Bug 65247 - mod_ssl: Authorization providers for use with Require
Summary: mod_ssl: Authorization providers for use with Require
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 2.4.39
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: HTTP Server Documentation List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-17 01:37 UTC by Christoph Anton Mitterer
Modified: 2021-04-17 01:40 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Anton Mitterer 2021-04-17 01:37:01 UTC
There are some issues with en/mod/mod_ssl.html's "Authorization providers for use with Require" section:

1) "mod_ssl provides a few authentication providers for use with mod_authz_core's Require directive."
=> this should probably read authorisation - not authentication.


2) "This is similar to the SSLRequireSSL directive."
=> it should probably tell what's the difference between this and Require ssl ... cause otherwise people cannot make a proper choice on what to use.
Comment 1 Christoph Anton Mitterer 2021-04-17 01:40:43 UTC
Also:

3) Require ssl-verify-client
"The ssl provider allows access if the user is authenticated with a valid client certificate."

This should likely read:

"The SSL-VERIFY-CLIENT provider ONLY allows access if the user is authenticated with a valid client certificate."

It should perhaps also be mentioned, whether Require ssl-verify-client implies Require ssl (which it likely does)



Gosh... the documentation is really in such an bad overall state... :-(