine_key; load certificate if cert id is passed. * modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Optionally load the certificate from the engine as well. * docs/manual/: Update manual. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831168 13f79535-47bb-0310-9956-ffa450edef68
* Use <var> for variables in directive syntax everywhere forJoe Orton2018-05-041-10/+10
| | | | | | | consistency. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830879 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add support for loading private keys from ENGINEs. SupportJoe Orton2018-05-031-3/+17
| | | | | | | | | | | | | | | | | | | | | for PKCS#11 URIs only, and PIN entry is not threaded through SSLPassPhraseDialog config yet. * modules/ssl/ssl_util.c (modssl_is_engine_key): New function. * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCertificateKeyFile): Use it, skip check for file existence for engine keys. * modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_pkey): New function. * modules/ssl/ssl_engine_init.c (ssl_init_server_certs): For engine keys, load via modssl_load_engine_pkey. Submitted by: Anderson Sasaki <ansasaki redhat.com>, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830819 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-031-3/+2
| | | | | | | removing leftovers of SSLPolicyDefine from docs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828238 13f79535-47bb-0310-9956-ffa450edef68
* bring balance to the forceEric Covener2018-03-301-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828059 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-03-291-6/+24
| | | | | | | | mod_ssl TLSv1.3 support, removed V1_3 cipher suite directives again and added an optional protocol specifier to the SSLCipherSuite and SSLProxyCipherSuite commands. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827992 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-03-261-15/+3
| | | | | | | | mod_ssl: reverting r1807709 (SSLEngine with addr:port spec) as a "seemed a good idea at the time" thing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827760 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-03-231-183/+3
| | | | | | | | | mod_ssl: heavily simplified SSLPolicy. No more user defines, no propxy policies, just the basic "modern", "intermediate" and "old" as specified by Mozilla security. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827561 13f79535-47bb-0310-9956-ffa450edef68
* Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf of a ↵Stefan Eissing2018-03-161-2/+3
| | | | | | certificate chain. PR62112 [Ricardo Martin Camarero <rickyepoderi@yahoo.es>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1826995 13f79535-47bb-0310-9956-ffa450edef68
* Fix description of SSLProxyMachineCertificatePath to match theJoe Orton2018-02-191-4/+5
| | | | | | | implementation. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824779 13f79535-47bb-0310-9956-ffa450edef68
* fixing missing rename of SSLPolicy sectionStefan Eissing2018-02-141-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824247 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-12-071-20/+26
| | | | | | | | | | mod_ssl: renamed section <SSLPolicy to <SSLPolicyDefine. Fixed behaviour for new server config merge flag. Denying global, only once used directives inside a SSLPolicyDefine. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1817381 13f79535-47bb-0310-9956-ffa450edef68
* Add note on special character handling with FakeBasicAuth.Joe Orton2017-11-171-0/+7
| | | | | | | PR: 52644 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1815599 13f79535-47bb-0310-9956-ffa450edef68
* Add optional _RAW suffix to SSL_*_DN_xx attribute names, allowingJoe Orton2017-10-121-1/+7
| | | | | | | | | | | | | | | | | users to convert an attribute value without conversion to UTF-8. (A public CA has issued certs with attributes tagged as the wrong ASN.1 string types.) * modules/ssl/ssl_util_ssl.c (asn1_string_convert): Rename from asn1_string_to_utf8; add raw argument. Reimplement _to_utf8 as macro. (modssl_X509_NAME_ENTRY_to_string): Add raw argument. * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Use raw string conversion if _RAW suffix is present in DN component. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1811976 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl.xml: simplification of SSLEngine sectionLuca Toscano2017-09-091-5/+6
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807869 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-09-081-3/+15
| | | | | | | | mod_ssl: Extending SSLEngine to alternatively get a list of add:port spec as used in VirtualHost. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807709 13f79535-47bb-0310-9956-ffa450edef68
* Documentation rebuildLuca Toscano2017-08-181-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805373 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl.xml: fix typoLuca Toscano2017-08-171-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805302 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-08-161-29/+47
| | | | | | | mod_ssl.xml: adding description of predefined policies, some work tweakings. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805203 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-08-161-15/+15
| | | | | | | mod_ssl.xml: use of new section directive ids, tweaking examples and some language. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805201 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-08-161-9/+11
| | | | | | mod_ssl.xml: completing descriptions and proper section name use. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805185 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-08-161-0/+189
| | | | | | | | mod_ssl: adding SSLPolicy and SSLProxyPolicy directives plus documentation. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805182 13f79535-47bb-0310-9956-ffa450edef68
* override index: update missing <override>s in directivesJacob Champion2017-05-051-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1793934 13f79535-47bb-0310-9956-ffa450edef68
* override index: remove invalid <override>s from directivesJacob Champion2017-05-051-16/+0
| | | | | | | | Remove the bogus "none" and "n/a" type <override>s from the documentation. If a directive can't be put in .htaccess, it shouldn't have an <override> element. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1793933 13f79535-47bb-0310-9956-ffa450edef68
* Fix some compatibility notesChristophe Jaillet2017-04-231-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792336 13f79535-47bb-0310-9956-ffa450edef68
* Synch trunk doc with 2.4.x (add some " in order to improve syntax highlight)Christophe Jaillet2017-04-231-26/+26
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792335 13f79535-47bb-0310-9956-ffa450edef68
* Add missing documentation for r1781575Jean-Frederic Clere2017-02-031-0/+31
| | | | | | | Fix for PR 46037 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1781580 13f79535-47bb-0310-9956-ffa450edef68
* Correct some typos across the documentation.Luca Toscano2017-01-251-1/+1
| | | | | | | | | | | | This commit was made thanks to the tool and PR created by Lajos Veres (vlajos) on github. PR: https://github.com/apache/httpd/pull/6 Tool: https://github.com/vlajos/misspell_fixer git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1780210 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 15:43:43 +0100