From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <solo.oboroten@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,
	SPF_PASS autolearn=ham version=3.2.5
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=x-received:sender:message-id:date:from:user-agent:mime-version:to
	:cc:subject:references:in-reply-to:x-enigmail-version:content-type;
	bh=keet6mVBoTKAMHcWH1ybj4l3FJZ12G4InSe17coZ4DU=;
	b=fGWSTCrn5OwP25Y0yyWVKSOGDDoiHz0/qJ5aFVOrKF3FsaNUDbbn+QSf4RkxeZxDN3
	gBTdlOKkDnrXGYR8GOV7EaX2JmahvdzM/KxFcpOfelpZlTxl2FycxmLYcVBnkQteWkud
	OeRn8chHBBoA455tSurDVq8pfhAEuJw34uwLBgi8JFdj4LRoXSDFNrztYficfSych+Pz
	QHFtdpuDQkkp1cHrE/QvCrj4W9A/3vOEGqWjKLhsG2Q+K7ifn/Y4R9RlujorIPJ/ib04
	dfdiJTbZ8wl6qLdg5cgIpd3KXw/XBTc+oCLbqA1gWZdhY4wXtvDVd2I7U6MmD0iyT1nT
	Iq9Q==
X-Received: by 10.204.147.156 with SMTP id l28mr2537389bkv.87.1359195141679;
	Sat, 26 Jan 2013 02:12:21 -0800 (PST)
Sender: Aleksey Avdeev <solo.oboroten@gmail.com>
Message-ID: <5103ABF8.5080204@solin.spb.ru>
Date: Sat, 26 Jan 2013 14:12:08 +0400
From: Aleksey Avdeev <solo@solin.spb.ru>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; ru;
	rv:1.9.2.14pre) Gecko/20110125 Thunderbird/3.1.8pre
MIME-Version: 1.0
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
References: <50F59E2F.7030300@solin.spb.ru>
In-Reply-To: <50F59E2F.7030300@solin.spb.ru>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigBD067649C575FD9F7D81F431"
Cc: ALT Linux Sisyphus discussions <sisyphus@lists.altlinux.org>
Subject: Re: [sisyphus] =?koi8-r?b?W2RldmVsXSBJOiBhcGFjaGUyLW1vZF9zc2x7LC1j?=
 =?koi8-r?b?b21wYXR9OiDp2s3FzsXOydEgzsHT1NLPxcsgU1NMLg==?=
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Sisyphus discussions <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussions <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jan 2013 10:12:27 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/5103ABF8.5080204@solin.spb.ru/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBD067649C575FD9F7D81F431
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable

15.01.2013 22:21, Aleksey Avdeev =D0=C9=DB=C5=D4:
> =F0=D2=C9=D7=C5=D4=D3=D4=D7=D5=C0.
>=20
>   =F1 =D0=CC=C1=CE=C9=D2=D5=C0 =D0=C5=D2=C5=D7=C5=D3=D4=C9 =C4=C5=C6=CF=
=CC=D4=CE=D9=C5 =CE=C1=D3=D4=D2=CF=CA=CB=C9 apache2-mod_ssl{,-compat} =CE=
=C1
> =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5 =CF=C2=DD=C5=D3=C9=D3=D4=C5=CD=CE=
=CF=C7=CF =C8=D2=C1=CE=C9=CC=C9=DD=C1 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=CF=D7=
 /var/lib/ssl.
> (=F3=C5=CA=DE=C1=D3 apache2-mod_ssl =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4 =D3=D7=
=CF=A3 =D7=CE=D5=D4=D2=C5=CE=CE=C5=C5 =C8=D2=C1=CE=C9=CC=C9=DD=C5,
> /etc/httpd2/conf/ssl.*.)

  =F3=CF=C4=C5=D2=D6=C1=DD=C9=CA =C4=C1=CE=CE=D9=C5 =C9=DA=CD=C5=CE=C5=CE=
=C9=D1 apache2-2.2.22-alt15 =D5=DB=A3=CC =D7 =F3=C9=DA=C9=C6 (=D3=CD.
<http://git.altlinux.org/tasks/archive/done/_85/88057/logs/events.7.1.log=
>):
=D4=C5=D0=C5=D2=D8 =D0=D2=C9 =D3=D4=C1=D2=D4=C5/=D2=C5=D3=D4=C1=D2=D4=C5 =
=D3=C5=D2=D7=C5=D2=C1 =D7 /var/lib/ssl, =D3=D2=C5=C4=D3=D4=D7=C1=CD=C9
cert-sh-functions, =D3=CF=DA=C4=C1=A3=D4=D3=D1 =CB=CC=C0=DE =C9 =D3=C5=D2=
=D4=C9=C6=C9=CB=C1=D4 =D3 =C9=CD=C5=CE=C5=CD httpd2, =C5=D3=CC=C9
=D7=D9=D0=CF=CC=CE=D1=C0=D4=D3=D1 =D5=D3=CC=CF=D7=C9=D1:

1. =F3=D5=DD=C5=D3=D4=D7=D5=C5=D4 /etc/httpd2/conf/mods-enabled/ssl.load =
(=CD=CF=C4=D5=CC=D8 ssl =C7=D2=D5=DA=C9=D4=D3=D1).

2. =F3=D5=DD=C5=D3=D4=D7=D5=C5=D4 =CB=C1=CB =CD=C9=CE=C9=CD=D5=CD =CF=C4=C9=
=CE =C6=C1=CA=CC (=D3=D3=D9=CC=CB=C1) =C9=DA
/etc/httpd2/conf/sites-enabled/{000-,}default_https{,-compat}.conf (=D4.
=C5. =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4=D3=D1 =DE=D4=CF-=D4=CF =C9=DA
/etc/httpd2/conf/sites-available/default_https{-compat,}.conf).

3. =F7 =C6=C1=CA=CC=C1=C8 =D0. 2 =DA=CE=C1=DE=C5=CE=C9=D1 SSLCertificate{=
,Key}File =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=D5=C0=D4
=D5=CD=CF=CC=DE=C1=CC=D8=CE=D9=CD.

>=20
>   =F0=CF=CB=C1 =D0=CC=C1=CE=C9=D2=D5=C0 =D3=C4=C5=CC=C1=D4=D8 =D7
> /etc/httpd2/conf/sites-available/default_https{-compat,}.conf =D4=C1=CB=
=C9=C5
> =CE=C1=D3=D4=D2=CF=CA=CB=C9 (=D7 =DA=CE=C1=DE=C5=CE=C9=D1=C8 =D0=CF=CD=C5=
=DE=C5=CE=CE=D9=C8 "????" =D1 =CE=C5=D5=D7=C5=D2=C5=CE):

  =F3=C4=C5=CC=C1=CE=CF:

>=20
> #   Server Certificate:
> #   Point SSLCertificateFile at a PEM encoded certificate.  If
> #   the certificate is encrypted, then you will be prompted for a
> #   pass phrase.  Note that a kill -HUP will prompt again.  Keep
> #   in mind that if you have both an RSA and a DSA certificate you
> #   can configure both in parallel (to also allow the use of DSA
> #   ciphers, etc.)
> SSLCertificateFile "/var/lib/ssl/certs/server.crt"
> #SSLCertificateFile "/var/lib/ssl/certs/server-dsa.crt"

SSLCertificateFile "/var/lib/ssl/certs/httpd2.cert"
#SSLCertificateFile "/var/lib/ssl/certs/httpd2-dsa.cert"

>=20
> #   Server Private Key:
> #   If the key is not combined with the certificate, use this
> #   directive to point at the key file.  Keep in mind that if
> #   you've both a RSA and a DSA private key you can configure
> #   both in parallel (to also allow the use of DSA ciphers, etc.)
> SSLCertificateKeyFile "/var/lib/ssl/private/server.key"
> #SSLCertificateKeyFile "/var/lib/ssl/private/server-dsa.key"

SSLCertificateKeyFile "/var/lib/ssl/private/httpd2.key"
#SSLCertificateKeyFile "/var/lib/ssl/private/httpd2-dsa.key"

  =E4=CC=D1 =CF=C2=C5=D3=D0=C5=DE=C5=CE=C9=D1 =D0=D2=C5=C5=CD=D3=D4=D7=C5=
=CE=CE=CF=D3=D4=C9 =CE=C1=D3=D4=D2=CF=C5=CB, =D0=D2=C9 =CF=C2=CE=CF=D7=CC=
=C5=CE=C9=C9
apache2-mod_ssl{,-compat} <=3D 2.2.22-alt14 =DA=C1=D0=D5=D3=CB=C1=C5=D4=D3=
=D1 =D4=D2=C9=C7=C7=C5=D2, =CB=CF=D4=CF=D2=D9=CA
=D0=D2=C9 =D5=D3=CC=CF=D7=C9=D1=C8 (=C4=CF=CC=D6=CE=D9 =D7=D9=D0=CF=CC=CE=
=D1=D4=D8=D3=D1 =D7=D3=C5):

1. =F3=D5=DD=C5=D3=D4=D7=CF=D7=C1=CE=C9=C9 =D3=D4=C1=D2=D9=C8 =D3=C5=D2=D4=
=C9=C6=C9=CB=C1=D4=C1 =C9 =CB=CC=C0=DE=C1 (=C6=C1=CA=CC=CF=D7
/etc/httpd2/conf/ssl.{crt/server.crt,key/server.key}).

2. =FA=C1=CD=C5=CE=D9 =D3=D4=C1=D2=CF=C7=CF =CB=CF=CE=C6=C9=C7=C1
/etc/httpd2/conf/sites-available/default_https{-compat,}.conf =CE=C1 =CE=CF=
=D7=D9=CA
(=DA=C1 =D3=DE=A3=D4 %config(noreplace), =D4=C1=CB=CF=C5 =D0=D2=CF=C9=D3=C8=
=CF=C4=C9=D4 =D4=CF=CC=D8=CB=CF =C5=D3=CC=C9 =D0=CF=D3=D4=C1=D7=CC=C5=CE=CE=
=D9=CA
=C9=DA =D0=C1=CB=C5=D4=C1 =C6=C1=CA=CC =CE=C5 =D2=C5=C4=C1=CB=D4=C9=D2=CF=
=D7=C1=CC=D3=D1).

=F7 =C6=C1=CA=CC=C1=C8 /etc/httpd2/conf/sites-available/default_https{-co=
mpat,}.conf
=C4=CC=D1 SSLCertificateKeyFile =C9 SSLCertificateKeyFile =D3=CF=C8=D2=C1=
=CE=D1=C5=D4=D3=D1
=C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5 =D3=D4=C1=D2=D9=C8 =DA=CE=C1=DE=C5=
=CE=C9=CA:

# New certificate file
#SSLCertificateFile "/var/lib/ssl/certs/httpd2.cert"
# Old certificate file
SSLCertificateFile "/etc/httpd2/conf/ssl.crt/server.crt"
#SSLCertificateFile "/var/lib/ssl/certs/httpd2-dsa.cert"

=C9

# New certificate key file
#SSLCertificateKeyFile "/var/lib/ssl/private/httpd2.key"
# Old certificate key file
SSLCertificateKeyFile "/etc/httpd2/conf/ssl.key/server.key"
#SSLCertificateKeyFile "/var/lib/ssl/private/httpd2-dsa.key"

  =FA=C1 =D3=DE=A3=D4 =DC=D4=CF=C7=CF =D3=CF=C8=D2=C1=CE=D1=C5=D4=D3=D1 =C9=
=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5 =D3=D4=C1=D2=D9=C8 =CB=CC=C0=DE=C1 =C9=
 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=C1 (=C9
=CE=CF=D7=D9=C5 =D0=D2=C9 =DC=D4=CF=CD =CE=C5 =D3=CF=DA=C4=C1=C0=D4=D3=D1=
).

>=20
> #   Server Certificate Chain:
> #   Point SSLCertificateChainFile at a file containing the
> #   concatenation of PEM encoded CA certificates which form the
> #   certificate chain for the server certificate. Alternatively
> #   the referenced file can be the same as SSLCertificateFile
> #   when the CA certificates are directly appended to the server
> #   certificate for convinience.
> #SSLCertificateChainFile "/var/lib/ssl/certs/ca-root.pem"

#SSLCertificateChainFile "/var/lib/ssl/certs/ca-root.pem"

>=20
> #   Certificate Authority (CA):
> #   Set the CA certificate verification path where to find CA
> #   certificates for client authentication or alternatively one
> #   huge file containing all of them (file must be PEM encoded)
> #   Note: Inside SSLCACertificatePath you need hash symlinks
> #         to point to the certificate files. Use the provided
> #         Makefile to update the hash symlinks after changes.
> #SSLCACertificatePath "/var/lib/ssl/certs"
> #SSLCACertificateFile "/var/lib/ssl/certs/ca-root.pem"

#SSLCACertificatePath "/var/lib/ssl/certs"
#SSLCACertificateFile "/var/lib/ssl/certs/ca-root.pem"

>=20
> #   Certificate Revocation Lists (CRL):
> #   Set the CA revocation path where to find CA CRLs for client
> #   authentication or alternatively one huge file containing all
> #   of them (file must be PEM encoded)
> #   Note: Inside SSLCARevocationPath you need hash symlinks
> #         to point to the certificate files. Use the provided
> #         Makefile to update the hash symlinks after changes.
> #SSLCARevocationPath "/var/lib/ssl/certs"
> #SSLCARevocationFile "/var/lib/ssl/certs/ca-bundle.crl"

#SSLCARevocationPath "/var/lib/ssl/certs"
#SSLCARevocationFile "/var/lib/ssl/certs/ca-bundle.crl"

PS: =F7 =C2=D2=C1=CE=DE=C9 =C4=C1=CE=CE=D9=CA =D7=C1=D2=C9=C1=CE=D4 =CF=D4=
=D0=D2=C1=D7=CC=C0 =D0=D2=C9=CD=C5=D2=CE=CF =DE=C5=D2=C5=DA =CE=C5=C4=C5=CC=
=C0 (=C5=D3=CC=C9
=D0=D2=CF=C2=CC=C5=CD=D9 =CE=C5 =D7=D9=D0=CC=D9=D7=D5=D4).

--=20

=F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD. =E1=CC=C5=CB=D3=C5=CA.



--------------enigBD067649C575FD9F7D81F431
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJRA6v5AAoJEA9Eed/JIzr3eZQP/0rmyWGhl6ABXV7/lbE6tXkl
XiD1hh3iCsGSnI/F7l+mc0rwxcUMKKg/1kT7DxYBurXMTK7qIgKumieALfffgtMG
wRXGkrPv1+3SkYMj82I9GlrIzJwu4r24eo3EGU5JYy4S0I8kcjZcvjE10OoVMzQf
Ebbe9BOLzDx+gBul7aoQ1Z2nPbwaXSdC1AHRlXUv6YB9syRnlIkBKzpDQMSEWpeS
YGOgBIFSAtHTUwX77j4Vxoc0xxVQIW/QeDmgRsrXHBk5XNq7VMhIUFQAujOeZDfJ
c4ZyTkoX6whvXjfWUpVMB8CP/PidezCmBHNqGS80ZxQhzjTgin88pT+TBfCRAeWu
Wj7/a/8FdrwAAe73LTswVJNJq8sCMfvSN2Ro0MHZA/A7bsktgJKSHTKBgI/K5ZNZ
exnZvJ6fnA+nMRUq5/WFmu59LhLMTwOXMVOxb1sfdezBGYTiX7f2xLj+7MOi1JjB
qC0bckAtscK0yD9WuMvOG5r3W/HWiz2U4nUx5wE38g7FAfzzTUTAP7qipCkqUFhR
enpBPZx84e0S5C6FM9KcA3+vp1ZaYuOpD54wkH2ZJ1FmBaMxvNNDB+lROO88f+rM
cl+Hjprb4oMK+D/g3//+mJOpOVF4hr5gBJb+H+DHXVldkrKdltYS+85sEyf6kp8t
uP/Fkc9F2lhgD+w5eMLx
=NNYE
-----END PGP SIGNATURE-----

--------------enigBD067649C575FD9F7D81F431--