You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ta...@apache.org on 2014/04/22 14:02:31 UTC
svn commit: r1589098 [2/10] - in /httpd/httpd/trunk/docs/manual: ./ howto/
mod/ programs/ rewrite/
Modified: httpd/httpd/trunk/docs/manual/mod/mod_headers.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_headers.html.fr?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_headers.html.fr (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_headers.html.fr Tue Apr 22 12:02:29 2014
@@ -211,14 +211,21 @@ Header merge Cache-Control no-store env=
<pre class="prettyprint lang-config">Header set Set-Cookie testcookie "expr=-z %{req:Cookie}"</pre>
</li>
+ <li>
+ Ajoute un en-tête de mise en cache pour les réponses avec un
+ code d'état HTTP de 200
+ <pre class="prettyprint lang-config">Header append Cache-Control s-maxage=600 "expr=%{REQUEST_STATUS} == 200"</pre>
+
+ </li>
+
</ol>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Header" id="Header">Header</a> <a name="header" id="header">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure les en-têtes d'une réponse HTTP</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>Header [<var>condition</var>] add|append|echo|edit|edit*|merge|set|unset|note
-<var>en-tête</var> [<var>[expr=]valeur</var>] [<var>remplacement</var>]
+<tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>Header [<var>condition</var>] add|append|echo|edit|edit*|merge|set|setifempty|unset|note
+<var>en-tête</var> [[expr=]<var>valeur]</var>] [<var>remplacement</var>]
[early|env=[!]<var>variable</var>]|expr=<var>expression</var>]
</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel, répertoire, .htaccess</td></tr>
@@ -226,7 +233,8 @@ Header merge Cache-Control no-store env=
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_headers</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>SetIfEmpty est disponible depuis la version 2.4.7 du
-serveur HTTP Apache</td></tr>
+serveur HTTP Apache ; le paramètre expr= valeur a été introduit avec la
+version 2.4.10</td></tr>
</table>
<p>Cette directive permet de remplacer, fusionner, ou
supprimer des en-têtes de réponse HTTP. L'en-tête est modifié juste
@@ -236,24 +244,27 @@ serveur HTTP Apache</td></tr>
<p>L'argument optionnel <var>condition</var> permet de déterminer
sur quelle table interne d'en-têtes de réponses cette directive va
- opérer. D'autres composants du serveur peuvent avoir stocké leurs
- en-têtes de réponses dans la table correspondant à
- <code>onsuccess</code> ou dans celle correspondant à
- <code>always</code>. Dans ce contexte, "Always" fait référence au
- choix d'envoyer les en-têtes que vous ajoutez aux réponses, qu'elle
- soient avec succès ou échouées ; par contre, si votre action est une
- fonction d'un en-tête existant, vous devrez lire la documentation de
- manière plus approfondie car dans ce cas, les choses se compliquent.</p>
-
- <p>Vous pouvez avoir à changer la valeur par défaut
- <code>onsuccess</code> en <code>always</code> dans des circonstances
- similaires à celles exposées plus loin. Notez aussi que la répétition
+ opérer. En dépit du nom, la valeur par défaut de
+ <code>onsuccess</code> ne limite <em>pas</em> une <var>action</var>
+ aux réponses avec un code d'état de 2xx. Les en-têtes définis sous
+ cette condition sont encore utilisés quand par exemple une requête
+ est mandatée ou générée par un programme CGI avec <em>succès</em>,
+ et ceci même dans le cas où ils ont généré un code d'échec.</p>
+
+ <p>Lorsque votre action est une fonction agissant sur un en-tête
+ existant, vous pourrez être amené à spécifier une condition
+ <code>always</code>, en fonction de la table interne dans laquelle
+ l'en-tête original a été défini. La table qui correspond à
+ <code>always</code> est utilisée pour les réponses d'erreur générées
+ localement ainsi que pour les réponses qui ont abouti.
+ Notez aussi que la répétition
de cette directive avec les deux conditions peut être pertinente
dans certains scénarios, car <code>always</code> n'englobe pas
<code>onsuccess</code> en ce qui concerne les en-têtes existants :</p>
<ul>
- <li>Vous ajoutez un en-tête à une réponse échouée (non-2xx),
+ <li>Vous ajoutez un en-tête à une réponse
+ générée localement et échouée (non-2xx),
une redirection par exemple, et dans ce cas, seule la table
correspondant à <code>always</code> est utilisée dans la réponse
définitive.</li>
@@ -266,6 +277,12 @@ serveur HTTP Apache</td></tr>
condition par défaut <code>onsuccess</code>.</li>
</ul>
+ <p>Outre le paramètre <var>condition</var> décrit ci-dessus, vous
+ pouvez limiter une action en fonction de codes d'état HTTP, par
+ exemple pour les requêtes mandatées ou générées par un programme
+ CGI. Voir l'exemple qui utilise %{REQUEST_STATUS} dans la section
+ ci-dessus.</p>
+
<p>L'action que cette directive provoque est déterminée par le
premier argument (ou par le second argument si une
<var>condition</var> est spécifiée). Il peut prendre
@@ -324,8 +341,8 @@ serveur HTTP Apache</td></tr>
<dt><code>setifempty</code></dt>
<dd>L'en-tête est défini, mais seulement s'il n'existe
- aucun en-tête avec le même nom. Disponible depuis la
- version 2.4.7 du serveur HTTP Apache.</dd>
+ aucun en-tête avec le même nom.<br />
+ Disponible depuis la version 2.4.7 du serveur HTTP Apache.</dd>
<dt><code>unset</code></dt>
<dd>L'en-tête est supprimé s'il existe. Si plusieurs en-têtes
@@ -335,9 +352,10 @@ serveur HTTP Apache</td></tr>
<dt><code>note</code></dt>
<dd>La valeur de l'<var>en-tête</var> considéré est copiée dans une
note interne dont le nom est spécifié via l'argument
- <var>valeur</var>. Ceci permet d'enregistrer la valeur d'un en-tête
+ <var>valeur</var>. Ceci permet de journaliser la valeur d'un en-tête
envoyé par un programme CGI ou une ressource mandatée, même s'il
- est prévu de l'effacer.</dd>
+ est prévu de l'effacer.<br />
+ Disponible à partir de la version 2.4.7 du serveur HTTP Apache.</dd>
</dl>
@@ -377,17 +395,20 @@ serveur HTTP Apache</td></tr>
sont les valeurs obtenues par <code>getloadavg()</code> qui
représentent la charge moyenne courante, sur 5 minutes et sur 15
minutes. Chaque valeur est précédée de <code>l=</code> et
- séparée de la suivante par un <code>/</code>.
+ séparée de la suivante par un <code>/</code>.<br />
+ Disponible depuis la version 2.4.4 du serveur HTTP Apache.
</td></tr>
<tr><td><code>%i</code></td>
<td>Le pourcentage courant de httpd au repos (de 0 à 100)
en se basant sur le nombre de processus et threads disponibles.
- La valeur est précédée de <code>i=</code>.
+ La valeur est précédée de <code>i=</code>.<br />
+ Disponible depuis la version 2.4.4 du serveur HTTP Apache.
</td></tr>
<tr class="odd"><td><code>%b</code></td>
<td>Le pourcentage courant de httpd utilisé (de 0 à 100)
en se basant sur le nombre de processus et threads disponibles.
- La valeur est précédée de <code>b=</code>.
+ La valeur est précédée de <code>b=</code>.<br />
+ Disponible depuis la version 2.4.4 du serveur HTTP Apache.
</td></tr>
<tr><td><code>%{NOM_VARIABLE}e</code></td>
<td>Le contenu de la <a href="../env.html">variable
@@ -411,7 +432,8 @@ serveur HTTP Apache</td></tr>
<p><code>edit</code>nécessite les deux arguments
<var>valeur</var>, qui est une <a class="glossarylink" href="../glossary.html#regex" title="voir glossaire">expression
rationnelle</a>, et une chaîne additionnelle
- <var>remplacement</var>. La chaîne de remplacement peut aussi
+ <var>remplacement</var>. Depuis la version 2.4.7, la chaîne de
+ remplacement peut aussi
contenir des spécificateurs de format.</p>
<p>La directive <code class="directive">Header</code> peut être suivie d'un
@@ -435,8 +457,9 @@ serveur HTTP Apache</td></tr>
directives <code class="directive">Header</code> sont traitées juste avant
l'envoi de la réponse sur le réseau. Cela signifie qu'il est
possible de définir et/ou modifier la plupart des en-têtes, à
- l'exception de ceux qui sont ajoutés par le filtre HTTP
- d'en-tête, comme Content-Type.</p>
+ l'exception de certains en-têtes qui sont ajoutés par le filtre
+ d'en-tête HTTP. Avant la version 2.2.12, il n'était pas
+ possible de modifier l'en-tête Content-Type avec cette directive.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -444,7 +467,7 @@ serveur HTTP Apache</td></tr>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure les en-têtes d'une requête HTTP</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>RequestHeader add|append|edit|edit*|merge|set|setifempty|unset
-<var>en-tête</var> [<var>valeur</var>] [<var>remplacement</var>]
+<var>en-tête</var> [[expr=]<var>valeur</var>] [<var>remplacement</var>]
[early|env=[!]<var>variable</var>]|expr=<var>expression</var>]
</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel, répertoire, .htaccess</td></tr>
@@ -452,7 +475,8 @@ serveur HTTP Apache</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_headers</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>SetIfEmpty est disponible depuis la version 2.4.7 du
-serveur HTTP Apache</td></tr>
+serveur HTTP Apache ; le paramètre expr= valeur a été introduit avec la
+version 2.4.10</td></tr>
</table>
<p>Cette directive permet de remplacer, fusionner, modifier ou
supprimer des en-têtes de requête HTTP. L'en-tête est modifié juste
@@ -509,8 +533,8 @@ serveur HTTP Apache</td></tr>
<dt><code>setifempty</code></dt>
<dd>L'en-tête est défini, mais seulement s'il n'existe
- aucun en-tête avec le même nom. Disponible depuis la
- version 2.4.7 du serveur HTTP Apache.</dd>
+ aucun en-tête avec le même nom.<br />
+ Disponible depuis la version 2.4.7 du serveur HTTP Apache.</dd>
<dt><code>unset</code></dt>
<dd>L'en-tête est supprimé s'il existe. Si plusieurs en-têtes
Modified: httpd/httpd/trunk/docs/manual/mod/mod_isapi.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_isapi.html.en?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_isapi.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_isapi.html.en Tue Apr 22 12:02:29 2014
@@ -225,7 +225,7 @@
<code>GetServerVariable</code>, as well as the <code>ALL_HTTP</code>
and <code>ALL_RAW</code> values.</p>
- <p>Apache httpd 2.0+ <code class="module"><a href="../mod/mod_isapi.html">mod_isapi</a></code> supports additional
+ <p>Since httpd 2.0, <code class="module"><a href="../mod/mod_isapi.html">mod_isapi</a></code> supports additional
features introduced in later versions of the ISAPI specification,
as well as limited emulation of async I/O and the
<code>TransmitFile</code> semantics. Apache httpd also supports preloading
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ldap.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ldap.html.fr?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ldap.html.fr (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ldap.html.fr Tue Apr 22 12:02:29 2014
@@ -27,6 +27,8 @@
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_ldap.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_ldap.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Conservation des connexions LDAP et services de mise en
cache du résultat à destination des autres modules LDAP</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_log_config.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_log_config.html.en?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_log_config.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_log_config.html.en Tue Apr 22 12:02:29 2014
@@ -284,7 +284,7 @@
prior to 2.0.46, no escaping was performed on these strings so
you had to be quite careful when dealing with raw log files.</p>
- <p>In httpd 2.0, unlike 1.3, the <code>%b</code> and
+ <p>Since httpd 2.0, unlike 1.3, the <code>%b</code> and
<code>%B</code> format strings do not represent the number of
bytes sent to the client, but simply the size in bytes of the
HTTP response (which will differ, for instance, if the
Modified: httpd/httpd/trunk/docs/manual/mod/mod_lua.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_lua.html.fr?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_lua.html.fr (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_lua.html.fr Tue Apr 22 12:02:29 2014
@@ -1730,7 +1730,7 @@ parentes sont fusionnées dans les enfan
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Expérimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_lua</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.5.0 du serveur HTTP
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.4.5 du serveur HTTP
Apache</td></tr>
</table>
<p>Cette directive permet d'ajouter un filtre en entrée sous la forme
@@ -1822,7 +1822,7 @@ sortie</td></tr>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Expérimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_lua</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible à partir de la version 2.5.0 du serveur HTTP
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible à partir de la version 2.4.5 du serveur HTTP
Apache</td></tr>
</table>
<p>>Cette directive permet d'ajouter un filtre en sortie sous la forme
Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.fr?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.fr (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.fr Tue Apr 22 12:02:29 2014
@@ -28,6 +28,8 @@
<a href="../fr/mod/mod_proxy.html" title="Français"> fr </a> |
<a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Serveur mandataire/passerelle multi-protocole</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>proxy_module</td></tr>
@@ -552,7 +554,7 @@ serveur HTTP Apache</td></tr>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible à partir de la version 2.4.4 du serveur
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible à partir de la version 2.4.5 du serveur
HTTP Apache.</td></tr>
</table>
<p>Cette directive permet d'attribuer au serveur virtuel courant
@@ -610,7 +612,7 @@ charge</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>BalancerPersist n'est disponible qu'à partir de la
- version 2.5.0 du serveur HTTP Apache.</td></tr>
+ version 2.4.4 du serveur HTTP Apache.</td></tr>
</table>
<p>Cette directive permet de conserver le contenu de l'espace
mémoire partagé associé aux répartiteurs de charge et à leurs
@@ -1471,7 +1473,8 @@ ProxyPass /mirror/foo http://backend.exa
d'application d'arrière-plan utilise des noms différents pour
les cookies et les identifiants codés d'URL (comme les
conteneurs de servlet), séparez-les par le caractère '|'. La
- première partie contient le cookie et la seconde le chemin.
+ première partie contient le cookie et la seconde le chemin.<br />
+ Disponible depuis la version 2.4.4 du serveur HTTP Apache.
</td></tr>
<tr><td>stickysessionsep</td>
<td>"."</td>
@@ -1513,7 +1516,8 @@ ProxyPass /mirror/foo http://backend.exa
dépassé en entrée/sortie après envoi d'une requête au serveur
d'arrière-plan va mettre le processus en état d'erreur. La
sortie de cet état d'erreur se passe de la même façon que pour
- les autres erreurs.
+ les autres erreurs.<br />
+ Disponible depuis la version 2.4.5 du serveur HTTP Apache.
</td></tr>
<tr><td>nonce</td>
@@ -1544,7 +1548,8 @@ ProxyPass /mirror/foo http://backend.exa
surchargé entre dans une situation critique si la relance de
tous les membres est forcée sans tenir compte du paramètre retry
de chaque membre. Dans ce cas, définissez ce paramètre à
- <code>Off</code>.
+ <code>Off</code>.<br />
+ Disponible depuis la version 2.4.2 du serveur HTTP Apache.
</td></tr>
</table>
@@ -1603,8 +1608,7 @@ ProxyPass / balancer://mycluster/ sticky
souple, reportez-vous à la documentaion de la directive <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> et son drapeau
<code>[P]</code>.</p>
- <p>Le mot-clé optionnel <var>interpolate</var> (disponible depuis
- httpd 2.2.9), en combinaison avec la directive
+ <p>Le mot-clé optionnel <var>interpolate</var>, en combinaison avec la directive
<code class="directive">ProxyPassInterpolateEnv</code>, permet à ProxyPass
d'interpoler les variables d'environnement à l'aide de la syntaxe
<var>${VARNAME}</var>. Notez que de nombreuses variables
@@ -1818,8 +1822,8 @@ ProxyPassReverseCookiePath / /mirror/f
<code class="directive"><a href="#proxypass">ProxyPass</a></code>
correspondante.</p>
- <p>Le mot-clé optionnel <var>interpolate</var> (disponible depuis
- httpd 2.2.9), utilisé en combinaison avec la directive
+ <p>Le mot-clé optionnel <var>interpolate</var>,
+ utilisé en combinaison avec la directive
<code class="directive">ProxyPassInterpolateEnv</code>, permet
l'interpolation des variables d'environnement spécifiées en
utilisant le format <var>${VARNAME}</var>. Notez que l'interpolation
Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.ja.utf8
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.ja.utf8?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.ja.utf8 [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.ja.utf8 [utf-8] Tue Apr 22 12:02:29 2014
@@ -332,8 +332,7 @@
<tr><th><a href="directive-dict.html#Context">コンテキスト:</a></th><td>サーバ設定ファイル, バーチャルホスト</td></tr>
<tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.4.4 and later.
- and later.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.4.5 and later.</td></tr>
</table><p>このディレクティブの解説文書は
まだ翻訳されていません。英語版をご覧ください。
</p></div>
@@ -356,8 +355,7 @@
<tr><th><a href="directive-dict.html#Context">コンテキスト:</a></th><td>サーバ設定ファイル, バーチャルホスト</td></tr>
<tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.5.0
- and later.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later.</td></tr>
</table><p>このディレクティブの解説文書は
まだ翻訳されていません。英語版をご覧ください。
</p></div>
@@ -924,7 +922,7 @@
<tr><th><a href="directive-dict.html#Context">コンテキスト:</a></th><td>サーバ設定ファイル, バーチャルホスト</td></tr>
<tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.5.0 and later.
+<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.4.5 and later.
and later.</td></tr>
</table><p>このディレクティブの解説文書は
まだ翻訳されていません。英語版をご覧ください。
Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy_wstunnel.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy_wstunnel.html.en?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_proxy_wstunnel.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_proxy_wstunnel.html.en Tue Apr 22 12:02:29 2014
@@ -49,13 +49,59 @@ ProxyPass /wss2/ wss://echo.websocket.or
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
- directives.</p>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketasync">ProxyWebsocketAsync</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketasyncdelay">ProxyWebsocketAsyncDelay</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketidletimeout">ProxyWebsocketIdleTimeout</a></li>
+</ul>
<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyWebsocketAsync" id="ProxyWebsocketAsync">ProxyWebsocketAsync</a> <a name="proxywebsocketasync" id="proxywebsocketasync">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Instructs this module to try to create an asynchronous tunnel</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyWebsocketAsync ON|OFF</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy_wstunnel</td></tr>
+</table>
+ <p>This directive instructs the server to try to create an asynchronous tunnel.
+ If the current MPM does not support the necessary features, a synchronous
+ tunnel is used.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyWebsocketAsyncDelay" id="ProxyWebsocketAsyncDelay">ProxyWebsocketAsyncDelay</a> <a name="proxywebsocketasyncdelay" id="proxywebsocketasyncdelay">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the amount of time the tunnel waits synchronously for data</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyWebsocketAsyncDelay <var>num</var>[ms]</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyWebsocketAsyncDelay 0</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy_wstunnel</td></tr>
+</table>
+ <p>If <code class="directive">ProxyWebsocketAsync</code> is enabled, this directive
+ controls how long the server synchronously waits for more data.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyWebsocketIdleTimeout" id="ProxyWebsocketIdleTimeout">ProxyWebsocketIdleTimeout</a> <a name="proxywebsocketidletimeout" id="proxywebsocketidletimeout">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the maximum amount of time to wait for data on the websockets tunnel</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyWebsocketIdleTimeout <var>num</var>[ms]</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyWebsocketIdleTimeout 0</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy_wstunnel</td></tr>
+</table>
+ <p>This directive imposes a maximum amount of time for the tunnel to be
+ left open while idle. This directive is ignored if <code class="directive">ProxyWebsocketAsync</code>
+ is enabled and the running MPM supports the necessary features</p>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy_wstunnel.html" title="English"> en </a></p>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_rewrite.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_rewrite.html.fr?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_rewrite.html.fr (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_rewrite.html.fr Tue Apr 22 12:02:29 2014
@@ -27,6 +27,8 @@
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_rewrite.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_rewrite.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Ce module fournit un moteur de réécriture à base de
règles permettant de réécrire les URLs des requêtes
à la volée</td></tr>
@@ -938,8 +940,8 @@ pour le moteur de réécriture</td></tr>
<p>Même effet que l'option <code>Inherit</code> ci-dessus, mais
les règles spécifiées dans le niveau parent s'appliquent
<strong>avant</strong> les règles spécifiées dans le niveau
- enfant. Disponible depuis la version 2.3.10 du serveur HTTP
- Apache.</p>
+ enfant.<br />
+ Disponible depuis la version 2.3.10 du serveur HTTP Apache.</p>
</dd>
<dt><code>InheritDown</code></dt>
@@ -950,7 +952,8 @@ pour le moteur de réécriture</td></tr>
spécifie <code>RewriteOptions Inherit</code> dans toutes les
configurations enfants. Voir l'option <code>Inherit</code> pour
plus de détails à propos de la manière dont les relations
- parent-enfants sont traitées. Cette option est disponible à partir
+ parent-enfants sont traitées.<br />
+ Cette option est disponible à partir
de la version 2.4.8 du serveur HTTP Apache.</p>
</dd>
@@ -960,7 +963,8 @@ pour le moteur de réécriture</td></tr>
<p>L'effet de cette option est équivalent à celui de l'option
<code>InheritDown</code> ci-dessus, mais les règles de la
configuration parente s'appliquent <strong>avant</strong> toute
- règle de la configuration enfant. Cette option est disponible à partir
+ règle de la configuration enfant.<br />
+ Cette option est disponible à partir
de la version 2.4.8 du serveur HTTP Apache.</p>
</dd>
@@ -970,7 +974,8 @@ pour le moteur de réécriture</td></tr>
<p>Si cette option est activée, les configurations courante et
enfants ignoreront toute règle héritée d'une configuration parente
via les options <code>InheritDown</code> ou
- <code>InheritDownBefore</code>. Cette option est disponible à partir
+ <code>InheritDownBefore</code>.<br />
+ Cette option est disponible à partir
de la version 2.4.8 du serveur HTTP Apache.</p>
</dd>
@@ -986,7 +991,8 @@ pour le moteur de réécriture</td></tr>
s'assurer que les règles de réécriture ne soient plus ignorées.
Si on le souhaite, cette option permet de faire s'appliquer des
règles de réécriture qui correspondent à un répertoire sans slash
- final au sein de fichiers .htaccess. Elle est disponible à
+ final au sein de fichiers .htaccess.<br />
+ Elle est disponible à
partir de la version 2.4.0 du serveur HTTP Apache.</p>
</dd>
@@ -1005,7 +1011,8 @@ pour le moteur de réécriture</td></tr>
utiliser l'option <code>AllowAnyURI</code>, afin de permettre à
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> d'appliquer le jeu de règles à toute
chaîne de requête URI, sans vérifier si cette dernière respecte la
- grammaire des chemins URL définie dans la spécification HTTP.</p>
+ grammaire des chemins URL définie dans la spécification HTTP.<br />
+ Disponible depuis la version 2.4.3 du serveur HTTP Apache.</p>
<div class="warning">
<h3>Avertissement à propos de la sécurité</h3>
@@ -1025,8 +1032,10 @@ pour le moteur de réécriture</td></tr>
<p>Avec cette option, la valeur de la directive <code class="directive"><a href="#rewritebase">RewriteBase</a></code> est recopiée depuis
une valeur explicitement définie dans tout sous-répertoire qui ne
- définit pas sa propre directive <code class="directive"><a href="#rewritebase">RewriteBase</a></code>. Disponible à partir
- de la version 2.5 du serveur HTTP Apache.</p>
+ définit pas sa propre directive <code class="directive"><a href="#rewritebase">RewriteBase</a></code>. Il s'agissait du
+ comportement par défaut avec les versions 2.4.0 à 2.4.3, et ce
+ drapeau qui permet de retrouver ce comportement est disponible
+ depuis la version 2.4.4 du serveur HTTP Apache.</p>
</dd>
</dl>
@@ -1284,7 +1293,16 @@ substitution !
d'appliquer la transformation. <em><a href="../rewrite/flags.html#flag_b">détails ...</a></em></td>
</tr>
<tr>
- <td>chain|C</td>
+ <td>backrefnoplus|BNP</td>
+ <td>Avec ce drapeau, si les références arrières sont échappées,
+ les espaces seront échappés en %20 au lieu de +. Ceci s'avère
+ utile lorsqu'une référence arrière est utilisée dans la partie
+ chemin, et non dans la chaîne de paramètres de la requête ;
+ pour plus de détails, voir <em><a href="../rewrite/flags.html#flag_bnp">ici.</a></em></td>
+ </tr>
+
+ <tr>
+ <td>chain|C</td>
<td>La règle est chaînée avec la règle suivante. Si la règle
échoue, la ou les règles avec lesquelles elle est est chaînée
seront sautées. <em><a href="../rewrite/flags.html#flag_c">détails ...</a></em></td>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_session_crypto.html.en Tue Apr 22 12:02:29 2014
@@ -189,8 +189,9 @@ SessionCryptoPassphrase secret</pre>
secret to the end of the list, and once rolled out completely to all servers, remove
the first key from the start of the list.</p>
- <p>If the value begins with exec: the resulting command will be executed and the
- first line returned to standard output by the program will be used as the key.</p>
+ <p>As of version 2.4.7 if the value begins with <var>exec:</var> the resulting command
+ will be executed and the first line returned to standard output by the program will be
+ used as the key.</p>
<div class="example"><pre>#key used as-is
SessionCryptoPassphrase secret
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Tue Apr 22 12:02:29 2014
@@ -67,6 +67,7 @@ to provide the cryptography engine.</p>
<li><img alt="" src="../images/down.gif" /> <a href="#sslocsprespondertimeout">SSLOCSPResponderTimeout</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslocspresponsemaxage">SSLOCSPResponseMaxAge</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslocspresponsetimeskew">SSLOCSPResponseTimeSkew</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#sslocspuserequestnonce">SSLOCSPUseRequestNonce</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslopensslconfcmd">SSLOpenSSLConfCmd</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ssloptions">SSLOptions</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslpassphrasedialog">SSLPassPhraseDialog</a></li>
@@ -907,7 +908,6 @@ by the applicable Security Policy.
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.7 or later</td></tr>
</table>
<p>When choosing a cipher during an SSLv3 or TLSv1 handshake, normally
the client's preference is used. If this directive is enabled, the
@@ -965,7 +965,6 @@ supported for a given SSL connection.</p
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</td></tr>
</table>
<p>This option sets the default OCSP responder to use. If <code class="directive"><a href="#sslocspoverrideresponder">SSLOCSPOverrideResponder</a></code> is not enabled,
the URI given will be used only if no responder URI is specified in
@@ -981,7 +980,6 @@ the certificate being verified.</p>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</td></tr>
</table>
<p>This option enables OCSP validation of the client certificate
chain. If this option is enabled, certificates in the client's
@@ -1010,7 +1008,6 @@ SSLOCSPOverrideResponder on</pre>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</td></tr>
</table>
<p>This option forces the configured default OCSP responder to be used
during OCSP certificate validation, regardless of whether the
@@ -1026,7 +1023,6 @@ certificate being validated references a
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</td></tr>
</table>
<p>This option sets the timeout for queries to OCSP responders, when
<code class="directive"><a href="#sslocspenable">SSLOCSPEnable</a></code> is turned on.</p>
@@ -1041,7 +1037,6 @@ certificate being validated references a
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</td></tr>
</table>
<p>This option sets the maximum allowable age ("freshness") for OCSP responses.
The default value (<code>-1</code>) does not enforce a maximum age,
@@ -1058,13 +1053,29 @@ which means that OCSP responses are cons
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</td></tr>
</table>
<p>This option sets the maximum allowable time skew for OCSP responses
(when checking their <code>thisUpdate</code> and <code>nextUpdate</code> fields).</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSLOCSPUseRequestNonce" id="SSLOCSPUseRequestNonce">SSLOCSPUseRequestNonce</a> <a name="sslocspuserequestnonce" id="sslocspuserequestnonce">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use a nonce within OCSP queries</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLOCSPUseRequestNonce on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLOCSPUseRequestNonce on</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.5-dev and later</td></tr>
+</table>
+<p>This option determines whether queries to OCSP responders should contain
+a nonce or not. By default, a query nonce is always used and checked against
+the response's one. When the responder does not use nonces (eg. Microsoft OCSP
+Responder), this option ought to be turned <code>off</code>.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLOpenSSLConfCmd" id="SSLOpenSSLConfCmd">SSLOpenSSLConfCmd</a> <a name="sslopensslconfcmd" id="sslopensslconfcmd">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure OpenSSL parameters through its <em>SSL_CONF</em> API</td></tr>
@@ -1072,7 +1083,7 @@ which means that OCSP responses are cons
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.5.0-dev and later, if using OpenSSL 1.0.2 or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.4.8 and later, if using OpenSSL 1.0.2 or later</td></tr>
</table>
<p>This directive exposes OpenSSL's <em>SSL_CONF</em> API to mod_ssl,
allowing a flexible configuration of OpenSSL parameters without the need
@@ -1267,10 +1278,10 @@ query can be done in two ways which can
<li><code>exec:/path/to/program</code>
<p>
Here an external program is configured which is called at startup for each
- encrypted Private Key file. It is called with two arguments (the first is
- of the form ``<code>servername:portnumber</code>'', the second is either
- ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''), which
- indicate for which server and algorithm it has to print the corresponding
+ encrypted Private Key file. It is called with one argument, a string of the
+ form ``<code>servername:portnumber:index</code>'' (with <code>index</code>
+ being a zero-based sequence number), which indicates for which server,
+ TCP port and certificate number it has to print the corresponding
Pass Phrase to <code>stdout</code>. The intent is that this external
program first runs security checks to make sure that the system is not
compromised by an attacker, and only when these checks were passed
@@ -2158,6 +2169,8 @@ be protected with file permissions simil
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.4.4 and later, if using OpenSSL 1.0.1 or
+later</td></tr>
</table>
<p>
This directive sets the seed used to fake SRP user parameters for unknown
@@ -2178,6 +2191,8 @@ SSLSRPUnknownUserSeed "secret"
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.4.4 and later, if using OpenSSL 1.0.1 or
+later</td></tr>
</table>
<p>
This directive enables TLS-SRP and sets the path to the OpenSSL SRP (Secure
@@ -2205,7 +2220,7 @@ avalable in the <code>SSL_SRP_USERINFO</
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>Configures the cache used to store OCSP responses which get included
in the TLS handshake if <code class="directive"><a href="#sslusestapling">SSLUseStapling</a></code>
@@ -2224,7 +2239,7 @@ the same storage types are supported as
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>Sets the timeout in seconds before <em>invalid</em> responses
in the OCSP stapling cache (configured through <code class="directive"><a href="#sslstaplingcache">SSLStaplingCache</a></code>) will expire.
@@ -2241,7 +2256,7 @@ To set the cache timeout for valid respo
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>When enabled and a query to an OCSP responder for stapling
purposes fails, mod_ssl will synthesize a "tryLater" response for the
@@ -2257,7 +2272,7 @@ is also enabled.</p>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>This directive overrides the URI of an OCSP responder as obtained from
the authorityInfoAccess (AIA) extension of the certificate.
@@ -2273,7 +2288,7 @@ Of potential use when going through a pr
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>This option sets the timeout for queries to OCSP responders when
<code class="directive"><a href="#sslusestapling">SSLUseStapling</a></code> is enabled
@@ -2289,7 +2304,7 @@ and mod_ssl is querying a responder for
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>This option sets the maximum allowable age ("freshness") when
considering OCSP responses for stapling purposes, i.e. when
@@ -2308,7 +2323,7 @@ which means that OCSP responses are cons
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>This option sets the maximum allowable time skew when mod_ssl checks the
<code>thisUpdate</code> and <code>nextUpdate</code> fields of OCSP responses
@@ -2325,7 +2340,7 @@ if <code class="directive"><a href="#ssl
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>When enabled, mod_ssl will pass responses from unsuccessful
stapling related OCSP queries (such as status errors, expired responses etc.)
@@ -2342,7 +2357,7 @@ for failed queries will be included in t
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>Sets the timeout in seconds before responses in the OCSP stapling cache
(configured through <code class="directive"><a href="#sslstaplingcache">SSLStaplingCache</a></code>)
@@ -2416,7 +2431,7 @@ authentication header (see <a href="#ssl
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available if using OpenSSL 0.9.8h or later</td></tr>
</table>
<p>This option enables OCSP stapling, as defined by the "Certificate
Status Request" TLS extension specified in RFC 6066. If enabled (and
Added: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html?rev=1589098&view=auto
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html (added)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html Tue Apr 22 12:02:29 2014
@@ -0,0 +1,5 @@
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: mod_ssl_ct.html.en
+Content-Language: en
+Content-type: text/html; charset=ISO-8859-1
Propchange: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html
------------------------------------------------------------------------------
svn:eol-style = native
Added: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en?rev=1589098&view=auto
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en (added)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en Tue Apr 22 12:02:29 2014
@@ -0,0 +1,345 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>mod_ssl_ct - Apache HTTP Server</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body>
+<div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.5</p>
+<img alt="" src="../images/feather.gif" /></div>
+<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
+<div id="page-content">
+<div id="preamble"><h1>Apache Module mod_ssl_ct</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/mod/mod_ssl_ct.html" title="English"> en </a></p>
+</div>
+<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Implementation of Certificate Transparency (RFC 6962)
+</td></tr>
+<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>ssl_ct_module</td></tr>
+<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_ssl_ct.c</td></tr></table>
+<h3>Summary</h3>
+
+<p>This module provides an implementation of Certificate Transparency, in
+conjunction with <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> and command-line tools from the
+<a href="https://code.google.com/p/certificate-transparency/">certificate-transparency</a>
+open source project. The goal of Certificate Transparency is to expose the
+use of server certificates which are trusted by browsers but were mistakenly
+or maliciously issued. More information about Certificate Transparency is
+available at <a href="http://www.certificate-transparency.org/">
+http://www.certificate-transparency.org/</a>.</p>
+
+<p>This implementation for Apache httpd provides these features for TLS
+servers and proxies:</p>
+
+<ul>
+ <li>Signed Certificate Timestamps (SCTs) can be obtained from logs
+ automatically and, in conjunction with any statically configured SCTs, sent
+ to aware clients in the ServerHello (during the handshake).</li>
+ <li>SCTs can be received by the proxy from backend servers in the ServerHello,
+ in a certificate extension, and/or within stapled OCSP responses; any SCTs
+ received can be partially validated on-line and optionally queued for off-line
+ audit.</li>
+ <li>The proxy can be configured to disallow communication with a backend
+ which does not provide an SCT which passes on-line validation.</li>
+</ul>
+
+<p>Configuration information about logs can be defined statically in the web
+server configuration or maintained in a Sqlite3 database. In the latter case,
+<code class="module"><a href="../mod/mod_ssl_ct.html">mod_ssl_ct</a></code> will reload the database periodically, so any
+site-specific infrastructure for maintaining and propagating log configuration
+information does not have to also restart httpd to make it take effect.</p>
+</div>
+<div id="quickview"><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#ctauditstorage">CTAuditStorage</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ctlogclient">CTLogClient</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ctlogconfigdb">CTLogConfigDB</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ctmaxsctage">CTMaxSCTAge</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ctproxyawareness">CTProxyAwareness</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ctsctstorage">CTSCTStorage</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ctserverhellosctlimit">CTServerHelloSCTLimit</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ctstaticlogconfig">CTStaticLogConfig</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ctstaticscts">CTStaticSCTs</a></li>
+</ul>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTAuditStorage" id="CTAuditStorage">CTAuditStorage</a> <a name="ctauditstorage" id="ctauditstorage">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Existing directory where data for off-line audit will be stored</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTAuditStorage <em>directory</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p>The <code class="directive">CTAuditStorage</code> directive sets the name of a
+ directory where data will be stored for off-line audit. If <em>directory</em>
+ is not absolute then it is assumed to be relative to <code class="directive"><a href="../mod/core.html#defaultruntimedir">
+ DefaultRuntimeDir</a></code>.</p>
+
+ <p>If this directive is not specified, data will not be stored for off-line
+ audit.</p>
+
+ <p>The directory will contain files named <code><em>PID</em>.tmp</code> for
+ active child processes and files named <code><em>PID</em>.out</code> for exited
+ child processes. These <code>.out</code> files are ready for off-line audit.
+ The experimental command <code>ctauditscts</code> (in the httpd source tree, not
+ currently installed) interfaces with <em>certificate-transparency</em> tools to
+ perform the audit.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTLogClient" id="CTLogClient">CTLogClient</a> <a name="ctlogclient" id="ctlogclient">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Location of certificate-transparency log client tool</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTLogClient <em>executable</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p><em>executable</em> is the full path to the log client tool, which is
+ normally file <code>src/client/ct</code> within the source tree of the
+ <a href="https://code.google.com/p/certificate-transparency/">
+ certificate-transparency</a> open source project.</p>
+
+ <p>An alternative implementation could be used to retrieve SCTs for a
+ server certificate as long as the command-line interface is equivalent.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTLogConfigDB" id="CTLogConfigDB">CTLogConfigDB</a> <a name="ctlogconfigdb" id="ctlogconfigdb">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Log configuration database supporting dynamic updates</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTLogConfigDB <em>filename</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p>The <code class="directive">CTLogConfigDB</code> directive sets the name of a database
+ containing configuration about known logs. If <em>filename</em> is not absolute
+ then it is assumed to be relative to
+ <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
+
+ <p>Refer to the documentation for the <code class="program"><a href="../programs/ctlogconfig.html">ctlogconfig</a></code> program,
+ which manages the database.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTMaxSCTAge" id="CTMaxSCTAge">CTMaxSCTAge</a> <a name="ctmaxsctage" id="ctmaxsctage">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum age of SCT obtained from a log, before it will be
+refreshed</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTMaxSCTAge <em>num-seconds</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>1 day</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p>Server certificates with SCTs which are older than this maximum age will
+ be resubmitted to configured logs. Generally the log will return the same SCT
+ as before, but that is subject to log operation. SCTs will be refreshed as
+ necessary during normal server operation, with new SCTs returned to clients
+ as they become available.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTProxyAwareness" id="CTProxyAwareness">CTProxyAwareness</a> <a name="ctproxyawareness" id="ctproxyawareness">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Level of CT awareness and enforcement for a proxy
+</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTProxyAwareness <em>oblivious|aware|require</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>aware</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p>This directive controls awareness and checks for valid SCTs for a
+ proxy. Several options are available:</p>
+
+ <dl>
+ <dt>oblivious</dt>
+ <dd>The proxy will neither ask for nor examine SCTs. Certificate
+ Transparency processing for the proxy is completely disabled.</dd>
+
+ <dt>aware</dt>
+ <dd>The proxy will perform all appropriate Certificate Transparency
+ processing, such as asking for and examining SCTs. However, the
+ proxy will not disallow communication if the backend server does
+ not provide any valid SCTs.</dd>
+
+ <dt>require</dt>
+ <dd>The proxy will abort communication with the backend server if it
+ does not provide at least one SCT which passes on-line validation.</dd>
+ </dl>
+
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTSCTStorage" id="CTSCTStorage">CTSCTStorage</a> <a name="ctsctstorage" id="ctsctstorage">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Existing directory where SCTs are managed</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTSCTStorage <em>directory</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p>The <code class="directive">CTSCTStorage</code> directive sets the name of a
+ directory where SCTs and SCT lists will will be stored. If <em>directory</em>
+ is not absolute then it is assumed to be relative to <code class="directive"><a href="../mod/core.html#defaultruntimedir">
+ DefaultRuntimeDir</a></code>.</p>
+
+ <p>A subdirectory for each server certificate contains information relative
+ to that certificate; the name of the subdirectory is the SHA-256 hash of the
+ certificate.</p>
+
+ <p>The certificate-specific directory contains SCTs retrieved from configured
+ logs, SCT lists prepared from statically configured SCTs and retrieved SCTs,
+ and other information used for managing SCTs.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTServerHelloSCTLimit" id="CTServerHelloSCTLimit">CTServerHelloSCTLimit</a> <a name="ctserverhellosctlimit" id="ctserverhellosctlimit">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Limit on number of SCTs that can be returned in
+ServerHello</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTServerHelloSCTLimit <em>limit</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>100</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p>This directive can be used to limit the number of SCTs which can be
+ returned by a TLS server in ServerHello, in case the number of configured
+ logs and statically-defined SCTs is relatively high.</p>
+
+ <p>Typically only a few SCTs would be available, so this directive is only
+ needed in special circumstances.</p>
+
+ <p>The directive does not take into account SCTs which may be provided in
+ certificate extensions or in stapled OCSP responses.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTStaticLogConfig" id="CTStaticLogConfig">CTStaticLogConfig</a> <a name="ctstaticlogconfig" id="ctstaticlogconfig">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Static configuration of information about a log</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTStaticLogConfig <em>log-id|-</em> <em>public-key-file|-</em>
+<em>1|0|-</em> <em>min-timestamp|-</em> <em>max-timestamp|-</em>
+<em>log-URL|-</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p>This directive is used to configure information about a particular log.
+ This directive is appropriate when configuration information changes rarely.
+ If dynamic configuration updates must be supported, refer to the
+ <code class="directive"><a href="#ctlogconfigdb">CTLogConfigDB</a></code> directive.</p>
+
+ <p>Each of the six fields must be specified, but usually only a small
+ amount of information must be configured for each log; use <em>-</em> when no
+ information is available for the field. The fields are defined as follows:</p>
+
+ <dl>
+ <dt><em>log-id</em></dt>
+ <dd>This is the id of the log. The id is the SHA-256 hash of the log's
+ public key. In some cases it is appropriate and convenient to identify
+ the log by the id (hash), such as when configuring information regarding
+ the log's validity.</dd>
+
+ <dt><em>public-key-file</em></dt>
+ <dd>This is the name of a file containing the PEM encoding of the log's
+ public key. If the name is not absolute, then it is assumed to be relative
+ to <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>. The public key is
+ required in order to check the signature of SCTs received by the proxy.</dd>
+
+ <dt><em>trust</em></dt>
+ <dd>This is a generic <q>trust</q> flag. Set this field to <em>0</em> to
+ distrust this log.</dd>
+
+ <dt><em>min-timestamp</em></dt>
+ <dd>SCTs received from this log by the proxy are invalid if the timestamp
+ is older than this value.</dd>
+
+ <dt><em>max-timestamp</em></dt>
+ <dd>SCTs received from this log by the proxy are invalid if the timestamp
+ is newer than this value.</dd>
+
+ <dt><em>log-URL</em></dt>
+ <dd>This is the URL of the log, for use in submitting server certificates
+ and in turn obtaining an SCT to be sent to clients. Each server certificate
+ will be submitted to all logs for which <em>log-URL</em> is configured.</dd>
+ </dl>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CTStaticSCTs" id="CTStaticSCTs">CTStaticSCTs</a> <a name="ctstaticscts" id="ctstaticscts">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Static configuration of one or more SCTs for a server certificate
+</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CTStaticSCTs <em>certificate-pem-file</em> <em>sct-directory</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
+</table>
+ <p>This directive is used to statically define one or more SCTs corresponding
+ to a server certificate. This mechanism can be used instead of or in
+ addition to dynamically obtaining SCTs from configured logs.</p>
+
+ <p><em>certificate-pem-file</em> refers to the server certificate in PEM
+ format. If the name is not absolute, then it is assumed to be relative to
+ <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
+
+ <p><em>sct-directory</em> must contain one or more files with extension
+ <code>.sct</code>, representing one or more SCTs corresponding to the
+ server certificate. If <em>sct-directory</em> is not absolute, then it is
+ assumed to be relative to <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
+
+</div>
+</div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/mod/mod_ssl_ct.html" title="English"> en </a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_ssl_ct.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html>
\ No newline at end of file
Propchange: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en
------------------------------------------------------------------------------
svn:eol-style = native
Added: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml.meta?rev=1589098&view=auto
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml.meta (added)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml.meta Tue Apr 22 12:02:29 2014
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- GENERATED FROM XML: DO NOT EDIT -->
+
+<metafile reference="mod_ssl_ct.xml">
+ <basename>mod_ssl_ct</basename>
+ <path>/mod/</path>
+ <relpath>..</relpath>
+
+ <variants>
+ <variant>en</variant>
+ </variants>
+</metafile>
Propchange: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml.meta
------------------------------------------------------------------------------
svn:eol-style = native
Modified: httpd/httpd/trunk/docs/manual/mod/mod_suexec.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_suexec.html.en?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_suexec.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_suexec.html.en Tue Apr 22 12:02:29 2014
@@ -64,8 +64,8 @@ and Group</td></tr>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SuexecUserGroup nobody nogroup</pre>
</div>
- <p>In Apache httpd 2.3.9 and later, startup will fail if this
- directive is specified but the suEXEC feature is disabled.</p>
+ <p>Startup will fail if this directive is specified but the suEXEC
+ feature is disabled.</p>
<h3>See also</h3>
<ul>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_unixd.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_unixd.html.en?rev=1589098&r1=1589097&r2=1589098&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_unixd.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_unixd.html.en Tue Apr 22 12:02:29 2014
@@ -119,7 +119,6 @@ Off otherwise</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_unixd</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache httpd 2.3.9 and later</td></tr>
</table>
<p>When On, startup will fail if the suexec binary doesn't exist
or has an invalid owner or file mode.</p>