You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jeff Trawick <tr...@gmail.com> on 2014/04/09 21:56:52 UTC

Re: svn commit: r1585902 - in /httpd/httpd/branches/2.4.x/docs/manual/mod: mod_ssl.html.en mod_ssl.xml mod_ssl.xml.meta

On Wed, Apr 9, 2014 at 2:24 AM, <kb...@apache.org> wrote:

> Author: kbrand
> Date: Wed Apr  9 08:24:25 2014
> New Revision: 1585902
>
> URL: http://svn.apache.org/r1585902
> Log:
> Update SSLPassPhraseDialog directive docs to correctly describe the
> current behavior for "exec"-type programs in 2.4.x, at least.
> The new argument structure is a consequence of r1573360 (backport
> to 2.4.8 [unreleased]).
>
> Modified:
>     httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
>     httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
>     httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
>
> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en Wed Apr  9
> 08:24:25 2014
> @@ -1258,11 +1258,16 @@ query can be done in two ways which can
>  <li><code>exec:/path/to/program</code>
>      <p>
>      Here an external program is configured which is called at startup for
> each
> -    encrypted Private Key file. It is called with two arguments (the
> first is
> +    encrypted Private Key file.
> +    For versions up to 2.4.7, it is called with two arguments (the first
> is
>      of the form ``<code>servername:portnumber</code>'', the second is
> either
>      ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''),
> which
>      indicate for which server and algorithm it has to print the
> corresponding
> -    Pass Phrase to <code>stdout</code>.  The intent is that this external
> +    Pass Phrase to <code>stdout</code>.
> +    Starting with version 2.4.9, it is called with one argument, a string
> of the
> +    form ``<code>servername:portnumber:index</code>'' (with
> <code>index</code>
> +    being a zero-based sequence number), which indicate the server, TCP
> port
> +    and certificate number.  The intent is that this external
>      program first runs security checks to make sure that the system is not
>      compromised by an attacker, and only when these checks were passed
>      successfully it provides the Pass Phrase.</p>
>

IMO this needs to be reworked to restore compatibility for 2.x up through
2.4.7, with the new interface used if some new keyword is added on the
directive.  Yeah, some people who reworked their scripts will have to add
that new keyboard, but this will unblock others (vendors, distros,
individuals) from upgrading without surprise.



> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Wed Apr  9
> 08:24:25 2014
> @@ -295,11 +295,16 @@ query can be done in two ways which can
>  <li><code>exec:/path/to/program</code>
>      <p>
>      Here an external program is configured which is called at startup for
> each
> -    encrypted Private Key file. It is called with two arguments (the
> first is
> +    encrypted Private Key file.
> +    For versions up to 2.4.7, it is called with two arguments (the first
> is
>      of the form ``<code>servername:portnumber</code>'', the second is
> either
>      ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''),
> which
>      indicate for which server and algorithm it has to print the
> corresponding
> -    Pass Phrase to <code>stdout</code>.  The intent is that this external
> +    Pass Phrase to <code>stdout</code>.
> +    Starting with version 2.4.9, it is called with one argument, a string
> of the
> +    form ``<code>servername:portnumber:index</code>'' (with
> <code>index</code>
> +    being a zero-based sequence number), which indicate the server, TCP
> port
> +    and certificate number.  The intent is that this external
>      program first runs security checks to make sure that the system is not
>      compromised by an attacker, and only when these checks were passed
>      successfully it provides the Pass Phrase.</p>
>
> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta Wed Apr  9
> 08:24:25 2014
> @@ -8,6 +8,6 @@
>
>    <variants>
>      <variant>en</variant>
> -    <variant outdated="yes">fr</variant>
> +    <variant>fr</variant>
>    </variants>
>  </metafile>
>
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/