From: Ruediger Pluem
Date: Tue, 13 Oct 2009 16:15:36 +0000 (+0000)
Subject: * With SSLProxyCheckPeerCN and SSLProxyCheckPeerExpire available and turned
X-Git-Tag: 2.3.3~171
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=85b4a8cb1c2f65bca29ab989adc52e8d901a6da3;p=thirdparty%2Fapache%2Fhttpd.git
* With SSLProxyCheckPeerCN and SSLProxyCheckPeerExpire available and turned
on by default this warning is no longer true.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@824830 13f79535-47bb-0310-9956-ffa450edef68
---
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 349daaaf927..df705d59861 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1464,18 +1464,6 @@ proxy. In per-directory context it forces a SSL renegotation with the
reconfigured remote server verification level after the HTTP request
was read but before the HTTP response is sent.
-
-Note that even when certificate verification is enabled,
-mod_ssl does not check whether the
-commonName (hostname) attribute of the server certificate
-matches the hostname used to connect to the server. In other words,
-the proxy does not guarantee that the SSL connection to the backend
-server is "secure" beyond the fact that the certificate is signed by
-one of the CAs configured using the
-SSLProxyCACertificatePath and/or
-SSLProxyCACertificateFile directives.
-
-
The following levels are available for level: