File: ssl.xml

package info (click to toggle)
php-doc 20081024-1
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 57,752 kB
  • ctags: 3,858
  • sloc: xml: 686,554; php: 19,446; perl: 610; cpp: 500; makefile: 336; sh: 114; awk: 28
file content (242 lines) | stat: -rw-r--r-- 6,567 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
 
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision: 1.4 $ -->

<refentry xml:id="context.ssl" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" role="noversion">
 <refnamediv>
  <refname>SSL context options</refname>
  <refpurpose>SSL context option listing</refpurpose>
 </refnamediv>
 
 <refsect1 role="description">
  &reftitle.description;
  <para>
   Context options for <literal>ssl://</literal> and <literal>tls://</literal>
   transports.
  </para>
 </refsect1>

 <refsect1 role="options"><!-- {{{ -->
  &reftitle.options;
  <para>
   <variablelist>
    <varlistentry xml:id="context.ssl.verify-peer">
     <term>
      <parameter>verify_peer</parameter>
      <type>boolean</type>
     </term>
     <listitem>
      <para>
       Require verification of SSL certificate used.
      </para>
      <para>
       Defaults to &false;.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.allow-self-signed">
     <term>
      <parameter>allow_self_signed</parameter>
      <type>boolean</type>
     </term>
     <listitem>
      <para>
       Allow self-signed certificates.
      </para>
      <para>
       Defaults to &false;
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.cafile">
     <term>
      <parameter>cafile</parameter>
      <type>string</type>
     </term>
     <listitem>
      <para>
       Location of Certificate Authority file on local filesystem
       which should be used with the <literal>verify_peer</literal>
       context option to authenticate the identity of the remote peer.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.capath">
     <term>
      <parameter>capath</parameter>
      <type>string</type>
     </term>
     <listitem>
      <para>
       If <literal>cafile</literal> is not specified or if the certificate
       is not found there, the directory pointed to by <literal>capath</literal> 
       is searched for a suitable certificate.  <literal>capath</literal>
       must be a correctly hashed certificate directory.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.local-cert">
     <term>
      <parameter>local_cert</parameter>
      <type>string</type>
     </term>
     <listitem>
      <para>
       Path to local certificate file on filesystem.  It must be a PEM
       encoded file which contains your certificate and private key.
       It can optionally contain the certificate chain of issuers.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.passphrase">
     <term>
      <parameter>passphrase</parameter>
      <type>string</type>
     </term>
     <listitem>
      <para>
       Passphrase with which your <literal>local_cert</literal> file
       was encoded.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.cn-match">
     <term>
      <parameter>CN_match</parameter>
      <type>string</type>
     </term>
     <listitem>
      <para>
       Common Name we are expecting.  PHP will perform limited wildcard
       matching.  If the Common Name does not match this, the connection
       attempt will fail.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.verify-depth">
     <term>
      <parameter>verify_depth</parameter>
      <type>integer</type>
     </term>
     <listitem>
      <para>
       Abort if the certificate chain is too deep.
      </para>
      <para>
       Defaults to no verification.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.ciphers">
     <term>
      <parameter>ciphers</parameter>
      <type>string</type>
     </term>
     <listitem>
      <para>
       Sets the list of available ciphers. The format of the string is described
       in <link xlink:href="&url.openssl.ciphers;">ciphers(1)</link>.
      </para>
      <para>
       Defaults to <literal>DEFAULT</literal>.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.capture-peer-cert">
     <term>
      <parameter>capture_peer_cert</parameter>
      <type>boolean</type>
     </term>
     <listitem>
      <para>
       If set to &true; a <literal>peer_certificate</literal> context option
       will be created containing the peer certificate.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry xml:id="context.ssl.capture-peer-chain">
     <term>
      <parameter>capture_peer_chain</parameter>
      <type>boolean</type>
     </term>
     <listitem>
      <para>
       If set to &true; a <literal>peer_certificate_chain</literal> context
       option will be created containing the certificate chain.
      </para>
     </listitem>
    </varlistentry>
   </variablelist>
  </para>
 </refsect1><!-- }}} -->
 
 <refsect1 role="changelog"><!-- {{{ -->
  &reftitle.changelog;
  <para>
   <informaltable>
    <tgroup cols="2">
     <thead>
      <row>
       <entry>&Version;</entry>
       <entry>&Description;</entry>
      </row>
     </thead>
     <tbody>
      <row>
       <entry>5.0.0</entry>
       <entry>
        Added <parameter>capture_peer_cert</parameter>,
        <parameter>capture_peer_chain</parameter> and
        <parameter>ciphers</parameter>.
       </entry>
      </row>
     </tbody>
    </tgroup>
   </informaltable>
  </para>
 </refsect1><!-- }}} -->

 <refsect1 role="notes">
  &reftitle.notes;
  <note>
   <simpara>
    Because <literal>ssl://</literal> is the underlying transport for the
    <link linkend="wrappers.http"><literal>https://</literal></link> and
    <link linkend="wrappers.ftp"><literal>ftps://</literal></link> wrappers, 
    any context options which apply to <literal>ssl://</literal> also apply to
    <literal>https://</literal> and <literal>ftps://</literal>.
   </simpara>
  </note>
 </refsect1>

 <refsect1 role="seealso">
  &reftitle.seealso;
  <para>
   <simplelist>
    <member><xref linkend="context.socket" /></member>
   </simplelist>
  </para>
 </refsect1>

</refentry>
 
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->