t***@apache.org
2014-10-14 21:08:26 UTC
Author: trawick
Date: Tue Oct 14 21:08:26 2014
New Revision: 1631887
URL: http://svn.apache.org/r1631887
Log:
merge r1631885 from trunk:
very minor improvements to OCSP-related doc
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1631885
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1631887&r1=1631886&r2=1631887&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Tue Oct 14 21:08:26 2014
@@ -2293,8 +2293,8 @@ which means that OCSP responses are cons
<usage>
<p>This option determines whether queries to OCSP responders should contain
a nonce or not. By default, a query nonce is always used and checked against
-the response's one. When the responder does not use nonces (eg. Microsoft OCSP
-Responder), this option ought to be turned <code>off</code>.</p>
+the response's one. When the responder does not use nonces (e.g. Microsoft OCSP
+Responder), this option should be turned <code>off</code>.</p>
</usage>
</directivesynopsis>
@@ -2386,6 +2386,10 @@ is enabled. Configuration of a cache is
With the exception of <code>none</code> and <code>nonenotnull</code>,
the same storage types are supported as with
<directive module="mod_ssl">SSLSessionCache</directive>.</p>
+
+<p>The <code>ssl-stapling</code> mutex is used to serialize access to the
+OCSP stapling cache to prevent corruption. This mutex can be configured
+using the <directive module="core">Mutex</directive> directive.</p>
</usage>
</directivesynopsis>
@@ -2524,7 +2528,7 @@ To set the cache timeout for valid respo
<usage>
<p>This directive overrides the URI of an OCSP responder as obtained from
the authorityInfoAccess (AIA) extension of the certificate.
-Of potential use when going through a proxy for retrieving OCSP queries.</p>
+One potential use is when a proxy is used for retrieving OCSP queries.</p>
</usage>
</directivesynopsis>
Date: Tue Oct 14 21:08:26 2014
New Revision: 1631887
URL: http://svn.apache.org/r1631887
Log:
merge r1631885 from trunk:
very minor improvements to OCSP-related doc
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1631885
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1631887&r1=1631886&r2=1631887&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Tue Oct 14 21:08:26 2014
@@ -2293,8 +2293,8 @@ which means that OCSP responses are cons
<usage>
<p>This option determines whether queries to OCSP responders should contain
a nonce or not. By default, a query nonce is always used and checked against
-the response's one. When the responder does not use nonces (eg. Microsoft OCSP
-Responder), this option ought to be turned <code>off</code>.</p>
+the response's one. When the responder does not use nonces (e.g. Microsoft OCSP
+Responder), this option should be turned <code>off</code>.</p>
</usage>
</directivesynopsis>
@@ -2386,6 +2386,10 @@ is enabled. Configuration of a cache is
With the exception of <code>none</code> and <code>nonenotnull</code>,
the same storage types are supported as with
<directive module="mod_ssl">SSLSessionCache</directive>.</p>
+
+<p>The <code>ssl-stapling</code> mutex is used to serialize access to the
+OCSP stapling cache to prevent corruption. This mutex can be configured
+using the <directive module="core">Mutex</directive> directive.</p>
</usage>
</directivesynopsis>
@@ -2524,7 +2528,7 @@ To set the cache timeout for valid respo
<usage>
<p>This directive overrides the URI of an OCSP responder as obtained from
the authorityInfoAccess (AIA) extension of the certificate.
-Of potential use when going through a proxy for retrieving OCSP queries.</p>
+One potential use is when a proxy is used for retrieving OCSP queries.</p>
</usage>
</directivesynopsis>