From b91e4e4df19abcf8b46930dec7883f2b1238cb2d Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 21 May 2017 11:42:46 +0900
Subject: [PATCH] Update manual pages

---
 doc/h2load.1      |  2 +-
 doc/nghttp.1      |  8 +++++++-
 doc/nghttp.1.rst  |  5 +++++
 doc/nghttpd.1     |  2 +-
 doc/nghttpx.1     | 35 ++++++++++++++++++++++++++++-------
 doc/nghttpx.1.rst | 32 ++++++++++++++++++++++++++------
 6 files changed, 68 insertions(+), 16 deletions(-)

diff --git a/doc/h2load.1 b/doc/h2load.1
index 8de67437..f6e39701 100644
--- a/doc/h2load.1
+++ b/doc/h2load.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "H2LOAD" "1" "Apr 24, 2017" "1.22.0" "nghttp2"
+.TH "H2LOAD" "1" "May 21, 2017" "1.23.0-DEV" "nghttp2"
 .SH NAME
 h2load \- HTTP/2 benchmarking tool
 .
diff --git a/doc/nghttp.1 b/doc/nghttp.1
index 6f1ef989..613c6fa3 100644
--- a/doc/nghttp.1
+++ b/doc/nghttp.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTP" "1" "Apr 24, 2017" "1.22.0" "nghttp2"
+.TH "NGHTTP" "1" "May 21, 2017" "1.23.0-DEV" "nghttp2"
 .SH NAME
 nghttp \- HTTP/2 client
 .
@@ -236,6 +236,12 @@ combined with the \fI\%\-d\fP option.
 .UNINDENT
 .INDENT 0.0
 .TP
+.B \-y, \-\-no\-verify\-peer
+Suppress  warning  on  server  certificate  verification
+failure.
+.UNINDENT
+.INDENT 0.0
+.TP
 .B \-\-version
 Display version information and exit.
 .UNINDENT
diff --git a/doc/nghttp.1.rst b/doc/nghttp.1.rst
index a40eb2eb..ae4ce03a 100644
--- a/doc/nghttp.1.rst
+++ b/doc/nghttp.1.rst
@@ -186,6 +186,11 @@ OPTIONS
     Continue interim response. This option is ignored unless
     combined with the :option:`-d` option.
 
+.. option:: -y, --no-verify-peer
+
+    Suppress  warning  on  server  certificate  verification
+    failure.
+
 .. option:: --version
 
     Display version information and exit.
diff --git a/doc/nghttpd.1 b/doc/nghttpd.1
index 6482409f..e9f029ed 100644
--- a/doc/nghttpd.1
+++ b/doc/nghttpd.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPD" "1" "Apr 24, 2017" "1.22.0" "nghttp2"
+.TH "NGHTTPD" "1" "May 21, 2017" "1.23.0-DEV" "nghttp2"
 .SH NAME
 nghttpd \- HTTP/2 server
 .
diff --git a/doc/nghttpx.1 b/doc/nghttpx.1
index 342c17d0..3a103782 100644
--- a/doc/nghttpx.1
+++ b/doc/nghttpx.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPX" "1" "Apr 24, 2017" "1.22.0" "nghttp2"
+.TH "NGHTTPX" "1" "May 21, 2017" "1.23.0-DEV" "nghttp2"
 .SH NAME
 nghttpx \- HTTP/2 proxy
 .
@@ -96,6 +96,18 @@ host    pattern    "*.nghttp2.org"    matches    against
 match  against  "nghttp2.org".   The exact  hosts  match
 takes precedence over the wildcard hosts match.
 .sp
+If path  part ends with  "*", it is treated  as wildcard
+path.  The  wildcard path  behaves differently  from the
+normal path.  For normal path,  match is made around the
+boundary of path component  separator,"\fI/\fP".  On the other
+hand, the wildcard  path does not take  into account the
+path component  separator.  All paths which  include the
+wildcard  path  without  last  "*" as  prefix,  and  are
+strictly longer than wildcard  path without last "*" are
+matched.  "*"  must match  at least one  character.  For
+example,  the   pattern  "\fI/foo*\fP"  matches   "\fI/foo/\fP"  and
+"\fI/foobar\fP".  But it does not match "\fI/foo\fP", or "\fI/fo\fP".
+.sp
 If <PATTERN> is omitted or  empty string, "\fI/\fP" is used as
 pattern,  which  matches  all request  paths  (catch\-all
 pattern).  The catch\-all backend must be given.
@@ -611,12 +623,12 @@ password protected it\(aqll be requested interactively.
 Specify  additional certificate  and  private key  file.
 nghttpx will  choose certificates based on  the hostname
 indicated by client using TLS SNI extension.  If nghttpx
-is  built with  OpenSSL >=  1.0.2, signature  algorithms
-(e.g., ECDSA+SHA256, RSA+SHA256) presented by client are
-also taken  into consideration.  This allows  nghttpx to
-send ECDSA certificate to  modern clients, while sending
-RSA based certificate to older clients.  This option can
-be  used multiple  times.  To  make OCSP  stapling work,
+is  built with  OpenSSL  >= 1.0.2,  the shared  elliptic
+curves (e.g., P\-256) between  client and server are also
+taken into  consideration.  This allows nghttpx  to send
+ECDSA certificate  to modern clients, while  sending RSA
+based certificate to older  clients.  This option can be
+used  multiple  times.   To  make  OCSP  stapling  work,
 <CERTPATH> must be absolute path.
 .sp
 Additional parameter  can be specified in  <PARAM>.  The
@@ -812,6 +824,15 @@ Default: \fB4h\fP
 .UNINDENT
 .INDENT 0.0
 .TP
+.B \-\-ocsp\-startup
+Start  accepting connections  after initial  attempts to
+get OCSP responses  finish.  It does not  matter some of
+the  attempts  fail.  This  feature  is  useful if  OCSP
+responses   must    be   available    before   accepting
+connections.
+.UNINDENT
+.INDENT 0.0
+.TP
 .B \-\-no\-ocsp
 Disable OCSP stapling.
 .UNINDENT
diff --git a/doc/nghttpx.1.rst b/doc/nghttpx.1.rst
index 3a228463..0f04c938 100644
--- a/doc/nghttpx.1.rst
+++ b/doc/nghttpx.1.rst
@@ -80,6 +80,18 @@ Connections
     match  against  "nghttp2.org".   The exact  hosts  match
     takes precedence over the wildcard hosts match.
 
+    If path  part ends with  "\*", it is treated  as wildcard
+    path.  The  wildcard path  behaves differently  from the
+    normal path.  For normal path,  match is made around the
+    boundary of path component  separator,"*/*".  On the other
+    hand, the wildcard  path does not take  into account the
+    path component  separator.  All paths which  include the
+    wildcard  path  without  last  "\*" as  prefix,  and  are
+    strictly longer than wildcard  path without last "\*" are
+    matched.  "\*"  must match  at least one  character.  For
+    example,  the   pattern  "*/foo\**"  matches   "*/foo/*"  and
+    "*/foobar*".  But it does not match "*/foo*", or "*/fo*".
+
     If <PATTERN> is omitted or  empty string, "*/*" is used as
     pattern,  which  matches  all request  paths  (catch-all
     pattern).  The catch-all backend must be given.
@@ -563,12 +575,12 @@ SSL/TLS
     Specify  additional certificate  and  private key  file.
     nghttpx will  choose certificates based on  the hostname
     indicated by client using TLS SNI extension.  If nghttpx
-    is  built with  OpenSSL >=  1.0.2, signature  algorithms
-    (e.g., ECDSA+SHA256, RSA+SHA256) presented by client are
-    also taken  into consideration.  This allows  nghttpx to
-    send ECDSA certificate to  modern clients, while sending
-    RSA based certificate to older clients.  This option can
-    be  used multiple  times.  To  make OCSP  stapling work,
+    is  built with  OpenSSL  >= 1.0.2,  the shared  elliptic
+    curves (e.g., P-256) between  client and server are also
+    taken into  consideration.  This allows nghttpx  to send
+    ECDSA certificate  to modern clients, while  sending RSA
+    based certificate to older  clients.  This option can be
+    used  multiple  times.   To  make  OCSP  stapling  work,
     <CERTPATH> must be absolute path.
 
     Additional parameter  can be specified in  <PARAM>.  The
@@ -743,6 +755,14 @@ SSL/TLS
 
     Default: ``4h``
 
+.. option:: --ocsp-startup
+
+    Start  accepting connections  after initial  attempts to
+    get OCSP responses  finish.  It does not  matter some of
+    the  attempts  fail.  This  feature  is  useful if  OCSP
+    responses   must    be   available    before   accepting
+    connections.
+
 .. option:: --no-ocsp
 
     Disable OCSP stapling.