[svnbook] r5756 committed - branches/1.8/zh/book/ ch06-server-configuration.xml
wuzhouhui at users.sourceforge.net
wuzhouhui at users.sourceforge.net
Fri Aug 24 09:53:39 CDT 2018
Revision: 5756
http://sourceforge.net/p/svnbook/source/5756
Author: wuzhouhui
Date: 2018-08-24 14:53:38 +0000 (Fri, 24 Aug 2018)
Log Message:
-----------
1.8/zh: translation of chapter 6 in progress
Modified Paths:
--------------
branches/1.8/zh/book/ch06-server-configuration.xml
Modified: branches/1.8/zh/book/ch06-server-configuration.xml
===================================================================
--- branches/1.8/zh/book/ch06-server-configuration.xml 2018-08-22 20:13:40 UTC (rev 5755)
+++ branches/1.8/zh/book/ch06-server-configuration.xml 2018-08-24 14:53:38 UTC (rev 5756)
@@ -4732,11 +4732,16 @@
</sect4>
<sect4 id="svn.serverconfig.httpd.ssl.client.clientcert">
+ <!--
<title>Client certificate challenge</title>
+ -->
+ <title>客户端证书盘问</title>
+ <!--
<para>If the client receives a challenge for a certificate,
the server is asking the client to prove its identity.
The client must send back a certificate signed by a CA
+ ### TODO
that the server trusts, along with a <firstterm>challenge
response</firstterm> which proves that the client owns the
private key associated with the certificate. The private
@@ -4744,6 +4749,14 @@
format on disk, protected by a passphrase. When Subversion
receives this challenge, it will ask you for the path to the
encrypted file and the passphrase that protects it:</para>
+ -->
+ <para>如果客户端收到一个证书请求, 那便是服务器要求客户端提供它的
+ 身份, 客户端必须提供由 CA 签名过的证书, 而该 CA 是服务器所信任
+ 的, 除了证书, 还要发送一个 <firstterm>响应</firstterm>
+ (<firstterm>challenge response</firstterm>), 这个响应证明了客户
+ 端拥有与证书关联的私钥. 私钥和证书通常被加密后存放在本地磁盘上,
+ 被一个密码保护. 当 Subversion 客户端收到证书的盘问时, 它将询问
+ 用户密钥与证书的存放路径, 以及对应的密码:</para>
<informalexample>
<screen>
@@ -4755,6 +4768,7 @@
</screen>
</informalexample>
+ <!--
<para>Notice that the client credentials are stored in a
<literal>.p12</literal> file. To use a client certificate
with Subversion, it must be in PKCS#12 format, which is a
@@ -4762,6 +4776,12 @@
and export certificates in that format. Another option
is to use the OpenSSL command-line tools to convert
existing certificates into PKCS#12.</para>
+ -->
+ <para>在上面的例子里, 客户端证书存放在 <literal>.p12</literal>
+ 文件里. 为了让 Subversion 使用证书, 证书的格式必须是 PKCS#12,
+ 这是一种可移植的标准格式, 大多数网页浏览器支持导入或导出这种
+ 格式的证书, 除了浏览器, 还可以用 OpenSSL 命令行工具把已有的
+ 证书转换成 PKCS#12 格式.</para>
<para>The runtime <filename>servers</filename> file also
allows you to automate this challenge on a per-host basis.
More information about the svnbook-dev
mailing list