From: Kaspar Brand <kbrand@apache.org>
Date: Tue, 4 Oct 2011 06:08:02 +0000 (+0000)
Subject: Add SSLCARevocationCheck directive to default mod_ssl config
X-Git-Tag: 2.3.15~177
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=574bda626b5a701283aea43c4f9052bd8201035f;p=apache

Add SSLCARevocationCheck directive to default mod_ssl config

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1178695 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 4012b6d131..144dfe7cc1 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -132,12 +132,15 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key"
 #   Certificate Revocation Lists (CRL):
 #   Set the CA revocation path where to find CA CRLs for client
 #   authentication or alternatively one huge file containing all
-#   of them (file must be PEM encoded)
+#   of them (file must be PEM encoded).
+#   The CRL checking mode needs to be configured explicitly
+#   through SSLCARevocationCheck (defaults to "none" otherwise).
 #   Note: Inside SSLCARevocationPath you need hash symlinks
 #         to point to the certificate files. Use the provided
 #         Makefile to update the hash symlinks after changes.
 #SSLCARevocationPath "@exp_sysconfdir@/ssl.crl"
 #SSLCARevocationFile "@exp_sysconfdir@/ssl.crl/ca-bundle.crl"
+#SSLCARevocationCheck chain
 
 #   Client Authentication (Type):
 #   Client certificate verification type and depth.  Types are