From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_PASS autolearn=ham version=3.2.5 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:x-enigmail-version:content-type; bh=ztCY242oXd+bxsVKudDs1fNp/rW3EwKxXNNveONlXSY=; b=o3gm4vzfqAubDuEnKRiI62dN66k2MQACtZse8oXnupFp3R6yGTCCQ0t1V5sOPO91Xe DK1yCxh6bCvaFxme5BuUs6GvHIIoSb+GJB4eV2n5nhRbIZ6WQ3dQNmejRXq+amUka85r fPsKxg9U/wi77lE2Oko/++9W/y2SJm1KYWZKbDsLBQcJwI3CX9bt4/VtF0tyRbGmwk24 vvKEvHZUR34+YJ+VIDSFYUbcW50Mun7sMZx5TB1Dbxi4v7NKyHsDq0rjcr+nVRuMPct7 bhNr0+uWfZDsKeCsrdNg4KGZwVz32pq3MWqbh4/q0aJ5u+kq/Ap0oqPZWgzbYbEB8VWp DsBg== X-Received: by 10.152.162.1 with SMTP id xw1mr22588973lab.3.1360060649414; Tue, 05 Feb 2013 02:37:29 -0800 (PST) Sender: Aleksey Avdeev Message-ID: <5110E0DA.8080704@solin.spb.ru> Date: Tue, 05 Feb 2013 14:37:14 +0400 From: Aleksey Avdeev User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.2.14pre) Gecko/20110125 Thunderbird/3.1.8pre MIME-Version: 1.0 To: ALT Linux Team development discussions References: <50F59E2F.7030300@solin.spb.ru> <5103ABF8.5080204@solin.spb.ru> In-Reply-To: <5103ABF8.5080204@solin.spb.ru> X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigDC82E5C90BE5B15FD1252A21" Cc: ALT Linux Sisyphus discussions , ALT Linux Community general discussions Subject: Re: [Comm] =?koi8-r?b?W2RldmVsXSBJOiBhcGFjaGUyLW1vZF9zc2x7LC1jb21w?= =?koi8-r?b?YXR9OiDp2s3FzsXOydEgzsHT1NLPxcsgU1NMLg==?= X-BeenThere: community@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Community general discussions List-Id: ALT Linux Community general discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2013 10:37:37 -0000 Archived-At: List-Archive: List-Post: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDC82E5C90BE5B15FD1252A21 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable 26.01.2013 14:12, Aleksey Avdeev =D0=C9=DB=C5=D4: > 15.01.2013 22:21, Aleksey Avdeev =D0=C9=DB=C5=D4: >> =F0=D2=C9=D7=C5=D4=D3=D4=D7=D5=C0. >> >> =F1 =D0=CC=C1=CE=C9=D2=D5=C0 =D0=C5=D2=C5=D7=C5=D3=D4=C9 =C4=C5=C6=CF= =CC=D4=CE=D9=C5 =CE=C1=D3=D4=D2=CF=CA=CB=C9 apache2-mod_ssl{,-compat} =CE= =C1 >> =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5 =CF=C2=DD=C5=D3=C9=D3=D4=C5=CD= =CE=CF=C7=CF =C8=D2=C1=CE=C9=CC=C9=DD=C1 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=CF= =D7 /var/lib/ssl. >> (=F3=C5=CA=DE=C1=D3 apache2-mod_ssl =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4 =D3= =D7=CF=A3 =D7=CE=D5=D4=D2=C5=CE=CE=C5=C5 =C8=D2=C1=CE=C9=CC=C9=DD=C5, >> /etc/httpd2/conf/ssl.*.) >=20 > =F3=CF=C4=C5=D2=D6=C1=DD=C9=CA =C4=C1=CE=CE=D9=C5 =C9=DA=CD=C5=CE=C5=CE= =C9=D1 apache2-2.2.22-alt15 =D5=DB=A3=CC =D7 =F3=C9=DA=C9=C6 (=D3=CD. > ): =E9=DA=CD=C5=CE=C5=CE=C9=D1 =C4=CF=C2=D2=C1=CC=C9=D3=D8 =C4=CF =C2=D2=C1= =CE=DE=C5=CA: t6 -- apache2-2.2.22-alt14.M60T.1 (=D3=CD. ). 5.1 -- apache2-2.2.22-alt14.M51.1 (=D3=CD. ). 5.0 -- apache2-2.2.22-alt14.M50.1 (=D3=CD. ). =F7 p6 =C9 p5 =D0=C1=CB=C5=D4=D9 =D5=CA=C4=D5=D4 =D0=D2=C9=CD=C5=D2=CE=CF= =DE=C5=D2=C5=DA =CE=C5=C4=C5=CC=C0. > =D4=C5=D0=C5=D2=D8 =D0=D2=C9 =D3=D4=C1=D2=D4=C5/=D2=C5=D3=D4=C1=D2=D4=C5= =D3=C5=D2=D7=C5=D2=C1 =D7 /var/lib/ssl, =D3=D2=C5=C4=D3=D4=D7=C1=CD=C9 > cert-sh-functions, =D3=CF=DA=C4=C1=A3=D4=D3=D1 =CB=CC=C0=DE =C9 =D3=C5=D2= =D4=C9=C6=C9=CB=C1=D4 =D3 =C9=CD=C5=CE=C5=CD httpd2, =C5=D3=CC=C9 > =D7=D9=D0=CF=CC=CE=D1=C0=D4=D3=D1 =D5=D3=CC=CF=D7=C9=D1: >=20 > 1. =F3=D5=DD=C5=D3=D4=D7=D5=C5=D4 /etc/httpd2/conf/mods-enabled/ssl.loa= d (=CD=CF=C4=D5=CC=D8 ssl =C7=D2=D5=DA=C9=D4=D3=D1). >=20 > 2. =F3=D5=DD=C5=D3=D4=D7=D5=C5=D4 =CB=C1=CB =CD=C9=CE=C9=CD=D5=CD =CF=C4= =C9=CE =C6=C1=CA=CC (=D3=D3=D9=CC=CB=C1) =C9=DA > /etc/httpd2/conf/sites-enabled/{000-,}default_https{,-compat}.conf (=D4= =2E > =C5. =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4=D3=D1 =DE=D4=CF-=D4=CF =C9=DA > /etc/httpd2/conf/sites-available/default_https{-compat,}.conf). >=20 > 3. =F7 =C6=C1=CA=CC=C1=C8 =D0. 2 =DA=CE=C1=DE=C5=CE=C9=D1 SSLCertificat= e{,Key}File =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=D5=C0=D4 > =D5=CD=CF=CC=DE=C1=CC=D8=CE=D9=CD. >=20 >> >> =F0=CF=CB=C1 =D0=CC=C1=CE=C9=D2=D5=C0 =D3=C4=C5=CC=C1=D4=D8 =D7 >> /etc/httpd2/conf/sites-available/default_https{-compat,}.conf =D4=C1=CB= =C9=C5 >> =CE=C1=D3=D4=D2=CF=CA=CB=C9 (=D7 =DA=CE=C1=DE=C5=CE=C9=D1=C8 =D0=CF=CD= =C5=DE=C5=CE=CE=D9=C8 "????" =D1 =CE=C5=D5=D7=C5=D2=C5=CE): >=20 > =F3=C4=C5=CC=C1=CE=CF: >=20 >> >> # Server Certificate: >> # Point SSLCertificateFile at a PEM encoded certificate. If >> # the certificate is encrypted, then you will be prompted for a >> # pass phrase. Note that a kill -HUP will prompt again. Keep >> # in mind that if you have both an RSA and a DSA certificate you >> # can configure both in parallel (to also allow the use of DSA >> # ciphers, etc.) >> SSLCertificateFile "/var/lib/ssl/certs/server.crt" >> #SSLCertificateFile "/var/lib/ssl/certs/server-dsa.crt" >=20 > SSLCertificateFile "/var/lib/ssl/certs/httpd2.cert" > #SSLCertificateFile "/var/lib/ssl/certs/httpd2-dsa.cert" >=20 >> >> # Server Private Key: >> # If the key is not combined with the certificate, use this >> # directive to point at the key file. Keep in mind that if >> # you've both a RSA and a DSA private key you can configure >> # both in parallel (to also allow the use of DSA ciphers, etc.) >> SSLCertificateKeyFile "/var/lib/ssl/private/server.key" >> #SSLCertificateKeyFile "/var/lib/ssl/private/server-dsa.key" >=20 > SSLCertificateKeyFile "/var/lib/ssl/private/httpd2.key" > #SSLCertificateKeyFile "/var/lib/ssl/private/httpd2-dsa.key" >=20 > =E4=CC=D1 =CF=C2=C5=D3=D0=C5=DE=C5=CE=C9=D1 =D0=D2=C5=C5=CD=D3=D4=D7=C5= =CE=CE=CF=D3=D4=C9 =CE=C1=D3=D4=D2=CF=C5=CB, =D0=D2=C9 =CF=C2=CE=CF=D7=CC= =C5=CE=C9=C9 > apache2-mod_ssl{,-compat} <=3D 2.2.22-alt14 =DA=C1=D0=D5=D3=CB=C1=C5=D4= =D3=D1 =D4=D2=C9=C7=C7=C5=D2, =CB=CF=D4=CF=D2=D9=CA > =D0=D2=C9 =D5=D3=CC=CF=D7=C9=D1=C8 (=C4=CF=CC=D6=CE=D9 =D7=D9=D0=CF=CC=CE= =D1=D4=D8=D3=D1 =D7=D3=C5): >=20 > 1. =F3=D5=DD=C5=D3=D4=D7=CF=D7=C1=CE=C9=C9 =D3=D4=C1=D2=D9=C8 =D3=C5=D2= =D4=C9=C6=C9=CB=C1=D4=C1 =C9 =CB=CC=C0=DE=C1 (=C6=C1=CA=CC=CF=D7 > /etc/httpd2/conf/ssl.{crt/server.crt,key/server.key}). >=20 > 2. =FA=C1=CD=C5=CE=D9 =D3=D4=C1=D2=CF=C7=CF =CB=CF=CE=C6=C9=C7=C1 > /etc/httpd2/conf/sites-available/default_https{-compat,}.conf =CE=C1 =CE= =CF=D7=D9=CA > (=DA=C1 =D3=DE=A3=D4 %config(noreplace), =D4=C1=CB=CF=C5 =D0=D2=CF=C9=D3= =C8=CF=C4=C9=D4 =D4=CF=CC=D8=CB=CF =C5=D3=CC=C9 =D0=CF=D3=D4=C1=D7=CC=C5=CE= =CE=D9=CA > =C9=DA =D0=C1=CB=C5=D4=C1 =C6=C1=CA=CC =CE=C5 =D2=C5=C4=C1=CB=D4=C9=D2=CF= =D7=C1=CC=D3=D1). >=20 > =F7 =C6=C1=CA=CC=C1=C8 /etc/httpd2/conf/sites-available/default_https{-= compat,}.conf > =C4=CC=D1 SSLCertificateKeyFile =C9 SSLCertificateKeyFile =D3=CF=C8=D2=C1= =CE=D1=C5=D4=D3=D1 > =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5 =D3=D4=C1=D2=D9=C8 =DA=CE=C1=DE= =C5=CE=C9=CA: >=20 > # New certificate file > #SSLCertificateFile "/var/lib/ssl/certs/httpd2.cert" > # Old certificate file > SSLCertificateFile "/etc/httpd2/conf/ssl.crt/server.crt" > #SSLCertificateFile "/var/lib/ssl/certs/httpd2-dsa.cert" >=20 > =C9 >=20 > # New certificate key file > #SSLCertificateKeyFile "/var/lib/ssl/private/httpd2.key" > # Old certificate key file > SSLCertificateKeyFile "/etc/httpd2/conf/ssl.key/server.key" > #SSLCertificateKeyFile "/var/lib/ssl/private/httpd2-dsa.key" >=20 > =FA=C1 =D3=DE=A3=D4 =DC=D4=CF=C7=CF =D3=CF=C8=D2=C1=CE=D1=C5=D4=D3=D1= =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5 =D3=D4=C1=D2=D9=C8 =CB=CC=C0=DE=C1= =C9 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=C1 (=C9 > =CE=CF=D7=D9=C5 =D0=D2=C9 =DC=D4=CF=CD =CE=C5 =D3=CF=DA=C4=C1=C0=D4=D3=D1= ). >=20 >> >> # Server Certificate Chain: >> # Point SSLCertificateChainFile at a file containing the >> # concatenation of PEM encoded CA certificates which form the >> # certificate chain for the server certificate. Alternatively >> # the referenced file can be the same as SSLCertificateFile >> # when the CA certificates are directly appended to the server >> # certificate for convinience. >> #SSLCertificateChainFile "/var/lib/ssl/certs/ca-root.pem" >=20 > #SSLCertificateChainFile "/var/lib/ssl/certs/ca-root.pem" >=20 >> >> # Certificate Authority (CA): >> # Set the CA certificate verification path where to find CA >> # certificates for client authentication or alternatively one >> # huge file containing all of them (file must be PEM encoded) >> # Note: Inside SSLCACertificatePath you need hash symlinks >> # to point to the certificate files. Use the provided >> # Makefile to update the hash symlinks after changes. >> #SSLCACertificatePath "/var/lib/ssl/certs" >> #SSLCACertificateFile "/var/lib/ssl/certs/ca-root.pem" >=20 > #SSLCACertificatePath "/var/lib/ssl/certs" > #SSLCACertificateFile "/var/lib/ssl/certs/ca-root.pem" >=20 >> >> # Certificate Revocation Lists (CRL): >> # Set the CA revocation path where to find CA CRLs for client >> # authentication or alternatively one huge file containing all >> # of them (file must be PEM encoded) >> # Note: Inside SSLCARevocationPath you need hash symlinks >> # to point to the certificate files. Use the provided >> # Makefile to update the hash symlinks after changes. >> #SSLCARevocationPath "/var/lib/ssl/certs" >> #SSLCARevocationFile "/var/lib/ssl/certs/ca-bundle.crl" >=20 > #SSLCARevocationPath "/var/lib/ssl/certs" > #SSLCARevocationFile "/var/lib/ssl/certs/ca-bundle.crl" >=20 > PS: =F7 =C2=D2=C1=CE=DE=C9 =C4=C1=CE=CE=D9=CA =D7=C1=D2=C9=C1=CE=D4 =CF= =D4=D0=D2=C1=D7=CC=C0 =D0=D2=C9=CD=C5=D2=CE=CF =DE=C5=D2=C5=DA =CE=C5=C4=C5= =CC=C0 (=C5=D3=CC=C9 > =D0=D2=CF=C2=CC=C5=CD=D9 =CE=C5 =D7=D9=D0=CC=D9=D7=D5=D4). --=20 =F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD. =E1=CC=C5=CB=D3=C5=CA. --------------enigDC82E5C90BE5B15FD1252A21 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJREODbAAoJEA9Eed/JIzr34cUP/i01iRckHonzEHERK0WFs/zP Hkxy27qiaxNSxLZQ5EzEeTFUut4jFxm7m9guapo2QCLJmqIL7F1oC8kptKxb9qNw KZHtXIGyQ2b15G9fpEKe6YpfiA+lVKzJAjQQF38VbmMneOz8h/OX1u/NM6qyJdBo n2H3CDs8SKDX1j57mJ9Bk+Q8YR9FyUh3LMlDk4CH0QPs5pCVtFhgxodi8Ho5pO9q k3y+Q08Yirr5JqebAUHtLIY1rSng/B3/697lEVbZEbl8IQtHdZHOU1NzwlsLB5M3 PTZkclUUIVkFxd1JeqXXqiEPuXp739C/1R9uNQZWaFHrtGZxi67TIxdfjWYiCQXu XlUSNWXh7TrkHCfSPNauAXwUGuNCodnqlSjAFqaLWfmcRSlyOwVrq46v+oVsqXAb 6FolL16JWKNpxYPbk1o8EmlkH63eXhYBGSBXJ9S9ILXJ+DvVk5qnvzKFMgd8vGdq 64zLR4PjjNGWXuRGlG7eiwyX7PD3WJCb3nhiqt2JUm2z+RDYJIghFca5Jd/leV9I mlRMNsNKOmtmAj5m+0L4FxSmDrDDA3CmVmOezGQSnQ6UYnssqR0h8bJBKnlYbwv3 hP3l1M4rnZxduzCwNO6WEiBT+UECgs2jqAkarwnEyN1Dze/GWXTYL/r3CjjsCdF6 IfriOLJkB95yfbLhnBfg =RSnZ -----END PGP SIGNATURE----- --------------enigDC82E5C90BE5B15FD1252A21--