From: Ruediger Pluem Date: Tue, 13 Oct 2009 16:15:36 +0000 (+0000) Subject: * With SSLProxyCheckPeerCN and SSLProxyCheckPeerExpire available and turned X-Git-Tag: 2.3.3~171 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=85b4a8cb1c2f65bca29ab989adc52e8d901a6da3;p=thirdparty%2Fapache%2Fhttpd.git * With SSLProxyCheckPeerCN and SSLProxyCheckPeerExpire available and turned on by default this warning is no longer true. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@824830 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 349daaaf927..df705d59861 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -1464,18 +1464,6 @@ proxy. In per-directory context it forces a SSL renegotation with the reconfigured remote server verification level after the HTTP request was read but before the HTTP response is sent.

- -

Note that even when certificate verification is enabled, -mod_ssl does not check whether the -commonName (hostname) attribute of the server certificate -matches the hostname used to connect to the server. In other words, -the proxy does not guarantee that the SSL connection to the backend -server is "secure" beyond the fact that the certificate is signed by -one of the CAs configured using the -SSLProxyCACertificatePath and/or -SSLProxyCACertificateFile directives.

-
-

The following levels are available for level: