From: Eric Covener <covener@apache.org>
Date: Fri, 5 Nov 2010 19:35:23 +0000 (+0000)
Subject: PR#48720: SSLProxyVerify is not per-directory, only per-server.
X-Git-Tag: 2.3.9~113
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a7e62c83c7b7dc3439a141955e20647dafe1734;p=thirdparty%2Fapache%2Fhttpd.git

PR#48720: SSLProxyVerify is not per-directory, only per-server.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1031742 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index 42623cc6180..5be85e982d6 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -1359,22 +1359,14 @@ for additional information.
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Type of remote server Certificate verification</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyVerify <em>level</em></code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyVerify none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
 
 <p>When a proxy is configured to forward requests to a remote SSL
 server, this directive can be used to configure certificate
-verification of the remote server.  Notice that this directive can be
-used both in per-server and per-directory context. In per-server
-context it applies to the remote server authentication process used in
-the standard SSL handshake when a connection is established by the
-proxy. In per-directory context it forces a SSL renegotiation with the
-reconfigured remote server verification level after the HTTP request
-was read but before the HTTP response is sent.</p>
-
+verification of the remote server. </p>
 <p>
 The following levels are available for <em>level</em>:</p>
 <ul>
@@ -1405,19 +1397,13 @@ SSLProxyVerify require
 Certificate verification</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyVerifyDepth <em>number</em></code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyVerifyDepth 1</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
 <p>
 This directive sets how deeply mod_ssl should verify before deciding that the
-remote server does not have a valid certificate. Notice that this directive can be
-used both in per-server and per-directory context. In per-server context it
-applies to the client authentication process used in the standard SSL
-handshake when a connection is established. In per-directory context it forces
-a SSL renegotiation with the reconfigured remote server verification depth after the
-HTTP request was read but before the HTTP response is sent.</p>
+remote server does not have a valid certificate. </p>
 <p>
 The depth actually is the maximum number of intermediate certificate issuers,
 i.e. the number of CA certificates which are max allowed to be followed while
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 33a7f1e2086..c43866402a4 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1448,23 +1448,13 @@ SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
 <syntax>SSLProxyVerify <em>level</em></syntax>
 <default>SSLProxyVerify none</default>
 <contextlist><context>server config</context>
-<context>virtual host</context>
-<context>directory</context>
-<context>.htaccess</context></contextlist>
-<override>AuthConfig</override>
+<context>virtual host</context> </contextlist>
 
 <usage>
 
 <p>When a proxy is configured to forward requests to a remote SSL
 server, this directive can be used to configure certificate
-verification of the remote server.  Notice that this directive can be
-used both in per-server and per-directory context. In per-server
-context it applies to the remote server authentication process used in
-the standard SSL handshake when a connection is established by the
-proxy. In per-directory context it forces a SSL renegotiation with the
-reconfigured remote server verification level after the HTTP request
-was read but before the HTTP response is sent.</p>
-
+verification of the remote server. </p>
 <p>
 The following levels are available for <em>level</em>:</p>
 <ul>
@@ -1496,20 +1486,12 @@ Certificate verification</description>
 <syntax>SSLProxyVerifyDepth <em>number</em></syntax>
 <default>SSLProxyVerifyDepth 1</default>
 <contextlist><context>server config</context>
-<context>virtual host</context>
-<context>directory</context>
-<context>.htaccess</context></contextlist>
-<override>AuthConfig</override>
+<context>virtual host</context> </contextlist>
 
 <usage>
 <p>
 This directive sets how deeply mod_ssl should verify before deciding that the
-remote server does not have a valid certificate. Notice that this directive can be
-used both in per-server and per-directory context. In per-server context it
-applies to the client authentication process used in the standard SSL
-handshake when a connection is established. In per-directory context it forces
-a SSL renegotiation with the reconfigured remote server verification depth after the
-HTTP request was read but before the HTTP response is sent.</p>
+remote server does not have a valid certificate. </p>
 <p>
 The depth actually is the maximum number of intermediate certificate issuers,
 i.e. the number of CA certificates which are max allowed to be followed while