reformat configuration file

2024-06-01 08:38:07 +02:00 · 2016-09-10 00:50:24 +02:00 · 2016-09-10 00:50:24 +02:00 · 39269e31bc
commit 39269e31bc
parent 2bb8a4cf1c
1 changed files with 46 additions and 54 deletions
--- a/conf/uts-server.cnf
+++ b/conf/uts-server.cnf
@ -1,18 +1,19 @@
 # Section for declaring OID mapping. Just add <name> = <OID> pairs
 [ oids ]
 # Policies used by the TSA examples.
 tsa_policy1 = 1.2.3.4.1
 tsa_policy2 = 1.2.3.4.5.6
 tsa_policy3 = 1.2.3.4.5.7
 # Main configuration section (mostly http configuration).
 [ main ]
 # Comma-separated list of ips:ports to listen on.
 # If the port is SSL, a letter s must be appended.
-# ex: listening_ports = 80,443s
+# Ex: listening_ports = 80,443s
 listening_ports = 127.0.0.1:2020
-# Allows clients to reuse TCP connection for subsequent 
+# Allows clients to reuse TCP connection for subsequent
 # HTTP requests, which improves performance.
 enable_keep_alive = no
@ -21,26 +22,28 @@ num_threads = 50
 # Switch to given user credentials after startup.
 # Required to run on privileged ports and not be run as root.
-# run_as_user = uts-server
+#run_as_user = uts-server
 # Limit download speed for clients. throttle is a comma-separated list of key=value pairs:
-# *                   limit speed for all connections
+#
-# x.x.x.x/mask        limit speed for specified subnet
+# *            -> limit speed for all connections
 # x.x.x.x/mask ->  limit speed for specified subnet
 #
 # The value is a floating-point number of bytes per second, optionally followed by a k or m character
-# meaning kilobytes and megabytes respectively. A limit of 0 means unlimited rate
+# meaning kilobytes and megabytes respectively. A limit of 0 means unlimited rate.
-# ex: throttle = *=1k,10.10.0.0/16=10m,10.20.0.0/16=0
+# Ex: throttle = *=1k,10.10.0.0/16=10m,10.20.0.0/16=0
 throttle = *=0
 # Timeout for network read and network write operations, in milliseconds.
 request_timeout_ms = 30000
-# Path to the SSL certificate file. (PEM format containing private key and certificate)
+# Path to the SSL certificate file. (PEM format containing private key and certificate).
 #ssl_certificate = /etc/uts-server/cert.pem
 # Enable client's certificate verification by the server.
 #ssl_verify_peer = yes
-# Name of a directory containing trusted CA certificates
+# Name of a directory containing trusted CA certificates.
 #ssl_ca_path = /etc/ssl/ca/
 # Path to a .pem file containing trusted certificates. The file may contain more than one certificate.
@ -53,7 +56,7 @@ request_timeout_ms = 30000
 # Loads default trusted certificates locations set at openssl compile time.
 #ssl_default_verify_paths = yes
-# see https://www.openssl.org/docs/manmaster/apps/ciphers.html for more detailed
+# See https://www.openssl.org/docs/manmaster/apps/ciphers.html for more detailed
 #ssl_cipher_list = ALL:!eNULL
 # Sets the minimal accepted version of SSL/TLS protocol according to the table:
@ -67,72 +70,61 @@ request_timeout_ms = 30000
 # Enables the use of short lived certificates
 #ssl_short_trust = no
-# comma separated list of IP subnets to accept/deny
+# Comma separated list of IP subnets to accept/deny
-# deny all accesses, only allow 192.168/16 subnet
+#
 # Ex: -0.0.0.0/0,+192.168.0.0/16 (deny all accesses, only allow 192.168.0.0/16 subnet)
 #access_control_allow_origin = -0.0.0.0/0,+192.168/16
 # Enable TCP_NODELAY socket option on client connections.
 tcp_nodelay = 0
-# loglevel
+# Loglevel (debug, info, notice, warn, err, emerg, crit)
 # debug, info, notice, warn, err, emerg, crit
 log_level = info
-####################################################################
+# Section defining which TSA section to use.
 [ tsa ]
-# The default TSA section.
+# Name of the default TSA section.
 default_tsa = tsa_config1
 # Example of timestamp section configuration.
 [ tsa_config1 ]
-# These are used by the TSA reply generation only.
+# TSA root directory.
 dir = /etc/uts-server/pki
-# TSA root directory
+# OpenSSL engine to use for signing.
 dir		= /etc/uts-server/pki
 # OpenSSL engine to use for signing
 #crypto_device	= builtin
-# The TSA signing certificat
+# The TSA signing certificat. (optional)
-# (optional)
+signer_cert = $dir/tsacert.pem
 signer_cert	= $dir/tsacert.pem
-# Certificate chain to include in reply
+# Certificate chain to include in reply. (optional)
-# (optional)
+certs = $dir/cacert.pem
 certs		= $dir/cacert.pem
-# The TSA private key
+# The TSA private key. (optional)
-# (optional)
+signer_key = $dir/private/tsakey.pem
 signer_key	= $dir/private/tsakey.pem
-# Policy if request did not specify it
+# Policy if request did not specify it. (optional)
-# (optional)
+default_policy = tsa_policy1
 default_policy	= tsa_policy1
-# Acceptable policies
+# Acceptable policies. (optional)
-# (optional)
+other_policies = tsa_policy2, tsa_policy3
 other_policies	= tsa_policy2, tsa_policy3
-# Acceptable message digests
+# Acceptable message digests. (mandatory)
-# (mandatory)
+digests = md5, sha1
 digests		= md5, sha1
-# (optional)
+# Timestamp accuracy. (optional)
-accuracy	= secs:1, millisecs:500, microsecs:100
+accuracy = secs:1, millisecs:500, microsecs:100
-# Number of digits after dot.
+# Number of decimals for timestamp. (optional)
-# (optional)
+clock_precision_digits = 0
 clock_precision_digits  = 0
-# Is ordering defined for timestamps?
+# Is ordering defined for timestamps? (optional, default: no)
-# (optional, default: no)
+ordering = yes
 ordering		= yes
-# Must the TSA name be included in the reply?
+# Must the TSA name be included in the reply? (optional, default: no)
-# (optional, default: no)
+tsa_name = yes
 tsa_name		= yes
-# Must the ESS cert id chain be included?
+# Must the ESS cert id chain be included? (optional, default: no)
-# (optional, default: no)
+ess_cert_id_chain = no
 ess_cert_id_chain	= no