From: Jeff Trawick Date: Tue, 14 Oct 2014 21:03:59 +0000 (+0000) Subject: very minor improvements to OCSP-related doc X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f24ed4cdcdeccff549a98abd69636afb6cfe664f;p=thirdparty%2Fapache%2Fhttpd.git very minor improvements to OCSP-related doc git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1631885 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 73641d3c426..cf35543751a 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -2290,8 +2290,8 @@ which means that OCSP responses are considered valid as long as their

This option determines whether queries to OCSP responders should contain a nonce or not. By default, a query nonce is always used and checked against -the response's one. When the responder does not use nonces (eg. Microsoft OCSP -Responder), this option ought to be turned off.

+the response's one. When the responder does not use nonces (e.g. Microsoft OCSP +Responder), this option should be turned off.

 @@ -2383,6 +2383,10 @@ is enabled. Configuration of a cache is mandatory for OCSP stapling. With the exception of none and nonenotnull, the same storage types are supported as with SSLSessionCache.

+ +

The ssl-stapling mutex is used to serialize access to the +OCSP stapling cache to prevent corruption. This mutex can be configured +using the Mutex directive.

@@ -2521,7 +2525,7 @@ To set the cache timeout for valid responses, see

This directive overrides the URI of an OCSP responder as obtained from the authorityInfoAccess (AIA) extension of the certificate. -Of potential use when going through a proxy for retrieving OCSP queries.

+One potential use is when a proxy is used for retrieving OCSP queries.