From be7cc5efd2c1ad8227794f77c27e3376f509ef4a Mon Sep 17 00:00:00 2001 From: Jakub Sławiński Date: Wed, 3 Oct 2007 23:32:17 +0200 Subject: v0.8.4 - Added (by Joshua Judson Rosen): certificate-based authentication --- doc/afclient.1 | 7 +++++-- doc/afclient.conf.5 | 7 +++++-- doc/afclient_example.conf | 1 + doc/afserver.1 | 12 +++++++++--- doc/afserver.conf.5 | 12 +++++++++--- doc/afserver_example.conf | 5 ++++- doc/en/README | 12 ++++++++++-- 7 files changed, 43 insertions(+), 13 deletions(-) (limited to 'doc') diff --git a/doc/afclient.1 b/doc/afclient.1 index 3e3bebf..677ec7a 100644 --- a/doc/afclient.1 +++ b/doc/afclient.1 @@ -1,4 +1,4 @@ -.TH afclient 1 "apf 0.8.3" Jeremian +.TH afclient 1 "apf 0.8.4" Jeremian .SH NAME afclient \- active port forwarder client .SH SYNOPSIS @@ -72,6 +72,9 @@ is running (required) .B -k, --keyfile FILE the name of the file with RSA key (default: client.rsa) +.B -c, --cerfile + the name of the file with certificate (default: no certificate used) + .B -f, --cfgfile FILE the name of the file with the configuration for the .I afclient @@ -334,7 +337,7 @@ Jeremian .SH CONTRIBUTIONS -Alex Dyatlov , Simon , Ilia Perevezentsev and Marco Solari +Alex Dyatlov , Simon , Ilia Perevezentsev , Marco Solari , and Joshua Judson Rosen .SH LICENSE diff --git a/doc/afclient.conf.5 b/doc/afclient.conf.5 index a343d11..4f8a5c6 100644 --- a/doc/afclient.conf.5 +++ b/doc/afclient.conf.5 @@ -1,4 +1,4 @@ -.TH afclient.conf 5 "apf 0.8.3" Jeremian +.TH afclient.conf 5 "apf 0.8.4" Jeremian .SH NAME afclient.conf \- Configuration File for afclient .SH INTRODUCTION @@ -67,6 +67,9 @@ is running .B keyfile FILE the name of the file with RSA key (default: client.rsa) +.B cerfile FILE + the name of the file with certificate (default: no certificate used) + .B storefile FILE the name of the file with stored public keys (default: known_hosts) @@ -142,7 +145,7 @@ Jeremian .SH CONTRIBUTIONS -Alex Dyatlov , Simon , Ilia Perevezentsev and Marco Solari +Alex Dyatlov , Simon , Ilia Perevezentsev , Marco Solari , and Joshua Judson Rosen .SH LICENSE diff --git a/doc/afclient_example.conf b/doc/afclient_example.conf index 45b2556..d336ce3 100644 --- a/doc/afclient_example.conf +++ b/doc/afclient_example.conf @@ -15,6 +15,7 @@ #ignorepkeys #ignore invalid server's public keys #keyfile client.rsa #the name of the file with RSA key (default: client.rsa) +#cerfile filename #the name of the file with certificate (default: no certificate used) #storefile known_hosts #the name of the file with stored public keys (default: known_hosts) #dateformat %Y-%m-%d %H:%M:%S #format of the date printed in logs (default: %Y-%m-%d %H:%M:%S) #keep-alive 15 #send keepalive packets every N seconds (default: not send keepalive packets) diff --git a/doc/afserver.1 b/doc/afserver.1 index 3e41af3..887d79b 100644 --- a/doc/afserver.1 +++ b/doc/afserver.1 @@ -1,4 +1,4 @@ -.TH afserver 1 "apf 0.8.3" Jeremian +.TH afserver 1 "apf 0.8.4" Jeremian .SH NAME afserver \- active port forwarder server .SH SYNOPSIS @@ -51,7 +51,13 @@ connects to it (default: 50126) .I Configuration .B -c, --cerfile FILE - the name of the file with certificate (default: cacert.pem) + the name of the file with certificate (default: server-cert.pem) + +.B -A, --cacerfile FILE + the name of the file with CA certificates (if used, require clients to have valid certificates) + +.B -d, --cerdepth + the maximum depth of valid certificate-chains .B -k, --keyfile FILE the name of the file with RSA key (default: server.rsa) @@ -236,7 +242,7 @@ Jeremian .SH CONTRIBUTIONS -Alex Dyatlov , Simon , Ilia Perevezentsev and Marco Solari +Alex Dyatlov , Simon , Ilia Perevezentsev Marco Solari , and Joshua Judson Rosen .SH LICENSE diff --git a/doc/afserver.conf.5 b/doc/afserver.conf.5 index 36f8fca..c62e105 100644 --- a/doc/afserver.conf.5 +++ b/doc/afserver.conf.5 @@ -1,4 +1,4 @@ -.TH afserver.conf 5 "apf 0.8.3" Jeremian +.TH afserver.conf 5 "apf 0.8.4" Jeremian .SH NAME afserver.conf \- Configuration File for afserver .SH INTRODUCTION @@ -35,7 +35,13 @@ commands. .SH "GLOBAL OPTIONS" .B cerfile FILE - the name of the file with certificate (default: cacert.pem) + the name of the file with certificate (default: server-cert.pem) + +.B cacerfile FILE + the name of the file with CA certificates (if used, require clients to have valid certificates) + +.B cerdepth N + the maximum depth of valid certificate-chains .B keyfile FILE the name of the file with RSA key (default: server.rsa) @@ -125,7 +131,7 @@ Jeremian .SH CONTRIBUTIONS -Alex Dyatlov , Simon , Ilia Perevezentsev and Marco Solari +Alex Dyatlov , Simon , Ilia Perevezentsev , Marco Solari , and Joshua Judson Rosen .SH LICENSE diff --git a/doc/afserver_example.conf b/doc/afserver_example.conf index a11f5c1..8bdafa6 100644 --- a/doc/afserver_example.conf +++ b/doc/afserver_example.conf @@ -1,7 +1,7 @@ # This is an example configuration file for active port forwarder (server) # Firstly, we have to declare our files with key and certificate -cerfile cacert.pem +cerfile server-cert.pem # Please note, that we can place only blank characters between words @@ -47,6 +47,9 @@ manageport 50126 #portnumber on which server is listening for afclient #ipv4 #use ipv4 only #ipv6 #use ipv6 only #enableproxy #enable http proxy mode +#cacerfile filename #the name of the file with CA certificates + # (if used, require clients to have valid certificates) +#cerdepth #the maximum depth of valid certificate-chains # and now the second realm diff --git a/doc/en/README b/doc/en/README index 11b080e..e9f5b20 100644 --- a/doc/en/README +++ b/doc/en/README @@ -1,4 +1,4 @@ -AF - Active Port Forwarder 0.8.3 - README +AF - Active Port Forwarder 0.8.4 - README Copyright (C) 2003-2007 jeremian - ================================================================= @@ -130,7 +130,10 @@ Multiple clients allow to create more sophisticated tunneling scheme. Configuration: -c, --cerfile - the name of the file with certificate - (default: cacert.pem) + (default: server-cert.pem) + -A, --cacerfile - the name of the file with CA certificates + (if used, require clients to have valid certificates) + -d, --cerdepth - the maximum depth of valid certificate-chains -k, --keyfile - the name of the file with RSA key (default: server.rsa) -f, --cfgfile - the name of the file with the configuration for the active forwarder (server) @@ -211,6 +214,8 @@ Multiple clients allow to create more sophisticated tunneling scheme. Configuration: -k, --keyfile - the name of the file with RSA key (default: client.rsa) + -c, --cerfile - the name of the file with certificate + (default: no certificate used) -f, --cfgfile - the name of the file with the configuration for the active forwarder (client) -s, --storefile - the name of the file with stored public keys @@ -662,6 +667,9 @@ README file. Thanks to Marco Solari for a lot of requests, suggestions and ideas. + Thanks to Joshua Judson Rosen for the patch adding +certificate-based authentication to the APF. + And thanks for using this software! LICENSE -- cgit v1.1