From: Jeff Trawick Date: Sun, 22 Feb 2015 16:29:54 +0000 (+0000) Subject: xform X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6abf01a74b759fd5df142cffc550fb07f07f8581;p=thirdparty%2Fapache%2Fhttpd.git xform git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1661491 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl_ct.html.en b/docs/manual/mod/mod_ssl_ct.html.en index dd01d65dec0..daacf535105 100644 --- a/docs/manual/mod/mod_ssl_ct.html.en +++ b/docs/manual/mod/mod_ssl_ct.html.en @@ -110,6 +110,7 @@ testing.

  • Server processing overview
  • Proxy processing overview
  • Log configuration
    • +
  • Storing SCTs in a form consumable by mod_ssl_ct
  • Logging CT status in the access log
  • Off-line audit for proxy
    • @@ -236,13 +237,27 @@ testing.

    top
    +

    Storing SCTs in a form consumable by mod_ssl_ct

    + + +

    mod_ssl_ct allows you to configure SCTs statically + using the CTStaticSCTs directive. These must be + in binary form, ready to send to a client.

    + +

    Sample code in the form of a Python script to build an SCT in the correct + format from data received from a log can be found in + Tom Ritter's ct-tools + repository. Refer to write-sct.py

    +
    top
    +

    Logging CT status in the access log

    -

    Both proxy and server modes set the SSL_CT_PEER_STATUS - variable to indicate if the peer is CT-aware.

    +

    Proxy and server modes set the SSL_CT_PROXY_STATUS and + SSL_CT_CLIENT_STATUS variables, respectively, to indicate + if the corresponding peer is CT-aware.

    -

    Proxy mode sets the SSL_PROXY_SCT_SOURCES variable to +

    Proxy mode sets the SSL_CT_PROXY_SCT_SOURCES variable to indicate whether and where SCTs were obtained (ServerHello, certificate extension, etc.).