diff --git a/doc/h2load.1 b/doc/h2load.1 index 8de67437..f6e39701 100644 --- a/doc/h2load.1 +++ b/doc/h2load.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "H2LOAD" "1" "Apr 24, 2017" "1.22.0" "nghttp2" +.TH "H2LOAD" "1" "May 21, 2017" "1.23.0-DEV" "nghttp2" .SH NAME h2load \- HTTP/2 benchmarking tool . diff --git a/doc/nghttp.1 b/doc/nghttp.1 index 6f1ef989..613c6fa3 100644 --- a/doc/nghttp.1 +++ b/doc/nghttp.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTP" "1" "Apr 24, 2017" "1.22.0" "nghttp2" +.TH "NGHTTP" "1" "May 21, 2017" "1.23.0-DEV" "nghttp2" .SH NAME nghttp \- HTTP/2 client . @@ -236,6 +236,12 @@ combined with the \fI\%\-d\fP option. .UNINDENT .INDENT 0.0 .TP +.B \-y, \-\-no\-verify\-peer +Suppress warning on server certificate verification +failure. +.UNINDENT +.INDENT 0.0 +.TP .B \-\-version Display version information and exit. .UNINDENT diff --git a/doc/nghttp.1.rst b/doc/nghttp.1.rst index a40eb2eb..ae4ce03a 100644 --- a/doc/nghttp.1.rst +++ b/doc/nghttp.1.rst @@ -186,6 +186,11 @@ OPTIONS Continue interim response. This option is ignored unless combined with the :option:`-d` option. +.. option:: -y, --no-verify-peer + + Suppress warning on server certificate verification + failure. + .. option:: --version Display version information and exit. diff --git a/doc/nghttpd.1 b/doc/nghttpd.1 index 6482409f..e9f029ed 100644 --- a/doc/nghttpd.1 +++ b/doc/nghttpd.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTPD" "1" "Apr 24, 2017" "1.22.0" "nghttp2" +.TH "NGHTTPD" "1" "May 21, 2017" "1.23.0-DEV" "nghttp2" .SH NAME nghttpd \- HTTP/2 server . diff --git a/doc/nghttpx.1 b/doc/nghttpx.1 index 342c17d0..3a103782 100644 --- a/doc/nghttpx.1 +++ b/doc/nghttpx.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTPX" "1" "Apr 24, 2017" "1.22.0" "nghttp2" +.TH "NGHTTPX" "1" "May 21, 2017" "1.23.0-DEV" "nghttp2" .SH NAME nghttpx \- HTTP/2 proxy . @@ -96,6 +96,18 @@ host pattern "*.nghttp2.org" matches against match against "nghttp2.org". The exact hosts match takes precedence over the wildcard hosts match. .sp +If path part ends with "*", it is treated as wildcard +path. The wildcard path behaves differently from the +normal path. For normal path, match is made around the +boundary of path component separator,"\fI/\fP". On the other +hand, the wildcard path does not take into account the +path component separator. All paths which include the +wildcard path without last "*" as prefix, and are +strictly longer than wildcard path without last "*" are +matched. "*" must match at least one character. For +example, the pattern "\fI/foo*\fP" matches "\fI/foo/\fP" and +"\fI/foobar\fP". But it does not match "\fI/foo\fP", or "\fI/fo\fP". +.sp If is omitted or empty string, "\fI/\fP" is used as pattern, which matches all request paths (catch\-all pattern). The catch\-all backend must be given. @@ -611,12 +623,12 @@ password protected it\(aqll be requested interactively. Specify additional certificate and private key file. nghttpx will choose certificates based on the hostname indicated by client using TLS SNI extension. If nghttpx -is built with OpenSSL >= 1.0.2, signature algorithms -(e.g., ECDSA+SHA256, RSA+SHA256) presented by client are -also taken into consideration. This allows nghttpx to -send ECDSA certificate to modern clients, while sending -RSA based certificate to older clients. This option can -be used multiple times. To make OCSP stapling work, +is built with OpenSSL >= 1.0.2, the shared elliptic +curves (e.g., P\-256) between client and server are also +taken into consideration. This allows nghttpx to send +ECDSA certificate to modern clients, while sending RSA +based certificate to older clients. This option can be +used multiple times. To make OCSP stapling work, must be absolute path. .sp Additional parameter can be specified in . The @@ -812,6 +824,15 @@ Default: \fB4h\fP .UNINDENT .INDENT 0.0 .TP +.B \-\-ocsp\-startup +Start accepting connections after initial attempts to +get OCSP responses finish. It does not matter some of +the attempts fail. This feature is useful if OCSP +responses must be available before accepting +connections. +.UNINDENT +.INDENT 0.0 +.TP .B \-\-no\-ocsp Disable OCSP stapling. .UNINDENT diff --git a/doc/nghttpx.1.rst b/doc/nghttpx.1.rst index 3a228463..0f04c938 100644 --- a/doc/nghttpx.1.rst +++ b/doc/nghttpx.1.rst @@ -80,6 +80,18 @@ Connections match against "nghttp2.org". The exact hosts match takes precedence over the wildcard hosts match. + If path part ends with "\*", it is treated as wildcard + path. The wildcard path behaves differently from the + normal path. For normal path, match is made around the + boundary of path component separator,"*/*". On the other + hand, the wildcard path does not take into account the + path component separator. All paths which include the + wildcard path without last "\*" as prefix, and are + strictly longer than wildcard path without last "\*" are + matched. "\*" must match at least one character. For + example, the pattern "*/foo\**" matches "*/foo/*" and + "*/foobar*". But it does not match "*/foo*", or "*/fo*". + If is omitted or empty string, "*/*" is used as pattern, which matches all request paths (catch-all pattern). The catch-all backend must be given. @@ -563,12 +575,12 @@ SSL/TLS Specify additional certificate and private key file. nghttpx will choose certificates based on the hostname indicated by client using TLS SNI extension. If nghttpx - is built with OpenSSL >= 1.0.2, signature algorithms - (e.g., ECDSA+SHA256, RSA+SHA256) presented by client are - also taken into consideration. This allows nghttpx to - send ECDSA certificate to modern clients, while sending - RSA based certificate to older clients. This option can - be used multiple times. To make OCSP stapling work, + is built with OpenSSL >= 1.0.2, the shared elliptic + curves (e.g., P-256) between client and server are also + taken into consideration. This allows nghttpx to send + ECDSA certificate to modern clients, while sending RSA + based certificate to older clients. This option can be + used multiple times. To make OCSP stapling work, must be absolute path. Additional parameter can be specified in . The @@ -743,6 +755,14 @@ SSL/TLS Default: ``4h`` +.. option:: --ocsp-startup + + Start accepting connections after initial attempts to + get OCSP responses finish. It does not matter some of + the attempts fail. This feature is useful if OCSP + responses must be available before accepting + connections. + .. option:: --no-ocsp Disable OCSP stapling.