Mercurial > hg > nginx
view docs/dtd/change_log_conf.dtd @ 6548:8a34e92d8ab5
SSL: made it possible to iterate though all certificates.
A pointer to a previously configured certificate now stored in a certificate.
This makes it possible to iterate though all certificates configured in
the SSL context. This is now used to configure OCSP stapling for all
certificates, and in ngx_ssl_session_id_context().
As SSL_CTX_use_certificate() frees previously loaded certificate of the same
type, and we have no way to find out if it's the case, X509_free() calls
are now posponed till ngx_ssl_cleanup_ctx().
Note that in OpenSSL 1.0.2+ this can be done without storing things in exdata
using the SSL_CTX_set_current_cert() and SSL_CTX_get0_certificate() functions.
These are not yet available in all supported versions though, so it's easier
to continue to use exdata for now.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 19 May 2016 14:46:32 +0300 |
parents | 551102312e19 |
children |
line wrap: on
line source
<!ELEMENT configuration (length, start, indent, changes+) > <!ELEMENT length (#PCDATA) > <!ELEMENT start (#PCDATA) > <!ELEMENT indent (#PCDATA) > <!ELEMENT changes (title, length, bugfix, feature, change, workaround, (month, month, month, month, month, month, month, month, month, month, month, month)?) > <!ATTLIST changes lang ( ru | en) #REQUIRED> <!ELEMENT title (#PCDATA) > <!ELEMENT bugfix (#PCDATA) > <!ELEMENT feature (#PCDATA) > <!ELEMENT change (#PCDATA) > <!ELEMENT workaround (#PCDATA) > <!ELEMENT month (#PCDATA) >