]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
* With SSLProxyCheckPeerCN and SSLProxyCheckPeerExpire available and turned
authorRuediger Pluem <rpluem@apache.org>
Tue, 13 Oct 2009 16:15:36 +0000 (16:15 +0000)
committerRuediger Pluem <rpluem@apache.org>
Tue, 13 Oct 2009 16:15:36 +0000 (16:15 +0000)
  on by default this warning is no longer true.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@824830 13f79535-47bb-0310-9956-ffa450edef68

docs/manual/mod/mod_ssl.xml

index 349daaaf927b71027657d22b129b2b5f3f7b1f25..df705d59861bbd174e4675fb892f1f1080ed8f82 100644 (file)
@@ -1464,18 +1464,6 @@ proxy. In per-directory context it forces a SSL renegotation with the
 reconfigured remote server verification level after the HTTP request
 was read but before the HTTP response is sent.</p>
 
-<note type="warning">
-<p>Note that even when certificate verification is enabled,
-<module>mod_ssl</module> does <strong>not</strong> check whether the
-<code>commonName</code> (hostname) attribute of the server certificate
-matches the hostname used to connect to the server.  In other words,
-the proxy does not guarantee that the SSL connection to the backend
-server is "secure" beyond the fact that the certificate is signed by
-one of the CAs configured using the
-<directive>SSLProxyCACertificatePath</directive> and/or
-<directive>SSLProxyCACertificateFile</directive> directives.</p>
-</note>
-
 <p>
 The following levels are available for <em>level</em>:</p>
 <ul>