You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/02/17 10:46:50 UTC
svn commit: r1568922 - in /tomcat/tc7.0.x/trunk: ./
webapps/docs/changelog.xml webapps/docs/config/valve.xml
Author: markt
Date: Mon Feb 17 09:46:49 2014
New Revision: 1568922
URL: http://svn.apache.org/r1568922
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56093
Add SSL Valve to docs
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1568921
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1568922&r1=1568921&r2=1568922&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Feb 17 09:46:49 2014
@@ -70,6 +70,10 @@
In the documentation: add support for several documentation tags from
Tomcat 8. Such as <code><version-major/></code>. (kkolinko)
</scode>
+ <add>
+ <bug>56093</bug>: Add the SSL Valve to the documentation web
+ application. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Other">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml?rev=1568922&r1=1568921&r2=1568922&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml Mon Feb 17 09:46:49 2014
@@ -1456,6 +1456,49 @@
</subsection>
</section>
+
+<section name="SSL Valve">
+
+ <subsection name="Introduction">
+
+ <p>When using mod_proxy_http, the client SSL information is not included in
+ the protocol (unlike mod_jk and mod_proxy_ajp). To make the client SSL
+ information available to Tomcat, some additional configuration is required.
+ In httpd, mod_headers is used to add the SSL information as HTTP headers. In
+ Tomcat, this valve is used to read the information from the HTTP headers and
+ insert it into the request.</p>
+
+ <p>Note: Ensure that the headers are always set by httpd for all requests to
+ prevent a client spoofing SSL information by sending fake headers.</p>
+
+ <p>To configure httpd to set the necessary headers, add the following:</p>
+<source><IfModule ssl_module>
+ RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
+ RequestHeader set SSL_CIPHER "%{SSL_CIPHER}s"
+ RequestHeader set SSL_SESSION_ID "%{SSL_SESSION_ID}s"
+ RequestHeader set SSL_CIPHER_USEKEYSIZE "%{SSL_CIPHER_USEKEYSIZE}s"
+</IfModule></source>
+
+ </subsection>
+
+ <subsection name="Attributes">
+
+ <p>The <strong>SSL Valve</strong> supports the following configuration
+ attribute:</p>
+
+ <attributes>
+
+ <attribute name="className" required="true">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.SSLValve</strong>.
+ </p>
+ </attribute>
+
+ </attributes>
+
+ </subsection>
+
+</section>
</body>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org