Commit e8200bb5 authored by Eric Covener's avatar Eric Covener
Browse files

Merge r1761215 from trunk: 

feedback in   http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#comment_5818

This added paragraph about optional and optional_no_ca isn't helpful.

At the TLS layer, the challenge for otpional and required are no different.

Move the caution about _no_ca up into where the option is defined
and reword.





git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1761217 13f79535-47bb-0310-9956-ffa450edef68
parent 51ed76d9

docs/manual/mod/mod_ssl.xml

+2 −6
Original line number Diff line number Diff line
@@ -1292,13 +1292,9 @@ The following levels are available for <em>level</em>:</p> 
     the client <em>has to</em> present a valid Certificate</li>

<li><strong>optional_no_ca</strong>:

     the client may present a valid Certificate<br />

     but it need not to be (successfully) verifiable.</li>

     but it need not to be (successfully) verifiable. This option

     cannot be relied upon for client authentication.  </li>

</ul>

<p>In practice only levels <strong>none</strong> and

<strong>require</strong> are really interesting, because level

<strong>optional</strong> doesn't work with all browsers and level

<strong>optional_no_ca</strong> is actually against the idea of

authentication (but can be used to establish SSL test pages, etc.)</p>

<example><title>Example</title>

<highlight language="config">

SSLVerifyClient require