1 files changed, 59 insertions, 8 deletions
diff --git a/README b/README
index 557ba77..5198ed7 100644
--- a/README
+++ b/README
@@ -11,7 +11,7 @@ to debug.  I wanted to understand how it worked, and I had recently heard about
 GnuTLS, so long story short, I decided to implement a mod_gnutls.
 Lines of Code in mod_ssl: 15,324
-Lines of Code in mod_gnutls: 1,886
+Lines of Code in mod_gnutls: 3,594
 Because of writing mod_gnutls, I now understand how input and output filters work, 
 better than I ever thought possible.  It was a little painful at times, and some parts
@@ -19,19 +19,20 @@ lift code and ideas directly from mod_ssl. Kudos to the original authors of mod_
 ----------------------------
-Author: Paul Querna <chip force-elite.com
+Author: Paul Querna <chip force-elite.com>
+Heavily modified by Nikos Mavrogiannopoulos <nmav gnutls.org>
 License: Apache Software License v2.0. (see the LICENSE file for details)
 Current Status:
 - SSL and TLS connections with all popular browsers work!
- Sets some enviromental vars for scripts
+- Sets enviromental vars for scripts (compatible with mod_ssl vars)
 - Supports Memcached as a distributed SSL Session Cache
 - Supports DBM as a local SSL Session Cache
+- Support for Server Name Indication
-Future Development:
- Support for Server Name Indication (partial support is in, but disabled)
 - Support for Client Certificates
+- Support for TLS-SRP
 Basic Configuration:
@@ -53,8 +54,58 @@ GnuTLSCache dbm conf/gnutls_cache
    GnuTLSEnable On
    # This is the Private key for your server.
-    GnuTLSKeyFile conf/server.key
+    GnuTLSX509KeyFile conf/server.key
    # This is the Server Certificate.  
-    GnuTLSCertificateFile conf/server.cert
+    GnuTLSX509CertificateFile conf/server.cert
+</VirtualHost>
+# a more advanced configuration
+GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
+GnuTLSCacheTimeout 600
+NameVirtualHost 1.2.3.4:443
+<VirtualHost 1.2.3.4:443>
+        Servername server.com:443
+        GnuTLSEnable on
+        GnuTLSPriority NORMAL
+# To export exactly the same environment variables as mod_ssl to CGI scripts.
+        GNUTLSExportCertificates on
+        GnuTLSX509CertificateFile /etc/apache2/server-cert.pem
+        GnuTLSX509KeyFile /etc/apache2/server-key.pem
+# To enable SRP you must have these files installed. Check the gnutls srptool.
+        GnuTLSSRPPasswdFile /etc/apache2/tpasswd
+        GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf
+# In order to verify client certificates. Other options to
+# GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile
+# contains the CAs to verify client certificates.
+        GnuTLSClientVerify request
+        GnuTLSX509CAFile ca.pem
+        ...
+</VirtualHost>
+# A setup for OpenPGP and X.509 authentication
+<VirtualHost 1.2.3.4:443>
+        Servername crystal.lan:443
+        GnuTLSEnable on
+        GnuTLSPriorities NORMAL:+COMP-NULL
+# setup the openpgp keys
+        GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc
+        GnuTLSPGPKeyFile /etc/apache2/test.sec.asc
+# and the X.509 keys
+        GnuTLSCertificateFile /etc/apache2/server-cert.pem
+        GnuTLSKeyFile /etc/apache2/server-key.pem
+        GnuTLSClientVerify ignore
+# To avoid using the default DH params
+        GnuTLSDHFile /etc/apache2/dh.pem
+# these are only needed if GnuTLSClientVerify != ignore
+        GnuTLSClientCAFile ca.pem
+        GnuTLSPGPKeyringFile /etc/apache2/ring.asc
 </VirtualHost>

diff --git a/README b/README index 557ba77..5198ed7 100644 --- a/README +++ b/README
@@ -11,7 +11,7 @@ to debug. I wanted to understand how it worked, and I had recently heard about
11	GnuTLS, so long story short, I decided to implement a mod_gnutls.	11	GnuTLS, so long story short, I decided to implement a mod_gnutls.
12		12
13	Lines of Code in mod_ssl: 15,324	13	Lines of Code in mod_ssl: 15,324
14	Lines of Code in mod_gnutls: 1,886	14	Lines of Code in mod_gnutls: 3,594
15		15
16	Because of writing mod_gnutls, I now understand how input and output filters work,	16	Because of writing mod_gnutls, I now understand how input and output filters work,
17	better than I ever thought possible. It was a little painful at times, and some parts	17	better than I ever thought possible. It was a little painful at times, and some parts
@@ -19,19 +19,20 @@ lift code and ideas directly from mod_ssl. Kudos to the original authors of mod_
19		19
20	----------------------------	20	----------------------------
21		21
22	Author: Paul Querna <chip force-elite.com	22	Author: Paul Querna <chip force-elite.com>
		23
		24	Heavily modified by Nikos Mavrogiannopoulos <nmav gnutls.org>
23		25
24	License: Apache Software License v2.0. (see the LICENSE file for details)	26	License: Apache Software License v2.0. (see the LICENSE file for details)
25		27
26	Current Status:	28	Current Status:
27	- SSL and TLS connections with all popular browsers work!	29	- SSL and TLS connections with all popular browsers work!
28	- Sets some enviromental vars for scripts	30	- Sets enviromental vars for scripts (compatible with mod_ssl vars)
29	- Supports Memcached as a distributed SSL Session Cache	31	- Supports Memcached as a distributed SSL Session Cache
30	- Supports DBM as a local SSL Session Cache	32	- Supports DBM as a local SSL Session Cache
31		33	- Support for Server Name Indication
32	Future Development:
33	- Support for Server Name Indication (partial support is in, but disabled)
34	- Support for Client Certificates	34	- Support for Client Certificates
		35	- Support for TLS-SRP
35		36
36	Basic Configuration:	37	Basic Configuration:
37		38
@@ -53,8 +54,58 @@ GnuTLSCache dbm conf/gnutls_cache
53	GnuTLSEnable On	54	GnuTLSEnable On
54		55
55	# This is the Private key for your server.	56	# This is the Private key for your server.
56	GnuTLSKeyFile conf/server.key	57	GnuTLSX509KeyFile conf/server.key
57		58
58	# This is the Server Certificate.	59	# This is the Server Certificate.
59	GnuTLSCertificateFile conf/server.cert	60	GnuTLSX509CertificateFile conf/server.cert
		61	</VirtualHost>
		62
		63	# a more advanced configuration
		64	GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
		65	GnuTLSCacheTimeout 600
		66	NameVirtualHost 1.2.3.4:443
		67
		68	<VirtualHost 1.2.3.4:443>
		69	Servername server.com:443
		70	GnuTLSEnable on
		71	GnuTLSPriority NORMAL
		72	# To export exactly the same environment variables as mod_ssl to CGI scripts.
		73	GNUTLSExportCertificates on
		74
		75	GnuTLSX509CertificateFile /etc/apache2/server-cert.pem
		76	GnuTLSX509KeyFile /etc/apache2/server-key.pem
		77
		78	# To enable SRP you must have these files installed. Check the gnutls srptool.
		79	GnuTLSSRPPasswdFile /etc/apache2/tpasswd
		80	GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf
		81
		82	# In order to verify client certificates. Other options to
		83	# GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile
		84	# contains the CAs to verify client certificates.
		85	GnuTLSClientVerify request
		86	GnuTLSX509CAFile ca.pem
		87	...
		88	</VirtualHost>
		89
		90	# A setup for OpenPGP and X.509 authentication
		91	<VirtualHost 1.2.3.4:443>
		92	Servername crystal.lan:443
		93	GnuTLSEnable on
		94	GnuTLSPriorities NORMAL:+COMP-NULL
		95
		96	# setup the openpgp keys
		97	GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc
		98	GnuTLSPGPKeyFile /etc/apache2/test.sec.asc
		99
		100	# and the X.509 keys
		101	GnuTLSCertificateFile /etc/apache2/server-cert.pem
		102	GnuTLSKeyFile /etc/apache2/server-key.pem
		103	GnuTLSClientVerify ignore
		104
		105	# To avoid using the default DH params
		106	GnuTLSDHFile /etc/apache2/dh.pem
		107
		108	# these are only needed if GnuTLSClientVerify != ignore
		109	GnuTLSClientCAFile ca.pem
		110	GnuTLSPGPKeyringFile /etc/apache2/ring.asc
60	</VirtualHost>	111	</VirtualHost>