Mercurial > hg > nginx
annotate docs/xsls/changes.xsls @ 7732:59e1c73fe02b
SSL: ssl_reject_handshake directive (ticket #195).
In some cases it might be needed to reject SSL handshake based on SNI
server name provided, for example, to make sure an invalid certificate
is not returned to clients trying to contact a name-based virtual server
without SSL configured. Previously, a "ssl_ciphers aNULL;" was used for
this. This workaround, however, is not compatible with TLSv1.3, in
particular, when using BoringSSL, where it is not possible to configure
TLSv1.3 ciphers at all.
With this change, the ssl_reject_handshake directive is introduced,
which instructs nginx to reject SSL handshakes with an "unrecognized_name"
alert in a particular server block.
For example, to reject handshake with names other than example.com,
one can use the following configuration:
server {
listen 443 ssl;
ssl_reject_handshake on;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate example.com.crt;
ssl_certificate_key example.com.key;
}
The following configuration can be used to reject all SSL handshakes
without SNI server name provided:
server {
listen 443 ssl;
ssl_reject_handshake on;
}
server {
listen 443 ssl;
server_name ~^;
ssl_certificate example.crt;
ssl_certificate_key example.key;
}
Additionally, the ssl_reject_handshake directive makes configuring
certificates for the default server block optional. If no certificates
are configured in the default server for a given listening socket,
certificates must be defined in all non-default server blocks with
the listening socket in question.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 22 Oct 2020 18:02:28 +0300 |
parents | 529f10f7757c |
children | e79c7521aaf4 |
rev | line source |
---|---|
450 | 1 X:stylesheet { |
2 | |
4028
76bc29f06168
CHANGES conversion from KOI8-R to UTF-8.
Igor Sysoev <igor@sysoev.ru>
parents:
4025
diff
changeset
|
3 X:output method="text"; |
450 | 4 |
5 X:param lang="'en'"; | |
6 X:param configuration="'../xml/change_log_conf.xml'"; | |
7 | |
8 X:var conf = "document($configuration)/configuration"; | |
9 X:var start = "$conf/start"; | |
10 X:var indent = "$conf/indent"; | |
11 X:var max = "$conf/length"; | |
12 X:var br = {<br>} | |
13 | |
14 | |
15 X:template = "/" { !! "change_log"; } | |
16 X:template = "change_log" { !! "changes"; } | |
17 | |
18 | |
19 X:template = "changes" { | |
20 X:text { } | |
21 | |
22 !{substring(concat($conf/changes[@lang=$lang]/title, | |
23 //change_log/@title, | |
24 ' ', @ver, | |
25 ' '), | |
26 1, $conf/changes[@lang=$lang]/length)} | |
27 | |
6914
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
28 X:if "$lang='ru'" { |
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
29 !{substring(@date, 9, 2)} |
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
30 X:text {.} |
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
31 !{substring(@date, 6, 2)} |
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
32 X:text {.} |
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
33 !{substring(@date, 1, 4)} |
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
34 } |
450 | 35 |
36 X:if "$lang='en'" { | |
6914
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
37 !{substring(@date, 9, 2)} |
450 | 38 !{$conf/changes[@lang=$lang]/month[number(substring(current()/@date, |
6914
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
39 6, 2))]} |
529f10f7757c
Docs: changes.xml dates converted to ISO 8601 format.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4028
diff
changeset
|
40 !{substring(@date, 1, 4)} |
450 | 41 } |
42 | |
43 X:text { } | |
44 | |
45 !! "change"; | |
46 | |
47 X:text { } | |
48 } | |
49 | |
50 | |
51 X:template = "change" { | |
52 X:var prefix = "$conf/changes[@lang=$lang]/*[local-name(.)=current()/@type]" | |
53 | |
54 X:var postfix = { X:if "$prefix" { X:text {: } } } | |
55 | |
56 !! "para[@lang=$lang]" (prefix = "concat($start, $prefix, $postfix)"); | |
57 } | |
58 | |
59 | |
60 X:template para(prefix) = "para" { | |
61 X:var text = { !!; } | |
62 | |
63 X:text { } | |
64 | |
65 !wrap(text = "normalize-space($text)", | |
66 prefix = { X:if "position() = 1" { !{$prefix} } else { !{$indent} } }) | |
67 } | |
68 | |
69 | |
70 X:template wrap(text, prefix) { | |
71 X:if "$text" { | |
72 X:var offset = { | |
4022
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
73 X:choose { |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
74 X:when "starts-with($text, concat($br, ' '))" { |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
75 !{string-length($br) + 2} |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
76 } |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
77 X:when "starts-with($text, $br)" { |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
78 !{string-length($br) + 1} |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
79 } |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
80 X:otherwise { |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
81 1 |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
82 } |
450 | 83 } |
84 } | |
85 | |
86 X:var length = { | |
87 !length(text = "substring($text, $offset)", | |
88 prefix = "string-length($prefix)", | |
89 length = "$max") | |
90 } | |
91 | |
92 !{$prefix} | |
93 | |
4025
7b85e695600a
Traling spaces removal in text CHANGES files.
Igor Sysoev <igor@sysoev.ru>
parents:
4022
diff
changeset
|
94 !{normalize-space(translate(substring($text, $offset, $length), |
7b85e695600a
Traling spaces removal in text CHANGES files.
Igor Sysoev <igor@sysoev.ru>
parents:
4022
diff
changeset
|
95 ' ', ' '))} |
450 | 96 |
97 X:text { } | |
98 | |
99 !wrap(text = "substring($text, $length + $offset)", prefix = "$indent") | |
100 } | |
101 } | |
102 | |
103 | |
104 X:template length(text, prefix, length) { | |
4022
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
105 X:var break = "substring-before(substring($text, 1, |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
106 $length - $prefix + string-length($br)), |
450 | 107 $br)" |
108 | |
109 X:choose { | |
110 X:when "$break" { !{string-length($break)} } | |
111 | |
4022
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
112 X:when "$length = 0" { !{$max - $prefix} } |
450 | 113 |
4022
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
114 X:when "string-length($text) + $prefix <= $length" { |
450 | 115 !{$length - $prefix} |
116 } | |
117 | |
4022
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
118 X:when "substring($text, $length - $prefix + 1, 1) = ' '" { |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
119 !{$length - $prefix + 1} |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
120 } |
10b3b7908efb
- support <br/> in the middle of input
Ruslan Ermilov <ru@nginx.com>
parents:
450
diff
changeset
|
121 |
450 | 122 X:otherwise { |
123 !length(text = "$text", prefix = "$prefix", length = "$length - 1") | |
124 } | |
125 } | |
126 } | |
127 | |
128 | |
129 X:template = "at" {@} | |
130 X:template = "br" { !{$br} } | |
131 X:template = "nobr" { !{translate(., ' ', ' ')} } | |
132 | |
133 | |
134 } |