httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1761217 - /httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
Date Sat, 17 Sep 2016 13:10:06 GMT
Author: covener
Date: Sat Sep 17 13:10:06 2016
New Revision: 1761217

Merge r1761215 from trunk:

feedback in

This added paragraph about optional and optional_no_ca isn't helpful.

At the TLS layer, the challenge for otpional and required are no different.

Move the caution about _no_ca up into where the option is defined
and reword.


Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Sat Sep 17 13:10:06 2016
@@ -1292,13 +1292,9 @@ The following levels are available for <
      the client <em>has to</em> present a valid Certificate</li>
      the client may present a valid Certificate<br />
-     but it need not to be (successfully) verifiable.</li>
+     but it need not to be (successfully) verifiable. This option
+     cannot be relied upon for client authentication.  </li>
-<p>In practice only levels <strong>none</strong> and
-<strong>require</strong> are really interesting, because level
-<strong>optional</strong> doesn't work with all browsers and level
-<strong>optional_no_ca</strong> is actually against the idea of
-authentication (but can be used to establish SSL test pages, etc.)</p>
 <highlight language="config">
 SSLVerifyClient require

View raw message