Changeset d8ae2a0 in mod_gnutls


Ignore:
Timestamp:
Mar 19, 2015, 9:30:18 AM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
6bbc00a
Parents:
91ccb87
Message:

Documentation for proxy TLS configuration directives

Add documentation for the new configuration directives introduced in
commit 0de1839d444092a3d46ebae49572c54b1982f629, and add the generated
documentation files to .gitignore.

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • .gitignore

    r91ccb87 rd8ae2a0  
    2121m4/ltversion.m4
    2222m4/lt~obsolete.m4
     23docs/mod_gnutls_manual.html
     24docs/mod_gnutls_manual.pdf
  • docs/mod_gnutls_manual.mdwn

    r91ccb87 rd8ae2a0  
    395395With GnuTLSExportCertificates enabled, `mod_gnutls` exports the same
    396396environment variables to the CGI process as `mod_ssl`.
     397
     398
     399`SSLProxyEngine`
     400--------------
     401
     402Enable TLS proxy connections for this virtual host
     403
     404    SSLProxyEngine [on|off]
     405
     406Default: *off*\
     407Context: virtual host
     408
     409This directive enables support for TLS proxy connections for a virtual
     410host.
     411
     412`GnuTLSProxyCAFile`
     413--------------------
     414
     415Set to the PEM Encoded Certificate Authority Certificate
     416
     417    GnuTLSProxyCAFile FILEPATH
     418
     419Default: *none*\
     420Context: server config, virtual host
     421
     422Takes an absolute or relative path to a PEM Encoded Certificate to use
     423as a Certificate Authority when verifying certificates provided by
     424proxy back end servers. This file may contain a list of trusted
     425authorities. If not set, verification of TLS back end servers will
     426always fail due to lack of a trusted CA.
     427
     428`GnuTLSProxyCertificateFile`
     429-----------------------
     430
     431Set to the PEM Encoded Client Certificate
     432
     433    GnuTLSProxyCertificateFile FILEPATH
     434
     435Default: *none*\
     436Context: server config, virtual host
     437
     438Takes an absolute or relative path to a PEM-encoded X.509 certificate
     439to use as this Server's End Entity (EE) client certificate for TLS
     440client authentication in proxy TLS connections. If you need to supply
     441certificates for intermediate Certificate Authorities (iCAs), they
     442should be listed in sequence in the file, from EE to the iCA closest
     443to the root CA. Optionally, you can also include the root CA's
     444certificate as the last certificate in the list.
     445
     446If not set, TLS client authentication will be disabled for TLS proxy
     447connections. If set, `GnuTLSProxyKeyFile` must be set as well to
     448provide the matching private key.
     449
     450`GnuTLSProxyKeyFile`
     451---------------
     452
     453Set to the PEM Encoded Private Key
     454
     455    GnuTLSProxyKeyFile FILEPATH
     456
     457Default: *none*\
     458Context: server config, virtual host
     459
     460Takes an absolute or relative path to the Private Key matching the
     461certificate configured using the `GnuTLSProxyCertificateFile`
     462directive. This key cannot currently be password protected.
     463
     464**Security Warning:**\
     465This private key must be protected. It is read while Apache is still
     466running as root, and does not need to be readable by the nobody or
     467apache user.
    397468
    398469* * * * *
Note: See TracChangeset for help on using the changeset viewer.