svn commit: r44600 - in head/en_US.ISO8859-1/books/handbook: network-servers security

Dru Lavigne dru at
Thu Apr 17 20:16:20 UTC 2014

Author: dru
Date: Thu Apr 17 20:16:19 2014
New Revision: 44600

  Begin editorial review of OpenSSL chapter.
  Comment out IDEA note for now as the patents expired 2 years ago.
  Add a section ID to LDAP chapter so it can be referred to in this chapter.
  More commits to come.
  Sponsored by:	iXsystems


Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml	Thu Apr 17 20:06:59 2014	(r44599)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml	Thu Apr 17 20:16:19 2014	(r44600)
@@ -2224,7 +2224,7 @@ result: 0 Success
-    <sect2>
+    <sect2 xml:id="ldap-config">
       <title>Configuring an <acronym>LDAP</acronym> Server</title>
       <indexterm><primary>LDAP Server</primary></indexterm>

Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Thu Apr 17 20:06:59 2014	(r44599)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Thu Apr 17 20:16:19 2014	(r44600)
@@ -1770,31 +1770,19 @@ kadmind5_server_enable="YES"</programlis
-    <para>The
-      <application>OpenSSL</application> toolkit is included in &os;.
+    <para><application>OpenSSL</application> is an open source
+      implementation of the <acronym>SSL</acronym> and
+      <acronym>TLS</acronym> protocols.
       It provides an encryption transport layer on top of the normal
       communications layer, allowing it to be intertwined with many
       network applications and services.</para>
-    <para>Some uses of <application>OpenSSL</application> may include
-      encrypted authentication of mail clients and web based
-      transactions such as credit card payments.  Many ports such as
-      <package>www/apache22</package>, and
-      <package>mail/claws-mail</package> offer compilation support for
-      building with <application>OpenSSL</application>.</para>
-    <note>
-      <para>In most cases, the Ports Collection will attempt to build
-	the <package>security/openssl</package> port unless
-	<varname>WITH_OPENSSL_BASE</varname> is explicitly set to
-	<quote>yes</quote>.</para>
-    </note>
     <para>The version of <application>OpenSSL</application> included
-      in &os; supports Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and
+      in &os; supports the Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and
       Transport Layer Security v1 (TLSv1) network security protocols
       and can be used as a general cryptographic library.</para>
+This patent expired in 2012, is the note still needed?
       <para>While <application>OpenSSL</application> supports the
 	<acronym>IDEA</acronym> algorithm, it is disabled by default
@@ -1803,21 +1791,40 @@ kadmind5_server_enable="YES"</programlis
 	<varname>MAKE_IDEA</varname> variable must be set in
+    -->
-    <para>One of the most common uses of
+    <para><application>OpenSSL</application> is often used to
+      encrypt authentication of mail clients and to secure web based
+      transactions such as credit card payments.  Some ports, such as
+      <package>www/apache24</package> and
+      <package>databases/postgresql91-server</package>, include a compile option for
+      building with <application>OpenSSL</application>.  If selected,
+      the port will add support using the
+      <package>security/openssl</package> port.  To instead have the
+      port compile against the built in version of
+      <application>OpenSSL</application>, include
+	<varname>WITH_OPENSSL_BASE</varname> when compiling
+	in <application>OpenSSL</application> support.</para>
+    <para>Another common use of
       <application>OpenSSL</application> is to provide certificates
-      for use with software applications.  These certificates ensure
-      that the credentials of the company or individual are valid
-      and not fraudulent.  If the certificate in question has not
-      been verified by a <quote>Certificate Authority</quote>
-      (<acronym>CA</acronym>), a warning is produced.  A
-      <acronym>CA</acronym> is a company, such as <link
-	xlink:href="">VeriSign</link>, signs
-      certificates in order to validate the credentials of individuals
-      or companies.  This process has a cost associated with it and is
-      not a requirement for using certificates; however, it can put
+      for use with software applications.  Certificates can be used to verify
+      the credentials of a company or individual.
+      If a certificate has not
+      been signed by an external <firstterm>Certificate Authority</firstterm>
+      (<acronym>CA</acronym>), such as <link
+	xlink:href=""></link>,
+      the application that uses the certificate will produce a warning.
+      There is a cost associated with obtaining a signed certificate and using a
+      signed certificate is not mandatory as certificates can be
+      self-signed.  However, using an external authority will prevent warnings and can put
       users at ease.</para>
+    <para>This section demonstrates how to create and use certificates
+      on a &os; system.  Refer to <xref linkend="ldap-config"/> for an
+      example of how to create a <acronym>CA</acronym> for signing
+      one's own certificates.</para>
       <title>Generating Certificates</title>

More information about the svn-doc-all mailing list