SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Apply automatic changes

Browse source
This commit is contained in:
bernhardreiter bernhardreiter@users.noreply.github.com 2022-04-12 14:06:26 +00:00
parent e8166121c7
commit 8711ea67fe
3 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/client-certificate-setup.md
View file

@ -9,15 +9,15 @@ adjust the content of the `server{}` block like shown in the following example:
<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/TLSClientConfigsForITest.sh&lines=25-40) --> <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/TLSClientConfigsForITest.sh&lines=25-40) -->
<!-- The below code snippet is automatically added from ../docs/scripts/TLSClientConfigsForITest.sh --> <!-- The below code snippet is automatically added from ../docs/scripts/TLSClientConfigsForITest.sh -->
```sh ```sh
ssl_client_certificate '${SSL_CLIENT_CERTIFICATE}' # e.g. ssl_client_certificate /etc/ssl/rootca-cert.pem; ssl_client_certificate '${SSL_CLIENT_CERTIFICATE}'; # e.g. ssl_client_certificate /etc/ssl/rootca-cert.pem;
ssl_verify_client optional; ssl_verify_client optional;
ssl_verify_depth 2; ssl_verify_depth 2;
# This example allows access to all three TLP locations for all certs. # This example allows access to all three TLP locations for all certs.
location ~ /.well-known/csaf/(red|green|amber)/{ location ~ /.well-known/csaf/(red|green|amber)/{
# For atomic directory switches
disable_symlinks off;
autoindex on; autoindex on;
# in this location access is only allowed with client certs # in this location access is only allowed with client certs
if ($ssl_client_verify != SUCCESS){ if ($ssl_client_verify != SUCCESS){
# we use status code 404 == "Not Found", because we do not # we use status code 404 == "Not Found", because we do not

4
docs/development-ca.md
View file

@ -67,10 +67,10 @@ certtool --generate-certificate --load-privkey testserver-key.pem --outfile test
cat testserver.crt rootca-cert.pem >bundle.crt cat testserver.crt rootca-cert.pem >bundle.crt
SSL_CERTIFICATE=$( SSL_CERTIFICATE=$(
echo "$PWD/bundle.crt;" echo "$PWD/bundle.crt"
) )
SSL_CERTIFICATE_KEY=$( SSL_CERTIFICATE_KEY=$(
echo "$PWD/testserver-key.pem;" echo "$PWD/testserver-key.pem"
) )
``` ```
<!-- MARKDOWN-AUTO-DOCS:END --> <!-- MARKDOWN-AUTO-DOCS:END -->

4
docs/install-server-certificate.md
View file

@ -53,8 +53,8 @@ finds your your private key and the certificate chain.
listen 443 ssl default_server; # ipv4 listen 443 ssl default_server; # ipv4
listen [::]:443 ssl http2 default_server; # ipv6 listen [::]:443 ssl http2 default_server; # ipv6
ssl_certificate '${SSL_CERTIFICATE}' # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt ssl_certificate '${SSL_CERTIFICATE}'; # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
ssl_certificate_key '${SSL_CERTIFICATE_KEY}' # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem; ssl_certificate_key '${SSL_CERTIFICATE_KEY}'; # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
``` ```