1 files changed, 31 insertions, 13 deletions
diff --git a/README b/README
index 85418de..5198ed7 100644
--- a/README
+++ b/README
@@ -11,7 +11,7 @@ to debug.  I wanted to understand how it worked, and I had recently heard about
 GnuTLS, so long story short, I decided to implement a mod_gnutls.
 Lines of Code in mod_ssl: 15,324
-Lines of Code in mod_gnutls: 1,886
+Lines of Code in mod_gnutls: 3,594
 Because of writing mod_gnutls, I now understand how input and output filters work, 
 better than I ever thought possible.  It was a little painful at times, and some parts
@@ -54,31 +54,26 @@ GnuTLSCache dbm conf/gnutls_cache
    GnuTLSEnable On
    # This is the Private key for your server.
-    GnuTLSKeyFile conf/server.key
+    GnuTLSX509KeyFile conf/server.key
    # This is the Server Certificate.  
-    GnuTLSCertificateFile conf/server.cert
+    GnuTLSX509CertificateFile conf/server.cert
 </VirtualHost>
 # a more advanced configuration
 GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
-GnuTLSCacheTimeout 500
+GnuTLSCacheTimeout 600
-GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0
 NameVirtualHost 1.2.3.4:443
 <VirtualHost 1.2.3.4:443>
        Servername server.com:443
        GnuTLSEnable on
-        GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128
+        GnuTLSPriority NORMAL
-        GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS
-        GnuTLSMACAlgorithms SHA1 MD5
-        GnuTLSCompressionMethods NULL
 # To export exactly the same environment variables as mod_ssl to CGI scripts.
        GNUTLSExportCertificates on
-        GnuTLSCertificateFile /etc/apache2/server-cert.pem
+        GnuTLSX509CertificateFile /etc/apache2/server-cert.pem
-        GnuTLSKeyFile /etc/apache2/server-key.pem
+        GnuTLSX509KeyFile /etc/apache2/server-key.pem
 # To enable SRP you must have these files installed. Check the gnutls srptool.
        GnuTLSSRPPasswdFile /etc/apache2/tpasswd
@@ -88,6 +83,29 @@ NameVirtualHost 1.2.3.4:443
 # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile
 # contains the CAs to verify client certificates.
        GnuTLSClientVerify request
-        GnuTLSClientCAFile ca.pem
+        GnuTLSX509CAFile ca.pem
        ...
 </VirtualHost>
+# A setup for OpenPGP and X.509 authentication
+<VirtualHost 1.2.3.4:443>
+        Servername crystal.lan:443
+        GnuTLSEnable on
+        GnuTLSPriorities NORMAL:+COMP-NULL
+# setup the openpgp keys
+        GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc
+        GnuTLSPGPKeyFile /etc/apache2/test.sec.asc
+# and the X.509 keys
+        GnuTLSCertificateFile /etc/apache2/server-cert.pem
+        GnuTLSKeyFile /etc/apache2/server-key.pem
+        GnuTLSClientVerify ignore
+# To avoid using the default DH params
+        GnuTLSDHFile /etc/apache2/dh.pem
+# these are only needed if GnuTLSClientVerify != ignore
+        GnuTLSClientCAFile ca.pem
+        GnuTLSPGPKeyringFile /etc/apache2/ring.asc
+</VirtualHost>