mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 09:42:39 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,315 Commits 22 Branches 572 Tags 102 MiB
288e503e92
Commit Graph

447 Commits

Author SHA1 Message Date
Igor Sysoev
288e503e92 lower ECONNRESET level 2009-02-25 14:27:34 +00:00
Igor Sysoev
36860101ec prepare ngx_ptocidr() for IPv6 2009-02-24 14:01:40 +00:00
Igor Sysoev
1f4220ee86 small optimization: " == NGX_ERROR" > " != NGX_OK" 2009-02-24 10:42:23 +00:00
Igor Sysoev
9b4a1d0094 use variable for often used field 2009-02-24 08:32:02 +00:00
Igor Sysoev
a35eaccdec a prelimiary IPv6 support, HTTP listen 2009-02-21 07:02:02 +00:00
Igor Sysoev
be63760fc5 load SSL engine before certificates, 
otherwise RSA keys will use built-in RSA methods
 2009-02-16 13:37:58 +00:00
Igor Sysoev
c9aae14a7e use "!= NGX_OK" instead of "== NGX_ERROR" 2008-12-09 17:27:48 +00:00
Igor Sysoev
1bf7dc1884 low some SSL handshake errors level 2008-11-18 16:05:00 +00:00
Igor Sysoev
a862c46ffa always use buffer, if connection is buffered, 
this fixes OpenSSL "bad write retry" error, when
*) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL,
*) OpenSSL returns SSL_ERROR_WANT_WRITE,
*) after some time nginx has to send a new data,
*) so there are at least two bufs nginx does pass them directly to OpenSSL,
*) but copies the first buf part to buffer, and sends the buffer to OpenSSL.
*) because the data length is lesser than it was in previous SSL_write():
   16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.
 2008-10-23 05:58:10 +00:00
Igor Sysoev
e17cc987d3 dynamic accept threshold 2008-09-19 12:47:13 +00:00
Igor Sysoev
9c388c0a7f *) refactor ngx_ptocidr() 
*) allow address without bitmask
*) thus now ngx_http_geo_module accepts addresses without bitmask
 2008-08-26 14:19:37 +00:00
Igor Sysoev
c5849a6381 ngx_sock_ntop() takes family from sockaddr, remove duplicate field 2008-08-21 19:24:07 +00:00
Igor Sysoev
a408b2ba2d backout both r2162 and r2128 and implement a new fix 2008-08-12 12:04:49 +00:00
Igor Sysoev
2ff9a4b334 SSL connection readiness is required for level-triggered events only, 
broken in r2128
 2008-08-11 15:25:40 +00:00
Igor Sysoev
ec0b579f75 update connection readiness after SSL handshake, 
this fixes mail proxy SSL connection hanging if level-triggered event is used
 2008-07-30 06:12:30 +00:00
Igor Sysoev
49ed6f3eec *) ssl_verify_client ask 
*) test ssl_client_certificate for ssl_verify_client
*) $ssl_client_cert adds TAB before each line except first one
*) $ssl_client_raw_cert contains certificate as is
 2008-07-29 14:29:02 +00:00
Igor Sysoev
58e9f22bfd handle connect()'s EAGAIN on Linux 2008-07-09 15:42:13 +00:00
Igor Sysoev
ce1e64f404 prepare to allow various number of connections in child processes 2008-06-23 13:23:29 +00:00
Igor Sysoev
da02ddc6fd fix "proxy_pass https://..." broken in r1427 2008-06-20 14:42:54 +00:00
Igor Sysoev
7f6b2ffc60 *) back out r2040 
*) refactor ngx_palloc()
*) introduce ngx_pnalloc()
*) additional pool blocks have smaller header
 2008-06-17 15:00:30 +00:00
Igor Sysoev
81f9c9dc72 $ssl_client_cert 2008-06-16 05:54:18 +00:00
Igor Sysoev
df83e6f81a DH parameters, ssl_dhparam 2008-06-16 05:51:32 +00:00
Igor Sysoev
d6548faf64 ssl_session_cache none 2008-05-26 07:14:13 +00:00
Igor Sysoev
3b30476068 style fix 2008-05-22 12:09:41 +00:00
Igor Sysoev
396abff226 get certificate info only for debug build 2008-04-28 08:52:32 +00:00
Igor Sysoev
58d3821cf0 fix memory leak when ssl_verify_client is on 2008-04-28 08:50:39 +00:00
Igor Sysoev
439e288a1b fix memory leak when ssl_verify_client is on 2008-04-23 18:57:25 +00:00
Igor Sysoev
8da1fa935f low some SSL handshake errors level 2008-03-18 10:35:00 +00:00
Igor Sysoev
b9186ad856 restore building --test-build-rtsig and --test-build-eventport on FreeBSD 6 2008-03-13 15:47:14 +00:00
Igor Sysoev
472233d0a3 invalidate SSL session if there is no valid client certificate 2008-03-10 14:47:07 +00:00
Igor Sysoev
02aa53be83 left open sockets were not really tested 2008-02-28 20:31:33 +00:00
Igor Sysoev
704e1c1324 low SSL handshake close notify alert error level 2008-02-04 20:46:58 +00:00
Igor Sysoev
b1d4a6cc80 low SSL handshake errors level 2008-02-01 14:05:18 +00:00
Igor Sysoev
c20d3769bc backout r1757, we really need SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 2008-01-31 15:10:45 +00:00
Igor Sysoev
6e8bc2b72d fix building --test-build-rtsig and --test-build-eventport on FreeBSD 7 2008-01-28 16:24:01 +00:00
Igor Sysoev
02d8e8e377 add NGX_ENETDOWN, NGX_ENETUNREACH, and NGX_EHOSTDOWN 2008-01-25 14:57:35 +00:00
Igor Sysoev
c783c35b5f pull all errors 2008-01-25 14:56:37 +00:00
Igor Sysoev
efe0016a11 fix bogus crit log message "SSL_shutdown() failed" introduced in r1755 2008-01-22 16:04:35 +00:00
Igor Sysoev
8b99e3f1ea pull all errors 2008-01-10 08:45:00 +00:00
Igor Sysoev
e965c47113 grammar fix 2008-01-10 08:36:14 +00:00
Igor Sysoev
b548e13cdf fix comment 2007-12-29 16:55:31 +00:00
Igor Sysoev
f25abef8dc fix segfault introduced in r1780 2007-12-27 18:35:52 +00:00
Igor Sysoev
cd2aa8e172 create ssl buffer on demand and free it before keep-alive 2007-12-26 21:07:30 +00:00
Igor Sysoev
6ff850baf8 ssl_session_cache off 2007-12-26 20:27:22 +00:00
Igor Sysoev
01a129d823 use ngx_queue.h 2007-12-20 21:01:00 +00:00
Igor Sysoev
181abe549f embed session_rbtree and sentinel inside ngx_ssl_session_cache_t 2007-12-20 20:35:23 +00:00
Igor Sysoev
0a0024bdb5 omit useless test 2007-12-20 20:30:45 +00:00
Igor Sysoev
711e9031fe use ngx_time() instead of ngx_timeofday() 2007-12-20 20:11:45 +00:00
Igor Sysoev
6675abe3b4 remove SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, we never need it, 
the "bad write retry" error was caused by SSL_shutdown() error
 2007-12-20 13:49:07 +00:00
Igor Sysoev
fc28270ac2 cleaning stale global SSL error 2007-12-20 13:04:20 +00:00