language/context/ssl.xml
ec6e871a47fa15228aa3299f46fed826422adbc0
ec6e871a47fa15228aa3299f46fed826422adbc0
...
...
@@ -1,7 +1,7 @@
1
1
<?xml version="1.0" encoding="utf-8"?>
2
2
<!-- $Revision$ -->
3
3
4
-
<refentry xml:id="context.ssl" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" role="noversion">
4
+
<refentry xml:id="context.ssl" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" annotations="verify_info:false">
5
5
<refnamediv>
6
6
<refname>SSL context options</refname>
7
7
<refpurpose>SSL context option listing</refpurpose>
...
...
@@ -34,7 +34,7 @@
34
34
<varlistentry xml:id="context.ssl.verify-peer">
35
35
<term>
36
36
<parameter>verify_peer</parameter>
37
-
<type>boolean</type>
37
+
<type>bool</type>
38
38
</term>
39
39
<listitem>
40
40
<para>
...
...
@@ -48,7 +48,7 @@
48
48
<varlistentry xml:id="context.ssl.verify-peer-name">
49
49
<term>
50
50
<parameter>verify_peer_name</parameter>
51
-
<type>boolean</type>
51
+
<type>bool</type>
52
52
</term>
53
53
<listitem>
54
54
<para>
...
...
@@ -62,7 +62,7 @@
62
62
<varlistentry xml:id="context.ssl.allow-self-signed">
63
63
<term>
64
64
<parameter>allow_self_signed</parameter>
65
-
<type>boolean</type>
65
+
<type>bool</type>
66
66
</term>
67
67
<listitem>
68
68
<para>
...
...
@@ -108,9 +108,9 @@
108
108
</term>
109
109
<listitem>
110
110
<para>
111
-
Path to local certificate file on filesystem. It must be a PEM
112
-
encoded file which contains your certificate and private key.
113
-
It can optionally contain the certificate chain of issuers.
111
+
Path to local certificate file on filesystem. It must be a
112
+
<acronym>PEM</acronym> encoded file which contains your certificate and
113
+
private key. It can optionally contain the certificate chain of issuers.
114
114
The private key also may be contained in a separate file specified
115
115
by <literal>local_pk</literal>.
116
116
</para>
...
...
@@ -140,29 +140,10 @@
140
140
</para>
141
141
</listitem>
142
142
</varlistentry>
143
-
<varlistentry xml:id="context.ssl.cn-match">
144
-
<term>
145
-
<parameter>CN_match</parameter>
146
-
<type>string</type>
147
-
</term>
148
-
<listitem>
149
-
<para>
150
-
Common Name we are expecting. PHP will perform limited wildcard
151
-
matching. If the Common Name does not match this, the connection
152
-
attempt will fail.
153
-
</para>
154
-
<note>
155
-
<simpara>
156
-
This option is deprecated, in favour of <parameter>peer_name</parameter>,
157
-
as of PHP 5.6.0.
158
-
</simpara>
159
-
</note>
160
-
</listitem>
161
-
</varlistentry>
162
143
<varlistentry xml:id="context.ssl.verify-depth">
163
144
<term>
164
145
<parameter>verify_depth</parameter>
165
-
<type>integer</type>
146
+
<type>int</type>
166
147
</term>
167
148
<listitem>
168
149
<para>
...
...
@@ -191,7 +172,7 @@
191
172
<varlistentry xml:id="context.ssl.capture-peer-cert">
192
173
<term>
193
174
<parameter>capture_peer_cert</parameter>
194
-
<type>boolean</type>
175
+
<type>bool</type>
195
176
</term>
196
177
<listitem>
197
178
<para>
...
...
@@ -203,7 +184,7 @@
203
184
<varlistentry xml:id="context.ssl.capture-peer-cert-chain">
204
185
<term>
205
186
<parameter>capture_peer_cert_chain</parameter>
206
-
<type>boolean</type>
187
+
<type>bool</type>
207
188
</term>
208
189
<listitem>
209
190
<para>
...
...
@@ -215,7 +196,7 @@
215
196
<varlistentry xml:id="context.ssl.sni-enabled">
216
197
<term>
217
198
<parameter>SNI_enabled</parameter>
218
-
<type>boolean</type>
199
+
<type>bool</type>
219
200
</term>
220
201
<listitem>
221
202
<para>
...
...
@@ -224,29 +205,10 @@
224
205
</para>
225
206
</listitem>
226
207
</varlistentry>
227
-
<varlistentry xml:id="context.ssl.sni-server-name">
228
-
<term>
229
-
<parameter>SNI_server_name</parameter>
230
-
<type>string</type>
231
-
</term>
232
-
<listitem>
233
-
<para>
234
-
If set, then this value will be used as server name for server name
235
-
indication. If this value is not set, then the server name is guessed
236
-
based on the hostname used when opening the stream.
237
-
</para>
238
-
<note>
239
-
<simpara>
240
-
This option is deprecated, in favour of <parameter>peer_name</parameter>,
241
-
as of PHP 5.6.0.
242
-
</simpara>
243
-
</note>
244
-
</listitem>
245
-
</varlistentry>
246
208
<varlistentry xml:id="context.ssl.disable-compression">
247
209
<term>
248
210
<parameter>disable_compression</parameter>
249
-
<type>boolean</type>
211
+
<type>bool</type>
250
212
</term>
251
213
<listitem>
252
214
<para>
...
...
@@ -275,6 +237,22 @@
275
237
</para>
276
238
</listitem>
277
239
</varlistentry>
240
+
<varlistentry xml:id="context.ssl.security-level">
241
+
<term>
242
+
<parameter>security_level</parameter>
243
+
<type>int</type>
244
+
</term>
245
+
<listitem>
246
+
<para>
247
+
Sets the security level. If not specified the library default security level is used.
248
+
The security levels are described in
249
+
<link xlink:href="&url.openssl.security-level;">SSL_CTX_get_security_level(3)</link>.
250
+
</para>
251
+
<para>
252
+
Available as of PHP 7.2.0 and OpenSSL 1.1.0.
253
+
</para>
254
+
</listitem>
255
+
</varlistentry>
278
256
</variablelist>
279
257
</para>
280
258
</refsect1><!-- }}} -->
...
...
@@ -292,32 +270,9 @@
292
270
</thead>
293
271
<tbody>
294
272
<row>
295
-
<entry>5.6.0</entry>
296
-
<entry>
297
-
Added <parameter>peer_fingerprint</parameter> and <parameter>verify_peer_name</parameter>.
298
-
<parameter>verify_peer</parameter> default changed to &true;.
299
-
</entry>
300
-
</row>
301
-
<row>
302
-
<entry>5.4.13</entry>
303
-
<entry>
304
-
Added <parameter>disable_compression</parameter>. Requires OpenSSL >= 1.0.0.
305
-
</entry>
306
-
</row>
307
-
<row>
308
-
<entry>5.3.2</entry>
309
-
<entry>
310
-
Added <parameter>SNI_enabled</parameter> and
311
-
<parameter>SNI_server_name</parameter>.
312
-
</entry>
313
-
</row>
314
-
<row>
315
-
<entry>5.0.0</entry>
273
+
<entry>7.2.0</entry>
316
274
<entry>
317
-
Added <parameter>capture_peer_cert</parameter>,
318
-
<parameter>capture_peer_chain</parameter>,
319
-
<parameter>ciphers</parameter> and
320
-
<parameter>local_pk</parameter>.
275
+
Added <parameter>security_level</parameter>. Requires OpenSSL >= 1.1.0.
321
276
</entry>
322
277
</row>
323
278
</tbody>
324
279