Mention SSL certificate checks are now enabled by default, as opposed to disabled...

author Daniel Gruno <humbedooh@apache.org>

Sun, 25 Mar 2012 06:55:59 +0000 (06:55 +0000)

committer Daniel Gruno <humbedooh@apache.org>

Sun, 25 Mar 2012 06:55:59 +0000 (06:55 +0000)
author Daniel Gruno <humbedooh@apache.org>
Sun, 25 Mar 2012 06:55:59 +0000 (06:55 +0000)
committer Daniel Gruno <humbedooh@apache.org>
Sun, 25 Mar 2012 06:55:59 +0000 (06:55 +0000)
diff --git a/docs/manual/upgrading.xml b/docs/manual/upgrading.xml

index 0b844516e483078d5490194a606ce80ba5ee2e8d..db72bf53337963969356d4c64a0b167905ebe840 100644 (file)
--- a/docs/manual/upgrading.xml
+++ b/docs/manual/upgrading.xml
@@ -295,7 +295,11 @@
        variables has changed. The old format can still be used with the new
        <code>LegacyDNStringFormat</code> argument to <directive
        module="mod_ssl">SSLOptions</directive>. The SSLv2 protocol is
-      no longer supported.</li>
+      no longer supported. <directive module="mod_ssl">SSLProxyCheckPeerCN
+         </directive> and <directive module="mod_ssl">SSLProxyCheckPeerExpire
+         </directive> now default to On, causing proxy requests to HTTPS hosts
+         with bad or outdated certificates to fail with a 502 status code (Bad 
+         gateway)</li>
  
        <li><program>htpasswd</program> now uses MD5 hash by default on
        all platforms.</li>
author	Daniel Gruno <humbedooh@apache.org>
	Sun, 25 Mar 2012 06:55:59 +0000 (06:55 +0000)
committer	Daniel Gruno <humbedooh@apache.org>
	Sun, 25 Mar 2012 06:55:59 +0000 (06:55 +0000)