httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r824830 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
Date Tue, 13 Oct 2009 16:15:36 GMT
Author: rpluem
Date: Tue Oct 13 16:15:36 2009
New Revision: 824830

URL: http://svn.apache.org/viewvc?rev=824830&view=rev
Log:
* With SSLProxyCheckPeerCN and SSLProxyCheckPeerExpire available and turned
  on by default this warning is no longer true.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=824830&r1=824829&r2=824830&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Tue Oct 13 16:15:36 2009
@@ -1464,18 +1464,6 @@
 reconfigured remote server verification level after the HTTP request
 was read but before the HTTP response is sent.</p>
 
-<note type="warning">
-<p>Note that even when certificate verification is enabled,
-<module>mod_ssl</module> does <strong>not</strong> check whether
the
-<code>commonName</code> (hostname) attribute of the server certificate
-matches the hostname used to connect to the server.  In other words,
-the proxy does not guarantee that the SSL connection to the backend
-server is "secure" beyond the fact that the certificate is signed by
-one of the CAs configured using the
-<directive>SSLProxyCACertificatePath</directive> and/or
-<directive>SSLProxyCACertificateFile</directive> directives.</p>
-</note>
-
 <p>
 The following levels are available for <em>level</em>:</p>
 <ul>



Mime
View raw message