You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2016/09/17 13:10:06 UTC
svn commit: r1761217 -
/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
Author: covener
Date: Sat Sep 17 13:10:06 2016
New Revision: 1761217
URL: http://svn.apache.org/viewvc?rev=1761217&view=rev
Log:
Merge r1761215 from trunk:
feedback in http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#comment_5818
This added paragraph about optional and optional_no_ca isn't helpful.
At the TLS layer, the challenge for otpional and required are no different.
Move the caution about _no_ca up into where the option is defined
and reword.
Modified:
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1761217&r1=1761216&r2=1761217&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Sat Sep 17 13:10:06 2016
@@ -1292,13 +1292,9 @@ The following levels are available for <
the client <em>has to</em> present a valid Certificate</li>
<li><strong>optional_no_ca</strong>:
the client may present a valid Certificate<br />
- but it need not to be (successfully) verifiable.</li>
+ but it need not to be (successfully) verifiable. This option
+ cannot be relied upon for client authentication. </li>
</ul>
-<p>In practice only levels <strong>none</strong> and
-<strong>require</strong> are really interesting, because level
-<strong>optional</strong> doesn't work with all browsers and level
-<strong>optional_no_ca</strong> is actually against the idea of
-authentication (but can be used to establish SSL test pages, etc.)</p>
<example><title>Example</title>
<highlight language="config">
SSLVerifyClient require