You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by kb...@apache.org on 2011/10/04 08:08:03 UTC
svn commit: r1178695 - /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
Author: kbrand
Date: Tue Oct 4 06:08:02 2011
New Revision: 1178695
URL: http://svn.apache.org/viewvc?rev=1178695&view=rev
Log:
Add SSLCARevocationCheck directive to default mod_ssl config
Modified:
httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
Modified: httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in?rev=1178695&r1=1178694&r2=1178695&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in (original)
+++ httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in Tue Oct 4 06:08:02 2011
@@ -132,12 +132,15 @@ SSLCertificateKeyFile "@exp_sysconfdir@/
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
-# of them (file must be PEM encoded)
+# of them (file must be PEM encoded).
+# The CRL checking mode needs to be configured explicitly
+# through SSLCARevocationCheck (defaults to "none" otherwise).
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath "@exp_sysconfdir@/ssl.crl"
#SSLCARevocationFile "@exp_sysconfdir@/ssl.crl/ca-bundle.crl"
+#SSLCARevocationCheck chain
# Client Authentication (Type):
# Client certificate verification type and depth. Types are