Mercurial > hg > nginx-site
diff xml/en/docs/http/ngx_http_ssl_module.xml @ 2350:8e35f3af574b
Documented the "data:" syntax for ssl_certificate and key.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 26 Mar 2019 17:09:15 +0300 |
parents | dbe55598d3f6 |
children | d323beea61ec |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_ssl_module.xml Tue Mar 26 10:55:49 2019 +0300 +++ b/xml/en/docs/http/ngx_http_ssl_module.xml Tue Mar 26 17:09:15 2019 +0300 @@ -10,7 +10,7 @@ <module name="Module ngx_http_ssl_module" link="/en/docs/http/ngx_http_ssl_module.html" lang="en" - rev="45"> + rev="46"> <section id="summary"> @@ -186,6 +186,17 @@ and this may have a negative impact on performance. </para> +<para id="ssl_certificate_data"> +The value +<literal>data</literal>:<value>$variable</value> +can be specified instead of the <value>file</value> (1.15.10), +which loads a certificate from a variable +without using intermediate files. +Note that inappropriate use of this syntax may have its security implications, +such as writing secret key data to +<link doc="../ngx_core_module.xml" id="error_log">error log</link>. +</para> + <para> It should be kept in mind that due to the HTTPS protocol limitations for maximum interoperability virtual servers should listen on @@ -215,6 +226,16 @@ from the OpenSSL engine <value>name</value>. </para> +<para id="ssl_certificate_key_data"> +The value +<literal>data</literal>:<value>$variable</value> +can be specified instead of the <value>file</value> (1.15.10), +which loads a secret key from a variable without using intermediate files. +Note that inappropriate use of this syntax may have its security implications, +such as writing secret key data to +<link doc="../ngx_core_module.xml" id="error_log">error log</link>. +</para> + <para> Since version 1.15.9, variables can be used in the <value>file</value> name when using OpenSSL 1.0.2 or higher.