Mercurial Mercurial > oss > MCL > sftools > depl > docscontent / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/SDK/Source/GUID-C893C9E6-47B8-5149-9808-0274C61CF3D7.dita
changeset 8 ae94777fff8f
parent 0 89d6a7a84779 
--- a/Symbian3/SDK/Source/GUID-C893C9E6-47B8-5149-9808-0274C61CF3D7.dita	Wed Mar 31 11:11:55 2010 +0100
+++ b/Symbian3/SDK/Source/GUID-C893C9E6-47B8-5149-9808-0274C61CF3D7.dita	Fri Jun 11 12:39:03 2010 +0100
@@ -1,56 +1,55 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
-<!-- This component and the accompanying materials are made available under the terms of the License 
-"Eclipse Public License v1.0" which accompanies this distribution, 
-and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
-<!-- Initial Contributors:
-    Nokia Corporation - initial contribution.
-Contributors: 
--->
-<!DOCTYPE concept
-  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
-<concept id="GUID-C893C9E6-47B8-5149-9808-0274C61CF3D7" xml:lang="en"><title>OCSP-SWI
-Integration</title><abstract><p>The Symbian platform provides the ability to validate and manage <xref href="GUID-C676C4E6-93AF-59E9-886D-74D59F154490.dita">X.509</xref> certificates.
-This ability is integrated into the software installation process to provide
-Secure Software Install (SWI) with the functionality of performing certificate
-checking at installation time. During installation, SWI checks whether the
-certificates associated with the application to be installed have been revoked.
-It performs this check by using Online Certificate Status Protocol (OCSP). </p><p>You
-can configure SWI to enable or disable the revocation status check of certificates.
-In addition, SWI can also be configured to supply the OCSP client with a default
-Uniform Resource Identifier (URI) for the OCSP server.</p></abstract><prolog><metadata><keywords/></metadata></prolog><conbody>
-<p>You can configure SWI to enable or disable the revocation status check
-of certificates. In addition, SWI can also be configured to supply the OCSP
-client with a default Uniform Resource Identifier (URI) for the OCSP server. </p>
-<section><title>Installing software based on OCSP check</title> <p>SWI validates
-the certificate in the install file. As part of validation, it carries out
-revocation check, depending on the setting of the <codeph>OcspEnabled</codeph> parameter
-in the <codeph>swipolicy.ini</codeph> file. If the revocation check option
-is not enabled, a warning is displayed giving options to carry out revocation
-check, to continue without revocation check or to cancel the installation.
-If the option is enabled, all certificates in the chain except the <xref href="GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C.dita">root</xref> are
-checked. </p> <p> <b>Note:</b> For details on how certificates are validated,
-see <xref href="GUID-A3B58436-07E4-565B-800B-86435D205461.dita">Certificate Validation
-in PKIX</xref>. </p> <p>The results of revocation check decide whether the
-application can be installed. The following are the scenarios associated with
-the certificate revocation check: </p> <ul>
-<li id="GUID-EE8C335A-B74D-56D3-9DC5-8E7D9D9C8EB8"><p>If the OCSP client indicates
-that no certificates are revoked and the operation completes successfully
-with no errors or warnings, the software can be installed. </p> </li>
-<li id="GUID-0F861436-15DE-56C7-A06D-C93C30829313"><p>If OCSP indicates that
-any of the certificates is revoked or if the signature on the OCSP response
-is invalid, a security error is issued and the software cannot be installed. </p> </li>
-<li id="GUID-F8A8F1FB-DC90-58B0-98B7-8EFE4255A2D6"><p>If the revocation status
-of a certificate cannot be determined (because of reasons like lack of network
-access or OCSP responder error), SWI behaves as if the software were unsigned.
-The setting of the <codeph>AllowUnsigned</codeph> parameter in the <codeph>swipolicy.ini</codeph> file
-determines whether the unsigned software can be installed or not. If the parameter
-value is true, SWI issues a warning before installing but allows installation
-of the software. Otherwise it issues an error and does not allow installation. </p> </li>
-</ul> <p> <b>Note:</b> For details of the various parameters in <codeph>swipolicy.ini</codeph>,
-see <xref href="GUID-F8C2E97C-35EC-5437-BC6B-E2A622D2DC4D.dita">Secure Software
-Install Reference</xref>. </p> </section>
-</conbody><related-links>
-<link href="GUID-90DF40EF-7D3F-551D-9957-A3756317A254.dita"><linktext>Online Certificate
-Status Protocol</linktext></link>
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
+<!-- This component and the accompanying materials are made available under the terms of the License 
+"Eclipse Public License v1.0" which accompanies this distribution, 
+and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
+<!-- Initial Contributors:
+    Nokia Corporation - initial contribution.
+Contributors: 
+-->
+<!DOCTYPE concept
+  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
+<concept id="GUID-C893C9E6-47B8-5149-9808-0274C61CF3D7" xml:lang="en"><title>OCSP-SWI Integration</title><abstract><p>The Symbian platform provides the ability to validate
+and manage <xref href="GUID-C676C4E6-93AF-59E9-886D-74D59F154490.dita">X.509</xref> certificates. This ability is integrated into the software
+installation process to provide Secure Software Install (SWI) with
+the functionality of performing certificate checking at installation
+time. During installation, SWI checks whether the certificates associated
+with the application to be installed have been revoked. It performs
+this check by using Online Certificate Status Protocol (OCSP). </p><p>You can configure SWI to enable or disable the revocation status
+check of certificates. In addition, SWI can also be configured to
+supply the OCSP client with a default Uniform Resource Identifier
+(URI) for the OCSP server.</p></abstract><prolog><metadata><keywords/></metadata></prolog><conbody>
+<p>You can configure SWI to enable or disable the revocation status
+check of certificates. In addition, SWI can also be configured to
+supply the OCSP client with a default Uniform Resource Identifier
+(URI) for the OCSP server. </p>
+<section id="GUID-847C8586-8023-4F5F-8A25-028AEE1A8F06"><title>Installing software based on OCSP check</title> <p>SWI validates the certificate in the install file. As part of validation,
+it carries out revocation check, depending on the setting of the <codeph>OcspEnabled</codeph> parameter in the <codeph>swipolicy.ini</codeph> file. If the revocation check option is enabled, a
+warning is displayed giving options to carry out revocation check,
+to continue without revocation check or to cancel the installation.
+If the option is enabled, all certificates in the chain except the <xref href="GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C.dita">root</xref> are checked. </p> <p> <b>Note:</b> For details on how certificates are validated,
+see <xref href="GUID-A3B58436-07E4-565B-800B-86435D205461.dita">Certificate
+Validation in PKIX</xref>. </p> <p>The results of revocation check
+decide whether the application can be installed. The following are
+the scenarios associated with the certificate revocation check: </p> <ul>
+<li id="GUID-EE8C335A-B74D-56D3-9DC5-8E7D9D9C8EB8"><p>If the OCSP
+client indicates that no certificates are revoked and the operation
+completes successfully with no errors or warnings, the software can
+be installed. </p> </li>
+<li id="GUID-0F861436-15DE-56C7-A06D-C93C30829313"><p>If OCSP indicates
+that any of the certificates is revoked or if the signature on the
+OCSP response is invalid, a security error is issued and the software
+cannot be installed. </p> </li>
+<li id="GUID-F8A8F1FB-DC90-58B0-98B7-8EFE4255A2D6"><p>If the revocation
+status of a certificate cannot be determined (because of reasons like
+lack of network access or OCSP responder error), SWI behaves as if
+the software were unsigned. The setting of the <codeph>AllowUnsigned</codeph> parameter in the <codeph>swipolicy.ini</codeph> file determines
+whether the unsigned software can be installed or not. If the parameter
+value is true, SWI issues a warning before installing but allows installation
+of the software. Otherwise it issues an error and does not allow installation. </p> </li>
+</ul> <p> <b>Note:</b> For details of the various parameters in <codeph>swipolicy.ini</codeph>, see <xref href="GUID-F8C2E97C-35EC-5437-BC6B-E2A622D2DC4D.dita">Secure Software Install
+Reference</xref>. </p> </section>
+</conbody><related-links>
+<link href="GUID-90DF40EF-7D3F-551D-9957-A3756317A254.dita"><linktext>Online
+Certificate Status Protocol</linktext></link>
 </related-links></concept>
\ No newline at end of file
MCL/sftools/depl/docscontent