Skip to content

Commit 7fd69c3

Browse files
author
Tuure Vartiainen
committed
doc: Removed references to ssl_psk_by_lua*.
1 parent 8fbbe24 commit 7fd69c3

File tree

2 files changed

+0
-201
lines changed

2 files changed

+0
-201
lines changed

README.markdown

Lines changed: 0 additions & 105 deletions
Original file line numberDiff line numberDiff line change
@@ -1076,8 +1076,6 @@ Directives
10761076
* [lua_need_request_body](#lua_need_request_body)
10771077
* [ssl_certificate_by_lua_block](#ssl_certificate_by_lua_block)
10781078
* [ssl_certificate_by_lua_file](#ssl_certificate_by_lua_file)
1079-
* [ssl_psk_by_lua_block](#ssl_psk_by_lua_block)
1080-
* [ssl_psk_by_lua_file](#ssl_psk_by_lua_file)
10811079
* [ssl_psk_identity_hint](#ssl_psk_identity_hint)
10821080
* [ssl_session_fetch_by_lua_block](#ssl_session_fetch_by_lua_block)
10831081
* [ssl_session_fetch_by_lua_file](#ssl_session_fetch_by_lua_file)
@@ -2569,109 +2567,6 @@ This directive was first introduced in the `v0.10.0` release.
25692567

25702568
[Back to TOC](#directives)
25712569

2572-
ssl_psk_by_lua_block
2573-
--------------------
2574-
2575-
**syntax:** *ssl_psk_by_lua_block { lua-script }*
2576-
2577-
**context:** *server*
2578-
2579-
**phase:** *right-before-SSL-handshake*
2580-
2581-
This directive runs user Lua code when NGINX is about to start the SSL handshake for the downstream
2582-
SSL (https) connections using TLS-PSK and is meant for setting the TLS pre-shared key on a per-request basis.
2583-
2584-
The [ngx.ssl](https://github.com/vartiait/lua-resty-core/blob/ssl-psk/lib/ngx/ssl.md)
2585-
Lua module provided by the [lua-resty-core](https://github.com/openresty/lua-resty-core/#readme)
2586-
library is particularly useful in this context. You can use the Lua API offered by this Lua module
2587-
to set the TLS pre-shared key for the current SSL connection being initiated.
2588-
2589-
This Lua handler does not run at all, however, when NGINX/OpenSSL successfully resumes
2590-
the SSL session via SSL session IDs or TLS session tickets for the current SSL connection. In
2591-
other words, this Lua handler only runs when NGINX has to initiate a full SSL handshake.
2592-
2593-
Below is a trivial example using the
2594-
[ngx.ssl](https://github.com/vartiait/lua-resty-core/blob/ssl-psk/lib/ngx/ssl.md) module
2595-
at the same time:
2596-
2597-
```nginx
2598-
2599-
server {
2600-
listen 443 ssl;
2601-
server_name test.com;
2602-
2603-
ssl_psk_identity_hint Test_TLS-PSK_Identity_Hint;
2604-
2605-
ssl_psk_by_lua_block {
2606-
local ssl = require "ngx.ssl"
2607-
2608-
local psk_identity, err = ssl.get_psk_identity()
2609-
if not psk_identity then
2610-
ngx.log(ngx.ERR, "Failed to get TLS-PSK Identity: ", err)
2611-
return ngx.ERROR
2612-
end
2613-
2614-
print("Client TLS-PSK Identity: ", psk_identity)
2615-
2616-
local psk_key = "psk_test_key"
2617-
2618-
local ok, err = ssl.set_psk_key(psk_key)
2619-
if not ok then
2620-
ngx.log(ngx.ERR, "Failed to set TLS-PSK key: ", err)
2621-
return ngx.ERROR
2622-
end
2623-
2624-
return ngx.OK
2625-
}
2626-
2627-
location / {
2628-
root html;
2629-
}
2630-
}
2631-
```
2632-
2633-
See more complicated examples in the [ngx.ssl](https://github.com/vartiait/lua-resty-core/blob/ssl-psk/lib/ngx/ssl.md)
2634-
Lua module's official documentation.
2635-
2636-
Uncaught Lua exceptions in the user Lua code immediately abort the current SSL session, so does return call with an error code like `ngx.ERROR`.
2637-
2638-
This Lua code execution context *does not* support yielding, so Lua APIs that may yield
2639-
(like cosockets, sleeping, and "light threads")
2640-
are disabled in this context.
2641-
2642-
Note, however, you still need to configure the [ssl_certificate](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) and
2643-
[ssl_certificate_key](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key)
2644-
directives even though you will not use this static certificate and private key at all. This is
2645-
because the NGINX core requires their appearance otherwise you are seeing the following error
2646-
while starting NGINX:
2647-
2648-
2649-
nginx: [emerg] no ssl configured for the server
2650-
2651-
2652-
Furthermore, one needs at least OpenSSL 1.0.0 for this directive to work.
2653-
2654-
This directive was first introduced in the `v0.XX.YY` release.
2655-
2656-
[Back to TOC](#directives)
2657-
2658-
ssl_psk_by_lua_file
2659-
-------------------
2660-
2661-
**syntax:** *ssl_psk_by_lua_file <path-to-lua-script-file>*
2662-
2663-
**context:** *server*
2664-
2665-
**phase:** *right-before-SSL-handshake*
2666-
2667-
Equivalent to [ssl_psk_by_lua_block](#ssl_psk_by_lua_block), except that the file specified by `<path-to-lua-script-file>` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
2668-
2669-
When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
2670-
2671-
This directive was first introduced in the `v0.XX.YY` release.
2672-
2673-
[Back to TOC](#directives)
2674-
26752570
ssl_psk_identity_hint
26762571
---------------------
26772572

doc/HttpLuaModule.wiki

Lines changed: 0 additions & 96 deletions
Original file line numberDiff line numberDiff line change
@@ -2159,102 +2159,6 @@ When a relative path like <code>foo/bar.lua</code> is given, they will be turned
21592159
21602160
This directive was first introduced in the <code>v0.10.0</code> release.
21612161
2162-
== ssl_psk_by_lua_block ==
2163-
2164-
'''syntax:''' ''ssl_psk_by_lua_block { lua-script }''
2165-
2166-
'''context:''' ''server''
2167-
2168-
'''phase:''' ''right-before-SSL-handshake''
2169-
2170-
This directive runs user Lua code when NGINX is about to start the SSL handshake for the downstream
2171-
SSL (https) connections using TLS-PSK and is meant for setting the TLS pre-shared key on a per-request basis.
2172-
2173-
The [https://github.com/vartiait/lua-resty-core/blob/ssl-psk/lib/ngx/ssl.md ngx.ssl]
2174-
Lua module provided by the [https://github.com/openresty/lua-resty-core/#readme lua-resty-core]
2175-
library is particularly useful in this context. You can use the Lua API offered by this Lua module
2176-
to set the TLS pre-shared key for the current SSL connection being initiated.
2177-
2178-
This Lua handler does not run at all, however, when NGINX/OpenSSL successfully resumes
2179-
the SSL session via SSL session IDs or TLS session tickets for the current SSL connection. In
2180-
other words, this Lua handler only runs when NGINX has to initiate a full SSL handshake.
2181-
2182-
Below is a trivial example using the
2183-
[https://github.com/vartiait/lua-resty-core/blob/ssl-psk/lib/ngx/ssl.md ngx.ssl] module
2184-
at the same time:
2185-
2186-
<geshi lang="nginx">
2187-
server {
2188-
listen 443 ssl;
2189-
server_name test.com;
2190-
2191-
ssl_psk_identity_hint Test_TLS-PSK_Identity_Hint;
2192-
2193-
ssl_psk_by_lua_block {
2194-
local ssl = require "ngx.ssl"
2195-
2196-
local psk_identity, err = ssl.get_psk_identity()
2197-
if not psk_identity then
2198-
ngx.log(ngx.ERR, "Failed to get TLS-PSK Identity: ", err)
2199-
return ngx.ERROR
2200-
end
2201-
2202-
print("Client TLS-PSK Identity: ", psk_identity)
2203-
2204-
local psk_key = "psk_test_key"
2205-
2206-
local ok, err = ssl.set_psk_key(psk_key)
2207-
if not ok then
2208-
ngx.log(ngx.ERR, "Failed to set TLS-PSK key: ", err)
2209-
return ngx.ERROR
2210-
end
2211-
2212-
return ngx.OK
2213-
}
2214-
2215-
location / {
2216-
root html;
2217-
}
2218-
}
2219-
</geshi>
2220-
2221-
See more complicated examples in the [https://github.com/vartiait/lua-resty-core/blob/ssl-psk/lib/ngx/ssl.md ngx.ssl]
2222-
Lua module's official documentation.
2223-
2224-
Uncaught Lua exceptions in the user Lua code immediately abort the current SSL session, so does return call with an error code like <code>ngx.ERROR</code>.
2225-
2226-
This Lua code execution context *does not* support yielding, so Lua APIs that may yield
2227-
(like cosockets, sleeping, and "light threads")
2228-
are disabled in this context.
2229-
2230-
Note, however, you still need to configure the [http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate ssl_certificate] and
2231-
[http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key ssl_certificate_key]
2232-
directives even though you will not use this static certificate and private key at all. This is
2233-
because the NGINX core requires their appearance otherwise you are seeing the following error
2234-
while starting NGINX:
2235-
2236-
<geshi>
2237-
nginx: [emerg] no ssl configured for the server
2238-
</geshi>
2239-
2240-
Furthermore, one needs at least OpenSSL 1.0.0 for this directive to work.
2241-
2242-
This directive was first introduced in the <code>v0.XX.YY</code> release.
2243-
2244-
== ssl_psk_by_lua_file ==
2245-
2246-
'''syntax:''' ''ssl_psk_by_lua_file <path-to-lua-script-file>''
2247-
2248-
'''context:''' ''server''
2249-
2250-
'''phase:''' ''right-before-SSL-handshake''
2251-
2252-
Equivalent to [[#ssl_psk_by_lua_block|ssl_psk_by_lua_block]], except that the file specified by <code><path-to-lua-script-file></code> contains the Lua code, or, as from the <code>v0.5.0rc32</code> release, the [[#Lua/LuaJIT bytecode support|Lua/LuaJIT bytecode]] to be executed.
2253-
2254-
When a relative path like <code>foo/bar.lua</code> is given, they will be turned into the absolute path relative to the <code>server prefix</code> path determined by the <code>-p PATH</code> command-line option while starting the Nginx server.
2255-
2256-
This directive was first introduced in the <code>v0.XX.YY</code> release.
2257-
22582162
== ssl_psk_identity_hint ==
22592163
22602164
'''syntax:''' ''ssl_psk_identity_hint <tls_psk_identity_hint>''

0 commit comments

Comments
 (0)