httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From humbed...@apache.org
Subject svn commit: r1331234 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
Date Fri, 27 Apr 2012 06:14:04 GMT
Author: humbedooh
Date: Fri Apr 27 06:14:04 2012
New Revision: 1331234

URL: http://svn.apache.org/viewvc?rev=1331234&view=rev
Log:
Syntax updates for mod_ssl.xml (yes, everything is a freaky carnival tent now)

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1331234&r1=1331233&r2=1331234&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Fri Apr 27 06:14:04 2012
@@ -169,8 +169,9 @@ For backward compatibility there is addi
 provided. Information about this function is provided in the <a
 href="../ssl/ssl_compat.html">Compatibility</a> chapter.</p>
 <example><title>Example</title>
-CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+<highlight language="config">
+CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</highlight>
 </example>
 </section>
 
@@ -214,9 +215,9 @@ string in <module>mod_log_config</module
        encrypted with SSL. This is similar to the
        <directive>SSLRequireSSL</directive> directive.</p>
 
-    <example>
+    <highlight language="config">
       Require ssl
-    </example>
+    </highlight>
 
   </section>
 
@@ -229,10 +230,10 @@ string in <module>mod_log_config</module
     <p>The following example grants access if the user is authenticated
        either with a client certificate or by username and password.</p>
 
-    <example>
+    <highlight language="config">
       Require ssl-verify-client<br/>
       Require valid-user
-    </example>
+    </highlight>
 
   </section>
 
@@ -311,7 +312,9 @@ query can be done in two ways which can 
     program is called only once per unique Pass Phrase.</p></li>
 </ul>
 <example><title>Example</title>
+<highlight language="config">
 SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -391,13 +394,15 @@ The following <em>source</em> variants a
     on your platform.</p></li>
 </ul>
 <example><title>Example</title>
-SSLRandomSeed startup builtin<br />
-SSLRandomSeed startup file:/dev/random<br />
-SSLRandomSeed startup file:/dev/urandom 1024<br />
-SSLRandomSeed startup exec:/usr/local/bin/truerand 16<br />
-SSLRandomSeed connect builtin<br />
-SSLRandomSeed connect file:/dev/random<br />
-SSLRandomSeed connect file:/dev/urandom 1024<br />
+<highlight language="config">
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/random
+SSLRandomSeed startup file:/dev/urandom 1024
+SSLRandomSeed startup exec:/usr/local/bin/truerand 16
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/random
+SSLRandomSeed connect file:/dev/urandom 1024
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -468,8 +473,10 @@ The following five storage <em>type</em>
 </ul>
 
 <example><title>Examples</title>
-SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data<br />
+<highlight language="config">
+SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data
 SSLSessionCache shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)
+</highlight>
 </example>
 
 <p>The <code>ssl-cache</code> mutex is used to serialize access to
@@ -494,7 +501,9 @@ global/inter-process SSL Session Cache a
 It can be set as low as 15 for testing, but should be set to higher
 values like 300 in real life.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLSessionCacheTimeout 600
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -515,10 +524,12 @@ type="section">VirtualHost</directive> s
 that virtual host. By default the SSL/TLS Protocol Engine is
 disabled for both the main server and all configured virtual hosts.</p>
 <example><title>Example</title>
-&lt;VirtualHost _default_:443&gt;<br />
-SSLEngine on<br />
-...<br />
+<highlight language="config">
+&lt;VirtualHost _default_:443&gt;
+SSLEngine on
+#...
 &lt;/VirtualHost&gt;
+</highlight>
 </example>
 <p>In Apache 2.1 and later, <directive>SSLEngine</directive> can be set
to
 <code>optional</code>. This enables support for
@@ -599,7 +610,9 @@ The available (case-insensitive) <em>pro
     ``<code>+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2</code>, respectively.</p></li>
 </ul>
 <example><title>Example</title>
+<highlight language="config">
 SSLProtocol TLSv1
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -729,7 +742,9 @@ KRB5-RC4-SHA            SSLv3 Kx=KRB5   
 <p>The complete list of particular RSA &amp; DH ciphers for SSL is given in <a
 href="#table2">Table 2</a>.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
+</highlight>
 </example>
 <table border="1">
 <columnspec><column width=".3"/><column width=".1"/><column width=".13"/>
@@ -787,7 +802,9 @@ Pass Phrase dialog is forced at startup 
 two times (referencing different filenames) when both a RSA and a DSA based
 server certificate is used in parallel.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -814,7 +831,9 @@ at startup time. This directive can be u
 (referencing different filenames) when both a RSA and a DSA based
 private key is used in parallel.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -853,7 +872,9 @@ using a coupled RSA+DSA certificate pair
 certificates use the <em>same</em> certificate chain. Else the browsers will
be
 confused in this situation.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -878,7 +899,9 @@ there: you also have to create symbolic 
 <em>hash-value</em><code>.N</code>. And you should always make sure
this directory
 contains the appropriate symbolic links.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCACertificatePath /usr/local/apache2/conf/ssl.crt/
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -900,7 +923,9 @@ concatenation of the various PEM-encoded
 preference. This can be used alternatively and/or additionally to
 <directive module="mod_ssl">SSLCACertificatePath</directive>.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -945,7 +970,9 @@ specify an <em>all-in-one</em> file cont
 PEM-encoded CA certificates.</p>
 
 <example><title>Example</title>
+<highlight language="config">
 SSLCADNRequestFile /usr/local/apache2/conf/ca-names.crt
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -972,7 +999,9 @@ Certificate files there: you also have t
 <em>hash-value</em><code>.N</code>. And you should always make sure
 this directory contains the appropriate symbolic links.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCADNRequestPath /usr/local/apache2/conf/ca-names.crt/
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -997,7 +1026,9 @@ Additionally you have to create symbolic
 <em>hash-value</em><code>.rN</code>. And you should always make sure
this directory
 contains the appropriate symbolic links.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCARevocationPath /usr/local/apache2/conf/ssl.crl/
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1020,7 +1051,9 @@ the various PEM-encoded CRL files, in or
 used alternatively and/or additionally to <directive
 module="mod_ssl">SSLCARevocationPath</directive>.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle-client.crl
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1057,7 +1090,9 @@ to succeed - otherwise it will fail with
 </p>
 </note>
 <example><title>Example</title>
+<highlight language="config">
 SSLCARevocationCheck chain
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1101,7 +1136,9 @@ The following levels are available for <
 <strong>optional_no_ca</strong> is actually against the idea of
 authentication (but can be used to establish SSL test pages, etc.)</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLVerifyClient require
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1136,7 +1173,9 @@ certificate can be self-signed or has to
 known to the server (i.e. the CA's certificate is under
 <directive module="mod_ssl">SSLCACertificatePath</directive>), etc.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLVerifyDepth 10
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1242,10 +1281,12 @@ The available <em>option</em>s are:</p>
 </li>
 </ul>
 <example><title>Example</title>
-SSLOptions +FakeBasicAuth -StrictRequire<br />
-&lt;Files ~ "\.(cgi|shtml)$"&gt;<br />
-    SSLOptions +StdEnvVars -ExportCertData<br />
+<highlight language="config">
+SSLOptions +FakeBasicAuth -StrictRequire
+&lt;Files ~ "\.(cgi|shtml)$"&gt;
+    SSLOptions +StdEnvVars -ExportCertData
 &lt;Files&gt;
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1267,7 +1308,9 @@ host or directories for defending agains
 stuff that should be protected. When this directive is present all requests
 are denied which are not using SSL.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLRequireSSL
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1358,12 +1401,14 @@ both parsed and executed each time the .
 request processing.</p>
 
 <example><title>Example</title>
-<pre>SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/                \
+<highlight language="config">
+SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/                \
             and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd."        \
             and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}  \
             and %{TIME_WDAY} &gt;= 1 and %{TIME_WDAY} &lt;= 5          \
             and %{TIME_HOUR} &gt;= 8 and %{TIME_HOUR} &lt;= 20       ) \
-           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/</pre>
+           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+</highlight>
 </example>
 
 <p>The <code>PeerExtList(<em>object-ID</em>)</code> function
expects
@@ -1375,7 +1420,9 @@ exactly against the value of an extensio
 extension must match).</p>
 
 <example><title>Example</title>
+<highlight language="config">
 SSLRequire "foobar" in PeerExtList("1.2.3.4.5.6")
+</highlight>
 </example>
 
 <note><title>Notes on the PeerExtList function</title>
@@ -1432,7 +1479,9 @@ memory must be considered when changing 
 </p></note>
 
 <example><title>Example</title>
+<highlight language="config">
 SSLRenegBufferSize 262144
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1464,7 +1513,9 @@ version of OpenSSL.
 </p></note>
 
 <example><title>Example</title>
+<highlight language="config">
 SSLStrictSNIVHostCheck on
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1489,7 +1540,9 @@ directory contains the appropriate symbo
 <p>Currently there is no support for encrypted private keys</p>
 </note>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1516,7 +1569,9 @@ or additionally to <code>SSLProxyMachine
 <p>Currently there is no support for encrypted private keys</p>
 </note>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1546,7 +1601,9 @@ trusted as if they were also in <directi
 SSLProxyCACertificateFile</directive>.</p>
 </note>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyMachineCertificateChainFile /usr/local/apache2/conf/ssl.crt/proxyCA.pem
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1583,7 +1640,9 @@ The following levels are available for <
 <strong>optional_no_ca</strong> is actually against the idea of
 authentication (but can be used to establish SSL test pages, etc.)</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyVerify require
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1610,7 +1669,9 @@ the remote server certificate can be sel
 which is directly known to the server (i.e. the CA's certificate is under
 <directive module="mod_ssl">SSLProxyCACertificatePath</directive>), etc.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyVerifyDepth 10
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1631,7 +1692,9 @@ is expired or not. If the check fails a 
 sent.
 </p>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyCheckPeerExpire on
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1652,7 +1715,9 @@ compared against the hostname of the req
 a 502 status code (Bad Gateway) is sent.
 </p>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyCheckPeerCN on
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1673,10 +1738,12 @@ type="section">VirtualHost</directive> s
 usage in a particular virtual host. By default the SSL/TLS Protocol Engine is
 disabled for proxy image both for the main server and all configured virtual hosts.</p>
 <example><title>Example</title>
-&lt;VirtualHost _default_:443&gt;<br />
-SSLProxyEngine on<br />
-...<br />
+<highlight language="config">
+&lt;VirtualHost _default_:443&gt;
+    SSLProxyEngine on
+    #...
 &lt;/VirtualHost&gt;
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1740,7 +1807,9 @@ there: you also have to create symbolic 
 <em>hash-value</em><code>.N</code>. And you should always make sure
this directory
 contains the appropriate symbolic links.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1762,7 +1831,9 @@ concatenation of the various PEM-encoded
 preference. This can be used alternatively and/or additionally to
 <directive module="mod_ssl">SSLProxyCACertificatePath</directive>.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-remote-server.crt
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1787,7 +1858,9 @@ Additionally you have to create symbolic
 <em>hash-value</em><code>.rN</code>. And you should always make sure
this directory
 contains the appropriate symbolic links.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyCARevocationPath /usr/local/apache2/conf/ssl.crl/
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1810,7 +1883,9 @@ the various PEM-encoded CRL files, in or
 used alternatively and/or additionally to <directive
 module="mod_ssl">SSLProxyCARevocationPath</directive>.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle-remote-server.crl
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1848,7 +1923,9 @@ to succeed - otherwise it will fail with
 </p>
 </note>
 <example><title>Example</title>
+<highlight language="config">
 SSLProxyCARevocationCheck chain
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1876,7 +1953,9 @@ any of the <a href="#envvars">SSL enviro
 href="#ssloptions">SSLOptions</a>).</p>
 
 <example><title>Example</title>
+<highlight language="config">
 SSLUserName SSL_CLIENT_S_DN_CN
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1894,7 +1973,9 @@ SSLUserName SSL_CLIENT_S_DN_CN
 the client's preference is used.  If this directive is enabled, the
 server's preference will be used instead.</p>
 <example><title>Example</title>
+<highlight language="config">
 SSLHonorCipherOrder on
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1918,8 +1999,10 @@ separate "-engine" releases of OpenSSL 0
 &quot;<code>openssl engine</code>&quot;.</p>
 
 <example><title>Example</title>
-# For a Broadcom accelerator:<br />
+<highlight language="config">
+# For a Broadcom accelerator:
 SSLCryptoDevice ubsec
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -1945,10 +2028,12 @@ itself, or derived by configuration; see
 directives.</p>
 
 <example><title>Example</title>
-SSLVerifyClient on<br/>
-SSLOCSPEnable on<br/>
-SSLOCSPDefaultResponder http://responder.example.com:8888/responder<br/>
+<highlight language="config">
+SSLVerifyClient on
+SSLOCSPEnable on
+SSLOCSPDefaultResponder http://responder.example.com:8888/responder
 SSLOCSPOverrideResponder on
+</highlight>
 </example>
 </usage>
 </directivesynopsis>
@@ -2063,7 +2148,9 @@ in <a href="http://cve.mitre.org/cgi-bin
 </note>
 
 <example><title>Example</title>
+<highlight language="config">
 SSLInsecureRenegotiation on
+</highlight>
 </example>
 
 <p>The <code>SSL_SECURE_RENEG</code> environment variable can be used



Mime
View raw message