You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by kb...@apache.org on 2014/04/09 10:24:25 UTC
svn commit: r1585902 - in /httpd/httpd/branches/2.4.x/docs/manual/mod:
mod_ssl.html.en mod_ssl.xml mod_ssl.xml.meta
Author: kbrand
Date: Wed Apr 9 08:24:25 2014
New Revision: 1585902
URL: http://svn.apache.org/r1585902
Log:
Update SSLPassPhraseDialog directive docs to correctly describe the
current behavior for "exec"-type programs in 2.4.x, at least.
The new argument structure is a consequence of r1573360 (backport
to 2.4.8 [unreleased]).
Modified:
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en?rev=1585902&r1=1585901&r2=1585902&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en Wed Apr 9 08:24:25 2014
@@ -1258,11 +1258,16 @@ query can be done in two ways which can
<li><code>exec:/path/to/program</code>
<p>
Here an external program is configured which is called at startup for each
- encrypted Private Key file. It is called with two arguments (the first is
+ encrypted Private Key file.
+ For versions up to 2.4.7, it is called with two arguments (the first is
of the form ``<code>servername:portnumber</code>'', the second is either
``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''), which
indicate for which server and algorithm it has to print the corresponding
- Pass Phrase to <code>stdout</code>. The intent is that this external
+ Pass Phrase to <code>stdout</code>.
+ Starting with version 2.4.9, it is called with one argument, a string of the
+ form ``<code>servername:portnumber:index</code>'' (with <code>index</code>
+ being a zero-based sequence number), which indicate the server, TCP port
+ and certificate number. The intent is that this external
program first runs security checks to make sure that the system is not
compromised by an attacker, and only when these checks were passed
successfully it provides the Pass Phrase.</p>
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1585902&r1=1585901&r2=1585902&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Wed Apr 9 08:24:25 2014
@@ -295,11 +295,16 @@ query can be done in two ways which can
<li><code>exec:/path/to/program</code>
<p>
Here an external program is configured which is called at startup for each
- encrypted Private Key file. It is called with two arguments (the first is
+ encrypted Private Key file.
+ For versions up to 2.4.7, it is called with two arguments (the first is
of the form ``<code>servername:portnumber</code>'', the second is either
``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''), which
indicate for which server and algorithm it has to print the corresponding
- Pass Phrase to <code>stdout</code>. The intent is that this external
+ Pass Phrase to <code>stdout</code>.
+ Starting with version 2.4.9, it is called with one argument, a string of the
+ form ``<code>servername:portnumber:index</code>'' (with <code>index</code>
+ being a zero-based sequence number), which indicate the server, TCP port
+ and certificate number. The intent is that this external
program first runs security checks to make sure that the system is not
compromised by an attacker, and only when these checks were passed
successfully it provides the Pass Phrase.</p>
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta?rev=1585902&r1=1585901&r2=1585902&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta Wed Apr 9 08:24:25 2014
@@ -8,6 +8,6 @@
<variants>
<variant>en</variant>
- <variant outdated="yes">fr</variant>
+ <variant>fr</variant>
</variants>
</metafile>
Re: svn commit: r1585902 - in /httpd/httpd/branches/2.4.x/docs/manual/mod:
mod_ssl.html.en mod_ssl.xml mod_ssl.xml.meta
Posted by Jeff Trawick <tr...@gmail.com>.
On Wed, Apr 9, 2014 at 2:24 AM, <kb...@apache.org> wrote:
> Author: kbrand
> Date: Wed Apr 9 08:24:25 2014
> New Revision: 1585902
>
> URL: http://svn.apache.org/r1585902
> Log:
> Update SSLPassPhraseDialog directive docs to correctly describe the
> current behavior for "exec"-type programs in 2.4.x, at least.
> The new argument structure is a consequence of r1573360 (backport
> to 2.4.8 [unreleased]).
>
> Modified:
> httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
> httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
> httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
>
> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en Wed Apr 9
> 08:24:25 2014
> @@ -1258,11 +1258,16 @@ query can be done in two ways which can
> <li><code>exec:/path/to/program</code>
> <p>
> Here an external program is configured which is called at startup for
> each
> - encrypted Private Key file. It is called with two arguments (the
> first is
> + encrypted Private Key file.
> + For versions up to 2.4.7, it is called with two arguments (the first
> is
> of the form ``<code>servername:portnumber</code>'', the second is
> either
> ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''),
> which
> indicate for which server and algorithm it has to print the
> corresponding
> - Pass Phrase to <code>stdout</code>. The intent is that this external
> + Pass Phrase to <code>stdout</code>.
> + Starting with version 2.4.9, it is called with one argument, a string
> of the
> + form ``<code>servername:portnumber:index</code>'' (with
> <code>index</code>
> + being a zero-based sequence number), which indicate the server, TCP
> port
> + and certificate number. The intent is that this external
> program first runs security checks to make sure that the system is not
> compromised by an attacker, and only when these checks were passed
> successfully it provides the Pass Phrase.</p>
>
IMO this needs to be reworked to restore compatibility for 2.x up through
2.4.7, with the new interface used if some new keyword is added on the
directive. Yeah, some people who reworked their scripts will have to add
that new keyboard, but this will unblock others (vendors, distros,
individuals) from upgrading without surprise.
> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Wed Apr 9
> 08:24:25 2014
> @@ -295,11 +295,16 @@ query can be done in two ways which can
> <li><code>exec:/path/to/program</code>
> <p>
> Here an external program is configured which is called at startup for
> each
> - encrypted Private Key file. It is called with two arguments (the
> first is
> + encrypted Private Key file.
> + For versions up to 2.4.7, it is called with two arguments (the first
> is
> of the form ``<code>servername:portnumber</code>'', the second is
> either
> ``<code>RSA</code>'', ``<code>DSA</code>'', or ``<code>ECC</code>''),
> which
> indicate for which server and algorithm it has to print the
> corresponding
> - Pass Phrase to <code>stdout</code>. The intent is that this external
> + Pass Phrase to <code>stdout</code>.
> + Starting with version 2.4.9, it is called with one argument, a string
> of the
> + form ``<code>servername:portnumber:index</code>'' (with
> <code>index</code>
> + being a zero-based sequence number), which indicate the server, TCP
> port
> + and certificate number. The intent is that this external
> program first runs security checks to make sure that the system is not
> compromised by an attacker, and only when these checks were passed
> successfully it provides the Pass Phrase.</p>
>
> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta?rev=1585902&r1=1585901&r2=1585902&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml.meta Wed Apr 9
> 08:24:25 2014
> @@ -8,6 +8,6 @@
>
> <variants>
> <variant>en</variant>
> - <variant outdated="yes">fr</variant>
> + <variant>fr</variant>
> </variants>
> </metafile>
>
>
>
--
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/