Mercurial > hg > nginx-site

changeset 1193:0320929f8544

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented uwsgi_ssl_verify, uwsgi_ssl_server_name, and friends.
author Ruslan Ermilov <ru@nginx.com>
date Sat, 17 May 2014 01:55:19 +0400
parents b5268820c3f3
children 9264fdb6c833
files xml/en/docs/http/ngx_http_uwsgi_module.xml xml/ru/docs/http/ngx_http_uwsgi_module.xml
diffstat 2 files changed, 212 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_uwsgi_module.xml
+++ b/xml/en/docs/http/ngx_http_uwsgi_module.xml
@@ -10,7 +10,7 @@
 <module name="Module ngx_http_uwsgi_module"
         link="/en/docs/http/ngx_http_uwsgi_module.html"
         lang="en"
-        rev="2">
+        rev="3">
 
 <section id="summary">
 
@@ -957,6 +957,46 @@ The full list can be viewed using the
 </directive>
 
 
+<directive name="uwsgi_ssl_crl">
+<syntax><value>file</value></syntax>
+<default/>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Specifies a <value>file</value> with revoked certificates (CRL)
+in the PEM format used to <link id="uwsgi_ssl_verify">verify</link>
+the certificate of the secured uwsgi server.
+</para>
+
+</directive>
+
+
+<directive name="uwsgi_ssl_name">
+<syntax><value>name</value></syntax>
+<default>host from uwsgi_pass</default>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Allows overriding the server name used to
+<link id="uwsgi_ssl_verify">verify</link>
+the certificate of the secured uwsgi server and to be
+<link id="uwsgi_ssl_server_name">passed through SNI</link>
+when establishing a connection with the secured uwsgi server.
+</para>
+
+<para>
+By default, the host part from <link id="uwsgi_pass"/> is used.
+</para>
+
+</directive>
+
+
 <directive name="uwsgi_ssl_protocols">
 <syntax>
     [<literal>SSLv2</literal>]
@@ -977,6 +1017,24 @@ Enables the specified protocols for requ
 </directive>
 
 
+<directive name="uwsgi_ssl_server_name">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Enables or disables passing of the server name through
+<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS
+Server Name Indication extension</link> (SNI, RFC 6066)
+when establishing a connection with the secured uwsgi server.
+</para>
+
+</directive>
+
+
 <directive name="uwsgi_ssl_session_reuse">
 <syntax><literal>on</literal> | <literal>off</literal></syntax>
 <default>on</default>
@@ -996,6 +1054,53 @@ appear in the logs, try disabling sessio
 </directive>
 
 
+<directive name="uwsgi_ssl_trusted_certificate">
+<syntax><value>file</value></syntax>
+<default/>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Specifies a <value>file</value> with trusted CA certificates in the PEM format
+used to <link id="uwsgi_ssl_verify">verify</link>
+the certificate of the secured uwsgi server.
+</para>
+
+</directive>
+
+
+<directive name="uwsgi_ssl_verify">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Enables or disables verification of the secured uwsgi server certificate.
+</para>
+
+</directive>
+
+
+<directive name="uwsgi_ssl_verify_depth">
+<syntax><value>number</value></syntax>
+<default>1</default>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Sets the verification depth in the secured uwsgi server certificates chain.
+</para>
+
+</directive>
+
+
 <directive name="uwsgi_store">
 <syntax>
     <literal>on</literal> |
--- a/xml/ru/docs/http/ngx_http_uwsgi_module.xml
+++ b/xml/ru/docs/http/ngx_http_uwsgi_module.xml
@@ -10,7 +10,7 @@
 <module name="Модуль ngx_http_uwsgi_module"
         link="/ru/docs/http/ngx_http_uwsgi_module.html"
         lang="ru"
-        rev="2">
+        rev="3">
 
 <section id="summary">
 
@@ -949,6 +949,46 @@ uwsgi-сервер.
 </directive>
 
 
+<directive name="uwsgi_ssl_crl">
+<syntax><value>файл</value></syntax>
+<default/>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Указывает <value>файл</value> с отозванными сертификатами (CRL)
+в формате PEM, используемыми при <link id="uwsgi_ssl_verify">проверке</link>
+сертификата suwsgi-сервера.
+</para>
+
+</directive>
+
+
+<directive name="uwsgi_ssl_name">
+<syntax><value>имя</value></syntax>
+<default>имя хоста из uwsgi_pass</default>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Позволяет переопределить имя сервера, используемое при
+<link id="uwsgi_ssl_verify">проверке</link>
+сертификата suwsgi-сервера, а также для
+<link id="uwsgi_ssl_server_name">передачи его через SNI</link>
+при установлении соединения с suwsgi-сервером.
+</para>
+
+<para>
+По умолчанию используется имя хоста из <link id="uwsgi_pass"/>.
+</para>
+
+</directive>
+
+
 <directive name="uwsgi_ssl_protocols">
 <syntax>
     [<literal>SSLv2</literal>]
@@ -969,6 +1009,24 @@ uwsgi-сервер.
 </directive>
 
 
+<directive name="uwsgi_ssl_server_name">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Разрешает или запрещает передачу имени сервера через
+<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">расширение
+Server Name Indication протокола TLS</link> (SNI, RFC 6066)
+при установлении соединения с suwsgi-сервером.
+</para>
+
+</directive>
+
+
 <directive name="uwsgi_ssl_session_reuse">
 <syntax><literal>on</literal> | <literal>off</literal></syntax>
 <default>on</default>
@@ -989,6 +1047,53 @@ uwsgi-сервер.
 </directive>
 
 
+<directive name="uwsgi_ssl_trusted_certificate">
+<syntax><value>файл</value></syntax>
+<default/>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Задаёт <value>файл</value> с доверенными сертификатами CA в формате PEM,
+используемыми при <link id="uwsgi_ssl_verify">проверке</link>
+сертификата suwsgi-сервера.
+</para>
+
+</directive>
+
+
+<directive name="uwsgi_ssl_verify">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Разрешает или запрещает проверку сертификата suwsgi-сервера.
+</para>
+
+</directive>
+
+
+<directive name="uwsgi_ssl_verify_depth">
+<syntax><value>число</value></syntax>
+<default>1</default>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<appeared-in>1.7.0</appeared-in>
+
+<para>
+Устанавливает глубину проверки в цепочке сертификатов suwsgi-сервера.
+</para>
+
+</directive>
+
+
 <directive name="uwsgi_store">
 <syntax>
     <literal>on</literal> |