Merging upstream version 2.4.59.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

2 files changed, 16 insertions, 16 deletions

diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index 5d6b416..ee92ffb 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -1896,7 +1896,8 @@ SSLProxyCACertificateFile</a></code>.</p>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>The proxy section context is allowed in httpd 2.4.30 and later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>The proxy section context is allowed in httpd 2.4.30 and later<br />
+Inclusion of non-leaf (CA) certificates is permitted only in httpd 2.4.59 and later.</td></tr>
 </table>
 <p>
 This directive sets the all-in-one file where you keep the certificates and
@@ -1905,13 +1906,10 @@ keys used for authentication of the proxy server to remote servers.
 <p>
 This referenced file is simply the concatenation of the various
 PEM-encoded certificate files. Use this directive alternatively or
-additionally to <code>SSLProxyMachineCertificatePath</code>.  The
-referenced file can contain any number of pairs of client certificate
-and associated private key.  Each pair can be specified in either
-(certificate, key) or (key, certificate) order.  If the file includes
-any non-leaf certificate, or any unmatched key and certificate pair, a
-configuration error will be issued at startup.
-</p>
+additionally to <code>SSLProxyMachineCertificatePath</code>.  The referenced file can contain any number of pairs of client
+certificate and associated private key.  Each pair can be specified in
+either (certificate, key) or (key, certificate) order.  Non-leaf (CA) certificates can
+also be included in the file, and are treated as if configured with  <code class="directive"><a href="#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile</a></code>.</p>
 
 <p>When challenged to provide a client certificate by a remote server,
 the server should provide a list of <em>acceptable certificate
@@ -1922,7 +1920,7 @@ client cert/key.  If a list of CA names <em>is</em> provided,
 to find a configured client cert which was issued either directly by
 that CA, or indirectly via any number of intermediary CA certificates.
 The chain of intermediate CA certificates can be built from those
-configured with <code class="directive"><a href="#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile</a></code>.  The
+included in the file, or configured with <code class="directive"><a href="#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile</a></code>.  The
 first configured matching certificate will then be supplied in
 response to the challenge.</p>
 
@@ -2879,7 +2877,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_ssl.html';
     }
 })(window, document);
 //--><!]]></script></div><div id="footer">
-<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2024 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
 if (typeof(prettyPrint) !== 'undefined') {
     prettyPrint();
diff --git a/docs/manual/mod/mod_ssl.html.fr.utf8 b/docs/manual/mod/mod_ssl.html.fr.utf8
index bd8aa04..8f3a9b6 100644
--- a/docs/manual/mod/mod_ssl.html.fr.utf8
+++ b/docs/manual/mod/mod_ssl.html.fr.utf8
@@ -2124,8 +2124,10 @@ clients codés en PEM que le mandataire doit utiliser</td></tr>
 <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration globale, serveur virtuel, section proxy</td></tr>
 <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Le contexte d'une section proxy est supporté à partir de la
-version 2.4.30 du serveur HTTP Apache</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Le contexte d'une section proxy est pris en charge à partir de la
+version 2.4.30 du serveur HTTP Apache<br />
+L'inclusion de certificats non-feuilles (CA) est prise en charge à partir de la
+version 2.4.59.</td></tr>
 </table>
 <p>
 Cette directive permet de définir le fichier tout-en-un où sont stockés
@@ -2139,8 +2141,8 @@ de la directive <code>SSLProxyMachineCertificatePath</code>. Le fichier spécifi
 peut contenir un nombre quelconque de paires certificat client/clé privée
 associée, et chaque paire peut être spécifiée selon l'ordre (certificat, clé) ou
 (clé, certificat). Des certificats non-feuilles (CA) peuvent aussi être inclus
-dans le fichier et sont traités comme s'ils avaient été définis via la directive
-<code class="directive"><a href="#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile</a></code>.
+dans le fichier et sont traités comme s'ils avaient été définis à l'aide de la
+directive <code class="directive"><a href="#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile</a></code>.
 </p>
 
 <p>Lorsqu'un serveur distant sollicite le serveur pour obtenir un certificat
@@ -2154,7 +2156,7 @@ considérée, soit indirectement via un nombre quelconque de certificats d'autor
 certification intermédiaires. La chaîne de certificats d'autorités de
 certification intermédiaires peut être construite à partir de ceux qui sont
 inclus dans le fichier ou configurés
-via la directive <code class="directive"><a href="#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile</a></code>. Le premier
+à l'aide de la directive <code class="directive"><a href="#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile</a></code>. Le premier
 certificat défini correspondant sera alors fourni comme réponse au cours de la
 négociation</p>
 
@@ -3189,7 +3191,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_ssl.html';
     }
 })(window, document);
 //--><!]]></script></div><div id="footer">
-<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2024 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
 if (typeof(prettyPrint) !== 'undefined') {
     prettyPrint();