Return-Path:
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id 63D491860F
for ;
Mon, 1 Jun 2015 15:34:13 +0000 (UTC)
Received: (qmail 32238 invoked by uid 500); 1 Jun 2015 15:34:13 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 32160 invoked by uid 500); 1 Jun 2015 15:34:13 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 32151 invoked by uid 99); 1 Jun 2015 15:34:13 -0000
Received: from eris.apache.org (HELO hades.apache.org) (140.211.11.105)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Jun 2015 15:34:13 +0000
Received: from hades.apache.org (localhost [127.0.0.1])
by hades.apache.org (ASF Mail Server at hades.apache.org) with ESMTP id
98E01AC0553
for ; Mon, 1 Jun 2015 15:34:12 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: svn commit: r1682934 - in /httpd/httpd/branches/2.4.x/docs/manual:
mod/mod_log_config.html.en mod/mod_ssl.html.en mod/mod_ssl.html.fr
mod/mod_ssl.xml.fr mod/mod_ssl.xml.meta ssl/ssl_faq.html.en
ssl/ssl_faq.html.fr ssl/ssl_faq.xml.fr ssl/ssl_faq.xml.meta
Date: Mon, 01 Jun 2015 15:34:12 -0000
To: cvs@httpd.apache.org
From: rjung@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20150601153412.98E01AC0553@hades.apache.org>
Author: rjung
Date: Mon Jun 1 15:34:11 2015
New Revision: 1682934
URL: http://svn.apache.org/r1682934
Log:
Xforms.
Modified:
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.html.en
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.fr
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.fr
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.en
httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.fr
httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr
httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.meta
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.html.en?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.html.en Mon Jun 1 15:34:11 2015
@@ -143,45 +143,42 @@
matching error log line to see what request caused what error.
%m |
The request method. |
-%M |
- The time taken to serve the request, in milliseconds.
- (available in 2.4.13 and later) |
-%{VARNAME}n |
+
%{VARNAME}n |
The contents of note VARNAME from another
module. |
-%{VARNAME}o |
+
%{VARNAME}o |
The contents of VARNAME: header line(s)
in the reply. |
-%p |
+
%p |
The canonical port of the server serving the request. |
-%{format}p |
+
%{format}p |
The canonical port of the server serving the request, or the
server's actual port, or the client's actual port. Valid formats
are canonical , local , or remote .
|
-%P |
+
%P |
The process ID of the child that serviced the request. |
-%{format}P |
+
%{format}P |
The process ID or thread ID of the child that serviced the
request. Valid formats are pid , tid ,
and hextid . hextid requires APR 1.2.0 or
higher.
|
-%q |
+
%q |
The query string (prepended with a ? if a query
string exists, otherwise an empty string). |
-%r |
+
%r |
First line of request. |
-%R |
+
%R |
The handler generating the response (if any). |
-%s |
+
%s |
Status. For requests that have been internally redirected, this is
the status of the original request. Use %>s
for the final status. |
-%t |
+
%t |
Time the request was received, in the format [18/Sep/2011:19:18:28 -0400] .
The last number indicates the timezone offset from GMT |
-%{format}t |
+
%{format}t |
The time, in the form given by format, which should be in
an extended strftime(3) format (potentially localized).
If the format starts with begin: (default) the time is taken
@@ -201,8 +198,16 @@
formatting in the same format string. You can use multiple
%{format}t tokens instead.
|
-%T |
+
%T |
The time taken to serve the request, in seconds. |
+%{UNIT}T |
+ The time taken to serve the request, in a time unit given by
+ UNIT . Valid units are ms for milliseconds,
+ us for microseconds, and s for seconds.
+ Using s gives the same result as %T
+ without any format; using us gives the same result
+ as %D . Combining %T with a unit is
+ available in 2.4.13 and later. |
%u |
Remote user if the request was authenticated. May be bogus if return status
(%s ) is 401 (unauthorized). |
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en Mon Jun 1 15:34:11 2015
@@ -566,35 +566,44 @@ confused in this situation.
This directive points to a file with certificate data in PEM format.
At a minimum, the file must include an end-entity (leaf) certificate.
-Beginning with version 2.4.8, it may also include intermediate CA
-certificates, sorted from leaf to root, and obsoletes
-SSLCertificateChainFile
.
+The directive can be used multiple times (referencing different filenames)
+to support multiple algorithms for server authentication - typically
+RSA, DSA, and ECC. The number of supported algorithms depends on the
+OpenSSL version being used for mod_ssl: with version 1.0.0 or later,
+openssl list-public-key-algorithms
will output a list
+of supported algorithms.
-Additional optional elements are DH parameters and/or an EC curve name
-for ephemeral keys, as generated by openssl dhparam
and
-openssl ecparam
, respectively (supported in version 2.4.7
-or later) and finally, the end-entity certificate's private key.
-If the private key is encrypted, the pass phrase dialog is forced
-at startup time.
+The files may also include intermediate CA certificates, sorted from
+leaf to root. This is supported with version 2.4.8 and later,
+and obsoletes SSLCertificateChainFile
.
+When running with OpenSSL 1.0.2 or later, this allows
+to configure the intermediate CA chain on a per-certificate basis.
+
-This directive can be used multiple times (referencing different filenames)
-to support multiple algorithms for server authentication - typically
-RSA, DSA, and ECC. The number of supported algorithms depends on the
-OpenSSL version being used for mod_ssl: with version 1.0.0 or later,
-openssl list-public-key-algorithms
will output a list
-of supported algorithms.
+Custom DH parameters and an EC curve name for ephemeral keys,
+can also be added to end of the first file configured using
+SSLCertificateChainFile
.
+This is supported in version 2.4.7 or later.
+Such parameters can be generated using the commands
+openssl dhparam
and openssl ecparam
.
+The parameters can be added as-is to the end of the first
+certificate file. Only the first file can be used for custom
+parameters, as they are applied independently of the authentication
+algorithm type.
+
-When running with OpenSSL 1.0.2 or later, this directive allows
-to configure the intermediate CA chain on a per-certificate basis,
-which removes a limitation of the (now obsolete)
-SSLCertificateChainFile
directive.
-DH and ECDH parameters, however, are only read from the first
-SSLCertificateFile
directive, as they
-are applied independently of the authentication algorithm type.
+Finally the the end-entity certificate's private key can also be
+added to the certificate file instead of using a separate
+SSLCertificateKeyFile
+directive. This practice is highly discouraged. If it is used,
+the certificate files using such an embedded key must be configured
+after the certificates using a separate key file. If the private
+key is encrypted, the pass phrase dialog is forced at startup time.
+
DH parameter interoperability with primes > 1024 bit
@@ -627,9 +636,7 @@ such issues.
This directive points to the PEM-encoded private key file for the
-server (the private key may also be combined with the certificate in the
-SSLCertificateFile
, but this practice
-is discouraged). If the contained private key is encrypted, the pass phrase
+server. If the contained private key is encrypted, the pass phrase
dialog is forced at startup time.
@@ -639,6 +646,13 @@ to support multiple algorithms for serve
directive, there must be a matching SSLCertificateFile
directive.
+
+The private key may also be combined with the certificate in the file given by
+SSLCertificateFile
, but this practice
+is highly discouraged. If it is used, the certificate files using such
+an embedded key must be configured after the certificates using a separate
+key file.
+
Example
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"
@@ -2168,7 +2182,9 @@ dd if=/dev/random of=/path/to/file.tkey
Ticket keys should be rotated (replaced) on a frequent basis,
as this is the only way to invalidate an existing session ticket -
-OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+A new ticket key only gets used after restarting the web server.
+All existing session tickets become invalid after a restart.
The ticket key file contains sensitive keying material and should
@@ -2266,10 +2282,6 @@ With the exception of none
the same storage types are supported as with
SSLSessionCache
.
-
The ssl-stapling
mutex is used to serialize access to the
-OCSP stapling cache to prevent corruption. This mutex can be configured
-using the Mutex
directive.
-
@@ -2492,6 +2504,14 @@ stated goal of "saving roundtrips and re
(TLS Multiple Certificate Status Extension).
+
When OCSP stapling is enabled, the ssl-stapling
mutex is used
+to control access to the OCSP stapling cache in order to prevent corruption,
+and the sss-stapling-refresh
mutex is used to control refreshes
+of OCSP responses. These mutexes can be configured using the
+Mutex
directive.
+
+
+
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.fr?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.fr Mon Jun 1 15:34:11 2015
@@ -29,6 +29,8 @@
Langues Disponibles: en |
fr
+
Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.
Description: | Chiffrement de haut niveau basé sur les protocoles Secure
Sockets Layer (SSL) et Transport Layer Security (TLS) |
Statut: | Extension |
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.fr?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.fr Mon Jun 1 15:34:11 2015
@@ -1,7 +1,7 @@
-
+
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta Mon Jun 1 15:34:11 2015
@@ -8,6 +8,6 @@
en
- fr
+ fr
Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.en?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.en Mon Jun 1 15:34:11 2015
@@ -756,20 +756,22 @@ Explorer (MSIE)?
or higher), you can either rearrange mod_ssl's cipher list with
SSLCipherSuite
(possibly in conjunction with SSLHonorCipherOrder
),
- or you can use the SSLCertificateFile
- directive to configure custom DH parameters with a 1024-bit prime, which
+ or you can use custom DH parameters with a 1024-bit prime, which
will always have precedence over any of the built-in DH parameters.
- To generate custom DH parameters, use the openssl dhparam
- command. Alternatively, you can append the following standard 1024-bit DH
+
To generate custom DH parameters, use the openssl dhparam 1024
+ command. Alternatively, you can use the following standard 1024-bit DH
parameters from RFC 2409,
- section 6.2 to the respective
- SSLCertificateFile
file:
+ section 6.2:
-----BEGIN DH PARAMETERS-----
MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----
+ Add the custom parameters including the "BEGIN DH PARAMETERS" and
+ "END DH PARAMETERS" lines to the end of the first certificate file
+ you have configured using the
+ SSLCertificateFile
directive.
Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.fr?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.html.fr Mon Jun 1 15:34:11 2015
@@ -26,6 +26,8 @@
Langues Disponibles: en |
fr
+Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.
Le sage n'apporte pas de bonnes réponses, il pose les bonnes questions
Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.fr Mon Jun 1 15:34:11 2015
@@ -1,7 +1,7 @@
-
+
Modified: httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.meta?rev=1682934&r1=1682933&r2=1682934&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.meta (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/ssl/ssl_faq.xml.meta Mon Jun 1 15:34:11 2015
@@ -8,6 +8,6 @@
en
- fr
+ fr