You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/02/02 17:27:52 UTC
[tomcat] branch 9.0.x updated: Add docs for OpenSSLConf and OpenSSLConfCmd
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 49eb7f0 Add docs for OpenSSLConf and OpenSSLConfCmd
49eb7f0 is described below
commit 49eb7f0247ed3969d3671ade66586ee2b6d8e6a2
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Feb 2 17:24:25 2022 +0000
Add docs for OpenSSLConf and OpenSSLConfCmd
---
webapps/docs/changelog.xml | 5 +++++
webapps/docs/config/http.xml | 45 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4e6499b..a26fe1f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -148,6 +148,11 @@
Clarify the settings described in the documentation web application to
configure a cluster using static membership. (markt)
</fix>
+ <add>
+ Add information on the <code>OpenSSLConf</code> and
+ <code>OpenSSLConfCmd</code> elements to the HTTP SSL configuration page
+ in the documentation web applications. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="jdbc-pool">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index ccac9cb..00ad8db 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1096,6 +1096,13 @@
<strong>SSLHostConfig</strong>. For further information, see the SSL Support
section below.</p>
+ <p>When OpenSSL is providing the TLS implementation, one or more
+ <strong>OpenSSLConfCmd</strong> elements may be nested inside a
+ <strong>OpenSSLConf</strong> element to configure OpenSSL via OpenSSL's
+ <code>SSL_CONF</code> API. A single <strong>OpenSSLConf</strong> element may
+ be nested in a <strong>SSLHostConfig</strong> element. For further
+ information, see the SSL Support section below</p>
+
</section>
@@ -1652,6 +1659,44 @@
</subsection>
+ <subsection name="SSL Support - OpenSSL's SSL_CONF API">
+
+ <p>When OpenSSL is providing the TLS implementation, one or more
+ <strong>OpenSSLConfCmd</strong> elements may be nested inside a
+ <strong>OpenSSLConf</strong> element to configure OpenSSL via OpenSSL's
+ <code>SSL_CONF</code> API. A single <strong>OpenSSLConf</strong> element may
+ be nested in a <strong>SSLHostConfig</strong> element.</p>
+
+ <p>The set of configuration file commands available depends on the OpenSSL
+ version being used. For a list of supported command names and values, see the
+ section Supported configuration file commands in the <a
+ href="https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS"
+ >SSL_CONF_cmd(3)</a> manual page for OpenSSL. Some of the configuration file
+ commands can be used as alternatives to <strong>SSLHostConfig</strong>
+ attributes. It is recommended that configuration file commands are only used
+ where the feature cannot be configured using <strong>SSLHostConfig</strong>
+ attributes.</p>
+
+ <p>The <strong>OpenSSLConf</strong> element does not support any
+ attributes.</p>
+
+ <p>The <strong>OpenSSLConfCmd</strong> element supports the following
+ attributes.</p>
+
+ <attributes>
+
+ <attribute name="name" required="true">
+ <p>The name of the configuration file command.</p>
+ </attribute>
+
+ <attribute name="name" required="false">
+ <p>The value to use for the configuration file command.</p>
+ </attribute>
+
+ </attributes>
+
+ </subsection>
+
<subsection name="Key store types">
<p>In addition to the standard key store types (JKS and PKCS12), most Java
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org