From: Martin Kraemer Date: Thu, 22 Sep 2005 10:01:28 +0000 (+0000) Subject: Reflect current implementation X-Git-Tag: 2.3.0~2953 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9971cfc0a5eff648cd6a903c825ce059c2f76a30;p=thirdparty%2Fapache%2Fhttpd.git Reflect current implementation git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290925 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index 4e092037e0c..0434e35a98e 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -1395,7 +1395,7 @@ comp ::= word "==" word | word "eq" word | word ">" word | word "gt" word | word ">=" word | word "ge" word | word "in" "{" wordlist "}" - | word "in" "OID(" word ")" + | word "in" "PeerExtList(" word ")" | word "=~" regex | word "!~" regex @@ -1437,10 +1437,11 @@ SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/

-

The OID() function expects to find zero or more instances -of the given OID in the client certificate, and compares the left-hand side -string against the value of matching OID attributes. Every matching OID is -checked, until a match is found. +

The PeerExtList(object id) function expects to find +zero or more instances of the X.509 Certificate Extension (as identified by +the given object id) in the client certificate, and compares the +left-hand side string against the value of any matching attribute value. Every +extension with the specified object id is checked, until a match is found.

Standard CGI/1.0 and Apache variables:

@@ -1719,4 +1720,4 @@ SSLVerifyDepth 10 - \ No newline at end of file + diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 011510455d6..3182012f66d 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -1216,7 +1216,7 @@ comp ::= word "==" word | word "eq" word | word ">" word | word "gt" word | word ">=" word | word "ge" word | word "in" "{" wordlist "}" - | word "in" "OID(" word ")" + | word "in" "PeerExtList(" word ")" | word "=~" regex | word "!~" regex @@ -1259,10 +1259,11 @@ SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -

The OID() function expects to find zero or more instances -of the given OID in the client certificate, and compares the left-hand side -string against the value of matching OID attributes. Every matching OID is -checked, until a match is found. +

The PeerExtList(object id) function expects to find +zero or more instances of the X.509 Certificate Extension (as identified by +the given object id) in the client certificate, and compares the +left-hand side string against the value of any matching attribute value. Every +extension with the specified object id is checked, until a match is found.

Standard CGI/1.0 and Apache variables: