From: Eric Covener <covener@apache.org>
Date: Fri, 5 Nov 2010 19:38:42 +0000 (+0000)
Subject: PR#48720: SSLProxyVerify is per-server, not per-directory.
X-Git-Tag: 2.2.18~313
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7d75224ef83d2b97adb347002dd8ed3541a35ce;p=thirdparty%2Fapache%2Fhttpd.git

PR#48720: SSLProxyVerify is per-server, not per-directory.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1031745 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index 7e9992e3ea2..23178372ba8 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -1287,21 +1287,14 @@ for additional information.
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Type of remote server Certificate verification</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyVerify <em>level</em></code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyVerify none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
 
 <p>When a proxy is configured to forward requests to a remote SSL
 server, this directive can be used to configure certificate
-verification of the remote server.  Notice that this directive can be
-used both in per-server and per-directory context. In per-server
-context it applies to the remote server authentication process used in
-the standard SSL handshake when a connection is established by the
-proxy. In per-directory context it forces a SSL renegotation with the
-reconfigured remote server verification level after the HTTP request
-was read but before the HTTP response is sent.</p>
+verification of the remote server. </p>
 
 <div class="warning">
 <p>Note that even when certificate verification is enabled,
@@ -1350,19 +1343,14 @@ SSLProxyVerify require
 Certificate verification</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyVerifyDepth <em>number</em></code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyVerifyDepth 1</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
 <p>
 This directive sets how deeply mod_ssl should verify before deciding that the
-remote server does not have a valid certificate. Notice that this directive can be
-used both in per-server and per-directory context. In per-server context it
-applies to the client authentication process used in the standard SSL
-handshake when a connection is established. In per-directory context it forces
-a SSL renegotation with the reconfigured remote server verification depth after the
-HTTP request was read but before the HTTP response is sent.</p>
+remote server does not have a valid certificate. </p>
 <p>
 The depth actually is the maximum number of intermediate certificate issuers,
 i.e. the number of CA certificates which are max allowed to be followed while
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 2862637ee31..a43e5aefd2b 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1467,22 +1467,12 @@ SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
 <syntax>SSLProxyVerify <em>level</em></syntax>
 <default>SSLProxyVerify none</default>
 <contextlist><context>server config</context>
-<context>virtual host</context>
-<context>directory</context>
-<context>.htaccess</context></contextlist>
-<override>AuthConfig</override>
-
+<context>virtual host</context> </contextlist>
 <usage>
 
 <p>When a proxy is configured to forward requests to a remote SSL
 server, this directive can be used to configure certificate
-verification of the remote server.  Notice that this directive can be
-used both in per-server and per-directory context. In per-server
-context it applies to the remote server authentication process used in
-the standard SSL handshake when a connection is established by the
-proxy. In per-directory context it forces a SSL renegotation with the
-reconfigured remote server verification level after the HTTP request
-was read but before the HTTP response is sent.</p>
+verification of the remote server. </p>
 
 <note type="warning">
 <p>Note that even when certificate verification is enabled,
@@ -1532,20 +1522,13 @@ Certificate verification</description>
 <syntax>SSLProxyVerifyDepth <em>number</em></syntax>
 <default>SSLProxyVerifyDepth 1</default>
 <contextlist><context>server config</context>
-<context>virtual host</context>
-<context>directory</context>
-<context>.htaccess</context></contextlist>
+<context>virtual host</context> </contextlist>
 <override>AuthConfig</override>
 
 <usage>
 <p>
 This directive sets how deeply mod_ssl should verify before deciding that the
-remote server does not have a valid certificate. Notice that this directive can be
-used both in per-server and per-directory context. In per-server context it
-applies to the client authentication process used in the standard SSL
-handshake when a connection is established. In per-directory context it forces
-a SSL renegotation with the reconfigured remote server verification depth after the
-HTTP request was read but before the HTTP response is sent.</p>
+remote server does not have a valid certificate. </p>
 <p>
 The depth actually is the maximum number of intermediate certificate issuers,
 i.e. the number of CA certificates which are max allowed to be followed while