'[ProFTPD-committers] proftpd/doc/contrib mod_tls.html,1.41,1.42'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       proftpd-committers
Subject:    [ProFTPD-committers] proftpd/doc/contrib mod_tls.html,1.41,1.42
From:       TJ Saunders <castaglia () users ! sourceforge ! net>
Date:       2013-08-01 15:36:53
Message-ID: E1V4uvw-00017Y-4V () sfs-ml-2 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Update of /cvsroot/proftp/proftpd/doc/contrib
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv18403/doc/contrib

Modified Files:
	mod_tls.html 
Log Message:

Adding documentation for the new TLSVerifyServer directive.


Index: mod_tls.html
===================================================================
RCS file: /cvsroot/proftp/proftpd/doc/contrib/mod_tls.html,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- mod_tls.html	6 Mar 2013 17:45:08 -0000	1.41
+++ mod_tls.html	1 Aug 2013 15:36:51 -0000	1.42
@@ -74,6 +74,7 @@
   <li><a href="#TLSVerifyClient">TLSVerifyClient</a>
   <li><a href="#TLSVerifyDepth">TLSVerifyDepth</a>
   <li><a href="#TLSVerifyOrder">TLSVerifyOrder</a>
+  <li><a href="#TLSVerifyServer">TLSVerifyServer</a>
 </ul>
 
 <h2>Control Actions</h2>
@@ -1604,6 +1605,38 @@
 
 <p>
 <hr>
+<h2><a name="TLSVerifyServer">TLSVerifyServer</a></h2>
+<strong>Syntax:</strong> TLSVerifyServer <em>on|off|NoReverseDNS</em><br>
+<strong>Default:</strong> on<br>
+<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, \
<code>&lt;Global&gt;</code><br> +<strong>Module:</strong> mod_tls<br>
+<strong>Compatibility:</strong> 1.3.5rc4 and later
+
+<p>
+The <code>TLSVerifyServer</code> directive configures how <code>mod_tls</code>
+handles certificates presented by <em>other servers</em>, during a secure
+site-to-site (<i>a.k.a.</i> "secure FXP") transfer.  If <em>off</em>, the
+module will accept the certificate and establish an SSL/TLS session, but will
+<b>not</b> verify the certificate.  If <em>on</em>, the module will verify a
+server's certificate and, furthermore, will fail all SSL handshake attempts
+<b>unless</b> the server presents a valid certificate.
+
+<p>
+The <em>NoReverseDNS</em> parameter tells <code>mod_tls</code> to validate
+the server's certificate, <b>but</b> to only validate it based on IP address,
+rather than using DNS names (for <i>e.g.</i> CommonName (CN) and DNS
+SubjectAltName (SAN) checks).  The recommended certificate validation
+techniques use DNS names, so using <em>NoReverseDNS</em> performs less
+strict validations.  Unfortunately, in most secure site-to-site transfers,
+this setting may be required since FTP site-to-site transfers send IP
+addresses, not DNS names, in the command which establish the data transfer.
+
+<p>
+See also: <a href="#TLSVerifyClient"><code>TLSVerifyClient</code></a>,
+<a href="#TLSVerifyDepth"><code>TLSVerifyDepth</code></a>
+
+<p>
+<hr>
 <h2>Control Actions</h2>
 
 <p>


------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Committers Mailing List
proftpd-committers@proftpd.org
https://lists.sourceforge.net/lists/listinfo/proftp-committers


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic