Changeset e796121 in mod_gnutls


Ignore:
Timestamp:
Sep 30, 2018, 3:09:38 AM (14 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master
Children:
bd1d8d3
Parents:
ed5d2b8
Message:

Remove documentation on OpenPGP authentication

File:
1 edited

Legend:

Unmodified
Added
Removed
  • doc/mod_gnutls_manual.mdwn

    red5d2b8 re796121  
    298298server and the client to CGI scripts via the `SSL_SERVER_CERT` and
    299299`SSL_CLIENT_CERT` environment variables. The exported certificates
    300 will be PEM-encoded (if X.509) or ASCII-armored (if OpenPGP) up to the
    301 size given.  The type of the certificate will be exported in
    302 `SSL_SERVER_CERT_TYPE` and `SSL_CLIENT_CERT_TYPE`.
     300will be PEM-encoded, limited to the given size. The type of the
     301certificate will be exported in `SSL_SERVER_CERT_TYPE` and
     302`SSL_CLIENT_CERT_TYPE`.
    303303
    304304SIZE should be an integer number of bytes, or may be written with a
    305305trailing `K` to indicate kibibytes.  `off` means the same thing as
    306306`0`, in which case the certificates will not be exported to the
    307 environment.  `on` is an alias for `16K`. If a non-zero size is
     307environment. `on` is an alias for `16K`. If a non-zero size is
    308308specified for this directive, but a certificate is too large to fit in
    309309the buffer, then the corresponding environment variable will contain
     
    366366as a Certificate Authority with Client Certificate Authentication.
    367367This file may contain a list of trusted authorities.
    368 
    369 OpenPGP Certificate Authentication
    370 ----------------------------------
    371 
    372 *Warning:* OpenPGP support has been deprecated in GnuTLS since version
    373 3.5.9 and will be removed completely. Consequently, OpenPGP support in
    374 `mod_gnutls` is deprecated as well and will be removed in a future
    375 release.
    376 
    377 ### GnuTLSPGPCertificateFile
    378 
    379 Set to a base64 Encoded Server OpenPGP Certificate
    380 
    381     GnuTLSPGPCertificateFile FILEPATH
    382 
    383 Default: *none*\
    384 Context: server config, virtual host
    385 
    386 Takes an absolute or relative path to a base64 Encoded OpenPGP
    387 Certificate to use as this Server's Certificate.
    388 
    389 ### GnuTLSPGPKeyFile
    390 
    391 Set to the Server OpenPGP Secret Key
    392 
    393     GnuTLSPGPKeyFile FILEPATH
    394 
    395 Default: *none*\
    396 Context: server config, virtual host
    397 
    398 Takes an absolute or relative path to the Server Private Key. This key
    399 cannot currently be password protected.
    400 
    401 **Security Warning:**\
    402  This private key must be protected. It is read while Apache is still
    403 running as root, and does not need to be readable by the nobody or
    404 apache user.
    405 
    406 ### GnuTLSPGPKeyringFile
    407 
    408 Set to a base64 Encoded key ring
    409 
    410     GnuTLSPGPKeyringFile FILEPATH
    411 
    412 Default: *none*\
    413 Context: server config, virtual host
    414 
    415 Takes an absolute or relative path to a base64 Encoded Certificate
    416 list (key ring) to use as a means of verification of Client
    417 Certificates.  This file should contain a list of trusted signers.
    418368
    419369SRP Authentication
     
    761711
    762712     <VirtualHost 192.0.2.3:443>
    763          # This server enables SRP, OpenPGP and X.509 authentication.
     713         # This server enables SRP and X.509 authentication.
    764714         GnuTLSEnable on
    765          GnuTLSPriorities NORMAL:+SRP:+SRP-RSA:+SRP-DSS:+CTYPE-OPENPGP
     715         GnuTLSPriorities NORMAL:+SRP:+SRP-RSA:+SRP-DSS
    766716         DocumentRoot /www/site3.example.com/html
    767717         ServerName site3.example.com:443
     
    769719         GnuTLSKeyFile conf/tls/site3.key
    770720         GnuTLSClientVerify ignore
    771          GnuTLSPGPCertificateFile conf/tls/site3.pub.asc
    772          GnuTLSPGPKeyFile conf/tls/site3.sec.asc
    773721         GnuTLSSRPPasswdFile conf/tls/tpasswd.site3
    774722         GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site3.conf
     
    996944------------------
    997945
    998 The PEM-encoded (X.509) or ASCII-armored (OpenPGP) server certificate
    999 (see the `GnuTLSExportCertificates` directive).
     946The PEM-encoded (X.509) server certificate (see the
     947`GnuTLSExportCertificates` directive).
    1000948
    1001949`SSL_SERVER_CERT_TYPE`
    1002950----------------------
    1003951
    1004 The certificate type can be `X.509` or `OPENPGP`.
     952The certificate type will be `X.509`.
    1005953
    1006954`SSL_CLIENT_CERT`
    1007955------------------
    1008956
    1009 The PEM-encoded (X.509) or ASCII-armored (OpenPGP) client certificate
    1010 (see the `GnuTLSExportCertificates` directive).
     957PEM-encoded (X.509) client certificate, if any (see the
     958`GnuTLSExportCertificates` directive).
    1011959
    1012960`SSL_CLIENT_CERT_TYPE`
    1013961----------------------
    1014962
    1015 The certificate type can be `X.509` or `OPENPGP`.
     963The certificate type will be `X.509`, if any.
Note: See TracChangeset for help on using the changeset viewer.