diff options
Diffstat (limited to 'docs/manual/mod/mod_ssl.html.en')
| -rw-r--r-- | docs/manual/mod/mod_ssl.html.en | 76 |
1 files changed, 35 insertions, 41 deletions
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index 94054c7d..e4f242a8 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -347,8 +347,7 @@ The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named <em>hash-value</em><code>.N</code>. And you should always make sure this directory -contains the appropriate symbolic links. Use the <code>Makefile</code> which -comes with mod_ssl to accomplish this task.</p> +contains the appropriate symbolic links.</p> <div class="example"><h3>Example</h3><p><code> SSLCACertificatePath /usr/local/apache2/conf/ssl.crt/ </code></p></div> @@ -413,9 +412,7 @@ details.</p> through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named <em>hash-value</em><code>.N</code>. And you should always make sure -this directory contains the appropriate symbolic links. Use the -<code>Makefile</code> which comes with mod_ssl to accomplish this -task.</p> +this directory contains the appropriate symbolic links.</p> <div class="example"><h3>Example</h3><p><code> SSLCADNRequestPath /usr/local/apache2/conf/ca-names.crt/ </code></p></div> @@ -499,8 +496,7 @@ The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you have not only to place the CRL files there. Additionally you have to create symbolic links named <em>hash-value</em><code>.rN</code>. And you should always make sure this directory -contains the appropriate symbolic links. Use the <code>Makefile</code> which -comes with <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> to accomplish this task.</p> +contains the appropriate symbolic links.</p> <div class="example"><h3>Example</h3><p><code> SSLCARevocationPath /usr/local/apache2/conf/ssl.crl/ </code></p></div> @@ -685,7 +681,7 @@ together with prefixes to form the <em>cipher-spec</em>. Available prefixes are:</p> <ul> <li>none: add cipher to list</li> -<li><code>+</code>: add ciphers to list and pull them to current location in list</li> +<li><code>+</code>: move matching ciphers to the current location in list</li> <li><code>-</code>: remove cipher from list (can be added later again)</li> <li><code>!</code>: kill cipher from list completely (can <strong>not</strong> be added later again)</li> </ul> @@ -1273,8 +1269,7 @@ The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named <em>hash-value</em><code>.N</code>. And you should always make sure this directory -contains the appropriate symbolic links. Use the <code>Makefile</code> which -comes with mod_ssl to accomplish this task.</p> +contains the appropriate symbolic links.</p> <div class="example"><h3>Example</h3><p><code> SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/ </code></p></div> @@ -1359,8 +1354,7 @@ The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you have not only to place the CRL files there. Additionally you have to create symbolic links named <em>hash-value</em><code>.rN</code>. And you should always make sure this directory -contains the appropriate symbolic links. Use the <code>Makefile</code> which -comes with <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> to accomplish this task.</p> +contains the appropriate symbolic links.</p> <div class="example"><h3>Example</h3><p><code> SSLProxyCARevocationPath /usr/local/apache2/conf/ssl.crl/ </code></p></div> @@ -1523,9 +1517,7 @@ keys used for authentication of the proxy server to remote servers. <p>The files in this directory must be PEM-encoded and are accessed through hash filenames. Additionally, you must create symbolic links named <code><em>hash-value</em>.N</code>. And you should always make sure this -directory contains the appropriate symbolic links. Use the Makefile which -comes with mod_ssl to accomplish this task. -</p> +directory contains the appropriate symbolic links.</p> <div class="warning"> <p>Currently there is no support for encrypted private keys</p> </div> @@ -1755,6 +1747,28 @@ boolean expression is true</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> + +<div class="note"><h3>SSLRequire is deprecated</h3> +<p><code>SSLRequire</code> is deprecated and should in general be replaced +by <a href="mod_authz_core.html#reqexpr">Require expr</a>. The so called +<a href="../expr.html">ap_expr</a> syntax of <code>Require expr</code> is +a superset of the syntax of <code>SSLRequire</code>, with the following +exception:</p> + +<p>In <code>SSLRequire</code>, the comparison operators <code><</code>, +<code><=</code>, ... are completely equivalent to the operators +<code>lt</code>, <code>le</code>, ... and work in a somewhat pecular way that +first compares the length of two strings and then the lexical order. +On the other hand, <a href="../expr.html">ap_expr</a> has two sets of +comparison operators: The operators <code><</code>, +<code><=</code>, ... do lexical string comparison, while the operators +<code>-lt</code>, <code>-le</code>, ... do integer comparison. +For the latter, there are also aliases without the leading dashes: +<code>lt</code>, <code>le</code>, ... +</p> + +</div> + <p> This directive specifies a general access requirement which has to be fulfilled in order to allow access. It is a very powerful directive because the @@ -1801,12 +1815,12 @@ function ::= funcname "<strong>(</strong>" funcargs "<strong>)</strong>" <code>funcname</code> the available functions are listed in the <a href="../expr.html#functions">ap_expr documentation</a>.</p> -<p>Notice that <em>expression</em> is first parsed into an internal machine -representation and then evaluated in a second step. Actually, in Global and -Per-Server Class context <em>expression</em> is parsed at startup time and -at runtime only the machine representation is executed. For Per-Directory -context this is different: here <em>expression</em> has to be parsed and -immediately executed for every request.</p> +<p>The <em>expression</em> is parsed into an internal machine +representation when the configuration is loaded, and then evaluated +during request processing. In .htaccess context, the <em>expression</em> is +both parsed and executed each time the .htaccess file is encountered during +request processing.</p> + <div class="example"><h3>Example</h3><pre>SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ @@ -1845,26 +1859,6 @@ the left-hand-side expression.</p></li> </ul> </div> -<div class="note"><h3>SSLRequire is deprecated</h3> -<p><code>SSLRequire</code> is deprecated and should in general be replaced -by <a href="mod_authz_core.html#reqexpr">Require expr</a>. The so called -<a href="../expr.html">ap_expr</a> syntax of <code>Require expr</code> is -a superset of the syntax of <code>SSLRequire</code>, with the following -exception:</p> - -<p>In <code>SSLRequire</code>, the comparison operators <code><</code>, -<code><=</code>, ... are completely equivalent to the operators -<code>lt</code>, <code>le</code>, ... and work in a somewhat pecular way that -first compares the length of two strings and then the lexical order. -On the other hand, <a href="../expr.html">ap_expr</a> has two sets of -comparison operators: The operators <code><</code>, -<code><=</code>, ... do lexical string comparison, while the operators -<code>-lt</code>, <code>-le</code>, ... do integer comparison. -For the latter, there are also aliases without the leading dashes: -<code>lt</code>, <code>le</code>, ... -</p> - -</div> <h3>See also</h3> |