httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r731089 - in /httpd/httpd/trunk/docs/manual/mod: directives.html.en mod_session_crypto.html.en quickreference.html.en
Date Sat, 03 Jan 2009 21:10:27 GMT
Author: minfrin
Date: Sat Jan  3 13:10:27 2009
New Revision: 731089

URL: http://svn.apache.org/viewvc?rev=731089&view=rev
Log:
Update transformation.

Modified:
    httpd/httpd/trunk/docs/manual/mod/directives.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.en

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.en?rev=731089&r1=731088&r2=731089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.en Sat Jan  3 13:10:27 2009
@@ -401,11 +401,7 @@
 <li><a href="mod_session_cookie.html#sessioncookiename">SessionCookieName</a></li>
 <li><a href="mod_session_cookie.html#sessioncookiename2">SessionCookieName2</a></li>
 <li><a href="mod_session_cookie.html#sessioncookieremove">SessionCookieRemove</a></li>
-<li><a href="mod_session_crypto.html#sessioncryptocertificatefile">SessionCryptoCertificateFile</a></li>
-<li><a href="mod_session_crypto.html#sessioncryptocertificatekeyfile">SessionCryptoCertificateKeyFile</a></li>
-<li><a href="mod_session_crypto.html#sessioncryptocipher">SessionCryptoCipher</a></li>
-<li><a href="mod_session_crypto.html#sessioncryptodigest">SessionCryptoDigest</a></li>
-<li><a href="mod_session_crypto.html#sessioncryptoengine">SessionCryptoEngine</a></li>
+<li><a href="mod_session_crypto.html#sessioncryptodriver">SessionCryptoDriver</a></li>
 <li><a href="mod_session_crypto.html#sessioncryptopassphrase">SessionCryptoPassphrase</a></li>
 <li><a href="mod_session_dbd.html#sessiondbdcookiename">SessionDBDCookieName</a></li>
 <li><a href="mod_session_dbd.html#sessiondbdcookiename2">SessionDBDCookieName2</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en?rev=731089&r1=731088&r2=731089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en Sat Jan  3 13:10:27 2009
@@ -52,11 +52,7 @@
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#sessioncryptocertificatefile">SessionCryptoCertificateFile</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#sessioncryptocertificatekeyfile">SessionCryptoCertificateKeyFile</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#sessioncryptocipher">SessionCryptoCipher</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#sessioncryptodigest">SessionCryptoDigest</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#sessioncryptoengine">SessionCryptoEngine</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#sessioncryptodriver">SessionCryptoDriver</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#sessioncryptopassphrase">SessionCryptoPassphrase</a></li>
 </ul>
 <h3>Topics</h3>
@@ -93,112 +89,48 @@
 
     </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
-<div class="directive-section"><h2><a name="SessionCryptoCertificateFile"
id="SessionCryptoCertificateFile">SessionCryptoCertificateFile</a> <a name="sessioncryptocertificatefile"
id="sessioncryptocertificatefile">Directive</a></h2>
+<div class="directive-section"><h2><a name="SessionCryptoDriver" id="SessionCryptoDriver">SessionCryptoDriver</a>
<a name="sessioncryptodriver" id="sessioncryptodriver">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
certificate used to encrypt and decrypt the session</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoCertificateFile
<var>file</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
crypto driver to be used to encrypt the session</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoDriver
<var>name</var> <var>[param[=value]]</var></code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available
in Apache 2.3.0 and later</td></tr>
 </table>
-    <p>The <code class="directive">SessionCryptoCertificateFile</code>
directive specifies the name
-    of a certificate to be used to asymmetrically encrypt the contents of the session before
-    writing the session, or decrypting the content of the session after reading the session.</p>
-
-    <p>Changing the certificate on a server has the effect of invalidating all existing
-    sessions.</p>
-
-    <p>If the key associated with this certificate is protected with a passphrase,
the
-    <code class="directive"><a href="#sessioncryptopassphrase">SessionCryptoPassphrase</a></code>
directive
-    will be interpreted as the passphrase to use to decrypt the key.</p>
-
-    <div class="warning"><h3>Experimental</h3>
-      <p>This directive is dependent on experimental support for asymmetrical encryption
-      support currently available in prerelease versions of OpenSSL, and will only be
-      available on platforms that support it.</p>
-    </div>
-    
+    <p>The <code class="directive">SessionCryptoDriver</code> directive
specifies the name of
+    the crypto driver to be used for encryption. If not specified, the driver defaults
+    to the recommended driver compiled into APR-util.</p>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
-<div class="directive-section"><h2><a name="SessionCryptoCertificateKeyFile"
id="SessionCryptoCertificateKeyFile">SessionCryptoCertificateKeyFile</a> <a name="sessioncryptocertificatekeyfile"
id="sessioncryptocertificatekeyfile">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
certificate key used to encrypt and decrypt the session</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoCertificateKeyFile
<var>file</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available
in Apache 2.3.0 and later</td></tr>
-</table>
-    <p>The <code class="directive">SessionCryptoCertificateKeyFile</code>
directive specifies the name
-    of a certificate key to be used alongside a certificate to encrypt the contents of the
-    session before writing the session, or decrypting the content of the session after reading
-    the session.</p>
-    
-    <p>Changing the certificate or key on a server has the effect of invalidating all
existing
-    sessions.</p>
+    <p>The <var>NSS</var> crypto driver requires some parameters for configuration,
+    which are specified as parameters with optional values after the driver name.</p>
 
-    <p>If this key is protected with a passphrase, the
-    <code class="directive"><a href="#sessioncryptopassphrase">SessionCryptoPassphrase</a></code>
directive
-    will be interpreted as the passphrase to use to decrypt the key.</p>
-
-    <div class="warning"><h3>Experimental</h3>
-      <p>This directive is dependent on experimental support for asymmetrical encryption
-      support currently available in prerelease versions of OpenSSL, and will only be
-      available on platforms that support it.</p>
-    </div>
-    
+    <div class="example"><h3>NSS without a certificate database</h3><p><code>
+      SessionCryptoDriver nss
+    </code></p></div>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
-<div class="directive-section"><h2><a name="SessionCryptoCipher" id="SessionCryptoCipher">SessionCryptoCipher</a>
<a name="sessioncryptocipher" id="sessioncryptocipher">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
name of the cipher to use during encryption / decryption</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoCipher
<var>cipher</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AES256</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available
in Apache 2.3.0 and later</td></tr>
-</table>
-    <p>The <code class="directive">SessionCryptoCipher</code> directive
specifies the name
-    of the cipher to use during encryption. The ciphers available will depend on the
-    underlying encryption toolkit on the server platform.</p>
+    <div class="example"><h3>NSS with certificate database</h3><p><code>
+      SessionCryptoDriver nss dir=certs
+    </code></p></div>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
-<div class="directive-section"><h2><a name="SessionCryptoDigest" id="SessionCryptoDigest">SessionCryptoDigest</a>
<a name="sessioncryptodigest" id="sessioncryptodigest">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
name of the digest to use during encryption / decryption</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoDigest
<var>cipher</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SHA</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available
in Apache 2.3.0 and later</td></tr>
-</table>
-    <p>The <code class="directive">SessionCryptoDigest</code> directive
specifies the name
-    of the digest to use during encryption. The list of digests available will depend
-    on the underlying encryption toolkit on the server platform.</p>
+    <div class="example"><h3>NSS with certificate database and parameters</h3><p><code>
+      SessionCryptoDriver nss dir=certs key3=key3.db cert7=cert7.db secmod=secmod
+    </code></p></div>
+
+    <p>The <var>NSS</var> crypto driver might have already been configured
by another
+    part of the server, for example from <code class="module"><a href="../mod/mod_nss.html">mod_nss</a></code>
or
+    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>.
If found to have already been configured,
+    a warning will be logged, and the existing configuration will have taken affect.
+    To avoid this warning, use the noinit parameter as follows.</p>
+
+    <div class="example"><h3>NSS with certificate database</h3><p><code>
+      SessionCryptoDriver nss noinit
+    </code></p></div>
+
+    <p>To prevent confusion, ensure that all modules requiring NSS are configured with
+    identical parameters.</p>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
-<div class="directive-section"><h2><a name="SessionCryptoEngine" id="SessionCryptoEngine">SessionCryptoEngine</a>
<a name="sessioncryptoengine" id="sessioncryptoengine">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
name of the engine to use during encryption / decryption</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoEngine
<var>engine</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available
in Apache 2.3.0 and later</td></tr>
-</table>
-    <p>The <code class="directive">SessionCryptoEngine</code> directive
specifies the name
-    of the engine to use during encryption, depending on the capabilities of the
-    underlying encryption toolkit on the server platform.</p>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
@@ -214,15 +146,26 @@
 </table>
     <p>The <code class="directive">SessionCryptoPassphrase</code> directive
specifies the key
     to be used to enable symmetrical encryption on the contents of the session before
-    writing the session, or decrypting the contents of the session after reading the session.</p>
+    writing the session, or decrypting the contents of the session after reading the
+    session.</p>
 
     <p>Keys are more secure when they are long, and consist of truly random characters.
     Changing the key on a server has the effect of invalidating all existing sessions.</p>
 
-    <p>If the <code class="directive"><a href="#sessioncryptocertificatefile">SessionCryptoCertificateFile</a></code>
-    directive is set and asymmetrical encryption is enabled instead, the
-    <code class="directive"><a href="#sessioncryptopassphrase">SessionCryptoPassphrase</a></code>
directive
-    will be interpreted as the passphrase of the key, if the key is encrypted.</p>
+    <p>The cipher can be set to <var>3des192</var> or <var>aes256</var>
using the
+    <var>cipher</var> parameter as per the example below. If not set, the cipher
defaults
+    to <var>aes256</var>.</p>
+    
+    <div class="example"><h3>Cipher</h3><p><code>
+      SessionCryptoPassphrase secret cipher=aes256
+    </code></p></div>
+
+    <p>The <var>openssl</var> crypto driver supports an optional parameter
to specify
+    the engine to be used for encryption.</p>
+
+    <div class="example"><h3>OpenSSL with engine support</h3><p><code>
+      SessionCryptoPassphrase secret engine=name
+    </code></p></div>
 
 
 </div>

Modified: httpd/httpd/trunk/docs/manual/mod/quickreference.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/quickreference.html.en?rev=731089&r1=731088&r2=731089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/quickreference.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/quickreference.html.en Sat Jan  3 13:10:27 2009
@@ -690,11 +690,7 @@
 <tr><td><a href="mod_session_cookie.html#sessioncookiename">SessionCookieName
<var>name</var> <var>attributes</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr><td
class="descr" colspan="4">Name and attributes for the RFC2109 cookie storing the session</td></tr>
 <tr class="odd"><td><a href="mod_session_cookie.html#sessioncookiename2">SessionCookieName2
<var>name</var> <var>attributes</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr
class="odd"><td class="descr" colspan="4">Name and attributes for the RFC2965 cookie
storing the session</td></tr>
 <tr><td><a href="mod_session_cookie.html#sessioncookieremove">SessionCookieRemove
On|Off</a></td><td> Off </td><td>svdh</td><td>E</td></tr><tr><td
class="descr" colspan="4">Control for whether session cookies should be removed from incoming
HTTP headers</td></tr>
-<tr class="odd"><td><a href="mod_session_crypto.html#sessioncryptocertificatefile">SessionCryptoCertificateFile
<var>file</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr
class="odd"><td class="descr" colspan="4">The certificate used to encrypt and decrypt
the session</td></tr>
-<tr><td><a href="mod_session_crypto.html#sessioncryptocertificatekeyfile">SessionCryptoCertificateKeyFile
<var>file</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr><td
class="descr" colspan="4">The certificate key used to encrypt and decrypt the session</td></tr>
-<tr class="odd"><td><a href="mod_session_crypto.html#sessioncryptocipher">SessionCryptoCipher
<var>cipher</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr
class="odd"><td class="descr" colspan="4">The name of the cipher to use during encryption
/ decryption</td></tr>
-<tr><td><a href="mod_session_crypto.html#sessioncryptodigest">SessionCryptoDigest
<var>cipher</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr><td
class="descr" colspan="4">The name of the digest to use during encryption / decryption</td></tr>
-<tr class="odd"><td><a href="mod_session_crypto.html#sessioncryptoengine">SessionCryptoEngine
<var>engine</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr
class="odd"><td class="descr" colspan="4">The name of the engine to use during encryption
/ decryption</td></tr>
+<tr class="odd"><td><a href="mod_session_crypto.html#sessioncryptodriver">SessionCryptoDriver
<var>name</var> <var>[param[=value]]</var></a></td><td></td><td>s</td><td>E</td></tr><tr
class="odd"><td class="descr" colspan="4">The crypto driver to be used to encrypt
the session</td></tr>
 <tr><td><a href="mod_session_crypto.html#sessioncryptopassphrase">SessionCryptoPassphrase
<var>secret</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr><td
class="descr" colspan="4">The key used to encrypt the session</td></tr>
 <tr class="odd"><td><a href="mod_session_dbd.html#sessiondbdcookiename">SessionDBDCookieName
<var>name</var> <var>attributes</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr
class="odd"><td class="descr" colspan="4">Name and attributes for the RFC2109 cookie
storing the session ID</td></tr>
 <tr><td><a href="mod_session_dbd.html#sessiondbdcookiename2">SessionDBDCookieName2
<var>name</var> <var>attributes</var></a></td><td></td><td>svdh</td><td>E</td></tr><tr><td
class="descr" colspan="4">Name and attributes for the RFC2965 cookie storing the session
ID</td></tr>



Mime
View raw message