[svnbook] r5753 committed - branches/1.8/zh/book/ ch06-server-configuration.xml
wuzhouhui at users.sourceforge.net
wuzhouhui at users.sourceforge.net
Tue Aug 21 08:32:28 CDT 2018
Revision: 5753
http://sourceforge.net/p/svnbook/source/5753
Author: wuzhouhui
Date: 2018-08-21 13:32:27 +0000 (Tue, 21 Aug 2018)
Log Message:
-----------
1.8/zh: translation of chapter 6 in progress
Modified Paths:
--------------
branches/1.8/zh/book/ch06-server-configuration.xml
Modified: branches/1.8/zh/book/ch06-server-configuration.xml
===================================================================
--- branches/1.8/zh/book/ch06-server-configuration.xml 2018-08-20 20:03:48 UTC (rev 5752)
+++ branches/1.8/zh/book/ch06-server-configuration.xml 2018-08-21 13:32:27 UTC (rev 5753)
@@ -4551,6 +4551,7 @@
都有可能被未授权的网络嗅探工具所拦截. 使用 SSL 加密网络流量是保护
敏感数据不在网络上泄露的常用方法.</para>
+ <!--
<para>If a Subversion client is compiled to use OpenSSL,
it gains the ability to speak to an Apache server via
<literal>https://</literal> URLs, so all traffic is encrypted
@@ -4558,11 +4559,21 @@
the Subversion client is not only able to verify server
certificates, but can also supply client certificates when
challenged by the server.</para>
+ -->
+ <para>如果 Subversion 客户端工具在编译时开启了 OpenSSL, 它就可以使用
+ <literal>https://</literal> 形式的 URL 连接 Apache 服务器, 于是所有
+ 的网络流量都会使用每连接会话密钥进行加密. Subversion 客户端所使用的
+ 函数库 WebDAV 不仅可以验证服务器的证书, 当服务器提出要求时, 它也可
+ 以为客户端提供证书.</para>
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<sect3 id="svn.serverconfig.httpd.ssl.server">
+ <!--
<title>Subversion server SSL certificate configuration</title>
+ -->
+ <title>Subversion 服务器 SSL 证书配置</title>
+ <!--
<para>It's beyond the scope of this book to describe how to
generate client and server SSL certificates and how to
configure Apache to use them. Many other references,
@@ -4569,8 +4580,13 @@
including Apache's own documentation (<ulink
url="http://httpd.apache.org/docs/current/ssl/"/>),
describe the process.</para>
+ -->
+ <para>如何为客户端和服务器生成 SSL 证书, 以及如何配置 Apache 以便
+ 使用这些证书, 已经超出了本书的范畴, 读者可参考 Apache 的文档
+ (<ulink url="http://httpd.apache.org/docs/current/ssl/"/>).</para>
<tip>
+ <!--
<para>SSL certificates from well-known entities generally
cost money, but at a bare minimum, you can configure
Apache to use a self-signed certificate generated with a
@@ -4581,6 +4597,12 @@
time), such an attack is much more difficult for a casual
observer to pull off, compared to sniffing unprotected
passwords.</para></footnote></para>
+ -->
+ <para>来自知名组织的 SSL 证书通常需要花钱购买, 但如果只需要满足最低
+ 限度的要求, 你可以让 Apache 使用自签署的证书, 这种证书由 OpenSSL
+ 生成.<footnote><para>但是, 自签署的证书仍然无法抵御 <quote>中间人
+ 攻击</quote> (在客户端首次见到证书之前), 和嗅探敏感数据相比,
+ 这种攻击更难防范.</para></footnote></para>
</tip>
</sect3>
@@ -4587,24 +4609,41 @@
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<sect3 id="svn.serverconfig.httpd.ssl.client">
+ <!--
<title>Subversion client SSL certificate management</title>
+ -->
+ <title>Subversion 客户端 SSL 证书管理</title>
+ <!--
<para>When connecting to Apache via <literal>https://</literal>,
a Subversion client can receive two different types of
responses:</para>
+ -->
+ <para>当使用 <literal>https://</literal> 形式的 URL 连接 Apache 时,
+ Subversion 客户端将会收到两个类型的响应:</para>
<itemizedlist>
<listitem>
+ <!--
<para>A server certificate</para>
+ -->
+ <para>一个服务器证书</para>
</listitem>
<listitem>
+ <!--
<para>A challenge for a client certificate</para>
+ -->
+ <para>一个针对客户端证书的请求</para>
</listitem>
</itemizedlist>
<sect4 id="svn.serverconfig.httpd.ssl.client.servercert">
+ <!--
<title>Server certificate</title>
+ -->
+ <title>服务器证书</title>
+ <!--
<para>When the client receives a server certificate, it needs
to verify that the server is who it claims to be. OpenSSL
does this by examining the signer of the server certificate,
@@ -4614,6 +4653,13 @@
hostname mismatch), the Subversion command-line client will
ask you whether you want to trust the server certificate
anyway:</para>
+ -->
+ <para>当客户端收到服务器证书时, 它需要验证服务器身份的真实性,
+ OpenSSL 完成验证的方法是检查服务器证书的签发人, 也就是
+ <firstterm>证书颁发机构</firstterm> (<firstterm>certificate
+ authority</firstterm>, 简称 CA). 如果 OpenSSL 无法自动信任
+ CA, 或者是发生的错误 (例如认证超时或主机名不匹配), 那么 Subversion
+ 客户端工具将询问用户是否要信任服务器的证书:</para>
<informalexample>
<screen>
@@ -4632,6 +4678,7 @@
</screen>
</informalexample>
+ <!--
<para>This dialogue is essentially the same question you may
have seen coming from your web browser (which is just
another HTTP client like Subversion). If you choose the
@@ -4641,6 +4688,13 @@
password are cached (see <xref
linkend="svn.serverconfig.netmodel.credcache"/>), and will
automatically trust the certificate in the future.</para>
+ -->
+ <para>用户可能会在网页浏览器看到相同的对话框 (浏览器只是一个
+ HTTP 客户端), 如果选择 <literal>p</literal>, Subversion 将把
+ 服务器证书缓存在本地的 <filename>auth/</filename> 目录内,
+ 你的用户名和密码也缓存在这里 (见 <xref
+ linkend="svn.serverconfig.netmodel.credcache"/>), 今后再次
+ 连接服务器时, 将会自动信任证书.</para>
<para>Your runtime <filename>servers</filename> file also gives
you the ability to make your Subversion client automatically
More information about the svnbook-dev
mailing list