From: Rainer Jung <rjung@apache.org>
Date: Mon, 1 Jun 2015 15:34:11 +0000 (+0000)
Subject: Xforms.
X-Git-Tag: 2.4.13~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=453adde1c5a486c9226a16933562ec3ef3c428dc;p=thirdparty%2Fapache%2Fhttpd.git

Xforms.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682934 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_log_config.html.en b/docs/manual/mod/mod_log_config.html.en
index df6ff851f42..6e53c52fb26 100644
--- a/docs/manual/mod/mod_log_config.html.en
+++ b/docs/manual/mod/mod_log_config.html.en
@@ -143,45 +143,42 @@
             matching error log line to see what request caused what error.</td></tr>
 <tr><td><code>%m</code></td>
         <td>The request method.</td></tr>
-<tr class="odd"><td><code>%M</code></td>
-        <td>The time taken to serve the request, in milliseconds.
-        (available in 2.4.13 and later)</td></tr>
-<tr><td><code>%{<var>VARNAME</var>}n</code></td>
+<tr class="odd"><td><code>%{<var>VARNAME</var>}n</code></td>
         <td>The contents of note <var>VARNAME</var> from another
         module.</td></tr>
-<tr class="odd"><td><code>%{<var>VARNAME</var>}o</code></td>
+<tr><td><code>%{<var>VARNAME</var>}o</code></td>
         <td>The contents of <code><var>VARNAME</var>:</code> header line(s)
         in the reply.</td></tr>
-<tr><td><code>%p</code></td>
+<tr class="odd"><td><code>%p</code></td>
         <td>The canonical port of the server serving the request.</td></tr>
-<tr class="odd"><td><code>%{<var>format</var>}p</code></td>
+<tr><td><code>%{<var>format</var>}p</code></td>
         <td>The canonical port of the server serving the request, or the
         server's actual port, or the client's actual port. Valid formats
         are <code>canonical</code>, <code>local</code>, or <code>remote</code>.
         </td></tr>
-<tr><td><code>%P</code></td>
+<tr class="odd"><td><code>%P</code></td>
         <td>The process ID of the child that serviced the request.</td></tr>
-<tr class="odd"><td><code>%{<var>format</var>}P</code></td>
+<tr><td><code>%{<var>format</var>}P</code></td>
         <td>The process ID or thread ID of the child that serviced the
         request.  Valid formats are <code>pid</code>, <code>tid</code>,
         and <code>hextid</code>.  <code>hextid</code> requires APR 1.2.0 or
         higher.
         </td></tr>
-<tr><td><code>%q</code></td>
+<tr class="odd"><td><code>%q</code></td>
         <td>The query string (prepended with a <code>?</code> if a query
         string exists, otherwise an empty string).</td></tr>
-<tr class="odd"><td><code>%r</code></td>
+<tr><td><code>%r</code></td>
         <td>First line of request.</td></tr>
-<tr><td><code>%R</code></td>
+<tr class="odd"><td><code>%R</code></td>
         <td>The handler generating the response (if any).</td></tr>
-<tr class="odd"><td><code>%s</code></td>
+<tr><td><code>%s</code></td>
         <td>Status. For requests that have been internally redirected, this is
         the status of the <em>original</em> request. Use <code>%&gt;s</code>
         for the final status.</td></tr>
-<tr><td><code>%t</code></td>
+<tr class="odd"><td><code>%t</code></td>
         <td>Time the request was received, in the format <code>[18/Sep/2011:19:18:28 -0400]</code>.
         The last number indicates the timezone offset from GMT</td></tr>
-<tr class="odd"><td><code>%{<var>format</var>}t</code></td>
+<tr><td><code>%{<var>format</var>}t</code></td>
         <td>The time, in the form given by format, which should be in
         an extended <code>strftime(3)</code> format (potentially localized).
         If the format starts with <code>begin:</code> (default) the time is taken
@@ -201,8 +198,16 @@
         formatting in the same format string. You can use multiple
         <code>%{<var>format</var>}t</code> tokens instead.
         </td></tr>
-<tr><td><code>%T</code></td>
+<tr class="odd"><td><code>%T</code></td>
         <td>The time taken to serve the request, in seconds.</td></tr>
+<tr><td><code>%{<var>UNIT</var>}T</code></td>
+        <td>The time taken to serve the request, in a time unit given by
+        <code>UNIT</code>. Valid units are <code>ms</code> for milliseconds,
+        <code>us</code> for microseconds, and <code>s</code> for seconds.
+        Using <code>s</code> gives the same result as <code>%T</code>
+        without any format; using <code>us</code> gives the same result
+        as <code>%D</code>. Combining <code>%T</code> with a unit is
+        available in 2.4.13 and later.</td></tr>
 <tr class="odd"><td><code>%u</code></td>
         <td>Remote user if the request was authenticated. May be bogus if return status
         (<code>%s</code>) is 401 (unauthorized).</td></tr>
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index f1b2b61862a..9d7274bf7ad 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -566,35 +566,44 @@ confused in this situation.</p>
 <p>
 This directive points to a file with certificate data in PEM format.
 At a minimum, the file must include an end-entity (leaf) certificate.
-Beginning with version 2.4.8, it may also include intermediate CA
-certificates, sorted from leaf to root, and obsoletes
-<code class="directive"><a href="#sslcertificatechainfile">SSLCertificateChainFile</a></code>.
+The directive can be used multiple times (referencing different filenames)
+to support multiple algorithms for server authentication - typically
+RSA, DSA, and ECC. The number of supported algorithms depends on the
+OpenSSL version being used for mod_ssl: with version 1.0.0 or later,
+<code>openssl list-public-key-algorithms</code> will output a list
+of supported algorithms.
 </p>
 
 <p>
-Additional optional elements are DH parameters and/or an EC curve name
-for ephemeral keys, as generated by <code>openssl dhparam</code> and
-<code>openssl ecparam</code>, respectively (supported in version 2.4.7
-or later) and finally, the end-entity certificate's private key.
-If the private key is encrypted, the pass phrase dialog is forced
-at startup time.</p>
+The files may also include intermediate CA certificates, sorted from
+leaf to root. This is supported with version 2.4.8 and later,
+and obsoletes <code class="directive"><a href="#sslcertificatechainfile">SSLCertificateChainFile</a></code>.
+When running with OpenSSL 1.0.2 or later, this allows
+to configure the intermediate CA chain on a per-certificate basis.
+</p>
 
 <p>
-This directive can be used multiple times (referencing different filenames)
-to support multiple algorithms for server authentication - typically
-RSA, DSA, and ECC. The number of supported algorithms depends on the
-OpenSSL version being used for mod_ssl: with version 1.0.0 or later,
-<code>openssl list-public-key-algorithms</code> will output a list
-of supported algorithms.</p>
+Custom DH parameters and an EC curve name for ephemeral keys,
+can also be added to end of the first file configured using
+<code class="directive"><a href="#sslcertificatechainfile">SSLCertificateChainFile</a></code>.
+This is supported in version 2.4.7 or later.
+Such parameters can be generated using the commands
+<code>openssl dhparam</code> and <code>openssl ecparam</code>.
+The parameters can be added as-is to the end of the first
+certificate file. Only the first file can be used for custom
+parameters, as they are applied independently of the authentication
+algorithm type.
+</p>
 
 <p>
-When running with OpenSSL 1.0.2 or later, this directive allows
-to configure the intermediate CA chain on a per-certificate basis,
-which removes a limitation of the (now obsolete)
-<code class="directive"><a href="#sslcertificatechainfile">SSLCertificateChainFile</a></code> directive.
-DH and ECDH parameters, however, are only read from the first
-<code class="directive">SSLCertificateFile</code> directive, as they
-are applied independently of the authentication algorithm type.</p>
+Finally the the end-entity certificate's private key can also be
+added to the certificate file instead of using a separate
+<code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code>
+directive. This practice is highly discouraged. If it is used,
+the certificate files using such an embedded key must be configured
+after the certificates using a separate key file. If the private
+key is encrypted, the pass phrase dialog is forced at startup time.
+</p>
 
 <div class="note">
 <h3>DH parameter interoperability with primes &gt; 1024 bit</h3>
@@ -627,9 +636,7 @@ such issues.
 </table>
 <p>
 This directive points to the PEM-encoded private key file for the
-server (the private key may also be combined with the certificate in the
-<code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>, but this practice
-is discouraged). If the contained private key is encrypted, the pass phrase
+server. If the contained private key is encrypted, the pass phrase
 dialog is forced at startup time.</p>
 
 <p>
@@ -639,6 +646,13 @@ to support multiple algorithms for server authentication. For each
 directive, there must be a matching <code class="directive">SSLCertificateFile</code>
 directive.</p>
 
+<p>
+The private key may also be combined with the certificate in the file given by
+<code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>, but this practice
+is highly discouraged. If it is used, the certificate files using such
+an embedded key must be configured after the certificates using a separate
+key file.</p>
+
 <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"</pre>
 </div>
 
@@ -2168,7 +2182,9 @@ dd if=/dev/random of=/path/to/file.tkey bs=1 count=48
 
 <p>Ticket keys should be rotated (replaced) on a frequent basis,
 as this is the only way to invalidate an existing session ticket -
-OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.</p>
+OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+A new ticket key only gets used after restarting the web server.
+All existing session tickets become invalid after a restart.</p>
 
 <div class="warning">
 <p>The ticket key file contains sensitive keying material and should
@@ -2266,10 +2282,6 @@ With the exception of <code>none</code> and <code>nonenotnull</code>,
 the same storage types are supported as with
 <code class="directive"><a href="#sslsessioncache">SSLSessionCache</a></code>.</p>
 
-<p>The <code>ssl-stapling</code> mutex is used to serialize access to the
-OCSP stapling cache to prevent corruption.  This mutex can be configured
-using the <code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> directive.</p>
-
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLStaplingErrorCacheTimeout" id="SSLStaplingErrorCacheTimeout">SSLStaplingErrorCacheTimeout</a> <a name="sslstaplingerrorcachetimeout" id="sslstaplingerrorcachetimeout">Directive</a></h2>
@@ -2492,6 +2504,14 @@ stated goal of "saving roundtrips and resources" - see also
 (TLS Multiple Certificate Status Extension).
 </p>
 
+<p>When OCSP stapling is enabled, the <code>ssl-stapling</code> mutex is used
+to control access to the OCSP stapling cache in order to prevent corruption,
+and the <code>sss-stapling-refresh</code> mutex is used to control refreshes
+of OCSP responses.  These mutexes can be configured using the
+<code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> directive.
+</p>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLVerifyClient" id="SSLVerifyClient">SSLVerifyClient</a> <a name="sslverifyclient" id="sslverifyclient">Directive</a></h2>
diff --git a/docs/manual/mod/mod_ssl.html.fr b/docs/manual/mod/mod_ssl.html.fr
index 0ece59fdf3d..625ba241026 100644
--- a/docs/manual/mod/mod_ssl.html.fr
+++ b/docs/manual/mod/mod_ssl.html.fr
@@ -29,6 +29,8 @@
 <p><span>Langues Disponibles: </span><a href="../en/mod/mod_ssl.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
 <a href="../fr/mod/mod_ssl.html" title="Français">&nbsp;fr&nbsp;</a></p>
 </div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+            anglaise pour les changements récents.</div>
 <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Chiffrement de haut niveau basé sur les protocoles Secure
 Sockets Layer (SSL) et Transport Layer Security (TLS)</td></tr>
 <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
diff --git a/docs/manual/mod/mod_ssl.xml.fr b/docs/manual/mod/mod_ssl.xml.fr
index be8154b94ce..8a2df8b4d25 100644
--- a/docs/manual/mod/mod_ssl.xml.fr
+++ b/docs/manual/mod/mod_ssl.xml.fr
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1681320 -->
+<!-- English Revision: 1681320:1682929 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
diff --git a/docs/manual/mod/mod_ssl.xml.meta b/docs/manual/mod/mod_ssl.xml.meta
index 736a11a017e..be20a51f56b 100644
--- a/docs/manual/mod/mod_ssl.xml.meta
+++ b/docs/manual/mod/mod_ssl.xml.meta
@@ -8,6 +8,6 @@
 
   <variants>
     <variant>en</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
   </variants>
 </metafile>
diff --git a/docs/manual/ssl/ssl_faq.html.en b/docs/manual/ssl/ssl_faq.html.en
index f2c19f144eb..796a6209e94 100644
--- a/docs/manual/ssl/ssl_faq.html.en
+++ b/docs/manual/ssl/ssl_faq.html.en
@@ -756,20 +756,22 @@ Explorer (MSIE)?</a></h3>
     or higher), you can either rearrange mod_ssl's cipher list with
     <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code>
     (possibly in conjunction with <code class="directive"><a href="../mod/mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder</a></code>),
-    or you can use the <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code>
-    directive to configure custom DH parameters with a 1024-bit prime, which
+    or you can use custom DH parameters with a 1024-bit prime, which
     will always have precedence over any of the built-in DH parameters.</p>
 
-    <p>To generate custom DH parameters, use the <code>openssl dhparam</code>
-    command. Alternatively, you can append the following standard 1024-bit DH
+    <p>To generate custom DH parameters, use the <code>openssl dhparam 1024</code>
+    command. Alternatively, you can use the following standard 1024-bit DH
     parameters from <a href="http://www.ietf.org/rfc/rfc2409.txt">RFC 2409</a>,
-    section 6.2 to the respective
-    <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code> file:</p>
+    section 6.2:</p>
     <div class="example"><pre>-----BEGIN DH PARAMETERS-----
 MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
 Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
 /1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
 -----END DH PARAMETERS-----</pre></div>
+    <p>Add the custom parameters including the "BEGIN DH PARAMETERS" and
+    "END DH PARAMETERS" lines to the end of the first certificate file
+    you have configured using the
+    <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code> directive.</p>
 
 
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
diff --git a/docs/manual/ssl/ssl_faq.html.fr b/docs/manual/ssl/ssl_faq.html.fr
index e767d6f4607..669c76055d8 100644
--- a/docs/manual/ssl/ssl_faq.html.fr
+++ b/docs/manual/ssl/ssl_faq.html.fr
@@ -26,6 +26,8 @@
 <p><span>Langues Disponibles: </span><a href="../en/ssl/ssl_faq.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
 <a href="../fr/ssl/ssl_faq.html" title="Français">&nbsp;fr&nbsp;</a></p>
 </div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+            anglaise pour les changements récents.</div>
 
 <blockquote>
 <p>Le sage n'apporte pas de bonnes réponses, il pose les bonnes questions</p>
diff --git a/docs/manual/ssl/ssl_faq.xml.fr b/docs/manual/ssl/ssl_faq.xml.fr
index 1fc562fcacd..ce3cf825a94 100644
--- a/docs/manual/ssl/ssl_faq.xml.fr
+++ b/docs/manual/ssl/ssl_faq.xml.fr
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="ISO-8859-1" ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1674127 -->
+<!-- English Revision: 1674127:1682929 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
diff --git a/docs/manual/ssl/ssl_faq.xml.meta b/docs/manual/ssl/ssl_faq.xml.meta
index 61db8269666..a5d5a97804f 100644
--- a/docs/manual/ssl/ssl_faq.xml.meta
+++ b/docs/manual/ssl/ssl_faq.xml.meta
@@ -8,6 +8,6 @@
 
   <variants>
     <variant>en</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
   </variants>
 </metafile>