Regenerate docs.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930727 13f79535-47bb-0310-9956-ffa450edef68

Author: notroj

docs/manual/mod/directives.html.en.utf8

@@ -481,6 +481,7 @@
 <li><a href="mpm_netware.html#maxthreads">MaxThreads</a></li>
 <li><a href="mod_md.html#mdactivationdelay">MDActivationDelay</a></li>
 <li><a href="mod_md.html#mdbaseserver">MDBaseServer</a></li>
+<li><a href="mod_md.html#mdcacertificatefile">MDCACertificateFile</a></li>
 <li><a href="mod_md.html#mdcachallenges">MDCAChallenges</a></li>
 <li><a href="mod_md.html#mdcertificateagreement">MDCertificateAgreement</a></li>
 <li><a href="mod_md.html#mdcertificateauthority">MDCertificateAuthority</a></li>
@@ -497,6 +498,7 @@
 <li><a href="mod_md.html#mddrivemode">MDDriveMode</a></li>
 <li><a href="mod_md.html#mdexternalaccountbinding">MDExternalAccountBinding</a></li>
 <li><a href="mod_md.html#mdhttpproxy">MDHttpProxy</a></li>
+<li><a href="mod_md.html#mdinitialdelay">MDInitialDelay</a></li>
 <li><a href="mod_md.html#mdmatchnames">MDMatchNames</a></li>
 <li><a href="mod_md.html#mdmember">MDMember</a></li>
 <li><a href="mod_md.html#mdmembers">MDMembers</a></li>

docs/manual/mod/mod_md.html.en.utf8

@@ -288,6 +288,7 @@
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#mdactivationdelay">MDActivationDelay</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdbaseserver">MDBaseServer</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdcacertificatefile">MDCACertificateFile</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdcachallenges">MDCAChallenges</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdcertificateagreement">MDCertificateAgreement</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdcertificateauthority">MDCertificateAuthority</a></li>
@@ -304,6 +305,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#mddrivemode">MDDriveMode</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdexternalaccountbinding">MDExternalAccountBinding</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdhttpproxy">MDHttpProxy</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdinitialdelay">MDInitialDelay</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdmatchnames">MDMatchNames</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdmember">MDMember</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mdmembers">MDMembers</a></li>
@@ -366,6 +368,27 @@
             for all managed domains and do not rely on the global, fallback server configuration.
             </p>
 
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MDCACertificateFile" id="MDCACertificateFile">MDCACertificateFile</a> <a name="mdcacertificatefile" id="mdcacertificatefile">Directive</a> <a title="Permanent link" href="#mdcacertificatefile" class="permalink">&para;</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File containing x509 trust anchors to verify ACME servers.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDCACertificateFile <var>file</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCACertificateFile none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+                This is mainly used in test setups where the module needs to
+                connect to a test ACME server that has its own root certificate.
+                People who run an enterprise wide internal CA can use this when
+                they run their own ACME servers.
+            </p>
+            <p>
+                Use "none" as path to disable explicitly.
+            </p>
+        
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="MDCAChallenges" id="MDCAChallenges">MDCAChallenges</a> <a name="mdcachallenges" id="mdcachallenges">Directive</a> <a title="Permanent link" href="#mdcachallenges" class="permalink">&para;</a></h2>
@@ -756,6 +779,23 @@
             if your webserver can only reach the internet with a forward proxy.
             </p>
 
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MDInitialDelay" id="MDInitialDelay">MDInitialDelay</a> <a name="mdinitialdelay" id="mdinitialdelay">Directive</a> <a title="Permanent link" href="#mdinitialdelay" class="permalink">&para;</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>How long to delay the first certificate check.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDInitialDelay <var>duration</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDInitialDelay 0s</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.66 and later</td></tr>
+</table>
+            <p>
+                The amount of time to wait after the server start to check
+                renewals of certificates. By default this occurs right away.
+            </p>
+        
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="MDMatchNames" id="MDMatchNames">MDMatchNames</a> <a name="mdmatchnames" id="mdmatchnames">Directive</a> <a title="Permanent link" href="#mdmatchnames" class="permalink">&para;</a></h2>

docs/manual/mod/mod_ssl.html.en.utf8

@@ -3045,8 +3045,8 @@ known to the server (i.e. the CA's certificate is under
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.5 and later</td></tr>
-</table><p>This directive sets policy applied when checking whether the
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.4.66 and later</td></tr>
+</table><p>This directive sets the policy applied when checking whether the
 <code class="directive"><a href="../mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>
 identified by the <code>Host</code> request header in an HTTP request
 is compatible with the <code class="directive"><a href="../mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code> identified from the SNI
@@ -3055,6 +3055,12 @@ request is associated with a virtual host which has an incompatible
 SSL/TLS configuration under the policy used, an HTTP error response
 with status code 421 ("Misdirected Request") will be sent.</p>
 
+<p>The policy also applies to TLS connections where an SNI extension
+is not sent during the handshake, implicitly using the default or
+first virtual host definition. If the Host header in an HTTP request
+on such a connection identifies any other non-default virtual host,
+the compatibility policy is tested.</p>
+
 <p>The <code>strict</code> policy blocks all HTTP requests which are
 identified with a different virtual host to that identifed by SNI.
 The <code>insecure</code> policy allows all HTTP requests regardless
@@ -3064,43 +3070,43 @@ of virtual host identified; such a configuration may be vulnerable to
 
 <p>The (default) <code>secure</code>, and <code>authonly</code>
 policies compare specific aspects of the SSL configuration for the two
-virtual hosts, which are grouped into two categories:
+virtual hosts, which are grouped into two categories:</p>
 
 <ul>
-  <li><strong>client vertification and authentication
-  settings</strong>: directives which affect TLS client certificate
-  verification or authentication, such as <code class="directive"><a href="#sslverifyclient">SSLVerifyClient</a></code>, <code class="directive"><a href="#sslverifymode">SSLVerifyMode</a></code>, <code class="directive"><a href="#sslcacertificatepath">SSLCACertificatePath</a></code>, <code class="directive"><a href="#sslsrpverifierfile">SSLSRPVerifierFile</a></code>; any use of <code class="directive"><a href="#sslopensslconfcmd">SSLOpenSSLConfCmd</a></code></li>
-
   <li><strong>server certificate/key, or protocol/cipher
   restrictions</strong>: directives which determine the server
   certificate or key (<code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code> etc), cipher or
   protocol restrictions (<code class="directive"><a href="#sslciphersuite">SSLCipherSuite</a></code> and <code class="directive"><a href="#sslprotocol">SSLProtocol</a></code>)</li>
+
+  <li><strong>client vertification and authentication
+  settings</strong>: directives which affect TLS client certificate
+  verification or authentication, such as <code class="directive"><a href="#sslverifyclient">SSLVerifyClient</a></code>, <code class="directive"><a href="#sslverifymode">SSLVerifyMode</a></code>, <code class="directive"><a href="#sslcacertificatepath">SSLCACertificatePath</a></code>, <code class="directive"><a href="#sslsrpverifierfile">SSLSRPVerifierFile</a></code>; any use of <code class="directive"><a href="#sslopensslconfcmd">SSLOpenSSLConfCmd</a></code></li>
 </ul>
 
-This table illustrates whether an HTTP request will be blocked or
+<p>This table illustrates whether an HTTP request will be blocked or
 allowed when the virtual host configurations differ as described,
-under each different policy setting:
+under each different policy setting:</p>
 
 <table class="bordered"><tr class="header">
   <th>Policy mode</th>
   <th>Any VirtualHost mismatch</th>
-  <th>Client verification/<br />authentication settings</th>
   <th>Server certificate/key, <br />or protocol/cipher restrictions</th>
+  <th>Client verification/<br />authentication settings</th>
 </tr>
 <tr>
-  <td><code>strict</code><td>blocked</td><td>blocked</td><td>blocked</td></td>
+  <td><code>strict</code></td><td>blocked</td><td>blocked</td><td>blocked</td>
 </tr>
 <tr class="odd">
-  <td><code>secure</code><td>allowed</td><td>blocked</td><td>blocked</td></td>
+  <td><code>secure</code></td><td>allowed</td><td>blocked</td><td>blocked</td>
 </tr>
 <tr>
-  <td><code>authonly</code><td>allowed</td><td>blocked</td><td>allowed</td></td>
+  <td><code>authonly</code></td><td>allowed</td><td>allowed</td><td>blocked</td>
 </tr>
 <tr class="odd">
-  <td><code>insecure</code><td>allowed</td><td>allowed</td><td>allowed</td></td>
+  <td><code>insecure</code></td><td>allowed</td><td>allowed</td><td>allowed</td>
 </tr>
 </table>
-</p>
+
 <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLVHostSNIPolicy authonly</pre>
 </div>