diff --git a/doc/h2load.1 b/doc/h2load.1 index 4f1f54c6..3fed07cd 100644 --- a/doc/h2load.1 +++ b/doc/h2load.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "H2LOAD" "1" "March 31, 2015" "0.7.10-DEV" "nghttp2" +.TH "H2LOAD" "1" "April 08, 2015" "0.7.10" "nghttp2" .SH NAME h2load \- HTTP/2 benchmarking tool . diff --git a/doc/nghttp.1 b/doc/nghttp.1 index d5a48c8c..ba533a30 100644 --- a/doc/nghttp.1 +++ b/doc/nghttp.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTP" "1" "March 31, 2015" "0.7.10-DEV" "nghttp2" +.TH "NGHTTP" "1" "April 08, 2015" "0.7.10" "nghttp2" .SH NAME nghttp \- HTTP/2 experimental client . diff --git a/doc/nghttpd.1 b/doc/nghttpd.1 index 35647819..67337d8d 100644 --- a/doc/nghttpd.1 +++ b/doc/nghttpd.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTPD" "1" "March 31, 2015" "0.7.10-DEV" "nghttp2" +.TH "NGHTTPD" "1" "April 08, 2015" "0.7.10" "nghttp2" .SH NAME nghttpd \- HTTP/2 experimental server . diff --git a/doc/nghttpx.1 b/doc/nghttpx.1 index 2832b267..5ceda445 100644 --- a/doc/nghttpx.1 +++ b/doc/nghttpx.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTPX" "1" "March 31, 2015" "0.7.10-DEV" "nghttp2" +.TH "NGHTTPX" "1" "April 08, 2015" "0.7.10" "nghttp2" .SH NAME nghttpx \- HTTP/2 experimental proxy . @@ -435,17 +435,6 @@ are stored in memory. .UNINDENT .INDENT 0.0 .TP -.B \-\-tls\-ctx\-per\-worker -Create OpenSSL\(aqs SSL_CTX per worker, so that no internal -locking is required. This may improve scalability with -multi threaded configuration. If this option is -enabled, session ID is no longer shared accross SSL_CTX -objects, which means session ID generated by one worker -is not acceptable by another worker. On the other hand, -session ticket key is shared across all worker threads. -.UNINDENT -.INDENT 0.0 -.TP .B \-\-fetch\-ocsp\-response\-file= Path to fetch\-ocsp\-response script file. It should be absolute path. @@ -643,7 +632,8 @@ Default: \fB$remote_addr \- \- [$time_local] "$request" $status $body_bytes_sent .TP .B \-\-errorlog\-file= Set path to write error log. To reopen file, send USR1 -signal to nghttpx. +signal to nghttpx. stderr will be redirected to the +error log file unless \fI\%\-\-errorlog\-syslog\fP is used. .sp Default: \fB/dev/stderr\fP .UNINDENT @@ -872,6 +862,15 @@ specified socket already exists in the file system, nghttpx first deletes it. However, if SIGUSR2 is used to execute new binary and both old and new configurations use same filename, new binary does not delete the socket and continues to use it. +.SH OCSP STAPLING +.sp +OCSP query is done using external perl script \fBfetch\-ocsp\-response\fP, +which has been developed as part of h2o project +(\fI\%https://github.com/h2o/h2o\fP). +.sp +The script file is usually installed under +\fB$(prefix)/share/nghttp2/\fP directory. The actual path to script can +be customized using \fI\%\-\-fetch\-ocsp\-response\-file\fP option. .SH SEE ALSO .sp \fInghttp(1)\fP, \fInghttpd(1)\fP, \fIh2load(1)\fP diff --git a/doc/nghttpx.1.rst b/doc/nghttpx.1.rst index 340a7408..4aff82cd 100644 --- a/doc/nghttpx.1.rst +++ b/doc/nghttpx.1.rst @@ -377,16 +377,6 @@ SSL/TLS automatically and renewed every 12hrs. At most 2 keys are stored in memory. -.. option:: --tls-ctx-per-worker - - Create OpenSSL's SSL_CTX per worker, so that no internal - locking is required. This may improve scalability with - multi threaded configuration. If this option is - enabled, session ID is no longer shared accross SSL_CTX - objects, which means session ID generated by one worker - is not acceptable by another worker. On the other hand, - session ticket key is shared across all worker threads. - .. option:: --fetch-ocsp-response-file= Path to fetch-ocsp-response script file. It should be @@ -561,7 +551,8 @@ Logging .. option:: --errorlog-file= Set path to write error log. To reopen file, send USR1 - signal to nghttpx. + signal to nghttpx. stderr will be redirected to the + error log file unless :option:`--errorlog-syslog` is used. Default: ``/dev/stderr`` @@ -784,6 +775,17 @@ deletes it. However, if SIGUSR2 is used to execute new binary and both old and new configurations use same filename, new binary does not delete the socket and continues to use it. +OCSP STAPLING +------------- + +OCSP query is done using external perl script ``fetch-ocsp-response``, +which has been developed as part of h2o project +(https://github.com/h2o/h2o). + +The script file is usually installed under +``$(prefix)/share/nghttp2/`` directory. The actual path to script can +be customized using :option:`--fetch-ocsp-response-file` option. + SEE ALSO --------