doc: generated a new markdown version.

Author: Tuure Vartiainen

README.markdown

@@ -1076,6 +1076,9 @@ Directives
 * [lua_need_request_body](#lua_need_request_body)
 * [ssl_certificate_by_lua_block](#ssl_certificate_by_lua_block)
 * [ssl_certificate_by_lua_file](#ssl_certificate_by_lua_file)
+* [ssl_psk_by_lua_block](#ssl_psk_by_lua_block)
+* [ssl_psk_by_lua_file](#ssl_psk_by_lua_file)
+* [ssl_psk_identity_hint](#ssl_psk_identity_hint)
 * [ssl_session_fetch_by_lua_block](#ssl_session_fetch_by_lua_block)
 * [ssl_session_fetch_by_lua_file](#ssl_session_fetch_by_lua_file)
 * [ssl_session_store_by_lua_block](#ssl_session_store_by_lua_block)
@@ -1094,6 +1097,8 @@ Directives
 * [lua_ssl_protocols](#lua_ssl_protocols)
 * [lua_ssl_trusted_certificate](#lua_ssl_trusted_certificate)
 * [lua_ssl_verify_depth](#lua_ssl_verify_depth)
+* [lua_ssl_psk_identity](#lua_ssl_psk_identity)
+* [lua_ssl_psk_key](#lua_ssl_psk_key)
 * [lua_http10_buffering](#lua_http10_buffering)
 * [rewrite_by_lua_no_postpone](#rewrite_by_lua_no_postpone)
 * [access_by_lua_no_postpone](#access_by_lua_no_postpone)
@@ -2564,6 +2569,108 @@ This directive was first introduced in the `v0.10.0` release.
 
 [Back to TOC](#directives)
 
+ssl_psk_by_lua_block
+--------------------
+
+**syntax:** *ssl_psk_by_lua_block { lua-script }*
+
+**context:** *server*
+
+**phase:** *right-before-SSL-handshake*
+
+This directive runs user Lua code when NGINX is about to start the SSL handshake for the downstream
+SSL (https) connections using TLS-PSK and is meant for setting the TLS pre-shared key on a per-request basis.
+
+The [ngx.ssl](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md)
+ Lua module provided by the [lua-resty-core](https://github.com/openresty/lua-resty-core/#readme)
+library is particularly useful in this context. You can use the Lua API offered by this Lua module
+to set the TLS pre-shared key for the current SSL connection being initiated.
+
+This Lua handler does not run at all, however, when NGINX/OpenSSL successfully resumes
+the SSL session via SSL session IDs or TLS session tickets for the current SSL connection. In
+other words, this Lua handler only runs when NGINX has to initiate a full SSL handshake.
+
+Below is a trivial example using the
+[ngx.ssl](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md) module
+at the same time:
+
+```nginx
+
+ server {
+     listen 443 ssl;
+     server_name   test.com;
+
+     ssl_psk_identity_hint Test_TLS-PSK_Identity_Hint;
+
+     ssl_psk_by_lua_block {
+         print("About to initiate a new TLS-PSK handshake!")
+     }
+
+     location / {
+         root html;
+     }
+ }
+```
+
+See more complicated examples in the [ngx.ssl](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md)
+Lua module's official documentation.
+
+Uncaught Lua exceptions in the user Lua code immediately abort the current SSL session, so does the
+[ngx.exit](#ngxexit) call with an error code like `ngx.ERROR`.
+
+This Lua code execution context *does not* support yielding, so Lua APIs that may yield
+(like cosockets, sleeping, and "light threads")
+are disabled in this context.
+
+Note, however, you still need to configure the [ssl_certificate](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) and
+[ssl_certificate_key](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key)
+directives even though you will not use this static certificate and private key at all. This is
+because the NGINX core requires their appearance otherwise you are seeing the following error
+while starting NGINX:
+
+
+    nginx: [emerg] no ssl configured for the server
+
+
+Furthermore, one needs at least OpenSSL 1.0.0 for this directive to work.
+
+This directive was first introduced in the `v0.XX.YY` release.
+
+[Back to TOC](#directives)
+
+ssl_psk_by_lua_file
+-------------------
+
+**syntax:** *ssl_psk_by_lua_file <path-to-lua-script-file>*
+
+**context:** *server*
+
+**phase:** *right-before-SSL-handshake*
+
+Equivalent to [ssl_psk_by_lua_block](#ssl_psk_by_lua_block), except that the file specified by `<path-to-lua-script-file>` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.XX.YY` release.
+
+[Back to TOC](#directives)
+
+ssl_psk_identity_hint
+---------------------
+
+**syntax:** *ssl_psk_identity_hint &lt;tls_psk_identity_hint&gt;*
+
+**default:** *no*
+
+**context:** *http, server*
+
+Specifies the TLS-PSK identity hint string which NGINX will send to a client during
+the SSL handshake for the downstream SSL (https) connections.
+
+This directive was first introduced in the `v0.XX.YY` release.
+
+[Back to TOC](#directives)
+
 ssl_session_fetch_by_lua_block
 ------------------------------
 
@@ -2958,6 +3065,36 @@ See also [lua_ssl_trusted_certificate](#lua_ssl_trusted_certificate).
 
 [Back to TOC](#directives)
 
+lua_ssl_psk_identity
+--------------------
+
+**syntax:** *lua_ssl_psk_identity &lt;tls_psk_identity&gt;*
+
+**default:** *no*
+
+**context:** *http, server, location*
+
+Specifies the TLS-PSK identity string which NGINX will send to a SSL/TLS server in the [tcpsock:sslhandshake](#tcpsocksslhandshake) method.
+
+This directive was first introduced in the `v0.XX.YY` release.
+
+[Back to TOC](#directives)
+
+lua_ssl_psk_key
+---------------
+
+**syntax:** *lua_ssl_psk_key &lt;tls_psk_key&gt;*
+
+**default:** *no*
+
+**context:** *http, server, location*
+
+Specifies the TLS-PSK key string which NGINX will try use with a SSL/TLS server in the [tcpsock:sslhandshake](#tcpsocksslhandshake) method.
+
+This directive was first introduced in the `v0.XX.YY` release.
+
+[Back to TOC](#directives)
+
 lua_http10_buffering
 --------------------