From: Joe Orton <jorton@apache.org>
Date: Mon, 12 Jan 2009 11:33:14 +0000 (+0000)
Subject: * docs/manual/mod/mod_ssl.xml: Flesh out SSLRenegBufferSize
X-Git-Tag: 2.3.2~176
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fabd3646bab3e388ca64917c87dfbbdb6c68cbc8;p=apache

* docs/manual/mod/mod_ssl.xml: Flesh out SSLRenegBufferSize
 docs a little - thanks rpluem!


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@733695 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index 84abf0a719..7b5f1861a5 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -1416,7 +1416,7 @@ SSLRandomSeed connect file:/dev/urandom 1024<br />
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLRenegBufferSize" id="SSLRenegBufferSize">SSLRenegBufferSize</a> <a name="sslrenegbuffersize" id="sslrenegbuffersize">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set the size for the SSL renogotiation buffer</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set the size for the SSL renegotiation buffer</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLRenegBufferSize <var>bytes</var></code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLRenegBufferSize 131072</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
@@ -1424,11 +1424,20 @@ SSLRandomSeed connect file:/dev/urandom 1024<br />
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
-<p>
-Configure the amount of memory that will be used for buffering the
-request body if a per-location SSL renegotiation is required due to
-changed access control requirements.
-</p>
+
+<p>If an SSL renegotiation is required in per-location context, for
+example, any use of <code class="directive"><a href="#sslverifyclient">SSLVerifyClient</a></code> in a Directory or
+Location block, then <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> must buffer any HTTP
+request body into memory until the new SSL handshake can be performed.
+This directive can be used to set the amount of memory that will be
+used for this buffer. </p>
+
+<div class="warning"><p>
+Note that in many configurations, the client sending the request body
+will be untrusted so a denial of service attack by consumption of
+memory must be considered when changing this configuration setting.
+</p></div>
+
 <div class="example"><h3>Example</h3><p><code>
 SSLRenegBufferSize 262144
 </code></p></div>
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 8f438c55b6..61c1e46159 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1324,7 +1324,7 @@ SSL_VERSION_INTERFACE  SSL_CLIENT_S_DN_OU     SSL_SERVER_S_DN_OU
 
 <directivesynopsis>
 <name>SSLRenegBufferSize</name>
-<description>Set the size for the SSL renogotiation buffer</description>
+<description>Set the size for the SSL renegotiation buffer</description>
 <syntax>SSLRenegBufferSize <var>bytes</var></syntax>
 <default>SSLRenegBufferSize 131072</default>
 <contextlist><context>directory</context>
@@ -1332,11 +1332,21 @@ SSL_VERSION_INTERFACE  SSL_CLIENT_S_DN_OU     SSL_SERVER_S_DN_OU
 <override>AuthConfig</override>
 
 <usage>
-<p>
-Configure the amount of memory that will be used for buffering the
-request body if a per-location SSL renegotiation is required due to
-changed access control requirements.
-</p>
+
+<p>If an SSL renegotiation is required in per-location context, for
+example, any use of <directive
+module="mod_ssl">SSLVerifyClient</directive> in a Directory or
+Location block, then <module>mod_ssl</module> must buffer any HTTP
+request body into memory until the new SSL handshake can be performed.
+This directive can be used to set the amount of memory that will be
+used for this buffer. </p>
+
+<note type="warning"><p>
+Note that in many configurations, the client sending the request body
+will be untrusted so a denial of service attack by consumption of
+memory must be considered when changing this configuration setting.
+</p></note>
+
 <example><title>Example</title>
 SSLRenegBufferSize 262144
 </example>