Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 717:c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
"ssl_verify_client" directive.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Wed, 10 Oct 2012 18:10:06 +0000 |
| parents | 3f25469cbc49 |
| children | cd581dbdaf76 |
comparison
equal
deleted
inserted
replaced
| 716:81ec181c084e | 717:c5facf2eff6f |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
| 11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="3"> | 13 rev="4"> |
| 14 | 14 |
| 15 <section id="summary"> | 15 <section id="summary"> |
| 16 | 16 |
| 17 <para> | 17 <para> |
| 18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
| 479 | 479 |
| 480 | 480 |
| 481 <directive name="ssl_verify_client"> | 481 <directive name="ssl_verify_client"> |
| 482 <syntax> | 482 <syntax> |
| 483 <literal>on</literal> | <literal>off</literal> | | 483 <literal>on</literal> | <literal>off</literal> | |
| 484 <literal>optional</literal></syntax> | 484 <literal>optional</literal> | <literal>optional_no_ca</literal></syntax> |
| 485 <default>off</default> | 485 <default>off</default> |
| 486 <context>http</context> | 486 <context>http</context> |
| 487 <context>server</context> | 487 <context>server</context> |
| 488 | 488 |
| 489 <para> | 489 <para> |
| 490 Enables the client certificate verification. | 490 Enables verification of client certificates. |
| 491 The <literal>optional</literal> parameter (0.8.7+) requests the client | |
| 492 certificate and verifies it if it was present. | |
| 493 The result of verification is stored in the | 491 The result of verification is stored in the |
| 494 <var>$ssl_client_verify</var> variable. | 492 <var>$ssl_client_verify</var> variable. |
| 493 </para> | |
| 494 | |
| 495 <para> | |
| 496 The <literal>optional</literal> parameter (0.8.7+) requests the client | |
| 497 certificate, and if certificate was present, verifies it. | |
| 498 </para> | |
| 499 | |
| 500 <para> | |
| 501 The <literal>optional_no_ca</literal> parameter (1.3.8) requests the client | |
| 502 certificate but does not require it to be signed by a trusted CA certificate. | |
| 503 This is intended for the use in cases where actual certificate verification | |
| 504 is performed by a service that is external to nginx. | |
| 505 The contents of a certificate is made available through the | |
| 506 <var>$ssl_client_cert</var> variable. | |
| 495 </para> | 507 </para> |
| 496 | 508 |
| 497 </directive> | 509 </directive> |
| 498 | 510 |
| 499 | 511 |