mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-04-21 20:46:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

doc: remove docs of deprecated directives (#415)

Browse source
This commit is contained in:
Mohammed Al Sahaf 2024-09-29 14:13:18 +03:00 committed by GitHub
parent af347e9623
commit 56a1dd39e1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/docs/markdown/caddyfile/directives/tls.md
View file

@ -42,8 +42,6 @@ tls [internal|<email>] | [<cert_file> <key_file>] {
client_auth { client_auth {
mode [request|require|verify_if_given|require_and_verify] mode [request|require|verify_if_given|require_and_verify]
trust_pool <module> trust_pool <module>
trusted_leaf_cert <base64_der>
trusted_leaf_cert_file <filename>
verifier <module> verifier <module>
} }
issuer <issuer_name> [<params...>] issuer <issuer_name> [<params...>]
@ -140,16 +138,12 @@ Keep in mind that Let's Encrypt may send you emails about your certificate neari
| verify_if_given | Ask clients for a certificate; allow even if there isn't one, but verify it if there is | | verify_if_given | Ask clients for a certificate; allow even if there isn't one, but verify it if there is |
| require_and_verify | Require clients to present a valid certificate that is verified | | require_and_verify | Require clients to present a valid certificate that is verified |
Default: `require_and_verify` if any `trusted_ca_cert` or `trusted_leaf_cert` are provided; otherwise, `require`. Default: `require_and_verify` if `trust_pool` module is provided; otherwise, `require`.
- **trust_pool** <span id="trust_pool"/> configures the source of certificate authorities (CA) providing certificates against which to validate client certificates. - **trust_pool** <span id="trust_pool"/> configures the source of certificate authorities (CA) providing certificates against which to validate client certificates.
The certificate authority used providing the pool of trusted certificates and the configuration within the segment depends on the configured source of trust pool module. The standard modules available in Caddy are [listed below](#trust-pool-providers). The full list of modules, including 3rd-party, is listed in the [`trust_pool` JSON documentation](/docs/json/apps/http/servers/tls_connection_policies/client_authentication/#trust_pool). The certificate authority used providing the pool of trusted certificates and the configuration within the segment depends on the configured source of trust pool module. The standard modules available in Caddy are [listed below](#trust-pool-providers). The full list of modules, including 3rd-party, is listed in the [`trust_pool` JSON documentation](/docs/json/apps/http/servers/tls_connection_policies/client_authentication/#trust_pool).
- **trusted_leaf_cert** <span id="trusted_leaf_cert"/> is a base64 DER-encoded client leaf certificate to accept.
- **trusted_leaf_cert_file** <span id="trusted_leaf_cert_file"/> is a path to a PEM CA certificate file against which to validate client certificates.
Multiple `trusted_*` directives may be used to specify multiple CA or leaf certificates. Client certificates which are not listed as one of the leaf certificates or signed by any of the specified CAs will be rejected according to the **mode**. Multiple `trusted_*` directives may be used to specify multiple CA or leaf certificates. Client certificates which are not listed as one of the leaf certificates or signed by any of the specified CAs will be rejected according to the **mode**.
- **verifier** <span id="verifier"/> enables the use of a custom client certificate verifier module. These can perform custom client authentication checks, such as ensuring the certificate is not revoked. - **verifier** <span id="verifier"/> enables the use of a custom client certificate verifier module. These can perform custom client authentication checks, such as ensuring the certificate is not revoked.