source: mod_gnutls/README @ 0de1839

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 0de1839 was 0de1839, checked in by Thomas Klute <thomas2.klute@…>, 5 years ago

Support X.509 auth for TLS proxy connections

This commit adds support for X.509 certificate based authentication for
TLS proxy back end connections, including both server certificate
checking and (optionally) TLS client authentication. Some functions used
for this require GnuTLS 3.1.4 or later, so requirements change
accordingly.

Three new configuration parameters are added:

GnuTLSProxyCAFile FILEPATH

The given file must contain trusted CA certificates for server
verification. Required.

GnuTLSProxyKeyFile FILEPATH
GnuTLSProxyCertificateFile FILEPATH

Key and certificate for TLS client auth towards TLS back end servers. If
not set, TLS client auth is disabled.

  • Property mode set to 100644
File size: 991 bytes
Line 
1mod_gnutls, Apache GnuTLS module
2================================
3
4  https://mod.gnutls.org/
5
6Mailing List:
7
8  mod_gnutls development <mod_gnutls-devel@lists.gnutls.org>
9
10Lead Maintainer:
11
12  Daniel Kahn Gillmor <dkg@fifthhorseman.net>
13
14Past maintainers and other contributors:
15
16  Paul Querna <chip at force-elite.com>
17  Nikos Mavrogiannopoulos <nmav at gnutls.org>
18  Dash Shendy <neuromancer at dash.za.net>
19  Thomas Klute <thomas2.klute@uni-dortmund.de>
20
21Prerequisites
22-------------
23
24 * GnuTLS          >= 3.1.4 <http://www.gnutls.org/>
25 * Apache HTTPD    >= 2.2 <http://httpd.apache.org/> (2.4.* preferred)
26 * autotools & gcc
27 * APR Memcache    >= 0.7.0 (Optional)
28 * libmsv          >= 0.1 (Optional)
29
30Installation
31------------
32
33 tar xzvf mod_gnutls-version.tar.gz
34 cd mod_gnutls-version/
35 autoreconf -fiv
36 ./configure --with-apxs=PATH --enable-msva
37 make
38 make install
39 # Configure & restart apache
40
41Configuration
42-------------
43
44 Please see doc/mod_gnutls_manual.mdwn for more details.
Note: See TracBrowser for help on using the repository browser.