You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/02/02 17:27:44 UTC
[tomcat] branch main updated: Add docs for OpenSSLConf and OpenSSLConfCmd
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 8c6fdce Add docs for OpenSSLConf and OpenSSLConfCmd
8c6fdce is described below
commit 8c6fdce52467fabb8f05cdd0298c75ae26606c64
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Feb 2 17:24:25 2022 +0000
Add docs for OpenSSLConf and OpenSSLConfCmd
---
webapps/docs/changelog.xml | 5 +++++
webapps/docs/config/http.xml | 45 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 944ae20..49c54ee 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -148,6 +148,11 @@
Clarify the settings described in the documentation web application to
configure a cluster using static membership. (markt)
</fix>
+ <add>
+ Add information on the <code>OpenSSLConf</code> and
+ <code>OpenSSLConfCmd</code> elements to the HTTP SSL configuration page
+ in the documentation web applications. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="jdbc-pool">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 42afdf1..a2497a4 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1012,6 +1012,13 @@
<strong>SSLHostConfig</strong>. For further information, see the SSL Support
section below.</p>
+ <p>When OpenSSL is providing the TLS implementation, one or more
+ <strong>OpenSSLConfCmd</strong> elements may be nested inside a
+ <strong>OpenSSLConf</strong> element to configure OpenSSL via OpenSSL's
+ <code>SSL_CONF</code> API. A single <strong>OpenSSLConf</strong> element may
+ be nested in a <strong>SSLHostConfig</strong> element. For further
+ information, see the SSL Support section below</p>
+
</section>
@@ -1554,6 +1561,44 @@
</subsection>
+ <subsection name="SSL Support - OpenSSL's SSL_CONF API">
+
+ <p>When OpenSSL is providing the TLS implementation, one or more
+ <strong>OpenSSLConfCmd</strong> elements may be nested inside a
+ <strong>OpenSSLConf</strong> element to configure OpenSSL via OpenSSL's
+ <code>SSL_CONF</code> API. A single <strong>OpenSSLConf</strong> element may
+ be nested in a <strong>SSLHostConfig</strong> element.</p>
+
+ <p>The set of configuration file commands available depends on the OpenSSL
+ version being used. For a list of supported command names and values, see the
+ section Supported configuration file commands in the <a
+ href="https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS"
+ >SSL_CONF_cmd(3)</a> manual page for OpenSSL. Some of the configuration file
+ commands can be used as alternatives to <strong>SSLHostConfig</strong>
+ attributes. It is recommended that configuration file commands are only used
+ where the feature cannot be configured using <strong>SSLHostConfig</strong>
+ attributes.</p>
+
+ <p>The <strong>OpenSSLConf</strong> element does not support any
+ attributes.</p>
+
+ <p>The <strong>OpenSSLConfCmd</strong> element supports the following
+ attributes.</p>
+
+ <attributes>
+
+ <attribute name="name" required="true">
+ <p>The name of the configuration file command.</p>
+ </attribute>
+
+ <attribute name="name" required="false">
+ <p>The value to use for the configuration file command.</p>
+ </attribute>
+
+ </attributes>
+
+ </subsection>
+
<subsection name="Key store types">
<p>In addition to the standard key store types (JKS and PKCS12), most Java
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org