Remerge r1584555 but without the changes on (un-backportable) SSLOCSPUseRequestNonce.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1584653 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 004a208213d31fc5d2e23bc7ad03cac77b3fcaf9..6096bf33b63b7af95d26196df15540cd8f9ff844 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -2125,7 +2125,6 @@ SSLUserName SSL_CLIENT_S_DN_CN
 <default>SSLHonorCipherOrder off</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available if using OpenSSL 0.9.7 or later</compatibility>
 
 <usage>
 <p>When choosing a cipher during an SSLv3 or TLSv1 handshake, normally
@@ -2173,7 +2172,6 @@ SSLCryptoDevice ubsec
 <default>SSLOCSPEnable off</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
 
 <usage>
 <p>This option enables OCSP validation of the client certificate
@@ -2204,7 +2202,6 @@ SSLOCSPOverrideResponder on
 <syntax>SSLOCSDefaultResponder <em>uri</em></syntax>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
 
 <usage>
 <p>This option sets the default OCSP responder to use.  If <directive
@@ -2221,7 +2218,6 @@ the certificate being verified.</p>
 <default>SSLOCSPOverrideResponder off</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
 
 <usage>
 <p>This option forces the configured default OCSP responder to be used
@@ -2237,7 +2233,6 @@ certificate being validated references an OCSP responder.</p>
 <default>SSLOCSPResponseTimeSkew 300</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
 
 <usage>
 <p>This option sets the maximum allowable time skew for OCSP responses
@@ -2252,7 +2247,6 @@ certificate being validated references an OCSP responder.</p>
 <default>SSLOCSPResponseMaxAge -1</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
 
 <usage>
 <p>This option sets the maximum allowable age ("freshness") for OCSP responses.
@@ -2269,7 +2263,6 @@ which means that OCSP responses are considered valid as long as their
 <default>SSLOCSPResponderTimeout 10</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3 and later, if using OpenSSL 0.9.7 or later</compatibility>
 
 <usage>
 <p>This option sets the timeout for queries to OCSP responders, when
@@ -2345,7 +2338,7 @@ supported for a given SSL connection.</p>
 <default>SSLUseStapling off</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>This option enables OCSP stapling, as defined by the "Certificate
@@ -2373,7 +2366,7 @@ stated goal of "saving roundtrips and resources" - see also
 <description>Configures the OCSP stapling cache</description>
 <syntax>SSLStaplingCache <em>type</em></syntax>
 <contextlist><context>server config</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>Configures the cache used to store OCSP responses which get included
@@ -2392,7 +2385,7 @@ the same storage types are supported as with
 <default>SSLStaplingResponseTimeSkew 300</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>This option sets the maximum allowable time skew when mod_ssl checks the
@@ -2409,7 +2402,7 @@ if <directive module="mod_ssl">SSLUseStapling</directive> is turned on.</p>
 <default>SSLStaplingResponderTimeout 10</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>This option sets the timeout for queries to OCSP responders when
@@ -2425,7 +2418,7 @@ and mod_ssl is querying a responder for OCSP stapling purposes.</p>
 <default>SSLStaplingResponseMaxAge -1</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>This option sets the maximum allowable age ("freshness") when
@@ -2444,7 +2437,7 @@ which means that OCSP responses are considered valid as long as their
 <default>SSLStaplingStandardCacheTimeout 3600</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>Sets the timeout in seconds before responses in the OCSP stapling cache
@@ -2463,7 +2456,7 @@ used for controlling the timeout for invalid/unavailable responses.
 <default>SSLStaplingReturnResponderErrors on</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>When enabled, mod_ssl will pass responses from unsuccessful
@@ -2480,7 +2473,7 @@ for failed queries will be included in the TLS handshake.</p>
 <default>SSLStaplingFakeTryLater on</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>When enabled and a query to an OCSP responder for stapling
@@ -2498,7 +2491,7 @@ is also enabled.</p>
 <default>SSLStaplingErrorCacheTimeout 600</default>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>Sets the timeout in seconds before <em>invalid</em> responses
@@ -2515,7 +2508,7 @@ To set the cache timeout for valid responses, see
 <syntax>SSLStaplingForceURL <em>uri</em></syntax>
 <contextlist><context>server config</context>
 <context>virtual host</context></contextlist>
-<compatibility>Available in httpd 2.3.3 and later, if using OpenSSL 0.9.8h or later</compatibility>
+<compatibility>Available if using OpenSSL 0.9.8h or later</compatibility>
 
 <usage>
 <p>This directive overrides the URI of an OCSP responder as obtained from