asg14.htm

apache技术手册

<FONT SIZE=4 COLOR="#FF0000"><B>SSLFakeBasicAuth</B></FONT></CENTER></H4>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLFakeBasicAuth

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Scope:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

server configuration, virtual host</FONT>

</TABLE><P>If set, this option will translate client X509 in usernames that can be used for authentication.

<BR>

<BR>

<A NAME="E69E176"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>SSLLogFile</B></FONT></CENTER></H4>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLLogFile <I>filename</I>

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Scope:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

server configuration, virtual host</FONT>

</TABLE><P>The SSLErrorFile directive specifies a file where all SSL connections to the server are logged. It stores cipher and client authentication data.

<BR>

<BR>

<A NAME="E69E177"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>SSLRequireCiphers</B></FONT></CENTER></H4>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLRequireCiphers <I>cipher</I>:<I>cipher</I>:<I>cipher...</I>

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Scope:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

server configuration</FONT>

</TABLE><P>This is a colon (:)-delimited list of cipher types permitted for all SSL transmission in order of preference.

<BR>

<BR>

<A NAME="E69E178"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>SSLRoot</B></FONT></CENTER></H4>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLRoot <I>path</I>

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Default:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLRoot /usr/local/ssl

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Scope:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

server configuration, virtual host</FONT>

</TABLE><P>The SSLRoot directive specifies where the SSL directory tree lives. <I>path</I> is prepended to all SSL file directives (except for the logging directives) that don't specify an absolute path.

<BR>

<BR>

<A NAME="E69E179"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>SSLVerifyClient</B></FONT></CENTER></H4>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLVerifyClient [0] | [1] | [2]

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Default:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLVerifyClient 0

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Scope:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

server configuration, virtual host</FONT>

</TABLE><P>This directive sets the X.509 Client Authentication option:

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Option

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Value

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

0

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

No certification is required.

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

1

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

X.509 certificate is optional.

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

2

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

X.509 certificate is required.</FONT>

</TABLE><P>Client authentication can be an effective way of <A NAME="I3"></A>restricting access to your Web site.

<BR>

<BR>

<A NAME="E69E180"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>SSLVerifyDepth</B></FONT></CENTER></H4>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLVerifyDepth <I>n</I>

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Default:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

SSLVerifyDepth 0

</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Scope:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

server configuration, virtual host</FONT>

</TABLE><P>This directive controls the depth that the server will follow when verifying client certificates. The server will progressively search<I> </I>the CA chain until it reaches a decisive authority or reaches <I>n</I>.

<BR>

<BR>

<A NAME="E68E164"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Summary</B></FONT></CENTER></H3>

<BR>

<P>Secure transactions are the foundation for the commercialization of the Web. Currently there are a lot people looking at what's new, but not many people are using the Internet to purchase things. Most buyers have been frightened by the media into thinking that shopping the Internet could lead to someone using your credit card to make fraudulent charges. While this is possible, the real issue here is privacy and assurance that the person or company you are communicating with is indeed who they say they are. In the electronic age, the need for this technology is undeniable. 

<BR>

<P>The Internet makes it possible to put bits of information about yourself together that are much more descriptive about you as a person. If you are using the Web to connect to another system, it is trivial for me to figure out what machine you are connecting from because this information is sent with every request you make. Some browsers, such as Internet Explorer, send additional information, such as the computer processor you are running and the color capabilities of your monitor. If you happen to be running some version of UNIX that allows fingering of your machine, there's a good chance of figuring out your name and address. With your name, it's easy to find your telephone number and everything you may have posted to Usenet. From that your hobbies and interests can be determined. With your address, it's easy to get a map of how to get to you or find where junk mail can be sent. All it takes is a few seconds. As more and more information about us floats out there, the scarier it becomes.

<BR>

<P>Encryption may solve one of the problems&#151;how to avoid thugs from looking up your credit card number or some other important information. However, it doesn't do anything about other information that can easily be extracted from just pointing a Web browser to some URL.

<BR>

<P ALIGN=LEFT>

<A HREF="asgpt5.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asgpt5.htm" TARGET="_self"><IMG SRC="purprev.gif" tppabs="http://docs.rinet.ru:8080/Apachu/purprev.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="Previous Page"></A>

<A HREF="#I0" TARGET="_self"><IMG SRC="purtop.gif" tppabs="http://docs.rinet.ru:8080/Apachu/purtop.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="Page Top"></A>

<A HREF="index.htm" tppabs="http://docs.rinet.ru:8080/Apachu/index.htm" TARGET="_self"><IMG SRC="purtoc.gif" tppabs="http://docs.rinet.ru:8080/Apachu/purtoc.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="TOC"></A>

<A HREF="asg15.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asg15.htm" TARGET="_self"><IMG SRC="purnext.gif" tppabs="http://docs.rinet.ru:8080/Apachu/purnext.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="Next Page"></A>


</BODY></HTML>