From: Jeff Trawick Date: Sat, 3 May 2014 13:44:05 +0000 (+0000) Subject: rebuild X-Git-Tag: 2.5.0-alpha~4218 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8d404fb6509ca7b9752cd22b0df4ea61a98d6858;p=apache rebuild git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1592206 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl_ct.html.en b/docs/manual/mod/mod_ssl_ct.html.en index 22022d254a..75cd47bba9 100644 --- a/docs/manual/mod/mod_ssl_ct.html.en +++ b/docs/manual/mod/mod_ssl_ct.html.en @@ -458,12 +458,20 @@ ServerHello

Each of the six fields must be specified, but usually only a small amount of information must be configured for each log; use - when no - information is available for the field. The fields are defined as follows:

+ information is available for the field. For example, in support of a + server-only configuration (i.e., no proxy), the administrator might + configure only the log URL to be used when submitting server certificates + and obtaining a Signed Certificate Timestamp.

+ +

The fields are defined as follows:

log-id
This is the id of the log, which is the SHA-256 hash of the log's - public key.
+ public key, provided in hexadecimal format. This string is 64 characters + in length. +
+ This field should be omitted when public-key-file is provided.
public-key-file
This is the name of a file containing the PEM encoding of the log's @@ -472,15 +480,20 @@ ServerHello
trust
This is a generic trust flag. Set this field to 0 to - distrust this log.
- -
min-timestamp
-
SCTs received from this log by the proxy are invalid if the timestamp - is older than this value.
+ distrust this log, or to otherwise avoid using it for server certificate + submission. -
max-timestamp
-
SCTs received from this log by the proxy are invalid if the timestamp - is newer than this value.
+
min-timestamp and max-timestamp
+
A timestamp is a time as expressed in the number of milliseconds since the + epoch, ignoring leap seconds. This is the form of time used in Signed Certificate + Timestamps. This must be provided as a decimal number. +
+ Specify - for one of the timestamps if it is unknown. + For example, when configuring the minimum valid timestamp for a log which remains + valid, specify - for max-timestamp. +
+ SCTs received from this log by the proxy are invalid if the timestamp + is older than min-timestamp or newer than max-timestamp.
log-URL
This is the URL of the log, for use in submitting server certificates diff --git a/docs/manual/programs/ctlogconfig.html.en b/docs/manual/programs/ctlogconfig.html.en index fb67a4a436..14edae7806 100644 --- a/docs/manual/programs/ctlogconfig.html.en +++ b/docs/manual/programs/ctlogconfig.html.en @@ -24,8 +24,8 @@

Available Languages:  en 

-

ctlogconfig is a tool for maintaining a log configuration - database, for use with mod_ssl_ct.

+

ctlogconfig is a tool for creating and maintaining a log + configuration database, for use with mod_ssl_ct.

Refer first to Log configuration in the mod_ssl_ct documentation.

@@ -78,6 +78,36 @@ log-id|record-id

+
+
log-id
+
This is the id of the log, which is the SHA-256 hash of the log's public key, + provided in hexadecimal format. This string is 64 characters in length.
+ +
record-id
+
This is the record number in the database, as displayed by the dump + sub-command, prefixed with #. As an example, #4 + references the fourth record in the database. (Use shell escaping as necessary.)
+ +
/path/to/public-key.pem
+
This is a file containing the log's public key in PEM format. The public + key is not stored in the database. Instead, a reference to the file is stored. + Thus, the file cannot be removed until the public key in the database is removed + or changed.
+ +
min-timestamp, max-timestamp
+
A timestamp is a time as expressed in the number of milliseconds since the + epoch, ignoring leap seconds. This is the form of time used in Signed Certificate + Timestamps. This must be provided as a decimal number. +
+ Specify - for one of the timestamps if it is unknown. + For example, when configuring the minimum valid timestamp for a log which remains + valid, specify - for max-timestamp. +
+ SCTs received from this log by the proxy are invalid if the timestamp + is older than min-timestamp or newer than max-timestamp.
+ +
+
top

Sub-commands

@@ -91,24 +121,29 @@
configure-public-key
Add a log's public key to the database or set the public key for an existing entry. The log's public key is needed to validate the signature - of SCTs received by a proxy from a backend server.
+ of SCTs received by a proxy from a backend server. (The database will + be created if it does not yet exist.)
configure-url
Add a log's URL to the database or set the URL for an existing entry. The log's URL is used when submitting server certificates to logs in - order to obtain SCTs to send to clients.
+ order to obtain SCTs to send to clients. (The database will + be created if it does not yet exist.)
valid-time-range
Set the minimum valid time and/or the maximum valid time for a log. SCTs from the log with timestamps outside of the valid range will not be - accepted. Use - for a time that is not being configured.
+ accepted. Use - for a time that is not being configured. + (The database will be created if it does not yet exist.)
trust
Mark a log as trusted, which is the default setting. This sub-command - is used to reverse a distrust setting.
+ is used to reverse a distrust setting. (The database will + be created if it does not yet exist.)
distrust
-
Mark a log as distrusted.
+
Mark a log as distrusted. (The database will be created if it does + not yet exist.)
forget
Remove information about a log from the database.
@@ -149,7 +184,7 @@ http://log2.example.com/ which has already been configured.

- $ ctlogconfig /path/to/conf/log-config configure-public-key \\#2 /path/to/conf/log2-pub.pem
+ $ ctlogconfig /path/to/conf/log-config configure-public-key \#2 /path/to/conf/log2-pub.pem
$ ctlogconfig /path/to/conf/log-config dump
Log entry:
Record 1