svn commit: r44600 - in head/en_US.ISO8859-1/books/handbook: network-servers security
Dru Lavigne
dru at FreeBSD.org
Thu Apr 17 20:16:20 UTC 2014
Author: dru
Date: Thu Apr 17 20:16:19 2014
New Revision: 44600
URL: http://svnweb.freebsd.org/changeset/doc/44600
Log:
Begin editorial review of OpenSSL chapter.
Comment out IDEA note for now as the patents expired 2 years ago.
Add a section ID to LDAP chapter so it can be referred to in this chapter.
More commits to come.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
head/en_US.ISO8859-1/books/handbook/security/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Apr 17 20:06:59 2014 (r44599)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Apr 17 20:16:19 2014 (r44600)
@@ -2224,7 +2224,7 @@ result: 0 Success
xlink:href="http://www.openldap.org/doc/admin24/intro.html">http://www.openldap.org/doc/admin24/intro.html</uri>.</para>
</sect2>
- <sect2>
+ <sect2 xml:id="ldap-config">
<title>Configuring an <acronym>LDAP</acronym> Server</title>
<indexterm><primary>LDAP Server</primary></indexterm>
Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Thu Apr 17 20:06:59 2014 (r44599)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Thu Apr 17 20:16:19 2014 (r44600)
@@ -1770,31 +1770,19 @@ kadmind5_server_enable="YES"</programlis
<secondary>OpenSSL</secondary>
</indexterm>
- <para>The
- <application>OpenSSL</application> toolkit is included in &os;.
+ <para><application>OpenSSL</application> is an open source
+ implementation of the <acronym>SSL</acronym> and
+ <acronym>TLS</acronym> protocols.
It provides an encryption transport layer on top of the normal
communications layer, allowing it to be intertwined with many
network applications and services.</para>
- <para>Some uses of <application>OpenSSL</application> may include
- encrypted authentication of mail clients and web based
- transactions such as credit card payments. Many ports such as
- <package>www/apache22</package>, and
- <package>mail/claws-mail</package> offer compilation support for
- building with <application>OpenSSL</application>.</para>
-
- <note>
- <para>In most cases, the Ports Collection will attempt to build
- the <package>security/openssl</package> port unless
- <varname>WITH_OPENSSL_BASE</varname> is explicitly set to
- <quote>yes</quote>.</para>
- </note>
-
<para>The version of <application>OpenSSL</application> included
- in &os; supports Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and
+ in &os; supports the Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and
Transport Layer Security v1 (TLSv1) network security protocols
and can be used as a general cryptographic library.</para>
-
+<!--
+This patent expired in 2012, is the note still needed?
<note>
<para>While <application>OpenSSL</application> supports the
<acronym>IDEA</acronym> algorithm, it is disabled by default
@@ -1803,21 +1791,40 @@ kadmind5_server_enable="YES"</programlis
<varname>MAKE_IDEA</varname> variable must be set in
<filename>/etc/make.conf</filename>.</para>
</note>
+ -->
- <para>One of the most common uses of
+ <para><application>OpenSSL</application> is often used to
+ encrypt authentication of mail clients and to secure web based
+ transactions such as credit card payments. Some ports, such as
+ <package>www/apache24</package> and
+ <package>databases/postgresql91-server</package>, include a compile option for
+ building with <application>OpenSSL</application>. If selected,
+ the port will add support using the
+ <package>security/openssl</package> port. To instead have the
+ port compile against the built in version of
+ <application>OpenSSL</application>, include
+ <varname>WITH_OPENSSL_BASE</varname> when compiling
+ in <application>OpenSSL</application> support.</para>
+
+ <para>Another common use of
<application>OpenSSL</application> is to provide certificates
- for use with software applications. These certificates ensure
- that the credentials of the company or individual are valid
- and not fraudulent. If the certificate in question has not
- been verified by a <quote>Certificate Authority</quote>
- (<acronym>CA</acronym>), a warning is produced. A
- <acronym>CA</acronym> is a company, such as <link
- xlink:href="http://www.verisign.com">VeriSign</link>, signs
- certificates in order to validate the credentials of individuals
- or companies. This process has a cost associated with it and is
- not a requirement for using certificates; however, it can put
+ for use with software applications. Certificates can be used to verify
+ the credentials of a company or individual.
+ If a certificate has not
+ been signed by an external <firstterm>Certificate Authority</firstterm>
+ (<acronym>CA</acronym>), such as <link
+ xlink:href="http://www.verisign.com">http://www.verisign.com</link>,
+ the application that uses the certificate will produce a warning.
+ There is a cost associated with obtaining a signed certificate and using a
+ signed certificate is not mandatory as certificates can be
+ self-signed. However, using an external authority will prevent warnings and can put
users at ease.</para>
+ <para>This section demonstrates how to create and use certificates
+ on a &os; system. Refer to <xref linkend="ldap-config"/> for an
+ example of how to create a <acronym>CA</acronym> for signing
+ one's own certificates.</para>
+
<sect2>
<title>Generating Certificates</title>
More information about the svn-doc-head
mailing list