You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by jp...@apache.org on 2013/07/22 21:11:57 UTC

[1/2] git commit: doc: remove SSL accelerator parameters

Updated Branches:
  refs/heads/master e0d39f8e0 -> 6a9f74294


doc: remove SSL accelerator parameters

AFAIK the open source version of Traffic Server never supported SSL
accelerators. Remove the misleading documentation that claims it
does.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/d2069174
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/d2069174
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/d2069174

Branch: refs/heads/master
Commit: d2069174cd486a590ed5146a76446f6381b4f339
Parents: e0d39f8
Author: James Peach <jp...@apache.org>
Authored: Mon Jul 22 11:54:43 2013 -0700
Committer: James Peach <jp...@apache.org>
Committed: Mon Jul 22 11:54:43 2013 -0700

----------------------------------------------------------------------
 .../configuration-files/records.config.en.rst   | 32 --------------------
 1 file changed, 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d2069174/doc/admin/configuration-files/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/configuration-files/records.config.en.rst b/doc/admin/configuration-files/records.config.en.rst
index b19cb29..4b5dbdf 100644
--- a/doc/admin/configuration-files/records.config.en.rst
+++ b/doc/admin/configuration-files/records.config.en.rst
@@ -2139,25 +2139,6 @@ URL Remap Rules
 SSL Termination
 ===============
 
-``proxy.config.ssl.accelerator_required``
-{#proxy.config.ssl.accelerator_required}
-    ``INT``
-    Default: ``0``
-    Indicates if an accelerator card is required for operation. Traffic
-    Server supports Cavium accelerator cards.
-
-    You can specify:
-
-    -  ``0`` - not required
-    -  ``1`` - accelerator card is required and Traffic Server will not
-       enable SSL unless an accelerator card is present.
-    -  ``2`` - accelerator card is required and Traffic Server will not
-       start unless an accelerator card is present.
-
-    You can verify operation by
-    running\ ``/home/y/bin/openssl_accelerated`` (this comes as part of
-    ``openssl_engines_init``).
-
 ``proxy.config.ssl.enabled`` {#proxy.config.ssl.enabled}
     ``INT``
     Default: ``0``
@@ -2179,19 +2160,6 @@ SSL Termination
     Default: ``1``
     Enables (``1``) or disables (``0``) TLSv1.
 
-``proxy.confg.ssl.accelerator.type``
-{#proxy.confg.ssl.accelerator.type}
-    ``INT``
-    Default: ``0``
-    Specifies if the Cavium SSL accelerator card is installed on (and
-    required by) your Traffic Server machine:
-
-    -  ``0`` = none (no SSL accelerator card is installed on the Traffic
-       Server machine, so the Traffic Server's CPU determines the number
-       of requests served per second)
-    -  ``1`` = accelerator card is present and required by Traffic
-       Server
-
 ``proxy.config.ssl.server_port`` {#proxy.config.ssl.server_port}
     ``INT``
     Default: ``443``

[2/2] git commit: doc: update SS certificate loading parameter documentation

Posted by jp...@apache.org.

doc: update SS certificate loading parameter documentation


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/6a9f7429
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/6a9f7429
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/6a9f7429

Branch: refs/heads/master
Commit: 6a9f74294cbcf0f9c51f456a58fd160b5ff71a30
Parents: d206917
Author: James Peach <jp...@apache.org>
Authored: Mon Jul 22 12:11:32 2013 -0700
Committer: James Peach <jp...@apache.org>
Committed: Mon Jul 22 12:11:32 2013 -0700

----------------------------------------------------------------------
 .../configuration-files/records.config.en.rst   | 55 +++++++++-----------
 doc/admin/security-options.en.rst               |  1 -
 2 files changed, 25 insertions(+), 31 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/6a9f7429/doc/admin/configuration-files/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/configuration-files/records.config.en.rst b/doc/admin/configuration-files/records.config.en.rst
index 4b5dbdf..3e868a8 100644
--- a/doc/admin/configuration-files/records.config.en.rst
+++ b/doc/admin/configuration-files/records.config.en.rst
@@ -2186,48 +2186,36 @@ SSL Termination
        authenticated during the SSL handshake. Clients without a
        certificate are not allowed to access Traffic Server.
 
-``proxy.config.ssl.server.cert.filename``
-{#proxy.config.ssl.server.cert.filename}
-    ``STRING``
-    Default: ``server.pem``
-    The filename of the Traffic Server SSL certificate (the server
-    certificate).
-
-``proxy.config.ssl.server.cert_chain.filename``
-{#proxy.config.ssl.server.cert_chain.filename}
-    ``STRING``
-    Default: ``NULL``
-    The file, in a chain of certificates, that is the root certificate
-    recognized by your website.
-
 ``proxy.config.ssl.server.cert.path``
 {#proxy.config.ssl.server.cert.path}
     ``STRING``
     Default: ``/config``
-    The location of the Traffic Server SSL certificate (the server
-    certificate).
-
-``proxy.config.ssl.server.private_key.filename``
-{#proxy.config.ssl.server.private_key.filename}
-    ``STRING``
-    Default: ``NULL``
-    The filename of the Traffic Server private key. Change this variable
-    only if the private key is not located in the Traffic Server SSL
-    certificate file.
+    The location of the SSL certificates and chains used for accepting
+    and validation new SSL sessions. If this is a relative path,
+    it is appended to the Traffic Server installation PREFIX. All
+    certificates and certificate chains listed in
+    :file:`ssl_multicert.config` will be loaded relative to this
+    path.
 
 ``proxy.config.ssl.server.private_key.path``
 {#proxy.config.ssl.server.private_key.path}
     ``STRING``
     Default: ``NULL``
-    The location of the Traffic Server private key. Change this variable
-    only if the private key is not located in the SSL certificate file.
+    The location of the SSL certificate private keys. Change this
+    variable only if the private key is not located in the SSL
+    certificate file. All private keys listed in
+    :file:`ssl_multicert.config` will be loaded relative to this
+    path.
 
-``proxy.config.ssl.CA.cert.filename``
-{#proxy.config.ssl.CA.cert.filename}
+``proxy.config.ssl.server.cert_chain.filename``
+{#proxy.config.ssl.server.cert_chain.filename}
     ``STRING``
     Default: ``NULL``
-    The filename of the certificate authority that client certificates
-    will be verified against.
+    The name of a file containing a global certificate chain that
+    should be used with every server certificate. This file is only
+    used if there are certificates defined in :file:`ssl_multicert.conf`.
+    Unless this is an absolute path, it is loaded relative to the
+    path specified by ``proxy.config.ssl.server.cert.path``.
 
 ``proxy.config.ssl.CA.cert.path`` {#proxy.config.ssl.CA.cert.path}
     ``STRING``
@@ -2235,6 +2223,13 @@ SSL Termination
     The location of the certificate authority file that client
     certificates will be verified against.
 
+``proxy.config.ssl.CA.cert.filename``
+{#proxy.config.ssl.CA.cert.filename}
+    ``STRING``
+    Default: ``NULL``
+    The filename of the certificate authority that client certificates
+    will be verified against.
+
 Client-Related Configuration
 ----------------------------
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/6a9f7429/doc/admin/security-options.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/security-options.en.rst b/doc/admin/security-options.en.rst
index c94de13..d1ca46c 100644
--- a/doc/admin/security-options.en.rst
+++ b/doc/admin/security-options.en.rst
@@ -161,7 +161,6 @@ In order to accomplish this, we
    -  `*``proxy.config.ssl.enabled``* <configuration-files/records.config#proxy.config.ssl.enabled>`_
    -  `*``proxy.config.ssl.server_port``* <configuration-files/records.config#proxy.config.ssl.server_port>`_
    -  `*``proxy.config.ssl.client.certification_level``* <configuration-files/records.config#proxy.config.ssl.client.certification_level>`_
-   -  `*``proxy.config.ssl.server.cert.filename``* <configuration-files/records.config#proxy.config.ssl.server.cert.filename>`_
    -  `*``proxy.config.ssl.server.cert.path``* <configuration-files/records.config#proxy.config.ssl.server.cert.path>`_
    -  `*``proxy.config.ssl.server.private_key.filename``* <configuration-files/records.config#proxy.config.ssl.server.private_key.filename>`_
    -  `*``proxy.config.ssl.server.private_key.path``* <configuration-files/records.config#proxy.config.ssl.server.private_key.path>`_