Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 717:c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
"ssl_verify_client" directive.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Wed, 10 Oct 2012 18:10:06 +0000 |
parents | 3f25469cbc49 |
children | cd581dbdaf76 |
comparison
equal
deleted
inserted
replaced
716:81ec181c084e | 717:c5facf2eff6f |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="3"> | 13 rev="4"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
479 | 479 |
480 | 480 |
481 <directive name="ssl_verify_client"> | 481 <directive name="ssl_verify_client"> |
482 <syntax> | 482 <syntax> |
483 <literal>on</literal> | <literal>off</literal> | | 483 <literal>on</literal> | <literal>off</literal> | |
484 <literal>optional</literal></syntax> | 484 <literal>optional</literal> | <literal>optional_no_ca</literal></syntax> |
485 <default>off</default> | 485 <default>off</default> |
486 <context>http</context> | 486 <context>http</context> |
487 <context>server</context> | 487 <context>server</context> |
488 | 488 |
489 <para> | 489 <para> |
490 Enables the client certificate verification. | 490 Enables verification of client certificates. |
491 The <literal>optional</literal> parameter (0.8.7+) requests the client | |
492 certificate and verifies it if it was present. | |
493 The result of verification is stored in the | 491 The result of verification is stored in the |
494 <var>$ssl_client_verify</var> variable. | 492 <var>$ssl_client_verify</var> variable. |
493 </para> | |
494 | |
495 <para> | |
496 The <literal>optional</literal> parameter (0.8.7+) requests the client | |
497 certificate, and if certificate was present, verifies it. | |
498 </para> | |
499 | |
500 <para> | |
501 The <literal>optional_no_ca</literal> parameter (1.3.8) requests the client | |
502 certificate but does not require it to be signed by a trusted CA certificate. | |
503 This is intended for the use in cases where actual certificate verification | |
504 is performed by a service that is external to nginx. | |
505 The contents of a certificate is made available through the | |
506 <var>$ssl_client_cert</var> variable. | |
495 </para> | 507 </para> |
496 | 508 |
497 </directive> | 509 </directive> |
498 | 510 |
499 | 511 |