Date: Thu, 17 Apr 2014 20:16:20 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44600 - in head/en_US.ISO8859-1/books/handbook: network-servers security Message-ID: <201404172016.s3HKGKuM027871@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Thu Apr 17 20:16:19 2014 New Revision: 44600 URL: http://svnweb.freebsd.org/changeset/doc/44600 Log: Begin editorial review of OpenSSL chapter. Comment out IDEA note for now as the patents expired 2 years ago. Add a section ID to LDAP chapter so it can be referred to in this chapter. More commits to come. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Apr 17 20:06:59 2014 (r44599) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Apr 17 20:16:19 2014 (r44600) @@ -2224,7 +2224,7 @@ result: 0 Success xlink:href="http://www.openldap.org/doc/admin24/intro.html">http://www.openldap.org/doc/admin24/intro.html</uri>.</para>; </sect2> - <sect2> + <sect2 xml:id="ldap-config"> <title>Configuring an <acronym>LDAP</acronym> Server</title> <indexterm><primary>LDAP Server</primary></indexterm> Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Thu Apr 17 20:06:59 2014 (r44599) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Thu Apr 17 20:16:19 2014 (r44600) @@ -1770,31 +1770,19 @@ kadmind5_server_enable="YES"</programlis <secondary>OpenSSL</secondary> </indexterm> - <para>The - <application>OpenSSL</application> toolkit is included in &os;. + <para><application>OpenSSL</application> is an open source + implementation of the <acronym>SSL</acronym> and + <acronym>TLS</acronym> protocols. It provides an encryption transport layer on top of the normal communications layer, allowing it to be intertwined with many network applications and services.</para> - <para>Some uses of <application>OpenSSL</application> may include - encrypted authentication of mail clients and web based - transactions such as credit card payments. Many ports such as - <package>www/apache22</package>, and - <package>mail/claws-mail</package> offer compilation support for - building with <application>OpenSSL</application>.</para> - - <note> - <para>In most cases, the Ports Collection will attempt to build - the <package>security/openssl</package> port unless - <varname>WITH_OPENSSL_BASE</varname> is explicitly set to - <quote>yes</quote>.</para> - </note> - <para>The version of <application>OpenSSL</application> included - in &os; supports Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and + in &os; supports the Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and Transport Layer Security v1 (TLSv1) network security protocols and can be used as a general cryptographic library.</para> - +<!-- +This patent expired in 2012, is the note still needed? <note> <para>While <application>OpenSSL</application> supports the <acronym>IDEA</acronym> algorithm, it is disabled by default @@ -1803,21 +1791,40 @@ kadmind5_server_enable="YES"</programlis <varname>MAKE_IDEA</varname> variable must be set in <filename>/etc/make.conf</filename>.</para> </note> + --> - <para>One of the most common uses of + <para><application>OpenSSL</application> is often used to + encrypt authentication of mail clients and to secure web based + transactions such as credit card payments. Some ports, such as + <package>www/apache24</package> and + <package>databases/postgresql91-server</package>, include a compile option for + building with <application>OpenSSL</application>. If selected, + the port will add support using the + <package>security/openssl</package> port. To instead have the + port compile against the built in version of + <application>OpenSSL</application>, include + <varname>WITH_OPENSSL_BASE</varname> when compiling + in <application>OpenSSL</application> support.</para> + + <para>Another common use of <application>OpenSSL</application> is to provide certificates - for use with software applications. These certificates ensure - that the credentials of the company or individual are valid - and not fraudulent. If the certificate in question has not - been verified by a <quote>Certificate Authority</quote> - (<acronym>CA</acronym>), a warning is produced. A - <acronym>CA</acronym> is a company, such as <link - xlink:href="http://www.verisign.com">VeriSign</link>, signs - certificates in order to validate the credentials of individuals - or companies. This process has a cost associated with it and is - not a requirement for using certificates; however, it can put + for use with software applications. Certificates can be used to verify + the credentials of a company or individual. + If a certificate has not + been signed by an external <firstterm>Certificate Authority</firstterm> + (<acronym>CA</acronym>), such as <link + xlink:href="http://www.verisign.com">http://www.verisign.com</link>, + the application that uses the certificate will produce a warning. + There is a cost associated with obtaining a signed certificate and using a + signed certificate is not mandatory as certificates can be + self-signed. However, using an external authority will prevent warnings and can put users at ease.</para> + <para>This section demonstrates how to create and use certificates + on a &os; system. Refer to <xref linkend="ldap-config"/> for an + example of how to create a <acronym>CA</acronym> for signing + one's own certificates.</para> + <sect2> <title>Generating Certificates</title>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404172016.s3HKGKuM027871>