Commit Graph

7799 Commits

Author SHA1 Message Date
Maxim Dounin
7cee215f15 Core: removed incorrect GCC 2.7 check.
It was broken since introduction (__GNU__ instead of __GNUC__) and did
nothing.  Moreover, GCC 2.7 is happy with the normal version of the code.

Reported by Joel Cunningham,
http://mailman.nginx.org/pipermail/nginx-devel/2016-March/007964.html.
2016-04-01 13:17:12 +03:00
Maxim Dounin
316d4aca71 Trailing space fix. 2016-04-01 04:17:00 +03:00
Maxim Dounin
2e251b1c34 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
SSLeay_version() and SSLeay() are no longer available if OPENSSL_API_COMPAT
is set to 0x10100000L.  Switched to using OpenSSL_version() instead.

Additionally, we now compare version strings instead of version numbers,
and this correctly works for LibreSSL as well.
2016-03-31 23:38:38 +03:00
Sergey Kandaurov
d8fbce1deb SSL: X509 was made opaque in OpenSSL 1.1.0.
To increment reference counters we now use newly introduced X509_up_ref()
function.
2016-03-31 23:38:37 +03:00
Sergey Kandaurov
66feb8c6f0 SSL: EVP_MD_CTX was made opaque in OpenSSL 1.1.0. 2016-03-31 23:38:36 +03:00
Maxim Dounin
8fc90404fb SSL: RSA_generate_key() is deprecated in OpenSSL 1.1.0.
OpenSSL removed support for all 40 and 56 bit ciphers.
2016-03-31 23:38:34 +03:00
Maxim Dounin
e6f04424af SSL: initialization changes for OpenSSL 1.1.0.
OPENSSL_config() deprecated in OpenSSL 1.1.0.  Additionally,
SSL_library_init(), SSL_load_error_strings() and OpenSSL_add_all_algorithms()
are no longer available if OPENSSL_API_COMPAT is set to 0x10100000L.

The OPENSSL_init_ssl() function is now used instead with appropriate
arguments to trigger the same behaviour.  The configure test changed to
use SSL_CTX_set_options().

Deinitialization now happens automatically in OPENSSL_cleanup() called
via atexit(3), so we no longer call EVP_cleanup() and ENGINE_cleanup()
directly.
2016-03-31 23:38:33 +03:00
Maxim Dounin
93c2749fae SSL: get_session callback changed in OpenSSL 1.1.0. 2016-03-31 23:38:32 +03:00
Maxim Dounin
0e83d6ac40 SSL: guarded error codes not present in OpenSSL 1.1.0. 2016-03-31 23:38:31 +03:00
Maxim Dounin
bad99ee004 SSL: reasonable version for LibreSSL.
LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but uses an old
API derived from OpenSSL at the time LibreSSL forked.  As a result, every
version check we use to test for new API elements in newer OpenSSL versions
requires an explicit check for LibreSSL.

To reduce clutter, redefine OPENSSL_VERSION_NUMBER to 0x1000107fL if
LibreSSL is used.  The same is done by FreeBSD port of LibreSSL.
2016-03-31 23:38:29 +03:00
Ruslan Ermilov
5afd74bed6 Removed the prototype mysql module. 2016-03-31 22:33:26 +03:00
Ruslan Ermilov
5ad6e01b46 Fixed ngx_os_signal_process() prototype. 2016-03-31 22:00:33 +03:00
Sergey Kandaurov
60a6551e1f Fixed ngx_pid_t formatting in ngx_sprintf() and logging. 2016-03-31 02:34:04 +03:00
Sergey Kandaurov
6a716c6123 Fixed format specifiers in ngx_sprintf(). 2016-03-31 02:34:00 +03:00
Sergey Kandaurov
00ef9ff5f0 Fixed logging. 2016-03-31 02:33:57 +03:00
Sergey Kandaurov
53fec2c414 Events: fixed logging. 2016-03-31 02:33:55 +03:00
Sergey Kandaurov
c622ff3b44 Fixed logging with variable field width. 2016-03-31 02:33:53 +03:00
Sergey Kandaurov
2e25f340b8 Fixed logging in close error handling. 2016-03-31 02:33:50 +03:00
Ruslan Ermilov
ce9d20eef4 Fixed mistranslated phrase. 2016-03-30 12:07:19 +03:00
Ruslan Ermilov
dd5628fcad Events: fixed test building with eventport on OS X.
Broken in d17f0584006f (1.9.13).
2016-03-30 11:57:28 +03:00
Ruslan Ermilov
7ad57da598 Style. 2016-03-30 11:52:16 +03:00
Ruslan Ermilov
dfbc51a8cc Version bump. 2016-03-30 11:52:07 +03:00
Maxim Dounin
bf5403bd27 release-1.9.13 tag 2016-03-29 18:09:30 +03:00
Maxim Dounin
34a0ca0a5d nginx-1.9.13-RELEASE 2016-03-29 18:09:30 +03:00
Maxim Dounin
30494ed30b Updated OpenSSL used for win32 builds. 2016-03-29 09:54:11 +03:00
Maxim Dounin
d259032741 Win32: replaced NGX_EXDEV with more appropriate error code.
Correct error code for NGX_EXDEV on Windows is ERROR_NOT_SAME_DEVICE,
"The system cannot move the file to a different disk drive".

Previously used ERROR_WRONG_DISK is about wrong diskette in the drive and
is not appropriate.

There is no real difference though, as MoveFile() is able to copy files
between disk drives, and will fail with ERROR_ACCESS_DENIED when asked
to copy directories.  The ERROR_NOT_SAME_DEVICE error is only used
by MoveFileEx() when called without the MOVEFILE_COPY_ALLOWED flag.
2016-03-29 09:52:15 +03:00
Maxim Dounin
6871615528 Win32: additional error code NGX_EEXIST_FILE (ticket #910).
On Windows there are two possible error codes which correspond to
the EEXIST error code: ERROR_FILE_EXISTS used by CreateFile(CREATE_NEW),
and ERROR_ALREADY_EXISTS used by CreateDirectory().

MoveFile() seems to use both: ERROR_ALREADY_EXISTS when moving within
one filesystem, and ERROR_FILE_EXISTS when copying a file to a different
drive.
2016-03-29 09:51:46 +03:00
Maxim Dounin
4618c03f4c Upstream: proxy_next_upstream non_idempotent.
By default, requests with non-idempotent methods (POST, LOCK, PATCH)
are no longer retried in case of errors if a request was already sent
to a backend.  Previous behaviour can be restored by using
"proxy_next_upstream ... non_idempotent".
2016-03-28 19:50:19 +03:00
Maxim Dounin
5a76856dc2 Upstream: cached connections now tested against next_upstream.
Much like normal connections, cached connections are now tested against
u->conf->next_upstream, and u->state->status is now always set.

This allows to disable additional tries even with upstream keepalive
by using "proxy_next_upstream off".
2016-03-28 19:49:52 +03:00
Ruslan Ermilov
f5fff1eda0 Fixed --test-build-*.
Fixes various aspects of --test-build-devpoll, --test-build-eventport, and
--test-build-epoll.

In particular, if --test-build-devpoll was used on Linux, then "devpoll"
event method would be preferred over "epoll".  Also, wrong definitions of
event macros were chosen.
2016-03-28 19:29:18 +03:00
Roman Arutyunyan
3d791c46f5 Sub filter: fixed allocation alignment. 2016-03-28 13:35:25 +03:00
Piotr Sikora
c3aed0a233 Core: allow strings without null-termination in ngx_parse_url().
This fixes buffer over-read while using variables in the "proxy_pass",
"fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives, where result
of string evaluation isn't null-terminated.

Found with MemorySanitizer.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-02-26 17:30:27 -08:00
Roman Arutyunyan
030a1f959c Fixed socket inheritance on reload and binary upgrade.
On nginx reload or binary upgrade, an attempt is made to inherit listen sockets
from the previous configuration.  Previously, no check for socket type was made
and the inherited socket could have the wrong type.  On binary upgrade, socket
type was not detected at all.  Wrong socket type could lead to errors on that
socket due to different logic and unsupported syscalls.  For example, a UDP
socket, inherited as TCP, lead to the following error after arrival of a
datagram: "accept() failed (102: Operation not supported on socket)".
2016-03-25 14:10:38 +03:00
Vladimir Homutov
818ebb3492 Stream: additional logging for UDP. 2016-03-18 19:53:22 +03:00
Dmitry Volyntsev
2e6e246794 Win32: fixed build after 384154fc634f. 2016-03-23 18:34:05 +03:00
Roman Arutyunyan
3c48fd7c05 Stream: detect port absence in proxy_pass with IP literal.
This is a clone of http commit 26c127bab5ef.
2016-03-23 17:45:15 +03:00
Dmitry Volyntsev
f625ad7ce8 Resolver: added support for SRV records. 2016-03-23 17:44:36 +03:00
Dmitry Volyntsev
2b2fe92aaa Resolver: do not enable resolve timer if provided timeout is zero. 2016-03-23 17:44:36 +03:00
Dmitry Volyntsev
98f222c6c1 Resolver: introduced valid field in resolver responses.
It hints the amount of time a response could be considered
as valid.
2016-03-23 17:44:36 +03:00
Valentin Bartenev
0f4315f998 Core: introduced the NGX_DEBUG_PALLOC macro.
It allows to turn off accumulation of small pool allocations into a big
preallocated chunk of memory.  This is useful for debugging memory access
with sanitizer, since such accumulation can cover buffer overruns from
being detected.
2016-03-23 17:44:04 +03:00
Valentin Bartenev
9d08bda415 Core: use ngx_palloc_small() to allocate ngx_pool_large_t.
This structure cannot be allocated as a large block anyway, otherwise that will
result in infinite recursion, since each large allocation requires to allocate
another ngx_pool_large_t.

The room for the structure is guaranteed by the NGX_MIN_POOL_SIZE constant.
2016-03-23 17:44:04 +03:00
Valentin Bartenev
21dfe90a4e Core: introduced the ngx_palloc_small() function.
It deduplicates some code for allocations from memory pool.
No functional changes.
2016-03-23 17:44:04 +03:00
Valentin Bartenev
b94eb1dfe6 Core: moved logging before freeing large blocks of pool.
This fixes use-after-free memory access with enabled debug log
when pool->log is allocated as a large block.
2016-03-23 17:44:04 +03:00
Maxim Dounin
890ba54497 Backed out server_tokens changes.
Backed out changesets: cf3e75cfa951, 6b72414dfb4f, 602dc42035fe, e5076b96fd01.
2016-03-22 16:58:38 +03:00
Dmitry Volyntsev
24e38323ee Cache: fixed slots accounting error introduced in c9d680b00744. 2016-03-23 14:16:31 +03:00
Ruslan Ermilov
0b768c1435 Reconsidered server_tokens with an empty value.
An empty value will be treated as "off".
2016-03-22 15:52:28 +03:00
Valentin Bartenev
ae5e76ea06 HTTP/2: improved debugging of sending control frames. 2016-03-21 17:04:21 +03:00
Sergey Kandaurov
1a5922008e Events: fixed test building with devpoll and eventport on Linux.
Avoid POLLREMOVE and itimerspec redefinition.
2016-03-21 12:36:36 +03:00
Piotr Sikora
26f669f109 Fix build with -Wmissing-prototypes.
Broken in 5eb4d7541107 (1.9.6), fix somehow missed in 3600bbfb43e3.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-03-18 16:38:08 -07:00
Dmitry Volyntsev
b18ba1e9f6 Cache: added watermark to reduce IO load when keys_zone is full.
When a keys_zone is full then each next request to the cache is
penalized.  That is, the cache has to evict older files to get a
slot from the keys_zone synchronously.  The patch introduces new
behavior in this scenario.  Manager will try to maintain available
free slots in the keys_zone by cleaning old files in the background.
2016-03-18 15:08:21 +03:00