From owner-svn-doc-head@FreeBSD.ORG Thu Apr 17 20:16:20 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B5AC6471; Thu, 17 Apr 2014 20:16:20 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 95CA61D73; Thu, 17 Apr 2014 20:16:20 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3HKGKmG027873; Thu, 17 Apr 2014 20:16:20 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3HKGKuM027871; Thu, 17 Apr 2014 20:16:20 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201404172016.s3HKGKuM027871@svn.freebsd.org> From: Dru Lavigne Date: Thu, 17 Apr 2014 20:16:20 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44600 - in head/en_US.ISO8859-1/books/handbook: network-servers security X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2014 20:16:20 -0000 Author: dru Date: Thu Apr 17 20:16:19 2014 New Revision: 44600 URL: http://svnweb.freebsd.org/changeset/doc/44600 Log: Begin editorial review of OpenSSL chapter. Comment out IDEA note for now as the patents expired 2 years ago. Add a section ID to LDAP chapter so it can be referred to in this chapter. More commits to come. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Apr 17 20:06:59 2014 (r44599) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Apr 17 20:16:19 2014 (r44600) @@ -2224,7 +2224,7 @@ result: 0 Success xlink:href="http://www.openldap.org/doc/admin24/intro.html">http://www.openldap.org/doc/admin24/intro.html. - + Configuring an <acronym>LDAP</acronym> Server LDAP Server Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Thu Apr 17 20:06:59 2014 (r44599) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Thu Apr 17 20:16:19 2014 (r44600) @@ -1770,31 +1770,19 @@ kadmind5_server_enable="YES"OpenSSL - The - OpenSSL toolkit is included in &os;. + OpenSSL is an open source + implementation of the SSL and + TLS protocols. It provides an encryption transport layer on top of the normal communications layer, allowing it to be intertwined with many network applications and services. - Some uses of OpenSSL may include - encrypted authentication of mail clients and web based - transactions such as credit card payments. Many ports such as - www/apache22, and - mail/claws-mail offer compilation support for - building with OpenSSL. - - - In most cases, the Ports Collection will attempt to build - the security/openssl port unless - WITH_OPENSSL_BASE is explicitly set to - yes. - - The version of OpenSSL included - in &os; supports Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and + in &os; supports the Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and Transport Layer Security v1 (TLSv1) network security protocols and can be used as a general cryptographic library. - + - One of the most common uses of + OpenSSL is often used to + encrypt authentication of mail clients and to secure web based + transactions such as credit card payments. Some ports, such as + www/apache24 and + databases/postgresql91-server, include a compile option for + building with OpenSSL. If selected, + the port will add support using the + security/openssl port. To instead have the + port compile against the built in version of + OpenSSL, include + WITH_OPENSSL_BASE when compiling + in OpenSSL support. + + Another common use of OpenSSL is to provide certificates - for use with software applications. These certificates ensure - that the credentials of the company or individual are valid - and not fraudulent. If the certificate in question has not - been verified by a Certificate Authority - (CA), a warning is produced. A - CA is a company, such as VeriSign, signs - certificates in order to validate the credentials of individuals - or companies. This process has a cost associated with it and is - not a requirement for using certificates; however, it can put + for use with software applications. Certificates can be used to verify + the credentials of a company or individual. + If a certificate has not + been signed by an external Certificate Authority + (CA), such as http://www.verisign.com, + the application that uses the certificate will produce a warning. + There is a cost associated with obtaining a signed certificate and using a + signed certificate is not mandatory as certificates can be + self-signed. However, using an external authority will prevent warnings and can put users at ease. + This section demonstrates how to create and use certificates + on a &os; system. Refer to for an + example of how to create a CA for signing + one's own certificates. + Generating Certificates