You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by kb...@apache.org on 2011/10/04 08:08:03 UTC

svn commit: r1178695 - /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in

Author: kbrand
Date: Tue Oct  4 06:08:02 2011
New Revision: 1178695

URL: http://svn.apache.org/viewvc?rev=1178695&view=rev
Log:
Add SSLCARevocationCheck directive to default mod_ssl config

Modified:
    httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in

Modified: httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in?rev=1178695&r1=1178694&r2=1178695&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in (original)
+++ httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in Tue Oct  4 06:08:02 2011
@@ -132,12 +132,15 @@ SSLCertificateKeyFile "@exp_sysconfdir@/
 #   Certificate Revocation Lists (CRL):
 #   Set the CA revocation path where to find CA CRLs for client
 #   authentication or alternatively one huge file containing all
-#   of them (file must be PEM encoded)
+#   of them (file must be PEM encoded).
+#   The CRL checking mode needs to be configured explicitly
+#   through SSLCARevocationCheck (defaults to "none" otherwise).
 #   Note: Inside SSLCARevocationPath you need hash symlinks
 #         to point to the certificate files. Use the provided
 #         Makefile to update the hash symlinks after changes.
 #SSLCARevocationPath "@exp_sysconfdir@/ssl.crl"
 #SSLCARevocationFile "@exp_sysconfdir@/ssl.crl/ca-bundle.crl"
+#SSLCARevocationCheck chain
 
 #   Client Authentication (Type):
 #   Client certificate verification type and depth.  Types are