You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by jp...@apache.org on 2013/07/22 21:11:57 UTC
[1/2] git commit: doc: remove SSL accelerator parameters
Updated Branches:
refs/heads/master e0d39f8e0 -> 6a9f74294
doc: remove SSL accelerator parameters
AFAIK the open source version of Traffic Server never supported SSL
accelerators. Remove the misleading documentation that claims it
does.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/d2069174
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/d2069174
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/d2069174
Branch: refs/heads/master
Commit: d2069174cd486a590ed5146a76446f6381b4f339
Parents: e0d39f8
Author: James Peach <jp...@apache.org>
Authored: Mon Jul 22 11:54:43 2013 -0700
Committer: James Peach <jp...@apache.org>
Committed: Mon Jul 22 11:54:43 2013 -0700
----------------------------------------------------------------------
.../configuration-files/records.config.en.rst | 32 --------------------
1 file changed, 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d2069174/doc/admin/configuration-files/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/configuration-files/records.config.en.rst b/doc/admin/configuration-files/records.config.en.rst
index b19cb29..4b5dbdf 100644
--- a/doc/admin/configuration-files/records.config.en.rst
+++ b/doc/admin/configuration-files/records.config.en.rst
@@ -2139,25 +2139,6 @@ URL Remap Rules
SSL Termination
===============
-``proxy.config.ssl.accelerator_required``
-{#proxy.config.ssl.accelerator_required}
- ``INT``
- Default: ``0``
- Indicates if an accelerator card is required for operation. Traffic
- Server supports Cavium accelerator cards.
-
- You can specify:
-
- - ``0`` - not required
- - ``1`` - accelerator card is required and Traffic Server will not
- enable SSL unless an accelerator card is present.
- - ``2`` - accelerator card is required and Traffic Server will not
- start unless an accelerator card is present.
-
- You can verify operation by
- running\ ``/home/y/bin/openssl_accelerated`` (this comes as part of
- ``openssl_engines_init``).
-
``proxy.config.ssl.enabled`` {#proxy.config.ssl.enabled}
``INT``
Default: ``0``
@@ -2179,19 +2160,6 @@ SSL Termination
Default: ``1``
Enables (``1``) or disables (``0``) TLSv1.
-``proxy.confg.ssl.accelerator.type``
-{#proxy.confg.ssl.accelerator.type}
- ``INT``
- Default: ``0``
- Specifies if the Cavium SSL accelerator card is installed on (and
- required by) your Traffic Server machine:
-
- - ``0`` = none (no SSL accelerator card is installed on the Traffic
- Server machine, so the Traffic Server's CPU determines the number
- of requests served per second)
- - ``1`` = accelerator card is present and required by Traffic
- Server
-
``proxy.config.ssl.server_port`` {#proxy.config.ssl.server_port}
``INT``
Default: ``443``
[2/2] git commit: doc: update SS certificate loading parameter
documentation
Posted by jp...@apache.org.
doc: update SS certificate loading parameter documentation
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/6a9f7429
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/6a9f7429
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/6a9f7429
Branch: refs/heads/master
Commit: 6a9f74294cbcf0f9c51f456a58fd160b5ff71a30
Parents: d206917
Author: James Peach <jp...@apache.org>
Authored: Mon Jul 22 12:11:32 2013 -0700
Committer: James Peach <jp...@apache.org>
Committed: Mon Jul 22 12:11:32 2013 -0700
----------------------------------------------------------------------
.../configuration-files/records.config.en.rst | 55 +++++++++-----------
doc/admin/security-options.en.rst | 1 -
2 files changed, 25 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/6a9f7429/doc/admin/configuration-files/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/configuration-files/records.config.en.rst b/doc/admin/configuration-files/records.config.en.rst
index 4b5dbdf..3e868a8 100644
--- a/doc/admin/configuration-files/records.config.en.rst
+++ b/doc/admin/configuration-files/records.config.en.rst
@@ -2186,48 +2186,36 @@ SSL Termination
authenticated during the SSL handshake. Clients without a
certificate are not allowed to access Traffic Server.
-``proxy.config.ssl.server.cert.filename``
-{#proxy.config.ssl.server.cert.filename}
- ``STRING``
- Default: ``server.pem``
- The filename of the Traffic Server SSL certificate (the server
- certificate).
-
-``proxy.config.ssl.server.cert_chain.filename``
-{#proxy.config.ssl.server.cert_chain.filename}
- ``STRING``
- Default: ``NULL``
- The file, in a chain of certificates, that is the root certificate
- recognized by your website.
-
``proxy.config.ssl.server.cert.path``
{#proxy.config.ssl.server.cert.path}
``STRING``
Default: ``/config``
- The location of the Traffic Server SSL certificate (the server
- certificate).
-
-``proxy.config.ssl.server.private_key.filename``
-{#proxy.config.ssl.server.private_key.filename}
- ``STRING``
- Default: ``NULL``
- The filename of the Traffic Server private key. Change this variable
- only if the private key is not located in the Traffic Server SSL
- certificate file.
+ The location of the SSL certificates and chains used for accepting
+ and validation new SSL sessions. If this is a relative path,
+ it is appended to the Traffic Server installation PREFIX. All
+ certificates and certificate chains listed in
+ :file:`ssl_multicert.config` will be loaded relative to this
+ path.
``proxy.config.ssl.server.private_key.path``
{#proxy.config.ssl.server.private_key.path}
``STRING``
Default: ``NULL``
- The location of the Traffic Server private key. Change this variable
- only if the private key is not located in the SSL certificate file.
+ The location of the SSL certificate private keys. Change this
+ variable only if the private key is not located in the SSL
+ certificate file. All private keys listed in
+ :file:`ssl_multicert.config` will be loaded relative to this
+ path.
-``proxy.config.ssl.CA.cert.filename``
-{#proxy.config.ssl.CA.cert.filename}
+``proxy.config.ssl.server.cert_chain.filename``
+{#proxy.config.ssl.server.cert_chain.filename}
``STRING``
Default: ``NULL``
- The filename of the certificate authority that client certificates
- will be verified against.
+ The name of a file containing a global certificate chain that
+ should be used with every server certificate. This file is only
+ used if there are certificates defined in :file:`ssl_multicert.conf`.
+ Unless this is an absolute path, it is loaded relative to the
+ path specified by ``proxy.config.ssl.server.cert.path``.
``proxy.config.ssl.CA.cert.path`` {#proxy.config.ssl.CA.cert.path}
``STRING``
@@ -2235,6 +2223,13 @@ SSL Termination
The location of the certificate authority file that client
certificates will be verified against.
+``proxy.config.ssl.CA.cert.filename``
+{#proxy.config.ssl.CA.cert.filename}
+ ``STRING``
+ Default: ``NULL``
+ The filename of the certificate authority that client certificates
+ will be verified against.
+
Client-Related Configuration
----------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/6a9f7429/doc/admin/security-options.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/security-options.en.rst b/doc/admin/security-options.en.rst
index c94de13..d1ca46c 100644
--- a/doc/admin/security-options.en.rst
+++ b/doc/admin/security-options.en.rst
@@ -161,7 +161,6 @@ In order to accomplish this, we
- `*``proxy.config.ssl.enabled``* <configuration-files/records.config#proxy.config.ssl.enabled>`_
- `*``proxy.config.ssl.server_port``* <configuration-files/records.config#proxy.config.ssl.server_port>`_
- `*``proxy.config.ssl.client.certification_level``* <configuration-files/records.config#proxy.config.ssl.client.certification_level>`_
- - `*``proxy.config.ssl.server.cert.filename``* <configuration-files/records.config#proxy.config.ssl.server.cert.filename>`_
- `*``proxy.config.ssl.server.cert.path``* <configuration-files/records.config#proxy.config.ssl.server.cert.path>`_
- `*``proxy.config.ssl.server.private_key.filename``* <configuration-files/records.config#proxy.config.ssl.server.private_key.filename>`_
- `*``proxy.config.ssl.server.private_key.path``* <configuration-files/records.config#proxy.config.ssl.server.private_key.path>`_