Mercurial > hg > nginx-site
changeset 1856:7133004fa5b3
$ssl_client_verify extended with a failure reason.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Thu, 08 Dec 2016 19:08:30 +0300 |
parents | 2ef67c4d2226 |
children | 0882ccb0c00f |
files | xml/en/docs/http/ngx_http_ssl_module.xml xml/en/docs/mail/ngx_mail_auth_http_module.xml xml/ru/docs/http/ngx_http_ssl_module.xml xml/ru/docs/mail/ngx_mail_auth_http_module.xml |
diffstat | 4 files changed, 28 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_ssl_module.xml +++ b/xml/en/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_ssl_module" link="/en/docs/http/ngx_http_ssl_module.html" lang="en" - rev="26"> + rev="27"> <section id="summary"> @@ -841,8 +841,12 @@ returns the start date of the client cer <tag-name id="var_ssl_client_verify"><var>$ssl_client_verify</var></tag-name> <tag-desc> returns the result of client certificate verification: -“<literal>SUCCESS</literal>”, “<literal>FAILED</literal>”, and -“<literal>NONE</literal>” if a certificate was not present; +“<literal>SUCCESS</literal>”, “<literal>FAILED:</literal><value>reason</value>”, +(1.11.7) and “<literal>NONE</literal>” if a certificate was not present; +<note> +Prior to version 1.11.7, the “<literal>FAILED</literal>” result +did not contain the <value>reason</value> string. +</note> </tag-desc> <tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name>
--- a/xml/en/docs/mail/ngx_mail_auth_http_module.xml +++ b/xml/en/docs/mail/ngx_mail_auth_http_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_mail_auth_http_module" link="/en/docs/mail/ngx_mail_auth_http_module.html" lang="en" - rev="6"> + rev="7"> <section id="directives" name="Directives"> @@ -208,8 +208,12 @@ the <header>Auth-SSL</header> header is <header>Auth-SSL-Verify</header> will contain the result of client certificate verification, if <link doc="ngx_mail_ssl_module.xml" id="ssl_verify_client">enabled</link>: -“<literal>SUCCESS</literal>”, “<literal>FAILED</literal>”, and -“<literal>NONE</literal>” if a certificate was not present. +“<literal>SUCCESS</literal>”, “<literal>FAILED:</literal><value>reason</value>” +(1.11.7), and “<literal>NONE</literal>” if a certificate was not present. +<note> +Prior to version 1.11.7, the “<literal>FAILED</literal>” result +did not contain the <value>reason</value> string. +</note> When the client certificate was present, its details are passed in the following request headers: <header>Auth-SSL-Subject</header>, <header>Auth-SSL-Issuer</header>,
--- a/xml/ru/docs/http/ngx_http_ssl_module.xml +++ b/xml/ru/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_ssl_module" link="/ru/docs/http/ngx_http_ssl_module.html" lang="ru" - rev="26"> + rev="27"> <section id="summary"> @@ -843,8 +843,12 @@ ssl_stapling_responder http://ocsp.examp <tag-name id="var_ssl_client_verify"><var>$ssl_client_verify</var></tag-name> <tag-desc> возвращает результат проверки клиентского сертификата: -“<literal>SUCCESS</literal>”, “<literal>FAILED</literal>” и, -если сертификат не был предоставлен — “<literal>NONE</literal>”; +“<literal>SUCCESS</literal>”, “<literal>FAILED:</literal><value>reason</value>” +(1.11.7) и, если сертификат не был предоставлен — “<literal>NONE</literal>”; +<note> +До версии 1.11.7 результат “<literal>FAILED</literal>” +не содержал строку <value>reason</value>. +</note> </tag-desc> <tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name>
--- a/xml/ru/docs/mail/ngx_mail_auth_http_module.xml +++ b/xml/ru/docs/mail/ngx_mail_auth_http_module.xml @@ -10,7 +10,7 @@ <module name="Модуль ngx_mail_auth_http_module" link="/ru/docs/mail/ngx_mail_auth_http_module.html" lang="ru" - rev="6"> + rev="7"> <section id="directives" name="Директивы"> @@ -206,8 +206,12 @@ Auth-SMTP-To: RCPT TO: <postmaster@ma <link doc="ngx_mail_ssl_module.xml" id="ssl_verify_client"/> включена, заголовок <header>Auth-SSL-Verify</header> содержит результат проверки клиентского сертификата: -“<literal>SUCCESS</literal>”, “<literal>FAILED</literal>” и, -если сертификат не был предоставлен — “<literal>NONE</literal>”. +“<literal>SUCCESS</literal>”, “<literal>FAILED:</literal><value>reason</value>” +(1.11.7) и, если сертификат не был предоставлен — “<literal>NONE</literal>”. +<note> +До версии 1.11.7 результат “<literal>FAILED</literal>” +не содержал строку <value>reason</value>. +</note> Если клиентский сертификат был предоставлен, информация о нём передаётся в следующих заголовках запроса: <header>Auth-SSL-Subject</header>, <header>Auth-SSL-Issuer</header>,