You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by kl...@apache.org on 2014/10/27 12:02:32 UTC

couchdb commit: updated refs/heads/1.6.x to 61d33cb

Repository: couchdb
Updated Branches:
  refs/heads/1.6.x 164cf5ed2 -> 61d33cb64


Improve documentation of `cacert_file` ssl option

The documentation was incorrect insofar that it only described its
functionality for client verification, although the configuration is
used for server verification as well.


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/61d33cb6
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/61d33cb6
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/61d33cb6

Branch: refs/heads/1.6.x
Commit: 61d33cb64124535571e61e6ba1b5f353fb297a40
Parents: 164cf5e
Author: Klaus Trainer <kl...@apache.org>
Authored: Mon Oct 27 11:55:14 2014 +0100
Committer: Klaus Trainer <kl...@apache.org>
Committed: Mon Oct 27 12:00:51 2014 +0100

----------------------------------------------------------------------
 share/doc/src/config/http.rst | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/61d33cb6/share/doc/src/config/http.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
index 1ae3abe..4084be5 100644
--- a/share/doc/src/config/http.rst
+++ b/share/doc/src/config/http.rst
@@ -329,9 +329,12 @@ Secure Socket Level Options
 
   .. config:option:: cacert_file :: CA Certificate file
 
-    Path to file containing PEM encoded CA certificates (trusted certificates
-    used for verifying a peer certificate). May be omitted if you do not want
-    to verify the peer::
+    The path to a file containing PEM encoded CA certificates. The CA
+    certificates are used to build the server certificate chain, and for client
+    authentication. Also the CAs are used in the list of acceptable client CAs
+    passed to the client when a certificate is requested. May be omitted if
+    there is no need to verify the client and if there are not any intermediate
+    CAs for the server certificate::
 
       [ssl]
       cacert_file = /etc/ssl/certs/ca-certificates.crt

Re: couchdb commit: updated refs/heads/1.6.x to 61d33cb

Posted by Klaus Trainer <kl...@posteo.de>.

Heya Jan,

it is in the 1.x.x branch already :)

see
https://github.com/apache/couchdb/commit/c3c9588ca8d087419462dbffced3c15033375876

Cheers,
Klaus


On 07/02/2015 10:42 PM, Jan Lehnardt wrote:
> Heya Klaus,
> 
> as far as I can see, this commit is missing in the 1.x.x branch,
> can you merge/cherry-pick it over?
> 
> Thanks! :)
> Jan
> --
> 
>> On 27 Oct 2014, at 12:02, klaus_trainer@apache.org wrote:
>>
>> Repository: couchdb
>> Updated Branches:
>>  refs/heads/1.6.x 164cf5ed2 -> 61d33cb64
>>
>>
>> Improve documentation of `cacert_file` ssl option
>>
>> The documentation was incorrect insofar that it only described its
>> functionality for client verification, although the configuration is
>> used for server verification as well.
>>
>>
>> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
>> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/61d33cb6
>> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/61d33cb6
>> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/61d33cb6
>>
>> Branch: refs/heads/1.6.x
>> Commit: 61d33cb64124535571e61e6ba1b5f353fb297a40
>> Parents: 164cf5e
>> Author: Klaus Trainer <kl...@apache.org>
>> Authored: Mon Oct 27 11:55:14 2014 +0100
>> Committer: Klaus Trainer <kl...@apache.org>
>> Committed: Mon Oct 27 12:00:51 2014 +0100
>>
>> ----------------------------------------------------------------------
>> share/doc/src/config/http.rst | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>> ----------------------------------------------------------------------
>>
>>
>> http://git-wip-us.apache.org/repos/asf/couchdb/blob/61d33cb6/share/doc/src/config/http.rst
>> ----------------------------------------------------------------------
>> diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
>> index 1ae3abe..4084be5 100644
>> --- a/share/doc/src/config/http.rst
>> +++ b/share/doc/src/config/http.rst
>> @@ -329,9 +329,12 @@ Secure Socket Level Options
>>
>>   .. config:option:: cacert_file :: CA Certificate file
>>
>> -    Path to file containing PEM encoded CA certificates (trusted certificates
>> -    used for verifying a peer certificate). May be omitted if you do not want
>> -    to verify the peer::
>> +    The path to a file containing PEM encoded CA certificates. The CA
>> +    certificates are used to build the server certificate chain, and for client
>> +    authentication. Also the CAs are used in the list of acceptable client CAs
>> +    passed to the client when a certificate is requested. May be omitted if
>> +    there is no need to verify the client and if there are not any intermediate
>> +    CAs for the server certificate::
>>
>>       [ssl]
>>       cacert_file = /etc/ssl/certs/ca-certificates.crt
>>
>

Re: couchdb commit: updated refs/heads/1.6.x to 61d33cb

Posted by Jan Lehnardt <ja...@php.net>.

Heya Klaus,

as far as I can see, this commit is missing in the 1.x.x branch,
can you merge/cherry-pick it over?

Thanks! :)
Jan
--

> On 27 Oct 2014, at 12:02, klaus_trainer@apache.org wrote:
> 
> Repository: couchdb
> Updated Branches:
>  refs/heads/1.6.x 164cf5ed2 -> 61d33cb64
> 
> 
> Improve documentation of `cacert_file` ssl option
> 
> The documentation was incorrect insofar that it only described its
> functionality for client verification, although the configuration is
> used for server verification as well.
> 
> 
> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/61d33cb6
> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/61d33cb6
> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/61d33cb6
> 
> Branch: refs/heads/1.6.x
> Commit: 61d33cb64124535571e61e6ba1b5f353fb297a40
> Parents: 164cf5e
> Author: Klaus Trainer <kl...@apache.org>
> Authored: Mon Oct 27 11:55:14 2014 +0100
> Committer: Klaus Trainer <kl...@apache.org>
> Committed: Mon Oct 27 12:00:51 2014 +0100
> 
> ----------------------------------------------------------------------
> share/doc/src/config/http.rst | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
> ----------------------------------------------------------------------
> 
> 
> http://git-wip-us.apache.org/repos/asf/couchdb/blob/61d33cb6/share/doc/src/config/http.rst
> ----------------------------------------------------------------------
> diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
> index 1ae3abe..4084be5 100644
> --- a/share/doc/src/config/http.rst
> +++ b/share/doc/src/config/http.rst
> @@ -329,9 +329,12 @@ Secure Socket Level Options
> 
>   .. config:option:: cacert_file :: CA Certificate file
> 
> -    Path to file containing PEM encoded CA certificates (trusted certificates
> -    used for verifying a peer certificate). May be omitted if you do not want
> -    to verify the peer::
> +    The path to a file containing PEM encoded CA certificates. The CA
> +    certificates are used to build the server certificate chain, and for client
> +    authentication. Also the CAs are used in the list of acceptable client CAs
> +    passed to the client when a certificate is requested. May be omitted if
> +    there is no need to verify the client and if there are not any intermediate
> +    CAs for the server certificate::
> 
>       [ssl]
>       cacert_file = /etc/ssl/certs/ca-certificates.crt
> 

-- 
Professional Support for Apache CouchDB:
http://www.neighbourhood.ie/couchdb-support/