* doc/userguide/userguide.xml: another try to fixed prev. commit.

Thanks to Nikos Balkanas <nbalkanas at gmail.com> git-svn-id: https://svn.kannel.org/gateway/trunk@4920 a7d65f57-29cd-40c9-b71e-ebca51ad1b1d
romanbsd · Aug 19, 2011 · 50aea46 · 50aea46
1 parent cf72a64
commit 50aea46
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 67 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+2011-08-19 Alexander Malysh <amalysh at kannel.org>
+    * doc/userguide/userguide.xml: another try to fixed prev. commit.
+      Thanks to Nikos Balkanas <nbalkanas at gmail.com>
+
 2011-08-17 Alexander Malysh <amalysh at kannel.org>
     * gw/dlr_pgsql.c: fixed panic when DB is not available.
       Thanks to Alan McNatty <alan at catalyst.net.nz>

diff --git a/doc/userguide/userguide.xml b/doc/userguide/userguide.xml
@@ -2238,91 +2238,89 @@ bearerbox-host = localhost
 <chapter id="wtls">
 <title>Setting up wtls security</title>
 
-	<para>This chapter tells you how to set Kannel up to handle wtls traffic.</para>
+	<para>This chapter tells you how to set Kannel up to handle wtls traffic.
+	</para>
 
-	<para><literal>wtls</literal> group is optional and single. The prerequisites for this group
+	<para>'wtls' group is optional and single. The prerequisites for this group
 		are to have defined a wapbox group, and a pair of SSL certificates
 		available. Instructions on how to create self-signed 1024-bit RSA
 		certificates are in Appendix B.
 	</para>
 	<para>Current imlementation provides for the following functionality:</para>
 	<para>
-		<itemizedlist>
-			<listitem><para>A) Supported MACs:</para>
-				<para><itemizedlist>
-						<listitem>SHA_0</listitem>
-						<listitem>SHA_40</listitem>
-						<listitem>SHA_80</listitem>
-						<listitem>SHA_NOLIMIT</listitem>
-						<listitem>MD5_40</listitem>
-						<listitem>MD5_80</listitem>
-						<listitem>MD5_NOLIMIT</listitem>
-				</itemizedlist></para>
+		<orderedlist numeration="upperalpha">
+			<listitem><para>Supported MACs:</para>
+				<itemizedlist title="Supported MACs:">
+					<listitem><para>SHA_0</para></listitem>
+						<listitem><para>SHA_40</para></listitem>
+						<listitem><para>SHA_80</para></listitem>
+						<listitem><para>SHA_NOLIMIT</para></listitem>
+						<listitem><para>MD5_40</para></listitem>
+						<listitem><para>MD5_80</para></listitem>
+						<listitem><para>MD5_NOLIMIT</para></listitem>
+				</itemizedlist>
 				<para>Missing:</para>
-				<para><itemizedlist>
-						<listitem>SHA_XOR_40</listitem>
-				</itemizedlist></para>
+				<itemizedlist>
+						<listitem><para>SHA_XOR_40</para></listitem>
+				</itemizedlist>
 			</listitem>
-			<listitem><para>B) Supported Ciphers:</para>
-				<para><itemizedlist>
-						<listitem>RC5_CBC_40</listitem>
-						<listitem>RC5_CBC_56</listitem>
-						<listitem>RC5_CBC</listitem>
-						<listitem>DES_CBC</listitem>
-						<listitem>DES_CBC_40</listitem>
-				</itemizedlist></para>
+			<listitem><para>Supported Ciphers:</para>
+				<itemizedlist>
+						<listitem><para>RC5_CBC_40</para></listitem>
+						<listitem><para>RC5_CBC_56</para></listitem>
+						<listitem><para>RC5_CBC</para></listitem>
+						<listitem><para>DES_CBC</para></listitem>
+						<listitem><para>DES_CBC_40</para></listitem>
+				</itemizedlist>
 				<para>Missing:</para>
-				<para><itemizedlist>
-						<listitem>NULL_bulk</listitem>
-						<listitem>TRIPLE_DES_CBC_EDE</listitem>
-						<listitem>IDEA_CBC_40</listitem>
-						<listitem>IDEA_CBC_56</listitem>
-						<listitem>IDEA_CBC</listitem>
-				</itemizedlist></para>
+				<itemizedlist>
+						<listitem><para>NULL_bulk</para></listitem>
+						<listitem><para>TRIPLE_DES_CBC_EDE</para></listitem>
+						<listitem><para>IDEA_CBC_40</para></listitem>
+						<listitem><para>IDEA_CBC_56</para></listitem>
+						<listitem><para>IDEA_CBC</para></listitem>
+				</itemizedlist>
 			</listitem>
-			<listitem><para>C) Supported Keys:</para>
-				<para><itemizedlist>
-						<listitem>RSA_anon</listitem>
-				</itemizedlist></para>
+			<listitem><para>Supported Keys:</para>
+				<itemizedlist>
+						<listitem><para>RSA_anon</para></listitem>
+				</itemizedlist>
 				<para>Missing:</para>
-				<para><itemizedlist>
-						<listitem>RSA_anon_512</listitem>
-						<listitem>RSA_anon_768</listitem>
-						<listitem>RSA_NOLIMIT</listitem>
-						<listitem>RSA_512</listitem>
-						<listitem>RSA_768</listitem>
-						<listitem>ECDH_anon</listitem>
-						<listitem>ECDH_anon_113</listitem>
-						<listitem>ECDH_anon_131</listitem>
-						<listitem>ECDH_ECDSA_NOLIMIT</listitem>
-				</itemizedlist></para>
+				<itemizedlist>
+						<listitem><para>RSA_anon_512</para></listitem>
+						<listitem><para>RSA_anon_768</para></listitem>
+						<listitem><para>RSA_NOLIMIT</para></listitem>
+						<listitem><para>RSA_512</para></listitem>
+						<listitem><para>RSA_768</para></listitem>
+						<listitem><para>ECDH_anon</para></listitem>
+						<listitem><para>ECDH_anon_113</para></listitem>
+						<listitem><para>ECDH_anon_131</para></listitem>
+						<listitem><para>ECDH_ECDSA_NOLIMIT</para></listitem>
+				</itemizedlist>
 				<para>Keys might seem a shortcoming, but all mobiles support
 					RSA_anon. Some of the other RSA_anon keys (i.e. RSA_anon_512,
 					RSA_anon_768) are propably supported as well, just haven't been
 					tested yet.</para>
 			</listitem>
-			<listitem><para>D) All wtls states except:</para>
-				<para><itemizedlist>
-						<listitem>Suspend/Resume wtls session</listitem>
-						<listitem>Cipher change when already connected. In practice
+			<listitem><para>All wtls states except:</para>
+				<itemizedlist>
+						<listitem><para>Suspend/Resume wtls session</para></listitem>
+						<listitem><para>Cipher change when already connected. In practice
 							this is handled through another client hello, while
-							already connected to the same client</listitem>
-				</itemizedlist></para>
+							already connected to the same client</para></listitem>
+				</itemizedlist>
 			</listitem>
-	</itemizedlist></para>
+	</orderedlist></para>
 
-
-
-	<para>The simplest working <literal>wtls</literal> group looks like this:
+	<para>The simplest working 'wtls' group looks like this:
 <programlisting>
 group = wtls
 certificate-file = /etc/kannel/server.crt
 privatekey-file = /etc/kannel/server.key
 </programlisting>
 
 	Can also be the same single combined pem file with both certificate and
-	privatekey parts. The complete variable list for the <literal>wtls</literal> group is:
-</para>
+	privatekey parts. The complete variable list for the 'wtls' group is:</para>
 
 <sect1>
 <title>Wtls configuration</title>
@@ -2360,6 +2358,9 @@ privatekey-file = /etc/kannel/server.key
      <entry valign="bottom">
        Optional. Needed only if private key was created with a passphrase.
      </entry></row>
+   </tbody>
+  </tgroup>
+ </table>
 </sect1>
 </chapter>
 
@@ -9096,13 +9097,12 @@ ssl-server-key-file = "/etc/kannel/key1.pem"
 <sect1>
 	<title>Self-signed 1024-bit RSA SSL certificates using openssl</title>
 	<para>
-		<itemizedlist>
-			<listitem><para>1. Generate private key:</para>
-				<para><literal>openssl genrsa -des3 -out server.key 1024</literal>
-				</para>
+		<orderedlist numeration="arabic">
+			<listitem><para>Generate private key:</para>
+				<para><literal>openssl genrsa -des3 -out server.key 1024</literal></para>
 				<para>You will be asked for a passphrase.</para></listitem>
 
-			<listitem><para>2. Generate a certificate request:</para>
+			<listitem><para>Generate a certificate request:</para>
 				<para><literal>
 					openssl req -new -key server.key -out server.csr
 				</literal></para>
@@ -9111,31 +9111,31 @@ ssl-server-key-file = "/etc/kannel/key1.pem"
 					generate the certificate for you, or you can sign it yourself.
 			</para></listitem>
 
-			<listitem><para>3. Remove passphrase from key:</para>
+			<listitem><para>Remove passphrase from key:</para>
 				<para><literal>cp server.key server.key.org</literal>
 				</para>
 				<para><literal>openssl rsa -in server.key.org -out server.key
 				</literal></para>
 				<para><literal>rm server.key.org</literal></para>
 			</listitem>
 
-			<listitem><para>4. Self-sign the certificate:</para>
+			<listitem><para>Self-sign the certificate:</para>
 				<para>If you chose not to send the request to a Certificate
 					Authority, you will need to sign it yourself. This one is good
 					for 1 year:</para>
 				<para><literal>openssl x509 -req -days 365 -in server.csr -signkey
 					server.key -out server.crt</literal></para>
 		</listitem>
 
-			<listitem><para>5. Move keys to desired location:</para>
+			<listitem><para>Move keys to desired location:</para>
 				<para><literal>mv server.crt /etc/kannel/public/server.crt</literal>
 				</para>
 				<para><literal>mv server.key /etc/kannel/private/server.key
 				</literal></para>
 				<para><literal>mv server.csr /etc/ianwap/private/ianwap.csr (key
 					request)</literal></para>
 			</listitem>
-		</itemizedlist>
+		</orderedlist>
 	</para>
 	<para>Update configuration accordingly</para>
 </sect1>