Mercurial > hg > nginx-site
comparison xml/en/docs/stream/ngx_stream_ssl_module.xml @ 2334:dbe55598d3f6
Added variables support in ssl_certificate and ssl_certificate_key.
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Tue, 26 Feb 2019 18:33:47 +0300 |
| parents | e2e71f9477a8 |
| children | 8e35f3af574b |
comparison
equal
deleted
inserted
replaced
| 2333:fb5e1d2d4c75 | 2334:dbe55598d3f6 |
|---|---|
| 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 8 | 8 |
| 9 <module name="Module ngx_stream_ssl_module" | 9 <module name="Module ngx_stream_ssl_module" |
| 10 link="/en/docs/stream/ngx_stream_ssl_module.html" | 10 link="/en/docs/stream/ngx_stream_ssl_module.html" |
| 11 lang="en" | 11 lang="en" |
| 12 rev="19"> | 12 rev="20"> |
| 13 | 13 |
| 14 <section id="summary"> | 14 <section id="summary"> |
| 15 | 15 |
| 16 <para> | 16 <para> |
| 17 The <literal>ngx_stream_ssl_module</literal> module (1.9.0) | 17 The <literal>ngx_stream_ssl_module</literal> module (1.9.0) |
| 116 for different certificates. | 116 for different certificates. |
| 117 With older versions, only one certificate chain can be used. | 117 With older versions, only one certificate chain can be used. |
| 118 </note> | 118 </note> |
| 119 </para> | 119 </para> |
| 120 | 120 |
| 121 <para> | |
| 122 Since version 1.15.9, variables can be used in the <value>file</value> name | |
| 123 when using OpenSSL 1.0.2 or higher: | |
| 124 <example> | |
| 125 ssl_certificate $ssl_server_name.crt; | |
| 126 ssl_certificate_key $ssl_server_name.key; | |
| 127 </example> | |
| 128 Note that using variables implies that | |
| 129 a certificate will be loaded for each SSL handshake, | |
| 130 and this may have a negative impact on performance. | |
| 131 </para> | |
| 132 | |
| 121 </directive> | 133 </directive> |
| 122 | 134 |
| 123 | 135 |
| 124 <directive name="ssl_certificate_key"> | 136 <directive name="ssl_certificate_key"> |
| 125 <syntax><value>file</value></syntax> | 137 <syntax><value>file</value></syntax> |
| 136 The value | 148 The value |
| 137 <literal>engine</literal>:<value>name</value>:<value>id</value> | 149 <literal>engine</literal>:<value>name</value>:<value>id</value> |
| 138 can be specified instead of the <value>file</value>, | 150 can be specified instead of the <value>file</value>, |
| 139 which loads a secret key with a specified <value>id</value> | 151 which loads a secret key with a specified <value>id</value> |
| 140 from the OpenSSL engine <value>name</value>. | 152 from the OpenSSL engine <value>name</value>. |
| 153 </para> | |
| 154 | |
| 155 <para> | |
| 156 Since version 1.15.9, variables can be used in the <value>file</value> name | |
| 157 when using OpenSSL 1.0.2 or higher. | |
| 141 </para> | 158 </para> |
| 142 | 159 |
| 143 </directive> | 160 </directive> |
| 144 | 161 |
| 145 | 162 |