From 9a2ed619f22489dc9976851b774ec294c302a603 Mon Sep 17 00:00:00 2001
From: Nokis Mavrogiannopoulos
Date: Wed, 20 Feb 2008 18:50:41 +0000
Subject: added tags
---
README | 44 +++++++++++++++++++++++++++++++-------------
1 file changed, 31 insertions(+), 13 deletions(-)
(limited to 'README')
diff --git a/README b/README
index 85418de..5198ed7 100644
--- a/README
+++ b/README
@@ -11,7 +11,7 @@ to debug. I wanted to understand how it worked, and I had recently heard about
GnuTLS, so long story short, I decided to implement a mod_gnutls.
Lines of Code in mod_ssl: 15,324
-Lines of Code in mod_gnutls: 1,886
+Lines of Code in mod_gnutls: 3,594
Because of writing mod_gnutls, I now understand how input and output filters work,
better than I ever thought possible. It was a little painful at times, and some parts
@@ -54,31 +54,26 @@ GnuTLSCache dbm conf/gnutls_cache
GnuTLSEnable On
# This is the Private key for your server.
- GnuTLSKeyFile conf/server.key
+ GnuTLSX509KeyFile conf/server.key
# This is the Server Certificate.
- GnuTLSCertificateFile conf/server.cert
+ GnuTLSX509CertificateFile conf/server.cert
-
# a more advanced configuration
GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
-GnuTLSCacheTimeout 500
-GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0
+GnuTLSCacheTimeout 600
NameVirtualHost 1.2.3.4:443
Servername server.com:443
GnuTLSEnable on
- GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128
- GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS
- GnuTLSMACAlgorithms SHA1 MD5
- GnuTLSCompressionMethods NULL
+ GnuTLSPriority NORMAL
# To export exactly the same environment variables as mod_ssl to CGI scripts.
GNUTLSExportCertificates on
- GnuTLSCertificateFile /etc/apache2/server-cert.pem
- GnuTLSKeyFile /etc/apache2/server-key.pem
+ GnuTLSX509CertificateFile /etc/apache2/server-cert.pem
+ GnuTLSX509KeyFile /etc/apache2/server-key.pem
# To enable SRP you must have these files installed. Check the gnutls srptool.
GnuTLSSRPPasswdFile /etc/apache2/tpasswd
@@ -88,6 +83,29 @@ NameVirtualHost 1.2.3.4:443
# GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile
# contains the CAs to verify client certificates.
GnuTLSClientVerify request
- GnuTLSClientCAFile ca.pem
+ GnuTLSX509CAFile ca.pem
...
+
+# A setup for OpenPGP and X.509 authentication
+
+ Servername crystal.lan:443
+ GnuTLSEnable on
+ GnuTLSPriorities NORMAL:+COMP-NULL
+
+# setup the openpgp keys
+ GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc
+ GnuTLSPGPKeyFile /etc/apache2/test.sec.asc
+
+# and the X.509 keys
+ GnuTLSCertificateFile /etc/apache2/server-cert.pem
+ GnuTLSKeyFile /etc/apache2/server-key.pem
+ GnuTLSClientVerify ignore
+
+# To avoid using the default DH params
+ GnuTLSDHFile /etc/apache2/dh.pem
+
+# these are only needed if GnuTLSClientVerify != ignore
+ GnuTLSClientCAFile ca.pem
+ GnuTLSPGPKeyringFile /etc/apache2/ring.asc
+
--
cgit