From 8a36a240a8c07c08116a30e4d9c564f5805bccff Mon Sep 17 00:00:00 2001
From: Mads Toftum <mads@apache.org>
Date: Mon, 5 Jan 2004 21:14:19 +0000
Subject: [PATCH] Correct SSLProxyMachineCertificatePath and
 SSLProxyMachineCertificateFile - the previous description looked like it was
 copied from SSLProxyCA* Also add a warning about not using encrypted keys in
 those two.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102191 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_ssl.html.en        | 26 ++++++++++++++----------
 docs/manual/mod/mod_ssl.xml            | 28 +++++++++++++++-----------
 docs/manual/mod/quickreference.html.en |  4 ++--
 3 files changed, 33 insertions(+), 25 deletions(-)
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index 40a67961a8..e54f46ce78 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -952,7 +952,7 @@ SSLProxyEngine on<br />
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLProxyMachineCertificateFile" id="SSLProxyMachineCertificateFile">SSLProxyMachineCertificateFile</a> <a name="sslproxymachinecertificatefile" id="sslproxymachinecertificatefile">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File of concatenated PEM-encoded CA certificates for proxy server client certificates</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyMachineCertificateFile <em>filename</em></code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr>
@@ -960,26 +960,28 @@ SSLProxyEngine on<br />
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
 <p>
-This directive sets the all-in-one file where you keep the certificates of
-Certification Authorities (CAs) whose proxy client certificates are used for
-authentication of the proxy server to remote servers.
+This directive sets the all-in-one file where you keep the certificates and
+keys used for authentication of the proxy server to remote servers.
 </p>
 <p>
 This referenced file is simply the concatenation of the various PEM-encoded
 certificate files, in order of preference. Use this directive alternatively
 or additionally to <code>SSLProxyMachineCertificatePath</code>.
 </p>
+<div class="warning">
+<p>Currently there is no support for encrypted private keys</p>
+</div>
 <p>
 Example:</p>
 <div class="example"><p><code>
-SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/
-</code></p></div> 
+SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
+</code></p></div>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLProxyMachineCertificatePath" id="SSLProxyMachineCertificatePath">SSLProxyMachineCertificatePath</a> <a name="sslproxymachinecertificatepath" id="sslproxymachinecertificatepath">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory of PEM-encoded CA certificates for proxy server client certificates</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyMachineCertificatePath <em>directory</em></code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr>
@@ -987,9 +989,8 @@ SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
 <p>
-This directive sets the directory where you keep the certificates of
-Certification Authorities (CAs) whose proxy client certificates are used for
-authentication of the proxy server to remote servers.
+This directive sets the directory where you keep the certificates and
+keys used for authentication of the proxy server to remote servers.
 </p>
 <p>The files in this directory must be PEM-encoded and are accessed through
 hash filenames. Additionally, you must create symbolic links named
@@ -997,10 +998,13 @@ hash filenames. Additionally, you must create symbolic links named
 directory contains the appropriate symbolic links. Use the Makefile which
 comes with mod_ssl to accomplish this task.
 </p>
+<div class="warning">
+<p>Currently there is no support for encrypted private keys</p>
+</div>
 <p>
 Example:</p>
 <div class="example"><p><code>
-SSLProxyMachineCertificatePath /usr/local/apache2/conf/ssl.crt/
+SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
 </code></p></div> 
 
 </div>
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 1c039ca57d..d95f8abe79 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1170,16 +1170,15 @@ SSL_VERSION_INTERFACE  SSL_CLIENT_S_DN_OU     SSL_SERVER_S_DN_OU
 
 <directivesynopsis>
 <name>SSLProxyMachineCertificatePath</name>
-<description>Directory of PEM-encoded CA certificates for proxy server client certificates</description>
+<description>Directory of PEM-encoded client certificates and keys to be used by the proxy</description>
 <syntax>SSLProxyMachineCertificatePath <em>directory</em></syntax>
 <contextlist><context>server config</context></contextlist>
 <override>Not applicable</override>
 
 <usage>
 <p>
-This directive sets the directory where you keep the certificates of
-Certification Authorities (CAs) whose proxy client certificates are used for
-authentication of the proxy server to remote servers.
+This directive sets the directory where you keep the certificates and
+keys used for authentication of the proxy server to remote servers.
 </p>
 <p>The files in this directory must be PEM-encoded and are accessed through
 hash filenames. Additionally, you must create symbolic links named
@@ -1187,10 +1186,13 @@ hash filenames. Additionally, you must create symbolic links named
 directory contains the appropriate symbolic links. Use the Makefile which
 comes with mod_ssl to accomplish this task.
 </p>
+<note type="warning">
+<p>Currently there is no support for encrypted private keys</p>
+</note>
 <p>
 Example:</p>
 <example>
-SSLProxyMachineCertificatePath /usr/local/apache2/conf/ssl.crt/
+SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
 </example> 
 </usage> 
 </directivesynopsis>
@@ -1198,28 +1200,30 @@ SSLProxyMachineCertificatePath /usr/local/apache2/conf/ssl.crt/
 
 <directivesynopsis>
 <name>SSLProxyMachineCertificateFile</name>
-<description>File of concatenated PEM-encoded CA certificates for proxy server client certificates</description>
+<description>File of concatenated PEM-encoded client certificates and keys to be used by the proxy</description>
 <syntax>SSLProxyMachineCertificateFile <em>filename</em></syntax>
 <contextlist><context>server config</context></contextlist>
 <override>Not applicable</override>
 
 <usage>
 <p>
-This directive sets the all-in-one file where you keep the certificates of
-Certification Authorities (CAs) whose proxy client certificates are used for
-authentication of the proxy server to remote servers.
+This directive sets the all-in-one file where you keep the certificates and
+keys used for authentication of the proxy server to remote servers.
 </p>
 <p>
 This referenced file is simply the concatenation of the various PEM-encoded
 certificate files, in order of preference. Use this directive alternatively
 or additionally to <code>SSLProxyMachineCertificatePath</code>.
 </p>
+<note type="warning">
+<p>Currently there is no support for encrypted private keys</p>
+</note>
 <p>
 Example:</p>
 <example>
-SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/
-</example> 
-</usage> 
+SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
+</example>
+</usage>
 </directivesynopsis>
 
 <directivesynopsis>
diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en
index 5bd79f8a4e..9414c21808 100644
--- a/docs/manual/mod/quickreference.html.en
+++ b/docs/manual/mod/quickreference.html.en
@@ -642,8 +642,8 @@ Remote Server Auth</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL 
 proxy handshake</td></tr>
 <tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr>
-<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates for proxy server client certificates</td></tr>
-<tr><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Directory of PEM-encoded CA certificates for proxy server client certificates</td></tr>
+<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr>
+<tr><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr>
 <tr><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>svdh</td><td>E</td></tr><tr><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server
-- 
2.50.1


Description:	File of concatenated PEM-encoded CA certificates for proxy server client certificates
Description:	File of concatenated PEM-encoded client certificates and keys to be used by the proxy
Syntax:	`SSLProxyMachineCertificateFile filename`
Context:	server config
Override:	Not applicable
Module:	mod_ssl
Description:	Directory of PEM-encoded CA certificates for proxy server client certificates
Description:	Directory of PEM-encoded client certificates and keys to be used by the proxy
Syntax:	`SSLProxyMachineCertificatePath directory`
Context:	server config
Override:	Not applicable
Module:	mod_ssl