From: Jeff Trawick Date: Tue, 14 Oct 2014 21:08:26 +0000 (+0000) Subject: merge r1631885 from trunk: X-Git-Tag: 2.4.11~251 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fbdbd1ee4a9057f8a27a0434c1328306c10fa14;p=thirdparty%2Fapache%2Fhttpd.git merge r1631885 from trunk: very minor improvements to OCSP-related doc git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1631887 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index c0acc100ec5..cbd7c017c59 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -2293,8 +2293,8 @@ which means that OCSP responses are considered valid as long as their

This option determines whether queries to OCSP responders should contain a nonce or not. By default, a query nonce is always used and checked against -the response's one. When the responder does not use nonces (eg. Microsoft OCSP -Responder), this option ought to be turned off.

+the response's one. When the responder does not use nonces (e.g. Microsoft OCSP +Responder), this option should be turned off.

 @@ -2386,6 +2386,10 @@ is enabled. Configuration of a cache is mandatory for OCSP stapling. With the exception of none and nonenotnull, the same storage types are supported as with SSLSessionCache.

+ +

The ssl-stapling mutex is used to serialize access to the +OCSP stapling cache to prevent corruption. This mutex can be configured +using the Mutex directive.

@@ -2524,7 +2528,7 @@ To set the cache timeout for valid responses, see

This directive overrides the URI of an OCSP responder as obtained from the authorityInfoAccess (AIA) extension of the certificate. -Of potential use when going through a proxy for retrieving OCSP queries.

+One potential use is when a proxy is used for retrieving OCSP queries.