Mercurial > hg > nginx-site
comparison xml/en/docs/stream/ngx_stream_ssl_module.xml @ 2350:8e35f3af574b
Documented the "data:" syntax for ssl_certificate and key.
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Tue, 26 Mar 2019 17:09:15 +0300 |
| parents | dbe55598d3f6 |
| children | c60a8a15010c |
comparison
equal
deleted
inserted
replaced
| 2349:0eabe2f4d365 | 2350:8e35f3af574b |
|---|---|
| 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 8 | 8 |
| 9 <module name="Module ngx_stream_ssl_module" | 9 <module name="Module ngx_stream_ssl_module" |
| 10 link="/en/docs/stream/ngx_stream_ssl_module.html" | 10 link="/en/docs/stream/ngx_stream_ssl_module.html" |
| 11 lang="en" | 11 lang="en" |
| 12 rev="20"> | 12 rev="21"> |
| 13 | 13 |
| 14 <section id="summary"> | 14 <section id="summary"> |
| 15 | 15 |
| 16 <para> | 16 <para> |
| 17 The <literal>ngx_stream_ssl_module</literal> module (1.9.0) | 17 The <literal>ngx_stream_ssl_module</literal> module (1.9.0) |
| 128 Note that using variables implies that | 128 Note that using variables implies that |
| 129 a certificate will be loaded for each SSL handshake, | 129 a certificate will be loaded for each SSL handshake, |
| 130 and this may have a negative impact on performance. | 130 and this may have a negative impact on performance. |
| 131 </para> | 131 </para> |
| 132 | 132 |
| 133 <para id="ssl_certificate_data"> | |
| 134 The value | |
| 135 <literal>data</literal>:<value>$variable</value> | |
| 136 can be specified instead of the <value>file</value> (1.15.10), | |
| 137 which loads a certificate from a variable without using intermediate files. | |
| 138 Note that inappropriate use of this syntax may have its security implications, | |
| 139 such as writing secret key data to | |
| 140 <link doc="../ngx_core_module.xml" id="error_log">error log</link>. | |
| 141 </para> | |
| 142 | |
| 133 </directive> | 143 </directive> |
| 134 | 144 |
| 135 | 145 |
| 136 <directive name="ssl_certificate_key"> | 146 <directive name="ssl_certificate_key"> |
| 137 <syntax><value>file</value></syntax> | 147 <syntax><value>file</value></syntax> |
| 148 The value | 158 The value |
| 149 <literal>engine</literal>:<value>name</value>:<value>id</value> | 159 <literal>engine</literal>:<value>name</value>:<value>id</value> |
| 150 can be specified instead of the <value>file</value>, | 160 can be specified instead of the <value>file</value>, |
| 151 which loads a secret key with a specified <value>id</value> | 161 which loads a secret key with a specified <value>id</value> |
| 152 from the OpenSSL engine <value>name</value>. | 162 from the OpenSSL engine <value>name</value>. |
| 163 </para> | |
| 164 | |
| 165 <para id="ssl_certificate_key_data"> | |
| 166 The value | |
| 167 <literal>data</literal>:<value>$variable</value> | |
| 168 can be specified instead of the <value>file</value> (1.15.10), | |
| 169 which loads a secret key from a variable without using intermediate files. | |
| 170 Note that inappropriate use of this syntax may have its security implications, | |
| 171 such as writing secret key data to | |
| 172 <link doc="../ngx_core_module.xml" id="error_log">error log</link>. | |
| 153 </para> | 173 </para> |
| 154 | 174 |
| 155 <para> | 175 <para> |
| 156 Since version 1.15.9, variables can be used in the <value>file</value> name | 176 Since version 1.15.9, variables can be used in the <value>file</value> name |
| 157 when using OpenSSL 1.0.2 or higher. | 177 when using OpenSSL 1.0.2 or higher. |