nginx-1.15.10

Maxim Dounin mdounin at mdounin.ru
Tue Mar 26 17:45:21 UTC 2019


Hello!

On Tue, Mar 26, 2019 at 06:16:39PM +0100, A. Schulze wrote:

> Am 26.03.19 um 17:50 schrieb Maxim Dounin:
> > The difference is that in 1.15.10 you can put a certificate itself 
> > into a variable.  Quoting docs:
> > 
> > : The value data:$variable can be specified instead of the file 
> > : (1.15.10), which loads a certificate from a variable without using 
> > : intermediate files. Note that inappropriate use of this syntax may 
> > : have its security implications, such as writing secret key data to 
> > : error log.
> 
> Hello Maxim,
> 
> could you more verbose about the intended use-case?
> that would make the feature more transparent (at least to me)

This is intended to be used with some external means of providing 
certificates and keys, such as perl or njs code, or a keyval 
database (http://nginx.org/r/keyval).

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx mailing list