t***@apache.org
2014-10-10 00:19:08 UTC
Author: trawick
Date: Fri Oct 10 00:19:08 2014
New Revision: 1630626
URL: http://svn.apache.org/r1630626
Log:
xform
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en?rev=1630626&r1=1630625&r2=1630626&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en Fri Oct 10 00:19:08 2014
@@ -83,8 +83,8 @@ information does not have to also restar
<div class="note">This module is experimental for the following reasons:
<ul>
<li>Insufficient test and review</li>
- <li>Reliance on an unreleased version of OpenSSL (1.0.2) for basic
- operation</li>
+ <li>Reliance on an unreleased version of OpenSSL (1.0.2, Beta 3 or later) for
+ basic operation</li>
<li>Incomplete <a href="#audit">off-line audit capability</a></li>
</ul>
@@ -205,7 +205,10 @@ testing.</p>
<dt>public key of the log</dt>
<dd>A proxy must have the public key of the log in order to check the
- signature in SCTs it receives which were obtained from the log.</dd>
+ signature in SCTs it receives which were obtained from the log.
+ <br />
+ A server must have the public key of the log in order to submit certificates
+ to it.</dd>
<dt>general trust/distrust setting</dt>
<dd>This is a mechanism to distrust or restore trust in a particular log,
@@ -251,20 +254,21 @@ testing.</p>
<p>Experimental support for this is implemented in the <code>ctauditscts</code>
- command (in the httpd source tree, not currently installed), which itself
- relies on the <code>verify_single_proof.py</code> tool in the
+ command, which itself relies on the <code>verify_single_proof.py</code> tool in the
<em>certificate-transparency</em> open source project. <code>ctauditscts</code>
can parse data for off-line audit (enabled with the <code class="directive"><a href="#ctauditstorage">
CTAuditStorage</a></code> directive) and invoke <code>verify_single_proof.py</code>.
- However, <code>verify_single_proof.py</code> is not complete currently and does
- not provide a way to identify audit failures.</p>
+ </p>
<p>Here are rough notes for using <code>ctauditscts</code>:</p>
<ul>
- <li>Set <code>PYTHONPATH</code> to include the <code>src/python</code>
+ <li>Create a <em>virtualenv</em> using the <code>requirements.txt</code> file
+ from the <em>certificate-transparency</em> project and run the following steps
+ with that <em>virtualenv</em> activated.</li>
+ <li>Set <code>PYTHONPATH</code> to include the <code>python</code>
directory within the <em>certificate-transparency</em> tools.</li>
- <li>Set <code>PATH</code> to include the <code>src/python/ct/client/tools</code>
+ <li>Set <code>PATH</code> to include the <code>python/ct/client/tools</code>
directory.</li>
<li>Run <code>ctauditscts</code>, passing the value of the
<code class="directive">CTAuditStorage</code> directive and, optionally, the path to
@@ -273,7 +277,7 @@ testing.</p>
</ul>
<p>The data saved for audit can also be used by other programs; refer to the
- <code>ctauditscts</code> source code for details.</p>
+ <code>ctauditscts</code> source code for details on processing the data.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CTAuditStorage" id="CTAuditStorage">CTAuditStorage</a> <a name="ctauditstorage" id="ctauditstorage">Directive</a></h2>
@@ -312,7 +316,8 @@ testing.</p>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
</table>
<p><em>executable</em> is the full path to the log client tool, which is
- normally file <code>src/client/ct</code> within the source tree of the
+ normally file <code>cpp/client/ct</code> (or <code>ct.exe</code>) within the
+ source tree of the
<a href="https://code.google.com/p/certificate-transparency/">
certificate-transparency</a> open source project.</p>
@@ -321,7 +326,7 @@ testing.</p>
<p>If this directive is not configured, server certificates cannot be
submitted to logs in order to obtain SCTs; thus, only admin-managed
- SCTs will be provided to clients.</p>
+ SCTs or SCTs in certificate extensions will be provided to clients.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
Date: Fri Oct 10 00:19:08 2014
New Revision: 1630626
URL: http://svn.apache.org/r1630626
Log:
xform
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en?rev=1630626&r1=1630625&r2=1630626&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.html.en Fri Oct 10 00:19:08 2014
@@ -83,8 +83,8 @@ information does not have to also restar
<div class="note">This module is experimental for the following reasons:
<ul>
<li>Insufficient test and review</li>
- <li>Reliance on an unreleased version of OpenSSL (1.0.2) for basic
- operation</li>
+ <li>Reliance on an unreleased version of OpenSSL (1.0.2, Beta 3 or later) for
+ basic operation</li>
<li>Incomplete <a href="#audit">off-line audit capability</a></li>
</ul>
@@ -205,7 +205,10 @@ testing.</p>
<dt>public key of the log</dt>
<dd>A proxy must have the public key of the log in order to check the
- signature in SCTs it receives which were obtained from the log.</dd>
+ signature in SCTs it receives which were obtained from the log.
+ <br />
+ A server must have the public key of the log in order to submit certificates
+ to it.</dd>
<dt>general trust/distrust setting</dt>
<dd>This is a mechanism to distrust or restore trust in a particular log,
@@ -251,20 +254,21 @@ testing.</p>
<p>Experimental support for this is implemented in the <code>ctauditscts</code>
- command (in the httpd source tree, not currently installed), which itself
- relies on the <code>verify_single_proof.py</code> tool in the
+ command, which itself relies on the <code>verify_single_proof.py</code> tool in the
<em>certificate-transparency</em> open source project. <code>ctauditscts</code>
can parse data for off-line audit (enabled with the <code class="directive"><a href="#ctauditstorage">
CTAuditStorage</a></code> directive) and invoke <code>verify_single_proof.py</code>.
- However, <code>verify_single_proof.py</code> is not complete currently and does
- not provide a way to identify audit failures.</p>
+ </p>
<p>Here are rough notes for using <code>ctauditscts</code>:</p>
<ul>
- <li>Set <code>PYTHONPATH</code> to include the <code>src/python</code>
+ <li>Create a <em>virtualenv</em> using the <code>requirements.txt</code> file
+ from the <em>certificate-transparency</em> project and run the following steps
+ with that <em>virtualenv</em> activated.</li>
+ <li>Set <code>PYTHONPATH</code> to include the <code>python</code>
directory within the <em>certificate-transparency</em> tools.</li>
- <li>Set <code>PATH</code> to include the <code>src/python/ct/client/tools</code>
+ <li>Set <code>PATH</code> to include the <code>python/ct/client/tools</code>
directory.</li>
<li>Run <code>ctauditscts</code>, passing the value of the
<code class="directive">CTAuditStorage</code> directive and, optionally, the path to
@@ -273,7 +277,7 @@ testing.</p>
</ul>
<p>The data saved for audit can also be used by other programs; refer to the
- <code>ctauditscts</code> source code for details.</p>
+ <code>ctauditscts</code> source code for details on processing the data.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CTAuditStorage" id="CTAuditStorage">CTAuditStorage</a> <a name="ctauditstorage" id="ctauditstorage">Directive</a></h2>
@@ -312,7 +316,8 @@ testing.</p>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl_ct</td></tr>
</table>
<p><em>executable</em> is the full path to the log client tool, which is
- normally file <code>src/client/ct</code> within the source tree of the
+ normally file <code>cpp/client/ct</code> (or <code>ct.exe</code>) within the
+ source tree of the
<a href="https://code.google.com/p/certificate-transparency/">
certificate-transparency</a> open source project.</p>
@@ -321,7 +326,7 @@ testing.</p>
<p>If this directive is not configured, server certificates cannot be
submitted to logs in order to obtain SCTs; thus, only admin-managed
- SCTs will be provided to clients.</p>
+ SCTs or SCTs in certificate extensions will be provided to clients.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>