Changeset 2cde026d in mod_gnutls for docs


Ignore:
Timestamp:
Apr 21, 2015, 8:09:54 AM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, proxy-ticket, upstream
Children:
4133f2d
Parents:
73f6f12 (diff), d04f7da (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
git-author:
Thomas Klute <thomas2.klute@…> (04/21/15 06:25:30)
git-committer:
Thomas Klute <thomas2.klute@…> (04/21/15 08:09:54)
Message:

Merge branch 'new-gnutls-api'

Merge my TLS proxy implementation with Nikos Mavrogiannopoulos' changes
to use the new GnuTLS key handling API. Some conflicts had to be
resolved.

In Nikos' branch, structures for credentials and priorities are
allocated in mgs_load_files (gnutls_config.c), rather than during server
config structure creation as before. This makes sense, but his patch
doesn't consider the proxy credentials because they didn't exist at the
time.

To minimize additional changes during the merge, proxy credentials are
now allocated in load_proxy_x509_credentials (gnutls_hooks.c), and
mgs_set_priorities (gnutls_config.c) treats proxy and front end
credentials differently (value of GnuTLSPriorities is stored for
mgs_load_files, GnuTLSProxyPriorities is parsed immediately).

Unified handling of priority strings in mgs_set_priorities should be
restored later (towards parsing in post config), handling front end and
proxy credentials separately makes sense because the latter need only be
loaded when TLS proxy operation is enabled and there are some
differences between client (proxy back end) and server (front end)
operation.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • docs/mod_gnutls_manual.mdwn

    r73f6f12 r2cde026d  
    367367as protection against statistical attacks to ciphertext data in order to
    368368achieve maximum compatibility (some broken mobile clients need this).
     369
     370`GnuTLSPIN`
     371------------------
     372
     373Set the PIN to be used to access encrypted key files or PKCS #11 objects.
     374
     375    GnuTLSPIN XXXXXX
     376
     377Default: *none*\
     378Context: server config, virtual host
     379
     380Takes a string to be used as a PIN for the protected objects in
     381a security module, or as a key to be used to decrypt PKCS #8, PKCS #12,
     382or openssl encrypted keys.
     383
     384`GnuTLSSRKPIN`
     385------------------
     386
     387Set the SRK PIN to be used to unlaccess the TPM.
     388
     389    GnuTLSSRKPIN XXXXXX
     390
     391Default: *none*\
     392Context: server config, virtual host
     393
     394Takes a string to be used as a PIN for the protected objects in
     395the TPM module.
    369396
    370397`GnuTLSExportCertificates`
Note: See TracChangeset for help on using the changeset viewer.