Skip to content

Commit e42f9b5

Browse files
thibaultchathibaultcha
committed
doc: updated the section on OpenSSL and NGINX patches in the 'ssl_certificate_by_lua*' documentation.
1 parent 09484e8 commit e42f9b5

File tree

2 files changed

+40
-16
lines changed

2 files changed

+40
-16
lines changed

README.markdown

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2529,14 +2529,25 @@ while starting NGINX:
25292529
nginx: [emerg] no ssl configured for the server
25302530

25312531

2532-
This directive currently requires the following NGINX core patch to work correctly:
2532+
This directive requires OpenSSL 1.0.2e or greater.
25332533

2534-
<http://mailman.nginx.org/pipermail/nginx-devel/2016-January/007748.html>
2534+
If you are using the [official pre-built
2535+
packages](http://openresty.org/en/linux-packages.html) for
2536+
[OpenResty](https://openresty.org/) 1.9.7.2 or later, then everything should
2537+
work out of the box.
25352538

2536-
The bundled version of the NGINX core in OpenResty 1.9.7.2 (or above) already has this
2537-
patch applied.
2539+
If you are not using one of the [OpenSSL
2540+
packages](https://openresty.org/en/linux-packages.html) provided by
2541+
[OpenResty](https://openresty.org), you will need to apply patches to OpenSSL
2542+
in order to use this directive:
25382543

2539-
Furthermore, one needs at least OpenSSL 1.0.2e for this directive to work.
2544+
<https://openresty.org/en/openssl-patches.html>
2545+
2546+
Similarly, if you are not using the NGINX core shipped with
2547+
[OpenResty](https://openresty.org) 1.9.7.2 or later, you will need to apply
2548+
patches to the standard NGINX core:
2549+
2550+
<https://openresty.org/en/nginx-ssl-patches.html>
25402551

25412552
This directive was first introduced in the `v0.10.0` release.
25422553

@@ -2611,7 +2622,7 @@ If you are using the [official pre-built packages](http://openresty.org/en/linux
26112622
If you are not using one of the [OpenSSL
26122623
packages](https://openresty.org/en/linux-packages.html) provided by
26132624
[OpenResty](https://openresty.org), you will need to apply patches to OpenSSL
2614-
in order to use this hook:
2625+
in order to use this directive:
26152626

26162627
<https://openresty.org/en/openssl-patches.html>
26172628

@@ -2623,8 +2634,9 @@ patches to the standard NGINX core:
26232634

26242635
This directive was first introduced in the `v0.10.6` release.
26252636

2626-
Note that: this directive is only allowed to used in **http context** from the `v0.10.7` release
2627-
(because SSL session resumption happens before server name dispatch).
2637+
Note that this directive can only be used in the **http context** starting
2638+
with the `v0.10.7` release since SSL session resumption happens
2639+
before server name dispatch.
26282640

26292641
[Back to TOC](#directives)
26302642

doc/HttpLuaModule.wiki

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2132,14 +2132,25 @@ while starting NGINX:
21322132
nginx: [emerg] no ssl configured for the server
21332133
</geshi>
21342134
2135-
This directive currently requires the following NGINX core patch to work correctly:
2135+
This directive requires OpenSSL 1.0.2e or greater.
21362136
2137-
http://mailman.nginx.org/pipermail/nginx-devel/2016-January/007748.html
2137+
If you are using the [official pre-built
2138+
packages](http://openresty.org/en/linux-packages.html) for
2139+
[OpenResty](https://openresty.org/) 1.9.7.2 or later, then everything should
2140+
work out of the box.
21382141
2139-
The bundled version of the NGINX core in OpenResty 1.9.7.2 (or above) already has this
2140-
patch applied.
2142+
If you are not using one of the [OpenSSL
2143+
packages](https://openresty.org/en/linux-packages.html) provided by
2144+
[OpenResty](https://openresty.org), you will need to apply patches to OpenSSL
2145+
in order to use this directive:
21412146
2142-
Furthermore, one needs at least OpenSSL 1.0.2e for this directive to work.
2147+
https://openresty.org/en/openssl-patches.html
2148+
2149+
Similarly, if you are not using the NGINX core shipped with
2150+
[OpenResty](https://openresty.org) 1.9.7.2 or later, you will need to apply
2151+
patches to the standard NGINX core:
2152+
2153+
https://openresty.org/en/nginx-ssl-patches.html
21432154
21442155
This directive was first introduced in the <code>v0.10.0</code> release.
21452156
@@ -2208,7 +2219,7 @@ If you are using the [official pre-built packages](http://openresty.org/en/linux
22082219
If you are not using one of the [OpenSSL
22092220
packages](https://openresty.org/en/linux-packages.html) provided by
22102221
[OpenResty](https://openresty.org), you will need to apply patches to OpenSSL
2211-
in order to use this hook:
2222+
in order to use this directive:
22122223
22132224
https://openresty.org/en/openssl-patches.html
22142225
@@ -2220,8 +2231,9 @@ https://openresty.org/en/nginx-ssl-patches.html
22202231
22212232
This directive was first introduced in the <code>v0.10.6</code> release.
22222233
2223-
Note that: this directive is only allowed to used in '''http context''' from the <code>v0.10.7</code> release
2224-
(because SSL session resumption happens before server name dispatch).
2234+
Note that this directive can only be used in the '''http context''' starting
2235+
with the <code>v0.10.7</code> release since SSL session resumption happens
2236+
before server name dispatch.
22252237
22262238
== ssl_session_fetch_by_lua_file ==
22272239

0 commit comments

Comments
 (0)