Commit Graph

42 Commits

Author SHA1 Message Date
Roman Arutyunyan
a36ebf7e95 QUIC: OpenSSL compatibility layer.
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.

This implementation does not support 0-RTT.
2023-02-22 19:16:53 +04:00
Ruslan Ermilov
f2859767d4 Configure: fixed QUIC support test.
OpenSSL library QUIC support cannot be tested at configure time when
using the --with-openssl option so assume it's present if requested.
While here, fixed the error message in case QUIC support is missing.
2021-09-27 10:10:38 +03:00
Ruslan Ermilov
8ce1c2c7e9 Configure: check for QUIC 0-RTT support at compile time. 2021-09-27 10:10:37 +03:00
Ruslan Ermilov
3321ca0c83 Configure: simplified condition. 2021-09-21 14:46:17 +03:00
Ruslan Ermilov
bd89c448b7 Removed NGX_OPENSSL_QUIC macro, NGX_QUIC is enough. 2021-09-14 12:09:13 +03:00
Ruslan Ermilov
7a45071cb6 Changed the OpenSSL QUIC support detection.
As was changed in 253cf267f95a.
2021-09-09 15:34:00 +03:00
Roman Arutyunyan
b813b9ec35 QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.

Also, introduced ngx_http_quic_module and moved QUIC settings there
2020-07-21 23:09:22 +03:00
Sergey Kandaurov
0a11fdbb28 Compatibility with BoringSSL master branch.
Recently BoringSSL introduced SSL_set_quic_early_data_context()
that serves as an additional constrain to enable 0-RTT in QUIC.

Relevant changes:
 * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/
 * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/
2020-06-01 19:53:13 +03:00
Sergey Kandaurov
1a6fc01fb8 Configure: fixed static compilation with OpenSSL 1.1.1 / BoringSSL.
See 7246:04ebf29eaf5b for details.
2020-05-01 13:02:30 +03:00
Sergey Kandaurov
b7b3aca704 Configure: unbreak with old OpenSSL, --with-http_v3_module added. 2020-04-30 15:47:43 +03:00
Sergey Kandaurov
e92cb24f40 HTTP UDP layer, QUIC support autotest. 2020-02-28 13:09:51 +03:00
Maxim Dounin
90ca1071b7 Configure: fixed static compilation with OpenSSL 1.1.1.
OpenSSL now uses pthread_atfork(), and this requires -lpthread on Linux
to compile.  Introduced NGX_LIBPTHREAD to add it as appropriate, similar
to existing NGX_LIBDL.
2018-03-22 15:55:57 +03:00
Maxim Dounin
77471dbdbb Win32: compatiblity with OpenSSL 1.1.0.
OpenSSL 1.1.0 now uses normal "nmake; nmake install" instead of using
custom "ms\do_ms.bat" script and "ms\nt.mak" makefile.  And Configure
now requires --prefix to be absolute, and no longer derives --openssldir
from prefix (so it's specified explicitly).  Generated libraries are now
called "libcrypto.lib" and "libssl.lib" instead of "libeay32.lib"
and "ssleay32.lib".  Appropriate tests added to support both old and new
variants.

Additionally, openssl/lhash.h now triggers warning C4090 ('function' :
different 'const' qualifiers), so the warning was disabled.
2016-12-24 18:01:14 +03:00
Maxim Dounin
e6f04424af SSL: initialization changes for OpenSSL 1.1.0.
OPENSSL_config() deprecated in OpenSSL 1.1.0.  Additionally,
SSL_library_init(), SSL_load_error_strings() and OpenSSL_add_all_algorithms()
are no longer available if OPENSSL_API_COMPAT is set to 0x10100000L.

The OPENSSL_init_ssl() function is now used instead with appropriate
arguments to trigger the same behaviour.  The configure test changed to
use SSL_CTX_set_options().

Deinitialization now happens automatically in OPENSSL_cleanup() called
via atexit(3), so we no longer call EVP_cleanup() and ENGINE_cleanup()
directly.
2016-03-31 23:38:33 +03:00
Ruslan Ermilov
6fccc00aa8 Configure: fixed static nginx build with OpenSSL (ticket #903).
Before 7142b04337d6, it was possible to build the OpenSSL library
along with nginx, and link nginx statically with this library
(--with-openssl=DIR --with-ld-opt=-static --with-http_ssl_module).
This was broken on Linux by not adding -ldl after -lcrypto.

The fix also makes it possible to link nginx statically on Linux
with the system OpenSSL library, which never worked before.
2016-02-18 11:39:57 +03:00
Maxim Dounin
86cc342a26 Dynamic modules: dlopen() support. 2016-02-04 18:30:21 +03:00
Maxim Dounin
0d3cad3864 Configure: fixed using OpenSSL include paths. 2015-11-23 22:48:31 +03:00
Ruslan Ermilov
72125c7a22 Configure: search OpenSSL in a bunch of standard places. 2015-06-10 12:25:45 +03:00
Maxim Dounin
48d96ced6f Win32: MinGW GCC compatibility.
Several warnings silenced, notably (ngx_socket_t) -1 is now checked
on socket operations instead of -1, as ngx_socket_t is unsigned on win32
and gcc complains on comparison.

With this patch, it's now possible to compile nginx using mingw gcc,
with options we normally compile on win32.
2013-09-04 20:48:28 +04:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Igor Sysoev
59bb78b951 stop ./configure on Win32 if no library sources was specified,
the bug has been introduced in r2894
2010-07-08 15:57:36 +00:00
Igor Sysoev
db0efa8052 do not use prebuild OpenSSL Win32 libraries 2010-07-08 15:51:47 +00:00
Igor Sysoev
502252d43a MSVC8 compatibility with OpenSSL 1.0.0 2010-04-01 15:18:29 +00:00
Igor Sysoev
920c00dcb5 allow "make clean" for OpenSSL, the bug was introduced in r2874 2009-09-28 12:24:09 +00:00
Igor Sysoev
da85fe6d5f stop ./configure at once on library failure 2009-05-26 14:28:49 +00:00
Igor Sysoev
a7021768a7 use -ldl for any OS that needs it 2009-05-22 09:22:28 +00:00
Igor Sysoev
8407ff24ab fix building OpenSSL on Unix 2009-05-19 12:12:36 +00:00
Igor Sysoev
2d252980ed fix building OpenSSL on Win32 2009-05-14 15:46:34 +00:00
Igor Sysoev
f794318d60 test whether libdl is required for dynamic linking:
Solaris 10 has dlopen()/etc. in libc
2009-05-08 09:39:53 +00:00
Igor Sysoev
890467c1c4 *) move advapi32.lib to core libs since it's required for Registry and Event Log
*) delete shell32.lib since we do not use tray icon anymore
2009-04-21 14:31:40 +00:00
Igor Sysoev
60798fbea5 OpenSSL building by MSVC and BCC from sources 2009-04-15 19:46:24 +00:00
Igor Sysoev
0ec09f9196 test PCRE in FreeBSD, Linux, and NetBSD 2006-11-27 11:07:09 +00:00
Igor Sysoev
d3283ff922 nginx-0.3.13-RELEASE import
*) Feature: the IMAP/POP3 proxy supports STARTTLS and STLS.

    *) Bugfix: the IMAP/POP3 proxy did not work with the select, poll, and
       /dev/poll methods.

    *) Bugfix: in SSI handling.

    *) Bugfix: now Solaris sendfilev() is not used to transfer the client
       request body to FastCGI-server via the unix domain socket.

    *) Bugfix: the "auth_basic" directive did not disable the
       authorization; the bug had appeared in 0.3.11.
2005-12-05 13:18:09 +00:00
Igor Sysoev
0e5dc5cff6 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
784522377e nginx-0.3.2-RELEASE import
*) Feature: the Sun Studio 10 C compiler support.

    *) Feature: the "proxy_upstream_max_fails",
       "proxy_upstream_fail_timeout", "fastcgi_upstream_max_fails", and
       "fastcgi_upstream_fail_timeout" directives.
2005-10-12 13:50:36 +00:00
Igor Sysoev
e573380f24 nginx-0.1.45-RELEASE import
*) Change: the "ssl_engine" directive was canceled in the
       ngx_http_ssl_module and now is introduced at global level.

    *) Bugfix: the responses with SSI subrequests did not transferred via
       SSL connection.

    *) Various bug fixes in the IMAP/POP3 proxy.
2005-09-08 14:36:09 +00:00
Igor Sysoev
d039a2e193 nginx-0.1.21-RELEASE import
*) Bugfix: the ngx_http_stub_status_module showed incorrect statistics
       if "rtsig" method was used or if several worker process ran on SMP.

    *) Bugfix: nginx could not be built by the icc compiler on Linux or if
       the zlib-1.2.x library was building from sources.

    *) Bugfix: nginx could not be built on NetBSD 2.0.
2005-02-22 14:40:13 +00:00
Igor Sysoev
02025fd6bd nginx-0.1.14-RELEASE import
*) Feature: the autoconfiguration directives:
       --http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and
       --http-fastcgi-temp-path=PATH

    *) Change: the directory name for the temporary files with the client
       request body is specified by directive client_body_temp_path, by
       default it is <prefix>/client_body_temp.

    *) Feature: the ngx_http_fastcgi_module and the directives:
       fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params,
       fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout,
       fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers,
       fastcgi_busy_buffers_size, fastcgi_temp_path,
       fastcgi_max_temp_file_size, fastcgi_temp_file_write_size,
       fastcgi_next_upstream, and fastcgi_x_powered_by.

    *) Bugfix: the "[alert] zero size buf" error; the bug had appeared in
       0.1.3.

    *) Change: the URI must be specified after the host name in the
       proxy_pass directive.

    *) Change: the %3F symbol in the URI was considered as the argument
       string start.

    *) Feature: the unix domain sockets support in the
       ngx_http_proxy_module.

    *) Feature: the ssl_engine and ssl_ciphers directives.
       Thanks to Sergey Skvortsov for SSL-accelerator.
2005-01-18 13:03:58 +00:00
Igor Sysoev
f69060481e nginx-0.1.9-RELEASE import
*) Bugfix: the proxied request was sent without arguments if the
       request contains "//", "/./", "/../" or "%XX".

    *) Bugfix: the large compressed responses may be transferred not
       completely.

    *) Bugfix: the files bigger than 2G was not transferred on Linux that
       does not support sendfile64().

    *) Bugfix: while the build configuration on Linux the
       --with-poll_module parameter was required; the bug had appeared in
       0.1.8.
2004-11-25 16:17:31 +00:00
Igor Sysoev
c0edbcce58 nginx-0.1.2-RELEASE import
*) Feature: the --user=USER, --group=GROUP, and --with-ld-opt=OPTIONS
       options in configure.

    *) Feature: the server_name directive supports *.domain.tld.

    *) Bugfix: the portability improvements.

    *) Bugfix: if configuration file was set in command line, the
       reconfiguration was impossible; the bug had appeared in 0.1.1.

    *) Bugfix: proxy module may get caught in an endless loop when sendfile
       is not used.

    *) Bugfix: with sendfile the response was not recoded according to the
       charset module directives; the bug had appeared in 0.1.1.

    *) Bugfix: very seldom bug in the kqueue processing.

    *) Bugfix: the gzip module compressed the proxied responses that was
       already compressed.
2004-10-21 15:34:38 +00:00
Igor Sysoev
ff8da91784 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright 2004-09-29 16:00:49 +00:00
Igor Sysoev
0599b11937 nginx-0.0.7-2004-07-25-22:34:14 import 2004-07-25 18:34:14 +00:00