Changeset 97c930f in mod_gnutls

Timestamp:

Jun 27, 2015, 1:30:15 PM (4 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, upstream

Children:

90d8480

Parents:

e391197

git-author:

Thomas Klute <thomas2.klute@…> (06/27/15 13:29:30)

git-committer:

Thomas Klute <thomas2.klute@…> (06/27/15 13:30:15)

Message:

Update documentation for use of X.509 keys and certificates

GnuTLSCertificateFile and GnuTLSKeyFile now accept PKCS #11 URLs, and a
key file may be encrypted if GnuTLSPIN is set to the key.

File:

• doc/mod_gnutls_manual.mdwn (modified) (2 diffs)

doc/mod_gnutls_manual.mdwn

@@ -150 +150 @@
 as the last certificate in the list.
 
+Since version 0.7 this can be a PKCS #11 URL.
+
 `GnuTLSKeyFile`
 ---------------
@@ -160 +162 @@
 Context: server config, virtual host
 
-Takes an absolute or relative path to the Server Private Key. This key
-cannot currently be password protected.
+Takes an absolute or relative path to the Server Private Key. Set
+`GnuTLSPIN` if the key file is encrypted.
+
+Since version 0.7 this can be a PKCS #11 URL.
 
 **Security Warning:**\
- This private key must be protected. It is read while Apache is still
+This private key must be protected. It is read while Apache is still
 running as root, and does not need to be readable by the nobody or
 apache user.