diff options
| author | Ruediger Pluem <rpluem@apache.org> | 2009-10-13 18:15:36 +0200 |
|---|---|---|
| committer | Ruediger Pluem <rpluem@apache.org> | 2009-10-13 18:15:36 +0200 |
| commit | 85b4a8cb1c2f65bca29ab989adc52e8d901a6da3 (patch) | |
| tree | 56c43fc0be8a0bf1fd435939fa7a145f08106fc1 /docs/manual/mod/mod_ssl.xml | |
| parent | Add example of load balancing with stickyness using mod_headers. (diff) | |
| download | apache2-85b4a8cb1c2f65bca29ab989adc52e8d901a6da3.tar.xz apache2-85b4a8cb1c2f65bca29ab989adc52e8d901a6da3.zip | |
* With SSLProxyCheckPeerCN and SSLProxyCheckPeerExpire available and turned
on by default this warning is no longer true.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@824830 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual/mod/mod_ssl.xml')
| -rw-r--r-- | docs/manual/mod/mod_ssl.xml | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 349daaaf92..df705d5986 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -1464,18 +1464,6 @@ proxy. In per-directory context it forces a SSL renegotation with the reconfigured remote server verification level after the HTTP request was read but before the HTTP response is sent.</p> -<note type="warning"> -<p>Note that even when certificate verification is enabled, -<module>mod_ssl</module> does <strong>not</strong> check whether the -<code>commonName</code> (hostname) attribute of the server certificate -matches the hostname used to connect to the server. In other words, -the proxy does not guarantee that the SSL connection to the backend -server is "secure" beyond the fact that the certificate is signed by -one of the CAs configured using the -<directive>SSLProxyCACertificatePath</directive> and/or -<directive>SSLProxyCACertificateFile</directive> directives.</p> -</note> - <p> The following levels are available for <em>level</em>:</p> <ul> |