You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by kb...@apache.org on 2014/04/09 10:24:25 UTC

svn commit: r1585902 - in /httpd/httpd/branches/2.4.x/docs/manual/mod: mod_ssl.html.en mod_ssl.xml mod_ssl.xml.meta

Author: kbrand
Date: Wed Apr  9 08:24:25 2014
New Revision: 1585902

URL: http://svn.apache.org/r1585902
Log:
Update SSLPassPhraseDialog directive docs to correctly describe the
current behavior for "exec"-type programs in 2.4.x, at least.
The new argument structure is a consequence of r1573360 (backport
to 2.4.8 [unreleased]).

Modified:
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en?rev=1585902&r1=1585901&r2=1585902&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en Wed Apr  9 08:24:25 2014
@@ -1258,11 +1258,16 @@ query can be done in two ways which can 
 <li><code>exec:/path/to/program</code>
     <p>
     Here an external program is configured which is called at startup for each
-    encrypted Private Key file. It is called with two arguments (the first is
+    encrypted Private Key file.
+    For versions up to 2.4.7, it is called with two arguments (the first is
     of the form ``<code>servername:portnumber</code>'', the second is either
     ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''), which
     indicate for which server and algorithm it has to print the corresponding
-    Pass Phrase to <code>stdout</code>.  The intent is that this external
+    Pass Phrase to <code>stdout</code>.
+    Starting with version 2.4.9, it is called with one argument, a string of the
+    form ``<code>servername:portnumber:index</code>'' (with <code>index</code>
+    being a zero-based sequence number), which indicate the server, TCP port
+    and certificate number.  The intent is that this external
     program first runs security checks to make sure that the system is not
     compromised by an attacker, and only when these checks were passed
     successfully it provides the Pass Phrase.</p>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1585902&r1=1585901&r2=1585902&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Wed Apr  9 08:24:25 2014
@@ -295,11 +295,16 @@ query can be done in two ways which can 
 <li><code>exec:/path/to/program</code>
     <p>
     Here an external program is configured which is called at startup for each
-    encrypted Private Key file. It is called with two arguments (the first is
+    encrypted Private Key file.
+    For versions up to 2.4.7, it is called with two arguments (the first is
     of the form ``<code>servername:portnumber</code>'', the second is either
     ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''), which
     indicate for which server and algorithm it has to print the corresponding
-    Pass Phrase to <code>stdout</code>.  The intent is that this external
+    Pass Phrase to <code>stdout</code>.
+    Starting with version 2.4.9, it is called with one argument, a string of the
+    form ``<code>servername:portnumber:index</code>'' (with <code>index</code>
+    being a zero-based sequence number), which indicate the server, TCP port
+    and certificate number.  The intent is that this external
     program first runs security checks to make sure that the system is not
     compromised by an attacker, and only when these checks were passed
     successfully it provides the Pass Phrase.</p>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta?rev=1585902&r1=1585901&r2=1585902&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta Wed Apr  9 08:24:25 2014
@@ -8,6 +8,6 @@
 
   <variants>
     <variant>en</variant>
-    <variant outdated="yes">fr</variant>
+    <variant>fr</variant>
   </variants>
 </metafile>

Re: svn commit: r1585902 - in /httpd/httpd/branches/2.4.x/docs/manual/mod: mod_ssl.html.en mod_ssl.xml mod_ssl.xml.meta

Posted by Jeff Trawick <tr...@gmail.com>.

On Wed, Apr 9, 2014 at 2:24 AM, <kb...@apache.org> wrote:

> Author: kbrand
> Date: Wed Apr  9 08:24:25 2014
> New Revision: 1585902
>
> URL: http://svn.apache.org/r1585902
> Log:
> Update SSLPassPhraseDialog directive docs to correctly describe the
> current behavior for "exec"-type programs in 2.4.x, at least.
> The new argument structure is a consequence of r1573360 (backport
> to 2.4.8 [unreleased]).
>
> Modified:
>     httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
>     httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
>     httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
>
> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en Wed Apr  9
> 08:24:25 2014
> @@ -1258,11 +1258,16 @@ query can be done in two ways which can
>  <li><code>exec:/path/to/program</code>
>      <p>
>      Here an external program is configured which is called at startup for
> each
> -    encrypted Private Key file. It is called with two arguments (the
> first is
> +    encrypted Private Key file.
> +    For versions up to 2.4.7, it is called with two arguments (the first
> is
>      of the form ``<code>servername:portnumber</code>'', the second is
> either
>      ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''),
> which
>      indicate for which server and algorithm it has to print the
> corresponding
> -    Pass Phrase to <code>stdout</code>.  The intent is that this external
> +    Pass Phrase to <code>stdout</code>.
> +    Starting with version 2.4.9, it is called with one argument, a string
> of the
> +    form ``<code>servername:portnumber:index</code>'' (with
> <code>index</code>
> +    being a zero-based sequence number), which indicate the server, TCP
> port
> +    and certificate number.  The intent is that this external
>      program first runs security checks to make sure that the system is not
>      compromised by an attacker, and only when these checks were passed
>      successfully it provides the Pass Phrase.</p>
>

IMO this needs to be reworked to restore compatibility for 2.x up through
2.4.7, with the new interface used if some new keyword is added on the
directive.  Yeah, some people who reworked their scripts will have to add
that new keyboard, but this will unblock others (vendors, distros,
individuals) from upgrading without surprise.



> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Wed Apr  9
> 08:24:25 2014
> @@ -295,11 +295,16 @@ query can be done in two ways which can
>  <li><code>exec:/path/to/program</code>
>      <p>
>      Here an external program is configured which is called at startup for
> each
> -    encrypted Private Key file. It is called with two arguments (the
> first is
> +    encrypted Private Key file.
> +    For versions up to 2.4.7, it is called with two arguments (the first
> is
>      of the form ``<code>servername:portnumber</code>'', the second is
> either
>      ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''),
> which
>      indicate for which server and algorithm it has to print the
> corresponding
> -    Pass Phrase to <code>stdout</code>.  The intent is that this external
> +    Pass Phrase to <code>stdout</code>.
> +    Starting with version 2.4.9, it is called with one argument, a string
> of the
> +    form ``<code>servername:portnumber:index</code>'' (with
> <code>index</code>
> +    being a zero-based sequence number), which indicate the server, TCP
> port
> +    and certificate number.  The intent is that this external
>      program first runs security checks to make sure that the system is not
>      compromised by an attacker, and only when these checks were passed
>      successfully it provides the Pass Phrase.</p>
>
> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta Wed Apr  9
> 08:24:25 2014
> @@ -8,6 +8,6 @@
>
>    <variants>
>      <variant>en</variant>
> -    <variant outdated="yes">fr</variant>
> +    <variant>fr</variant>
>    </variants>
>  </metafile>
>
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/