httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <yla...@apache.org>
Subject Re: svn commit: r1584098 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml modules/ssl/ssl_engine_ocsp.c modules/ssl/ssl_private.h
Date Thu, 03 Apr 2014 23:06:50 GMT
On Wed, Apr 2, 2014 at 7:21 PM,  <ylavic@apache.org> wrote:
> Author: ylavic
> Date: Wed Apr  2 17:21:28 2014
> New Revision: 1584098
>
> URL: http://svn.apache.org/r1584098
> Log:
> mod_ssl: follow up to r1583191.
>
> New SSLOCSPUseRequestNonce directive's manual and CHANGES.
>
[snip]
>
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1584098&r1=1584097&r2=1584098&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Wed Apr  2 17:21:28 2014
> @@ -2278,6 +2278,23 @@ which means that OCSP responses are cons
>  </directivesynopsis>
>
>  <directivesynopsis>
> +<name>SSLOCSPUseRequestNonce</name>
> +<description>Use a nonce within OCSP queries</description>
> +<syntax>SSLOCSPUseRequestNonce on|off</syntax>
> +<default>SSLOCSPUseRequestNonce on</default>
> +<contextlist><context>server config</context>
> +<context>virtual host</context></contextlist>
> +<compatibility>Available in httpd 2.4.10 and later, if using OpenSSL 0.9.7 or
later</compatibility>

I had to use the next version number here, while it is abviously not
yet accepted for backport.
What is the procedure in this case?

> +
> +<usage>
> +<p>This option determines whether queries to OCSP responders should contain
> +a nonce or not. By default, a query nonce is always used and checked against
> +the response's one. When the responder does not use nonces (eg. Microsoft OCSP
> +Responder), this option ought to be turned <code>off</code>.</p>
> +</usage>
> +</directivesynopsis>
> +
> +<directivesynopsis>
>  <name>SSLInsecureRenegotiation</name>
>  <description>Option to enable support for insecure renegotiation</description>
>  <syntax>SSLInsecureRenegotiation on|off</syntax>
>

Mime
View raw message