From c0a7feff0481671f2f3fd1eb5397312269e08518 Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Wed, 05 Jun 2013 15:21:59 +0000
Subject: [PATCH] CR-1796 Fix for OPENDJ-731: Reference documentation for ssl-client-auth-policy values is misleading
---
opends/src/admin/defn/org/opends/server/admin/std/HTTPConnectionHandlerConfiguration.xml | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/HTTPConnectionHandlerConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/HTTPConnectionHandlerConfiguration.xml
index f23b1da..b6cb400 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/HTTPConnectionHandlerConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/HTTPConnectionHandlerConfiguration.xml
@@ -326,6 +326,8 @@
Specifies the policy that the
<adm:user-friendly-name />
should use regarding client SSL certificates.
+ Clients can use the SASL EXTERNAL mechanism only if the
+ policy is set to "optional" or "required".
</adm:synopsis>
<adm:description>
This is only applicable if clients are allowed to use SSL.
@@ -342,7 +344,7 @@
<adm:enumeration>
<adm:value name="disabled">
<adm:synopsis>
- Clients are not required to provide their own
+ Clients must not provide their own
certificates when performing SSL negotiation.
</adm:synopsis>
</adm:value>
@@ -356,9 +358,10 @@
</adm:value>
<adm:value name="required">
<adm:synopsis>
- Clients are required to provide their own certificates
- when performing SSL negotiation and are refused access
- if the do not provide a certificate.
+ Clients are requested to provide their own certificates
+ when performing SSL negotiation. The connection is
+ nevertheless accepted if the client does not provide a
+ certificate.
</adm:synopsis>
</adm:value>
</adm:enumeration>
--
Gitblit v1.10.0