/[pdpsoft]/nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example
ViewVC logotype

Diff of /nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

trunk/fetchcrl/fetch-crl.cnf.example revision 1878 by davidg, Tue Aug 10 07:03:43 2010 UTC nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example revision 2803 by davidg, Tue Nov 10 15:46:54 2015 UTC
# Line 6  Line 6 
6  # use SEMICOLON (;) or \001 (^A) as list separators in values  # use SEMICOLON (;) or \001 (^A) as list separators in values
7  #  #
8  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
9    # cfgdir sets the directory where subordinate configuration files are
10    # found. These files are read in addition to the main config file.
11    # The default directory is /etc/fetch-crl.d/ and is used by default, so
12    # to suppress this behaviour set this to the empty value ""
13    #
14    # cfgdir = /etc/fetch-crl.d
15    #
16    # ---------------------------------------------------------------------------
17  # infoset set the location where the meta-data files (.info or .crl_url)  # infoset set the location where the meta-data files (.info or .crl_url)
18  # are help by default. All trust anchors listed there are processes, so  # are help by default. All trust anchors listed there are processes, so
19  # to suppress this behaviour set this to the empty value ""  # to suppress this behaviour set this to the empty value ""
# Line 93  Line 101 
101  #  #
102  # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@  # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@
103  #  #
104    # When @HASH@ (c_hash from default OpenSSL version as based on the retrieved
105    # CRL) is used in this template list, a CRL will *always* be retrieved first,
106    # even if no corresponding trust anchor is found later. Use of @HASH@ is
107    # only recommended in case the name of the crl_url or info file is different
108    # from the name of the trust anchor.
109    #
110    # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@; @HASH@.0
111    #
112  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
113  # opensslmode is used if the openssl format for output is specified and also  # opensslmode is used if the openssl format for output is specified and also
114  # OpenSSL version 1.0.0 or higher are used. If so, you can have the CRL data  # OpenSSL version 1.0.0 or higher are used. If so, you can have the CRL data
# Line 111  Line 127 
127  # nonssverify  # nonssverify
128  #  #
129  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
130    # use up to <parallelism> thread in parallel to retrieve and install CRLs
131    # This feature is likely NOT COMPATIBLE with the use of NSS databases for
132    # CRLs, due to thread contention issues
133    #
134    # parallelism = 5
135    #
136    # ---------------------------------------------------------------------------
137  # wait up to <randomwait> seconds before doing anything at all  # wait up to <randomwait> seconds before doing anything at all
138  # useful for randoming the start time and download from cron across the world  # useful for randoming the start time and download from cron across the world
139  #  #
# Line 148  Line 171 
171  #  #
172  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
173  # noerrors suppresses the pritning and logging or any and all errors (but  # noerrors suppresses the pritning and logging or any and all errors (but
174  # not warnings or verbose messages)  # not warnings or verbose messages). It also suppresses retrieval errors.
175  #  #
176  # noerrors  # noerrors
177  #  #
178  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
179    # rcmode determines if the return code of fetch-crl will be influenced by
180    # CRL retrieval errors. If rcmode is "normal" (default), any reported errors
181    # will cause the return exit status to be "1".
182    #  normal             - both retrieval and other errors set exit code 1
183    #  differentiated     - retrieval errors result in exit code 2, presence
184    #                       of any other reported errors result in exit 1
185    #  noretrievalerrors  - retrieval errors only results in exit code 0, presence
186    #                       of any other reported errors result in exit 1
187    # Note that setting "noerrors" will suppress retrieval errors entirely!
188    #
189    # rcmode = normal
190    #
191    # ---------------------------------------------------------------------------
192    # noquiet ignores a single "-q" option on the commandline and honours the
193    # verbosity set here even if -q is specified. To counter this setting, give
194    # at least two (2) "-q" arguments
195    #
196    # noquiet
197    #
198    # ---------------------------------------------------------------------------
199  # agingtolerance sets the time in hours before retrieval warnings become  # agingtolerance sets the time in hours before retrieval warnings become
200  # errors for a CRL retrieval. If you also suppress warnings, you will  # errors for a CRL retrieval. If you also suppress warnings, you will
201  # prevent any annoying messages for a trust anchor for up to <hrs> hours.  # prevent any annoying messages for a trust anchor for up to <hrs> hours.
# Line 162  Line 205 
205  # agingtolerance = 24  # agingtolerance = 24
206  #  #
207  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
208    # cache_control_request sends a cache-control max-age hint towards the
209    # server in the HTTP request, that suggests to intermediate caches and
210    # reverse proxies to cache CRL replies no longer than the specified time
211    # This control is a hint towards caching servers and CDNs and cannot be
212    # enforced. It does NOT affect the cache local to fetch-crl
213    # Default is unset, and no Cache-control header will be sent unless this
214    # config option is specified
215    #
216    # cache_control_request = 3600
217    #
218    # ---------------------------------------------------------------------------
219  # prepend_url URLs are tried first before using any URLs form the crl_url  # prepend_url URLs are tried first before using any URLs form the crl_url
220  # file or the .info crl_url (crl_url.0) fields  # file or the .info crl_url (crl_url.0) fields
221  #  #
# Line 196  Line 250 
250  # stateless  # stateless
251  #  #
252  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
253    # By default, the perl LWP library does not use IPv6 network sockets. The
254    # perl module Net::INET6GLUE::INET6_as_INET can mitigate this behaviour
255    # by re-mapping all INET socket calls to INET6 socket calls. If you have
256    # the Net::INET6Glue module installed, you may enable this flag in the
257    # cofiguration. Note: the Net::INET6Glue module MUST be installed for this
258    # flag to work. Installation of this module is options and it does not
259    # ship by default with fetch-crl3. You can obtain this module from CPAN.
260    #
261    # inet6glue
262    #
263    # ---------------------------------------------------------------------------
264  # override version or packager to influence the User-Agent header in http  # override version or packager to influence the User-Agent header in http
265  # requests. But please leave them alone  # requests. But please leave them alone
266  # version = 3.0  # version = 3.0

Legend:
Removed from v.1878  
changed lines
  Added in v.2803

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28