diff options
Diffstat (limited to 'docs/manual/mod/mod_ssl.html.en')
| -rw-r--r-- | docs/manual/mod/mod_ssl.html.en | 34 |
1 files changed, 12 insertions, 22 deletions
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index 501999c7..9558cb63 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -94,9 +94,11 @@ to provide the cryptography engine.</p> <div class="section"> <h2><a name="envvars" id="envvars">Environment Variables</a></h2> -<p>This module provides a lot of SSL information as additional environment -variables to the SSI and CGI namespace. The generated variables are listed in -the table below. For backward compatibility the information can +<p>This module can be configured to provide several items of SSL information +as additional environment variables to the SSI and CGI namespace. This +information is not provided by default for performance reasons. (See +<code class="directive">SSLOptions</code> StdEnvVars, below.) The generated variables +are listed in the table below. For backward compatibility the information can be made available under different names, too. Look in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter for details on the compatibility variables.</p> @@ -622,8 +624,8 @@ SSLCryptoDevice ubsec </table> <p> This directive toggles the usage of the SSL/TLS Protocol Engine. This -is usually used inside a <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code> section to enable SSL/TLS for a -particular virtual host. By default the SSL/TLS Protocol Engine is +should be used inside a <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code> section to enable SSL/TLS for a +that virtual host. By default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.</p> <div class="example"><h3>Example</h3><p><code> <VirtualHost _default_:443><br /> @@ -1287,21 +1289,14 @@ for additional information. <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Type of remote server Certificate verification</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyVerify <em>level</em></code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyVerify none</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr> -<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> <p>When a proxy is configured to forward requests to a remote SSL server, this directive can be used to configure certificate -verification of the remote server. Notice that this directive can be -used both in per-server and per-directory context. In per-server -context it applies to the remote server authentication process used in -the standard SSL handshake when a connection is established by the -proxy. In per-directory context it forces a SSL renegotation with the -reconfigured remote server verification level after the HTTP request -was read but before the HTTP response is sent.</p> +verification of the remote server. </p> <div class="warning"> <p>Note that even when certificate verification is enabled, @@ -1350,19 +1345,14 @@ SSLProxyVerify require Certificate verification</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyVerifyDepth <em>number</em></code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyVerifyDepth 1</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> <p> This directive sets how deeply mod_ssl should verify before deciding that the -remote server does not have a valid certificate. Notice that this directive can be -used both in per-server and per-directory context. In per-server context it -applies to the client authentication process used in the standard SSL -handshake when a connection is established. In per-directory context it forces -a SSL renegotation with the reconfigured remote server verification depth after the -HTTP request was read but before the HTTP response is sent.</p> +remote server does not have a valid certificate. </p> <p> The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while @@ -1896,6 +1886,6 @@ SSLVerifyDepth 10 <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/mod/mod_ssl.html" title="English"> en </a></p> </div><div id="footer"> -<p class="apache">Copyright 2009 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="apache">Copyright 2011 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> </body></html>
\ No newline at end of file |