From d31e6fdb6fb4859e5beb6d915ce474b064e019b1 Mon Sep 17 00:00:00 2001 From: venaas Date: Thu, 16 Oct 2008 12:27:15 +0000 Subject: added policyOID option in trunk docs, fixed typo in several docs git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@429 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.conf.5 | 13 ++++++++----- radsecproxy.conf.5.xml | 15 +++++++++------ 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5 index 95ba83f..315ccf2 100644 --- a/radsecproxy.conf.5 +++ b/radsecproxy.conf.5 @@ -5,7 +5,7 @@ \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac -.TH "radsecproxy.conf " 5 2008-10-06 "radsecproxy devel 2008-10-06" "" +.TH "radsecproxy.conf " 5 2008-10-16 "radsecproxy devel 2008-10-16" "" .SH NAME radsecproxy.conf \- Radsec proxy configuration file @@ -184,7 +184,7 @@ It can both be used as a basic option and inside blocks. For the full description, see the configuration syntax section above. .SH BLOCKS There are five types of blocks, they are \*(T, -\*(T, \*(T, \*(T +\*(T, \*(T, \*(T and \*(T. At least one instance of each of \*(T and \*(T is required. This is necessary for the proxy to do anything useful, and it will exit if not. The @@ -444,8 +444,9 @@ default, even \*(T if you really want to. The available TLS block options are \*(T, \*(T, \*(T, \*(T, -\*(T, \*(T -and \*(T. When doing RADIUS over TLS/DTLS, both the +\*(T, \*(T, +\*(T and \*(T. +When doing RADIUS over TLS/DTLS, both the client and the server present certificates, and they are both verified by the peer. Hence you must always specify \*(T and \*(T options, as well as @@ -457,7 +458,9 @@ certificates to a peer, you also always need to specify Note that you may specify both, in which case the certificates in \*(T are checked first. By default CRLs are not checked. This can be changed by setting \*(T to -\*(T. +\*(T. One can require peer certificates to adhere to certain +policies by specifying one or multiple policyOIDs using one or multiple +\*(T options. .PP CA certificates and CRLs are normally cached permanently. That is, once a CA or CRL has been read, the proxy will never attempt to re-read it. CRLs may diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml index 56b9e19..41f29be 100644 --- a/radsecproxy.conf.5.xml +++ b/radsecproxy.conf.5.xml @@ -2,14 +2,14 @@ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - 2008-10-06 + 2008-10-16 radsecproxy.conf 5 - radsecproxy devel 2008-10-06 + radsecproxy devel 2008-10-16 @@ -283,7 +283,7 @@ description, see the configuration syntax section above. Blocks There are five types of blocks, they are client, -server, realm, Btls +server, realm, tls and rewrite. At least one instance of each of client and realm is required. This is necessary for the proxy to do anything useful, and it will exit if not. The @@ -594,8 +594,9 @@ default, even defaultServer if you really want to. The available TLS block options are CACertificateFile, CACertificatePath, certificateFile, certificateKeyFile, -certificateKeyPassword, cacheExpiry -and CRLCheck. When doing RADIUS over TLS/DTLS, both the +certificateKeyPassword, cacheExpiry, +CRLCheck and policyOID. +When doing RADIUS over TLS/DTLS, both the client and the server present certificates, and they are both verified by the peer. Hence you must always specify certificateFile and certificateKeyFile options, as well as @@ -607,7 +608,9 @@ certificates to a peer, you also always need to specify Note that you may specify both, in which case the certificates in CACertificateFile are checked first. By default CRLs are not checked. This can be changed by setting CRLCheck to -on. +on. One can require peer certificates to adhere to certain +policies by specifying one or multiple policyOIDs using one or multiple +policyOID options. CA certificates and CRLs are normally cached permanently. That is, once a CA -- cgit v1.1