asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
Last change
on this file since bd24203 was
0de1839,
checked in by Thomas Klute <thomas2.klute@…>, 8 years ago
|
Support X.509 auth for TLS proxy connections
This commit adds support for X.509 certificate based authentication for
TLS proxy back end connections, including both server certificate
checking and (optionally) TLS client authentication. Some functions used
for this require GnuTLS 3.1.4 or later, so requirements change
accordingly.
Three new configuration parameters are added:
GnuTLSProxyCAFile FILEPATH
The given file must contain trusted CA certificates for server
verification. Required.
GnuTLSProxyKeyFile FILEPATH
GnuTLSProxyCertificateFile FILEPATH
Key and certificate for TLS client auth towards TLS back end servers. If
not set, TLS client auth is disabled.
|
-
Property mode set to
100644
|
File size:
991 bytes
|
Line | |
---|
1 | mod_gnutls, Apache GnuTLS module |
---|
2 | ================================ |
---|
3 | |
---|
4 | https://mod.gnutls.org/ |
---|
5 | |
---|
6 | Mailing List: |
---|
7 | |
---|
8 | mod_gnutls development <mod_gnutls-devel@lists.gnutls.org> |
---|
9 | |
---|
10 | Lead Maintainer: |
---|
11 | |
---|
12 | Daniel Kahn Gillmor <dkg@fifthhorseman.net> |
---|
13 | |
---|
14 | Past maintainers and other contributors: |
---|
15 | |
---|
16 | Paul Querna <chip at force-elite.com> |
---|
17 | Nikos Mavrogiannopoulos <nmav at gnutls.org> |
---|
18 | Dash Shendy <neuromancer at dash.za.net> |
---|
19 | Thomas Klute <thomas2.klute@uni-dortmund.de> |
---|
20 | |
---|
21 | Prerequisites |
---|
22 | ------------- |
---|
23 | |
---|
24 | * GnuTLS >= 3.1.4 <http://www.gnutls.org/> |
---|
25 | * Apache HTTPD >= 2.2 <http://httpd.apache.org/> (2.4.* preferred) |
---|
26 | * autotools & gcc |
---|
27 | * APR Memcache >= 0.7.0 (Optional) |
---|
28 | * libmsv >= 0.1 (Optional) |
---|
29 | |
---|
30 | Installation |
---|
31 | ------------ |
---|
32 | |
---|
33 | tar xzvf mod_gnutls-version.tar.gz |
---|
34 | cd mod_gnutls-version/ |
---|
35 | autoreconf -fiv |
---|
36 | ./configure --with-apxs=PATH --enable-msva |
---|
37 | make |
---|
38 | make install |
---|
39 | # Configure & restart apache |
---|
40 | |
---|
41 | Configuration |
---|
42 | ------------- |
---|
43 | |
---|
44 | Please see doc/mod_gnutls_manual.mdwn for more details. |
---|
Note: See
TracBrowser
for help on using the repository browser.