/[pdpsoft]/nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example
ViewVC logotype

Diff of /nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

trunk/fetchcrl/fetch-crl.cnf.example revision 2202 by davidg, Tue Feb 22 07:55:17 2011 UTC nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example revision 3275 by davidg, Thu Jan 16 20:33:09 2020 UTC
# Line 101  Line 101 
101  #  #
102  # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@  # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@
103  #  #
104    # When @HASH@ (c_hash from default OpenSSL version as based on the retrieved
105    # CRL) is used in this template list, a CRL will *always* be retrieved first,
106    # even if no corresponding trust anchor is found later. Use of @HASH@ is
107    # only recommended in case the name of the crl_url or info file is different
108    # from the name of the trust anchor.
109    #
110    # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@; @HASH@.0
111    #
112  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
113  # opensslmode is used if the openssl format for output is specified and also  # opensslmode is used if the openssl format for output is specified and also
114  # OpenSSL version 1.0.0 or higher are used. If so, you can have the CRL data  # OpenSSL version 1.0.0 or higher are used. If so, you can have the CRL data
# Line 163  Line 171 
171  #  #
172  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
173  # noerrors suppresses the pritning and logging or any and all errors (but  # noerrors suppresses the pritning and logging or any and all errors (but
174  # not warnings or verbose messages)  # not warnings or verbose messages). It also suppresses retrieval errors.
175  #  #
176  # noerrors  # noerrors
177  #  #
178  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
179    # rcmode determines if the return code of fetch-crl will be influenced by
180    # CRL retrieval errors. If rcmode is "normal" (default), any reported errors
181    # will cause the return exit status to be "1".
182    #  normal             - both retrieval and other errors set exit code 1
183    #  differentiated     - retrieval errors result in exit code 2, presence
184    #                       of any other reported errors result in exit 1
185    #  noretrievalerrors  - retrieval errors only results in exit code 0, presence
186    #                       of any other reported errors result in exit 1
187    # Note that setting "noerrors" will suppress retrieval errors entirely!
188    #
189    # rcmode = normal
190    #
191    # ---------------------------------------------------------------------------
192    # noquiet ignores a single "-q" option on the commandline and honours the
193    # verbosity set here even if -q is specified. To counter this setting, give
194    # at least two (2) "-q" arguments
195    #
196    # noquiet
197    #
198    # ---------------------------------------------------------------------------
199  # agingtolerance sets the time in hours before retrieval warnings become  # agingtolerance sets the time in hours before retrieval warnings become
200  # errors for a CRL retrieval. If you also suppress warnings, you will  # errors for a CRL retrieval. If you also suppress warnings, you will
201  # prevent any annoying messages for a trust anchor for up to <hrs> hours.  # prevent any annoying messages for a trust anchor for up to <hrs> hours.
# Line 177  Line 205 
205  # agingtolerance = 24  # agingtolerance = 24
206  #  #
207  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
208    # cache_control_request sends a cache-control max-age hint towards the
209    # server in the HTTP request, that suggests to intermediate caches and
210    # reverse proxies to cache CRL replies no longer than the specified time
211    # This control is a hint towards caching servers and CDNs and cannot be
212    # enforced. It does NOT affect the cache local to fetch-crl
213    # Default is unset, and no Cache-control header will be sent unless this
214    # config option is specified
215    #
216    # cache_control_request = 3600
217    #
218    # ---------------------------------------------------------------------------
219  # prepend_url URLs are tried first before using any URLs form the crl_url  # prepend_url URLs are tried first before using any URLs form the crl_url
220  # file or the .info crl_url (crl_url.0) fields  # file or the .info crl_url (crl_url.0) fields
221  #  #
# Line 211  Line 250 
250  # stateless  # stateless
251  #  #
252  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
253    # By default, the perl LWP library does not use IPv6 network sockets. The
254    # perl module Net::INET6GLUE::INET6_as_INET can mitigate this behaviour
255    # by re-mapping all INET socket calls to INET6 socket calls. If you have
256    # the Net::INET6Glue module installed, you may enable this flag in the
257    # cofiguration. Note: the Net::INET6Glue module MUST be installed for this
258    # flag to work. Installation of this module is options and it does not
259    # ship by default with fetch-crl3. You can obtain this module from CPAN.
260    #
261    # inet6glue
262    #
263    # ---------------------------------------------------------------------------
264    # To run a script after the completion of every fetch-crl run, set this
265    # path to point to an executable. The named program will be invoked
266    # with the following arguments
267    #   "v1" "global" <infodir-path> <cadir-path> <output-path>
268    # - return code of the program will influence return status of fetch-crl
269    # - this must be a program path - no arguments are allowed here. Use wrapping
270    #   in a script if you must pass your own arguments as well
271    #
272    # postexec = <path>
273    #
274    # ---------------------------------------------------------------------------
275    # override the UserAgent string used for all downloads. This may be needed
276    # if you hit an over-active firewall or proxy in your network path that
277    # blocks apparent libwww-perl user agents. Can also be set per trust anchor
278    #
279    # user_agent = <string>
280    #
281    # ---------------------------------------------------------------------------
282  # override version or packager to influence the User-Agent header in http  # override version or packager to influence the User-Agent header in http
283  # requests. But please leave them alone  # requests. But please leave them alone
284  # version = 3.0  # version = 3.0
# Line 259  Line 327 
327  #nosymlinks  #nosymlinks
328  #  #
329  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
330    # To run a script after the successful completion of each CRL retrieval set
331    # path to point to an executable. The named program will be invoked
332    # with the following arguments
333    #   "v1" "ta" <ta-alias> <infofilename> <cadir-path> <output-path>
334    # - return code of the program will influence return status of fetch-crl
335    # - program may run IN PARALLEL, so should be written to permit concurrent
336    #   execution
337    # - this must be a program path - no arguments are allowed here. Use wrapping
338    #   in a script if you must pass your own arguments as well
339    #
340    # postexec = <path>
341    #
342    # ---------------------------------------------------------------------------
343  # You can also (un) set the following on a per-trust anchor basis:  # You can also (un) set the following on a per-trust anchor basis:
344  #  #
345  # (no)prepend_url (no)postpend_url (no)http_proxy (no)statedir  --  # (no)prepend_url (no)postpend_url (no)http_proxy (no)statedir  --
# Line 268  Line 349 
349  #         override a global setting (no value possible)  #         override a global setting (no value possible)
350  #  #
351  # agingtolerance httptimeout nametemplate_der nametemplate_pem  # agingtolerance httptimeout nametemplate_der nametemplate_pem
352  # cadir catemplate  # cadir catemplate user_agent
353  #         set these to a local value (but they cannot be unset)  #         set these to a local value (but they cannot be unset)
354  #  #
355  #  #

Legend:
Removed from v.2202  
changed lines
  Added in v.3275

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28