mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-03 21:18:59 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,834 Commits 21 Branches 568 Tags 86 MiB
062e7a0042
Commit Graph

615 Commits

Author SHA1 Message Date
Maxim Dounin
d7c2673d3f API change: ngx_chain_update_chains() now requires pool. 
The ngx_chain_update_chains() needs pool to free chain links used for buffers
with non-matching tags.  Providing one helps to reduce memory consumption
for long-lived requests.
 2011-09-15 16:03:17 +00:00
Maxim Dounin
82854d0d78 Proper setting of read->eof in pipe code. 
Setting read->eof to 0 seems to be just a typo.  It appeared in
nginx-0.0.1-2003-10-28-18:45:41 import (r164), while identical code in
ngx_recv.c introduced in the same import do actually set read->eof to 1.

Failure to set read->eof to 1 results in EOF not being generally detectable
from connection flags.  On the other hand, kqueue won't report any read
events on such a connection since we use EV_CLEAR.  This resulted in read
timeouts if such connection was cached and used for another request.
 2011-09-01 15:10:41 +00:00
Maxim Dounin
a9e3c65d22 Proper SSL shutdown handling. 
If connection has unsent alerts, SSL_shutdown() tries to send them even
if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This can be prevented by SSL_set_quiet_shutdown().  SSL_set_shutdown()
is required nevertheless to preserve session.
 2011-09-01 13:49:36 +00:00
Igor Sysoev
dfd81a23b2 A new fix for the case when ssl_session_cache defined, but ssl is not 
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.

The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
 2011-08-04 11:12:30 +00:00
Igor Sysoev
b0b6bcedfc fix SSL connection issues on platforms with 32-bit off_t 
patch by Maxim Dounin
 2011-07-22 12:53:04 +00:00
Igor Sysoev
a7ed0951e3 fix build by gcc46 with -Wunused-value option 
patch by Maxim Dounin
 2011-07-22 10:43:50 +00:00
Igor Sysoev
f39642a907 ECDHE support 
patch by Adrian Kotelba
 2011-07-20 15:42:40 +00:00
Igor Sysoev
e61ba26744 MSIE export versions are rare now, so RSA 512 key is generated on demand 
and is shared among all hosts instead of pregenerating for every HTTPS host
on configuraiton phase. This decreases start time for configuration with
large number of HTTPS hosts.
 2011-07-20 12:59:24 +00:00
Igor Sysoev
e2c8ad7122 use POSIX semaphores in shmtx instead of sched_yield() 
number of spinlock spins are increased twice
 2011-05-10 11:39:13 +00:00
Igor Sysoev
efde3eb92e fix building by gcc 4.6 without --with-debug 2011-04-23 17:25:06 +00:00
Igor Sysoev
3d86ad3f95 fix building on Fedora 14 
patch by Kirill A. Korinskiy
 2011-01-20 12:33:17 +00:00
Igor Sysoev
3e3ee60b99 remove SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG becuase of CVE-2010-4180 2010-12-06 11:17:03 +00:00
Igor Sysoev
0c39c27412 fix building by msvc8 introduced by the previous commit 2010-12-02 14:20:51 +00:00
Igor Sysoev
a07d6ec39f fallback to accept() if accept4() is not implemented, 
the issue has been introduced in r3787
 2010-12-02 10:05:41 +00:00
Igor Sysoev
40747ad861 Linux accept4() support 2010-11-25 10:15:04 +00:00
Igor Sysoev
6b45b065fe decrease SSL handshake error level to info 2010-07-29 09:30:15 +00:00
Igor Sysoev
05b1a8f1e3 ngx_str_set() and ngx_str_null() 2010-05-14 09:56:37 +00:00
Igor Sysoev
502252d43a MSVC8 compatibility with OpenSSL 1.0.0 2010-04-01 15:18:29 +00:00
Igor Sysoev
6d45d8a50d *) introduce ngx_time_sigsafe_update() to update the error log time only 
*) change ngx_time_update() interface
 2010-03-25 09:10:10 +00:00
Igor Sysoev
2f916a9721 *) use previously cached GMT offset value to update time from a signal handler 
*) change ngx_time_update() interface since there are no notification methods
   those return time
 2010-03-13 18:08:07 +00:00
Igor Sysoev
b80f68aeda do not update time in the timer signal handler, 
since localtime_r() is not Async-Signal-Safe function
 2010-03-12 14:31:47 +00:00
Igor Sysoev
e71f39932f add OpenSSL_add_all_algorithms(), this fixes the error 
"ASN1_item_verify:unknown message digest algorithm" occurred if
client certificate is signed using sha256WithRSAEncryption
 2010-03-03 16:23:14 +00:00
Igor Sysoev
416fc7aac7 Set SSL session context for "ssl_session_cache none". 
This fixes a bug when client certficate is used and nginx closes connection
with the message: "SSL_GET_PREV_SESSION:session id context uninitialized".
 2010-03-02 08:41:47 +00:00
Igor Sysoev
146324618d decrease SSL handshake error level to info 2010-02-19 20:54:58 +00:00
Igor Sysoev
d5624689cb update comments 2009-11-25 18:03:59 +00:00
Igor Sysoev
72db760eca add NGX_PROCESS_HELPER process status 2009-11-23 15:46:21 +00:00
Igor Sysoev
8019121120 decrease SSL handshake error level to info 2009-11-23 14:09:57 +00:00
Igor Sysoev
70bd187c4c disable SSL renegotiation (CVE-2009-3555) 2009-11-11 10:59:07 +00:00
Igor Sysoev
cc65b0879b fix segfault in SSL if limit_rate is used 2009-11-03 15:38:33 +00:00
Igor Sysoev
72e928755b proxy_bind, fastcgi_bind, and memcached_bind 2009-11-02 15:24:02 +00:00
Igor Sysoev
19811dbdde style fix 2009-11-02 12:41:56 +00:00
Igor Sysoev
61490aa6b6 delete unused field c->local_socklen 2009-11-01 19:29:49 +00:00
Igor Sysoev
baf8e409ba http listen unix domain sockets 2009-10-26 11:43:32 +00:00
Igor Sysoev
c81582ea67 fix r3155 2009-09-24 20:09:12 +00:00
Igor Sysoev
ef2662caab fix debug log message 2009-09-24 14:47:10 +00:00
Igor Sysoev
cdaf442a2f $ssl_session_id 2009-09-24 14:45:28 +00:00
Igor Sysoev
bfff03406d aio sendfile 2009-08-30 09:52:39 +00:00
Igor Sysoev
a962506498 FreeBSD and Linux AIO support 2009-08-28 08:12:35 +00:00
Igor Sysoev
5297d456d8 axe r->connection->destroyed testing 2009-08-26 16:14:57 +00:00
Igor Sysoev
b71610eb09 *) move small declarations in appropriate places and delete the surplus 
header files
*) delete insignificant comments
 2009-08-25 09:09:13 +00:00
Igor Sysoev
8e7e69e351 style fix 2009-08-25 09:06:21 +00:00
Igor Sysoev
3a58935936 *) share temporary number between workers 
*) randomize collision offset
 2009-08-21 09:06:35 +00:00
Igor Sysoev
365d663cc2 fix memory corruption in $ssl_client_cert 2009-07-27 11:51:12 +00:00
Igor Sysoev
f5ca9df2ab delete ancient define 2009-07-23 12:59:11 +00:00
Igor Sysoev
80c3e8e03b delete OpenSSL pre-0.9.7 compatibility: the sources were not actually 
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
 2009-07-23 12:54:20 +00:00
Igor Sysoev
9db0245cda ssl_crl 2009-07-23 12:21:26 +00:00
Igor Sysoev
5b4b7c58cc *) $ssl_client_verify 
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
 2009-07-22 17:41:42 +00:00
Igor Sysoev
a5fe5881c6 ignore ngx_atomic_fetch_add() result 
this fixes building at least by gcc 4.2.1 on Mac OS X 10.6
 2009-06-18 13:14:51 +00:00
Igor Sysoev
260c4321d7 return NULL instead of NGX_CONF_ERROR on a create conf failure 2009-06-02 16:09:44 +00:00
Igor Sysoev
731e6a9b11 style fix 2009-05-14 16:24:39 +00:00
Igor Sysoev
6ce6fcd12d divide select module into two modules: Unix and Win32 ones 2009-05-06 14:53:54 +00:00
Igor Sysoev
44063a76f4 make code clearer 2009-05-06 08:54:54 +00:00
Igor Sysoev
57ca2c8013 test event type to prevent errors 2009-05-06 08:53:13 +00:00
Igor Sysoev
63d0bea178 do not free buffer with cache header before it would be written, 
it seems this affected header only FastCGI responses only:
proxied header only responses were cached right
 2009-05-04 19:04:00 +00:00
Igor Sysoev
b1e640a385 try to repair the case "select ready != events" 2009-04-29 18:56:47 +00:00
Igor Sysoev
a1580f58dd ngx_select_repair_fd_sets() 2009-04-29 15:29:12 +00:00
Igor Sysoev
b70b1f7c64 delete useless debug log 2009-04-29 15:15:17 +00:00
Igor Sysoev
7c6ba72e24 style fix 2009-04-29 15:12:57 +00:00
Igor Sysoev
c5237a8829 handle Winsock select() WSAEINVAL 2009-04-29 13:42:14 +00:00
Igor Sysoev
9441ffadbe add listen events for win32 only after accept mutex is hold 2009-04-28 20:03:59 +00:00
Igor Sysoev
e1c9746e37 use ngx_vslprintf(), ngx_slprintf() 2009-04-27 13:06:20 +00:00
Igor Sysoev
bd91999ea5 Win32 master/workers model 2009-04-20 06:08:47 +00:00
Igor Sysoev
694bdea2a9 add variadic macros support for msvc8 2009-04-19 16:25:02 +00:00
Igor Sysoev
f7a08d5f9a support attaching to an existent Win32 shared memory 2009-04-18 19:27:28 +00:00
Igor Sysoev
c7f876bd4c move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory 2009-04-16 19:25:09 +00:00
Igor Sysoev
ee0da9ad53 fix building by MSVC8 2009-04-15 19:28:10 +00:00
Igor Sysoev
a2c8d9a0a8 improve ngx_slab_alloc() error logging 2009-03-27 17:00:42 +00:00
Igor Sysoev
52859f2f13 a prelimiary proxy cache support 2009-03-23 13:14:51 +00:00
Igor Sysoev
288e503e92 lower ECONNRESET level 2009-02-25 14:27:34 +00:00
Igor Sysoev
36860101ec prepare ngx_ptocidr() for IPv6 2009-02-24 14:01:40 +00:00
Igor Sysoev
1f4220ee86 small optimization: " == NGX_ERROR" > " != NGX_OK" 2009-02-24 10:42:23 +00:00
Igor Sysoev
9b4a1d0094 use variable for often used field 2009-02-24 08:32:02 +00:00
Igor Sysoev
a35eaccdec a prelimiary IPv6 support, HTTP listen 2009-02-21 07:02:02 +00:00
Igor Sysoev
be63760fc5 load SSL engine before certificates, 
otherwise RSA keys will use built-in RSA methods
 2009-02-16 13:37:58 +00:00
Igor Sysoev
c9aae14a7e use "!= NGX_OK" instead of "== NGX_ERROR" 2008-12-09 17:27:48 +00:00
Igor Sysoev
1bf7dc1884 low some SSL handshake errors level 2008-11-18 16:05:00 +00:00
Igor Sysoev
a862c46ffa always use buffer, if connection is buffered, 
this fixes OpenSSL "bad write retry" error, when
*) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL,
*) OpenSSL returns SSL_ERROR_WANT_WRITE,
*) after some time nginx has to send a new data,
*) so there are at least two bufs nginx does pass them directly to OpenSSL,
*) but copies the first buf part to buffer, and sends the buffer to OpenSSL.
*) because the data length is lesser than it was in previous SSL_write():
   16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.
 2008-10-23 05:58:10 +00:00
Igor Sysoev
e17cc987d3 dynamic accept threshold 2008-09-19 12:47:13 +00:00
Igor Sysoev
9c388c0a7f *) refactor ngx_ptocidr() 
*) allow address without bitmask
*) thus now ngx_http_geo_module accepts addresses without bitmask
 2008-08-26 14:19:37 +00:00
Igor Sysoev
c5849a6381 ngx_sock_ntop() takes family from sockaddr, remove duplicate field 2008-08-21 19:24:07 +00:00
Igor Sysoev
a408b2ba2d backout both r2162 and r2128 and implement a new fix 2008-08-12 12:04:49 +00:00
Igor Sysoev
2ff9a4b334 SSL connection readiness is required for level-triggered events only, 
broken in r2128
 2008-08-11 15:25:40 +00:00
Igor Sysoev
ec0b579f75 update connection readiness after SSL handshake, 
this fixes mail proxy SSL connection hanging if level-triggered event is used
 2008-07-30 06:12:30 +00:00
Igor Sysoev
49ed6f3eec *) ssl_verify_client ask 
*) test ssl_client_certificate for ssl_verify_client
*) $ssl_client_cert adds TAB before each line except first one
*) $ssl_client_raw_cert contains certificate as is
 2008-07-29 14:29:02 +00:00
Igor Sysoev
58e9f22bfd handle connect()'s EAGAIN on Linux 2008-07-09 15:42:13 +00:00
Igor Sysoev
ce1e64f404 prepare to allow various number of connections in child processes 2008-06-23 13:23:29 +00:00
Igor Sysoev
da02ddc6fd fix "proxy_pass https://..." broken in r1427 2008-06-20 14:42:54 +00:00
Igor Sysoev
7f6b2ffc60 *) back out r2040 
*) refactor ngx_palloc()
*) introduce ngx_pnalloc()
*) additional pool blocks have smaller header
 2008-06-17 15:00:30 +00:00
Igor Sysoev
81f9c9dc72 $ssl_client_cert 2008-06-16 05:54:18 +00:00
Igor Sysoev
df83e6f81a DH parameters, ssl_dhparam 2008-06-16 05:51:32 +00:00
Igor Sysoev
d6548faf64 ssl_session_cache none 2008-05-26 07:14:13 +00:00
Igor Sysoev
3b30476068 style fix 2008-05-22 12:09:41 +00:00
Igor Sysoev
396abff226 get certificate info only for debug build 2008-04-28 08:52:32 +00:00
Igor Sysoev
58d3821cf0 fix memory leak when ssl_verify_client is on 2008-04-28 08:50:39 +00:00
Igor Sysoev
439e288a1b fix memory leak when ssl_verify_client is on 2008-04-23 18:57:25 +00:00
Igor Sysoev
8da1fa935f low some SSL handshake errors level 2008-03-18 10:35:00 +00:00
Igor Sysoev
b9186ad856 restore building --test-build-rtsig and --test-build-eventport on FreeBSD 6 2008-03-13 15:47:14 +00:00
Igor Sysoev
472233d0a3 invalidate SSL session if there is no valid client certificate 2008-03-10 14:47:07 +00:00
Igor Sysoev
02aa53be83 left open sockets were not really tested 2008-02-28 20:31:33 +00:00
Igor Sysoev
704e1c1324 low SSL handshake close notify alert error level 2008-02-04 20:46:58 +00:00
Igor Sysoev
b1d4a6cc80 low SSL handshake errors level 2008-02-01 14:05:18 +00:00
Igor Sysoev
c20d3769bc backout r1757, we really need SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 2008-01-31 15:10:45 +00:00
Igor Sysoev
6e8bc2b72d fix building --test-build-rtsig and --test-build-eventport on FreeBSD 7 2008-01-28 16:24:01 +00:00
Igor Sysoev
02d8e8e377 add NGX_ENETDOWN, NGX_ENETUNREACH, and NGX_EHOSTDOWN 2008-01-25 14:57:35 +00:00
Igor Sysoev
c783c35b5f pull all errors 2008-01-25 14:56:37 +00:00
Igor Sysoev
efe0016a11 fix bogus crit log message "SSL_shutdown() failed" introduced in r1755 2008-01-22 16:04:35 +00:00
Igor Sysoev
8b99e3f1ea pull all errors 2008-01-10 08:45:00 +00:00
Igor Sysoev
e965c47113 grammar fix 2008-01-10 08:36:14 +00:00
Igor Sysoev
b548e13cdf fix comment 2007-12-29 16:55:31 +00:00
Igor Sysoev
f25abef8dc fix segfault introduced in r1780 2007-12-27 18:35:52 +00:00
Igor Sysoev
cd2aa8e172 create ssl buffer on demand and free it before keep-alive 2007-12-26 21:07:30 +00:00
Igor Sysoev
6ff850baf8 ssl_session_cache off 2007-12-26 20:27:22 +00:00
Igor Sysoev
01a129d823 use ngx_queue.h 2007-12-20 21:01:00 +00:00
Igor Sysoev
181abe549f embed session_rbtree and sentinel inside ngx_ssl_session_cache_t 2007-12-20 20:35:23 +00:00
Igor Sysoev
0a0024bdb5 omit useless test 2007-12-20 20:30:45 +00:00
Igor Sysoev
711e9031fe use ngx_time() instead of ngx_timeofday() 2007-12-20 20:11:45 +00:00
Igor Sysoev
6675abe3b4 remove SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, we never need it, 
the "bad write retry" error was caused by SSL_shutdown() error
 2007-12-20 13:49:07 +00:00
Igor Sysoev
fc28270ac2 cleaning stale global SSL error 2007-12-20 13:04:20 +00:00
Igor Sysoev
94b3ea319b SSL_shutdown() never returns -1, on error it returns 0. 
This fixes incidental "bad write retry" errors.
 2007-12-20 12:59:05 +00:00
Igor Sysoev
7912e4ba5d optimize rbtree initialization and insert 2007-12-17 08:52:00 +00:00
Igor Sysoev
86ef6aaa6b move condition declarations inside blocks where they are used 2007-12-10 12:09:51 +00:00
Igor Sysoev
e67d46189c ngx_udp_recv() 2007-12-03 16:46:46 +00:00
Igor Sysoev
479c786e0d TransmitPackets(), ConnectEx(), and DisconnectEx() 2007-11-11 18:56:50 +00:00
Igor Sysoev
408dfc1714 fix segfaults 2007-11-08 15:20:56 +00:00
Igor Sysoev
3bb547dfdf 64-bit update lost in r1355 2007-10-23 14:09:12 +00:00
Igor Sysoev
2d3f3f6eb6 fix English grammar 2007-10-14 18:56:15 +00:00
Igor Sysoev
708fe2e526 64-bit update lost in r1355 2007-09-10 09:08:12 +00:00
Igor Sysoev
a2883a66df NGX_USE_VNODE_EVENT and NGX_FLUSH_EVENT 2007-09-01 11:59:36 +00:00
Igor Sysoev
954e7e0739 add comment 2007-09-01 11:21:00 +00:00
Igor Sysoev
d1eedde904 update comments 2007-09-01 09:33:25 +00:00
Igor Sysoev
54a553b721 update comment 2007-08-31 09:50:23 +00:00
Igor Sysoev
31d6785397 style fix 2007-08-31 09:41:45 +00:00
Igor Sysoev
6f8030e339 use ev->log, because ev->data may be connection stub only 2007-08-31 09:40:38 +00:00
Igor Sysoev
181a7141f9 style fix 2007-08-31 09:22:53 +00:00
Igor Sysoev
7f789168ef add guard code 2007-08-29 11:26:42 +00:00
Igor Sysoev
bb3799d89f fix comment 2007-08-29 07:19:22 +00:00
Igor Sysoev
89884a0a84 disable pair event on POLLREMOVE 2007-08-29 07:18:54 +00:00
Igor Sysoev
6fe1303fb5 do not set read->eof, ready, and error prematurely 2007-08-27 19:44:35 +00:00
Igor Sysoev
da69848428 mark connection as not ready, this fixes endless loop introduced in r1368 2007-08-27 15:01:08 +00:00
Igor Sysoev
e101338634 upstream sendfile bit was overridden by r->connection->sendfile 2007-08-14 20:44:09 +00:00
Igor Sysoev
845f6d553a ignore meaningless bits in CIDR and warn about them 2007-08-10 13:13:28 +00:00
Igor Sysoev
83a6851b28 make 64-bit ngx_int_t on 64-bit platforms 2007-07-29 18:24:53 +00:00
Igor Sysoev
a1df416d65 --sysconfdir=DIR 2007-07-29 18:05:45 +00:00
Igor Sysoev
d2c996a57c fix segfault when event port returns POLLERR without POLLIN or POLLOUT 2007-07-11 10:45:55 +00:00
Igor Sysoev
8b0a3d2810 fix segfault when session was freed twice 2007-07-10 21:04:37 +00:00
Igor Sysoev
da8c05a5fd style fix 2007-05-23 18:28:54 +00:00
Igor Sysoev
70f65c4948 ngx_ssl_recv_chain() must not update buf->last, 
it fixes proxy_pass https://...
 2007-03-31 19:48:48 +00:00
Igor Sysoev
e7f83eefa2 fix building without --with-debug on Solaris 2007-03-21 11:16:14 +00:00
Igor Sysoev
b32d04f07c decrease log level from alert to debug for POLLERR|POLLHUP|POLLNVAL 2007-03-06 11:01:50 +00:00
Igor Sysoev
7cc1ea31e9 correct r1100 2007-02-12 14:58:45 +00:00