Commit Graph

820 Commits

Author SHA1 Message Date
Valentin Bartenev
0f62e193dc SSL: preservation of flush flag for buffered data.
Previously, if SSL buffer was not sent we lost information that the data
must be flushed.
2013-01-28 15:37:11 +00:00
Valentin Bartenev
c857dade60 SSL: resetting of flush flag after the data was written.
There is no need to flush next chunk of data if it does not contain a buffer
with the flush or last_buf flags set.
2013-01-28 15:35:12 +00:00
Valentin Bartenev
693ba0179e SSL: removed conditions that always hold true. 2013-01-28 15:34:09 +00:00
Ruslan Ermilov
33e934ccc8 Events: fixed null pointer dereference with resolver and poll.
A POLLERR signalled by poll() without POLLIN/POLLOUT, as seen on
Linux, would generate both read and write events, but there's no
write event handler for resolver events.  A fix is to only call
event handler of an active event.
2013-01-25 09:59:28 +00:00
Maxim Dounin
041449a3d3 SSL: speedup loading of configs with many ssl servers.
The patch saves one EC_KEY_generate_key() call per server{} block by
informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.

For a configuration file with 10k simple server{} blocks with SSL enabled
this change reduces startup time from 18s to 5s on a slow test box here.
2013-01-09 14:11:48 +00:00
Valentin Bartenev
a6ea2f8f48 Events: added check for duplicate "events" directive. 2013-01-08 14:03:37 +00:00
Maxim Dounin
8e67fb4226 Event pipe: fixed handling of buf_to_file data.
Input filter might free a buffer if there is no data in it, and in case
of first buffer (used for cache header and request header, aka p->buf_to_file)
this resulted in cache corruption.  Buffer memory was reused to read upstream
response before headers were written to disk.

Fix is to avoid moving pointers in ngx_event_pipe_add_free_buf() to a buffer
start if we were asked to free a buffer used by p->buf_to_file.

This fixes occasional cache file corruption, usually resulted
in "cache file ... has md5 collision" alerts.

Reported by Anatoli Marinov.
2012-10-30 11:14:24 +00:00
Maxim Dounin
c846871ce1 SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
This parameter allows to don't require certificate to be signed by
a trusted CA, e.g. if CA certificate isn't known in advance, like in
WebID protocol.

Note that it doesn't add any security unless the certificate is actually
checked to be trusted by some external means (e.g. by a backend).

Patch by Mike Kazantsev, Eric O'Connor.
2012-10-03 15:24:08 +00:00
Maxim Dounin
7eea509776 OCSP stapling: build fixes.
With the "ssl_stapling_verify" commit build with old OpenSSL libraries
was broken due to incorrect prototype of the ngx_ssl_stapling() function.
One incorrect use of ngx_log_debug() instead of ngx_log_debug2() slipped in
and broke win32 build.
2012-10-01 13:54:13 +00:00
Maxim Dounin
bec2cc5286 OCSP stapling: ssl_stapling_verify directive.
OCSP response verification is now switched off by default to simplify
configuration, and the ssl_stapling_verify allows to switch it on.

Note that for stapling OCSP response verification isn't something required
as it will be done by a client anyway.  But doing verification on a server
allows to mitigate some attack vectors, most notably stop an attacker from
presenting some specially crafted data to all site clients.
2012-10-01 12:53:11 +00:00
Maxim Dounin
3ebbb7d521 OCSP stapling: OCSP_basic_verify() OCSP_TRUSTOTHER flag now used.
This is expected to simplify configuration in a common case when OCSP
response is signed by a certificate already present in ssl_certificate
chain.  This case won't need any extra trusted certificates.
2012-10-01 12:51:27 +00:00
Maxim Dounin
1a07a7f2de OCSP stapling: log error data in ngx_ssl_error().
It's hard to debug OCSP_basic_verify() failures without the actual error
string it records in the error data field.
2012-10-01 12:50:36 +00:00
Maxim Dounin
872563a64d OCSP stapling: check Content-Type.
This will result in better error message in case of incorrect response
from OCSP responder:

... OCSP responder sent invalid "Content-Type" header: "text/plain"
    while requesting certificate status, responder: ...

vs.

... d2i_OCSP_RESPONSE() failed (SSL:
    error:0D07209B:asn1 encoding routines:ASN1_get_object:too long
    error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header
    error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error)
    while requesting certificate status, responder: ...
2012-10-01 12:48:54 +00:00
Maxim Dounin
74ad4494a6 OCSP stapling: loading OCSP responses.
This includes the ssl_stapling_responder directive (defaults to OCSP
responder set in certificate's AIA extension).

OCSP response for a given certificate is requested once we get at least
one connection with certificate_status extension in ClientHello, and
certificate status won't be sent in the connection in question.  This due
to limitations in the OpenSSL API (certificate status callback is blocking).

Note: SSL_CTX_use_certificate_chain_file() was reimplemented as it doesn't
allow to access the certificate loaded via SSL_CTX.
2012-10-01 12:47:55 +00:00
Maxim Dounin
f7ec295fb4 OCSP stapling: the ngx_event_openssl_stapling.c file.
Missed in previous commit.
2012-10-01 12:42:43 +00:00
Maxim Dounin
85c920a0cd OCSP stapling: ssl_stapling_file support.
Very basic version without any OCSP responder query code, assuming valid
DER-encoded OCSP response is present in a ssl_stapling_file configured.

Such file might be produced with openssl like this:

openssl ocsp -issuer root.crt -cert domain.crt -respout domain.staple \
             -url http://ocsp.example.com
2012-10-01 12:41:08 +00:00
Maxim Dounin
3648ba7db8 OCSP stapling: ssl_trusted_certificate directive.
The directive allows to specify additional trusted Certificate Authority
certificates to be used during certificate verification.  In contrast to
ssl_client_certificate DNs of these cerificates aren't sent to a client
during handshake.

Trusted certificates are loaded regardless of the fact whether client
certificates verification is enabled as the same certificates will be
used for OCSP stapling, during construction of an OCSP request and for
verification of an OCSP response.

The same applies to a CRL (which is now always loaded).
2012-10-01 12:39:36 +00:00
Maxim Dounin
52b59ebc74 SSL: added version checks for ssl compression workaround.
The SSL_COMP_get_compression_methods() is only available as an API
function in OpenSSL 0.9.8+, require it explicitly to unbreak build
with OpenSSL 0.9.7.
2012-09-27 18:01:06 +00:00
Maxim Dounin
f4f72f9fb5 SSL: fixed compression workaround to remove all methods.
Previous code used sk_SSL_COMP_delete(ssl_comp_methods, i) while iterating
stack from 0 to n, resulting in removal of only even compression methods.

In real life this change is a nop, as there is only one compression method
which is enabled by default in OpenSSL.
2012-09-27 17:59:59 +00:00
Andrey Belov
2af80d5fab Explicitly ignore returned value from close() in ngx_event_core_init_conf().
We don't have strong reason to inform about any errors
reported by close() call here, and there are no other things
to do with its return value.

Prodded by Coverity.
2012-08-07 13:57:04 +00:00
Ruslan Ermilov
cfe194ef59 When "debug_connection" is configured with a domain name, only the first
resolved address was used.  Now all addresses will be used.
2012-07-24 17:40:06 +00:00
Ruslan Ermilov
1efcca36cc Fixed compilation with -Wmissing-prototypes. 2012-07-24 15:09:54 +00:00
Igor Sysoev
992a4d11da Disabled gzip compression in OpenSSL prior to 1.0.0 version.
This saves about 522K per connection.
2012-06-20 12:55:28 +00:00
Valentin Bartenev
2195eb554b Removed mistaken setting of NGX_SSL_BUFFERED flag in ngx_ssl_send_chain()
if SSL buffer is not used.
2012-05-30 12:43:27 +00:00
Valentin Bartenev
0215fcc9b8 Update c->sent in ngx_ssl_send_chain() even if SSL buffer is not used. 2012-05-14 16:30:33 +00:00
Maxim Dounin
0e3b423dc6 Accept moderation in case of EMFILE/ENFILE.
In case of EMFILE/ENFILE returned from accept() we disable accept events,
and (in case of no accept mutex used) arm timer to re-enable them later.
With accept mutex we just drop it, and rely on normal accept mutex handling
to re-enable accept events once it's acquired again.

As we now handle errors in question, logging level was changed to "crit"
(instead of "alert" used for unknown errors).

Note: the code might call ngx_enable_accept_events() multiple times if
there are many listen sockets.  The ngx_enable_accept_events() function was
modified to check if connection is already active (via c->read->active) and
skip it then, thus making multiple calls safe.
2012-05-11 13:33:06 +00:00
Ruslan Ermilov
700364f62d debug_connection: added the IPv6 and UNIX-domain socket support. 2012-04-29 22:02:18 +00:00
Maxim Dounin
a73ce28e0a Fixed master exit if there is no events section (ticket #150).
Instead of checking if there is events{} section present in configuration
in init_module handler we now do the same in init_conf handler.  This
allows master process to detect incorrect configuration early and
reject it.
2012-04-18 14:47:10 +00:00
Ruslan Ermilov
43d2b1c045 Fixed grammar in error messages. 2012-04-12 19:35:41 +00:00
Maxim Dounin
baa239c487 Fixed signed integer overflows in timer code (ticket #145).
Integer overflow is undefined behaviour in C and this indeed caused
problems on Solaris/SPARC (at least in some cases).  Fix is to
subtract unsigned integers instead, and then cast result to a signed
one, which is implementation-defined behaviour and used to work.

Strictly speaking, we should compare (unsigned) result with the maximum
value of the corresponding signed integer type instead, this will be
defined behaviour.  This will require much more changes though, and
considered to be overkill for now.
2012-04-06 23:46:09 +00:00
Ruslan Ermilov
47a04aaa27 Fixed spelling in multiline C comments. 2012-04-03 07:37:31 +00:00
Maxim Dounin
ee187436af Whitespace fixes. 2012-03-05 18:09:06 +00:00
Ruslan Ermilov
b74f8ffce4 Fixed spelling in single-line comments. 2012-02-28 11:31:05 +00:00
Maxim Dounin
7ca6c1ff78 Fix of rbtree lookup on hash collisions.
Previous code incorrectly assumed that nodes with identical keys are linked
together.  This might not be true after tree rebalance.

Patch by Lanshun Zhou.
2012-02-27 22:15:39 +00:00
Maxim Dounin
b5d0d7a232 Event pipe: fixed buffer loss in p->length case.
With previous code raw buffer might be lost if p->input_filter() was called
on a buffer without any data and used ngx_event_pipe_add_free_buf() to
return it to the free list.  This eventually might cause "all buffers busy"
problem, resulting in segmentation fault due to null pointer dereference in
ngx_event_pipe_write_chain_to_temp_file().

In ngx_event_pipe_add_free_buf() the buffer was added to the list start
due to pos == last, and then "p->free_raw_bufs = cl->next" in
ngx_event_pipe_read_upstream() dropped both chain links to the buffer
from the p->free_raw_bufs list.

Fix is to move "p->free_raw_bufs = cl->next" before calling the
p->input_filter().
2012-02-22 11:28:53 +00:00
Maxim Dounin
4a23bc5705 Fixed error handling in ngx_event_connect_peer().
Previously if ngx_add_event() failed a connection was freed two times (once
in the ngx_event_connect_peer(), and again by a caller) as pc->connection was
left set.  Fix is to always use ngx_close_connection() to close connection
properly and set pc->connection to NULL on errors.

Patch by Piotr Sikora.
2012-01-30 11:12:52 +00:00
Maxim Dounin
90a7a8f5d9 Removed ENGINE_load_builtin_engines() call.
It's already called by OPENSSL_config().  Calling it again causes some
openssl engines (notably GOST) to corrupt memory, as they don't expect
to be created more than once.
2012-01-30 07:38:27 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Dounin
4efcbce328 Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1
(-beta1 was recently released).  This change makes it possible to disable
these protocols and/or enable them without other protocols.
2012-01-11 11:15:00 +00:00
Maxim Dounin
c09d65b179 Fixed AIO on Linux, broken in r4306.
Events from eventfd do not have c->write set, and the stale event
check added in r4306 causes null pointer dereference.
2011-11-29 17:27:13 +00:00
Maxim Dounin
91ecc8f43c Added shmtx interface to forcibly unlock mutexes.
It is currently used from master process on abnormal worker termination to
unlock accept mutex (unlocking of accept mutex was broken in 1.0.2).  It is
expected to be used in the future to unlock other mutexes as well.

Shared mutex code was rewritten to make this possible in a safe way, i.e.
with a check if lock was actually held by the exited process.  We again use
pid to lock mutex, and use separate atomic variable for a count of processes
waiting in sem_wait().
2011-11-23 13:55:38 +00:00
Maxim Dounin
7f59728d5b Protection from stale write events in epoll.
Stale write event may happen if epoll_wait() reported both read and write
events, and processing of the read event closed descriptor.

Patch by Yichun Zhang (agentzh).
2011-11-22 17:02:21 +00:00
Igor Sysoev
a2ffa56106 Silently ignoring a stale global SSL error left after disabled renegotiation. 2011-10-31 14:30:03 +00:00
Maxim Dounin
0d59500343 Event pipe: reduced number of file buffers used.
If possible we now just extend already present file buffer in p->out chain
instead of keeping ngx_buf_t for each buffer we've flushed to disk.  This
saves about 120 bytes of memory per buffer flushed to disk, and resolves
high CPU usage observed in edge cases (due to coalescing these buffers on
send).
2011-10-31 09:54:55 +00:00
Maxim Dounin
59205ce109 Event pipe: fixes for complex protocols.
1. In ngx_event_pipe_write_chain_to_temp_file() make sure to fully write
   all shadow buffers up to last_shadow.  With this change recycled buffers
   cannot appear in p->out anymore.  This also fixes segmentation faults
   observed due to ngx_event_pipe_write_chain_to_temp() not freeing any
   raw buffers while still returning NGX_OK.

2. In ngx_event_pipe_write_to_downstream() we now properly check for busy
   size as a size of buffers, not a size of data in these buffers.  This
   fixes situations where all available buffers became busy (including
   segmentation faults due to this).

3. The ngx_event_pipe_free_shadow_raw_buf() function is dropped.  It's
   incorrect and not needed.
2011-10-31 09:53:16 +00:00
Igor Sysoev
59695881ce Decrease of log level of some SSL handshake errors. 2011-10-25 15:04:09 +00:00
Igor Sysoev
94b5460c70 Releasing memory of idle SSL connection. This saves about 34K per SSL
connection. The SSL_MODE_RELEASE_BUFFERS option is available since
OpenSSL 1.0.0d.
2011-10-07 12:15:20 +00:00
Igor Sysoev
95084f7e1c Disabling SSL compression. This saves about 300K per SSL connection.
The SSL_OP_NO_COMPRESSION option is available since OpenSSL 1.0.0.
2011-10-07 10:59:02 +00:00
Maxim Dounin
265e51aa0b Fixed loss of chain links in ngx_event_pipe_read_upstream(). 2011-09-20 09:56:35 +00:00
Maxim Dounin
e4dab80e80 Fix of cpu hog in event pipe.
If client closed connection in ngx_event_pipe_write_to_downstream(), buffers
in the "out" chain were lost.  This caused cpu hog if all available buffers
were in the "out" chain.  Fix is to call ngx_chain_update_chains() before
checking return code of output filter to avoid loosing buffers in the "out"
chain.

Note that this situation (all available buffers in the "out" chain) isn't
normal, it should be prevented by busy buffers limit.  Though right now it
may happen with complex protocols like fastcgi.  This should be addressed
separately.
2011-09-20 09:55:27 +00:00
Igor Sysoev
c8df23cb29 The "worker_aio_requests" directive.
The default value is 32 AIO simultaneous requests per worker. Previously
they were hardcoded to 1024, and it was too large, since Linux allocated
them early on io_setup(), but not on request itself. So with default value
of /proc/sys/fs/aio-max-nr equal to 65536 only 64 worker processes could
be run simultaneously. 32 AIO requests are enough for modern disks even if
server runs only 1 worker.
2011-09-20 07:30:09 +00:00
Ruslan Ermilov
a823c550e4 Replaced "can not" with "cannot" and "could not" in a bunch of places.
Fixed nearby grammar errors.
2011-09-19 14:48:29 +00:00
Igor Sysoev
aa997c0289 Fixing Linux AIO initiatialization: AIO operations are disabled if kernel
does not support them.  Previously worker just exited.
2011-09-16 13:41:52 +00:00
Igor Sysoev
4134b48b68 Fixing Linux AIO syscalls return value handling:
syscall(2) uses usual libc convention, it returns -1 on error and
sets errno. Obsolete _syscall(2) returns negative value of error.

Thanks to Hagai Avrahami.
2011-09-16 12:43:16 +00:00
Maxim Dounin
a746bab7c1 Upstream: pipe length and input_filter_init in buffered mode.
As long as ngx_event_pipe() has more data read from upstream than specified
in p->length it's passed to input filter even if buffer isn't yet full.  This
allows to process data with known length without relying on connection close
to signal data end.

By default p->length is set to -1 in upstream module, i.e. end of data is
indicated by connection close.  To set it from per-protocol handlers upstream
input_filter_init() now called in buffered mode (as well as in
unbuffered mode).
2011-09-15 19:00:47 +00:00
Maxim Dounin
d7c2673d3f API change: ngx_chain_update_chains() now requires pool.
The ngx_chain_update_chains() needs pool to free chain links used for buffers
with non-matching tags.  Providing one helps to reduce memory consumption
for long-lived requests.
2011-09-15 16:03:17 +00:00
Maxim Dounin
82854d0d78 Proper setting of read->eof in pipe code.
Setting read->eof to 0 seems to be just a typo.  It appeared in
nginx-0.0.1-2003-10-28-18:45:41 import (r164), while identical code in
ngx_recv.c introduced in the same import do actually set read->eof to 1.

Failure to set read->eof to 1 results in EOF not being generally detectable
from connection flags.  On the other hand, kqueue won't report any read
events on such a connection since we use EV_CLEAR.  This resulted in read
timeouts if such connection was cached and used for another request.
2011-09-01 15:10:41 +00:00
Maxim Dounin
a9e3c65d22 Proper SSL shutdown handling.
If connection has unsent alerts, SSL_shutdown() tries to send them even
if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This can be prevented by SSL_set_quiet_shutdown().  SSL_set_shutdown()
is required nevertheless to preserve session.
2011-09-01 13:49:36 +00:00
Igor Sysoev
dfd81a23b2 A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.

The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
2011-08-04 11:12:30 +00:00
Igor Sysoev
b0b6bcedfc fix SSL connection issues on platforms with 32-bit off_t
patch by Maxim Dounin
2011-07-22 12:53:04 +00:00
Igor Sysoev
a7ed0951e3 fix build by gcc46 with -Wunused-value option
patch by Maxim Dounin
2011-07-22 10:43:50 +00:00
Igor Sysoev
f39642a907 ECDHE support
patch by Adrian Kotelba
2011-07-20 15:42:40 +00:00
Igor Sysoev
e61ba26744 MSIE export versions are rare now, so RSA 512 key is generated on demand
and is shared among all hosts instead of pregenerating for every HTTPS host
on configuraiton phase. This decreases start time for configuration with
large number of HTTPS hosts.
2011-07-20 12:59:24 +00:00
Igor Sysoev
e2c8ad7122 use POSIX semaphores in shmtx instead of sched_yield()
number of spinlock spins are increased twice
2011-05-10 11:39:13 +00:00
Igor Sysoev
efde3eb92e fix building by gcc 4.6 without --with-debug 2011-04-23 17:25:06 +00:00
Igor Sysoev
3d86ad3f95 fix building on Fedora 14
patch by Kirill A. Korinskiy
2011-01-20 12:33:17 +00:00
Igor Sysoev
3e3ee60b99 remove SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG becuase of CVE-2010-4180 2010-12-06 11:17:03 +00:00
Igor Sysoev
0c39c27412 fix building by msvc8 introduced by the previous commit 2010-12-02 14:20:51 +00:00
Igor Sysoev
a07d6ec39f fallback to accept() if accept4() is not implemented,
the issue has been introduced in r3787
2010-12-02 10:05:41 +00:00
Igor Sysoev
40747ad861 Linux accept4() support 2010-11-25 10:15:04 +00:00
Igor Sysoev
6b45b065fe decrease SSL handshake error level to info 2010-07-29 09:30:15 +00:00
Igor Sysoev
05b1a8f1e3 ngx_str_set() and ngx_str_null() 2010-05-14 09:56:37 +00:00
Igor Sysoev
502252d43a MSVC8 compatibility with OpenSSL 1.0.0 2010-04-01 15:18:29 +00:00
Igor Sysoev
6d45d8a50d *) introduce ngx_time_sigsafe_update() to update the error log time only
*) change ngx_time_update() interface
2010-03-25 09:10:10 +00:00
Igor Sysoev
2f916a9721 *) use previously cached GMT offset value to update time from a signal handler
*) change ngx_time_update() interface since there are no notification methods
   those return time
2010-03-13 18:08:07 +00:00
Igor Sysoev
b80f68aeda do not update time in the timer signal handler,
since localtime_r() is not Async-Signal-Safe function
2010-03-12 14:31:47 +00:00
Igor Sysoev
e71f39932f add OpenSSL_add_all_algorithms(), this fixes the error
"ASN1_item_verify:unknown message digest algorithm" occurred if
client certificate is signed using sha256WithRSAEncryption
2010-03-03 16:23:14 +00:00
Igor Sysoev
416fc7aac7 Set SSL session context for "ssl_session_cache none".
This fixes a bug when client certficate is used and nginx closes connection
with the message: "SSL_GET_PREV_SESSION:session id context uninitialized".
2010-03-02 08:41:47 +00:00
Igor Sysoev
146324618d decrease SSL handshake error level to info 2010-02-19 20:54:58 +00:00
Igor Sysoev
d5624689cb update comments 2009-11-25 18:03:59 +00:00
Igor Sysoev
72db760eca add NGX_PROCESS_HELPER process status 2009-11-23 15:46:21 +00:00
Igor Sysoev
8019121120 decrease SSL handshake error level to info 2009-11-23 14:09:57 +00:00
Igor Sysoev
70bd187c4c disable SSL renegotiation (CVE-2009-3555) 2009-11-11 10:59:07 +00:00
Igor Sysoev
cc65b0879b fix segfault in SSL if limit_rate is used 2009-11-03 15:38:33 +00:00
Igor Sysoev
72e928755b proxy_bind, fastcgi_bind, and memcached_bind 2009-11-02 15:24:02 +00:00
Igor Sysoev
19811dbdde style fix 2009-11-02 12:41:56 +00:00
Igor Sysoev
61490aa6b6 delete unused field c->local_socklen 2009-11-01 19:29:49 +00:00
Igor Sysoev
baf8e409ba http listen unix domain sockets 2009-10-26 11:43:32 +00:00
Igor Sysoev
c81582ea67 fix r3155 2009-09-24 20:09:12 +00:00
Igor Sysoev
ef2662caab fix debug log message 2009-09-24 14:47:10 +00:00
Igor Sysoev
cdaf442a2f $ssl_session_id 2009-09-24 14:45:28 +00:00
Igor Sysoev
bfff03406d aio sendfile 2009-08-30 09:52:39 +00:00
Igor Sysoev
a962506498 FreeBSD and Linux AIO support 2009-08-28 08:12:35 +00:00
Igor Sysoev
5297d456d8 axe r->connection->destroyed testing 2009-08-26 16:14:57 +00:00
Igor Sysoev
b71610eb09 *) move small declarations in appropriate places and delete the surplus
header files
*) delete insignificant comments
2009-08-25 09:09:13 +00:00
Igor Sysoev
8e7e69e351 style fix 2009-08-25 09:06:21 +00:00
Igor Sysoev
3a58935936 *) share temporary number between workers
*) randomize collision offset
2009-08-21 09:06:35 +00:00
Igor Sysoev
365d663cc2 fix memory corruption in $ssl_client_cert 2009-07-27 11:51:12 +00:00
Igor Sysoev
f5ca9df2ab delete ancient define 2009-07-23 12:59:11 +00:00
Igor Sysoev
80c3e8e03b delete OpenSSL pre-0.9.7 compatibility: the sources were not actually
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
2009-07-23 12:54:20 +00:00
Igor Sysoev
9db0245cda ssl_crl 2009-07-23 12:21:26 +00:00
Igor Sysoev
5b4b7c58cc *) $ssl_client_verify
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
2009-07-22 17:41:42 +00:00
Igor Sysoev
a5fe5881c6 ignore ngx_atomic_fetch_add() result
this fixes building at least by gcc 4.2.1 on Mac OS X 10.6
2009-06-18 13:14:51 +00:00
Igor Sysoev
260c4321d7 return NULL instead of NGX_CONF_ERROR on a create conf failure 2009-06-02 16:09:44 +00:00
Igor Sysoev
731e6a9b11 style fix 2009-05-14 16:24:39 +00:00
Igor Sysoev
6ce6fcd12d divide select module into two modules: Unix and Win32 ones 2009-05-06 14:53:54 +00:00
Igor Sysoev
44063a76f4 make code clearer 2009-05-06 08:54:54 +00:00
Igor Sysoev
57ca2c8013 test event type to prevent errors 2009-05-06 08:53:13 +00:00
Igor Sysoev
63d0bea178 do not free buffer with cache header before it would be written,
it seems this affected header only FastCGI responses only:
proxied header only responses were cached right
2009-05-04 19:04:00 +00:00
Igor Sysoev
b1e640a385 try to repair the case "select ready != events" 2009-04-29 18:56:47 +00:00
Igor Sysoev
a1580f58dd ngx_select_repair_fd_sets() 2009-04-29 15:29:12 +00:00
Igor Sysoev
b70b1f7c64 delete useless debug log 2009-04-29 15:15:17 +00:00
Igor Sysoev
7c6ba72e24 style fix 2009-04-29 15:12:57 +00:00
Igor Sysoev
c5237a8829 handle Winsock select() WSAEINVAL 2009-04-29 13:42:14 +00:00
Igor Sysoev
9441ffadbe add listen events for win32 only after accept mutex is hold 2009-04-28 20:03:59 +00:00
Igor Sysoev
e1c9746e37 use ngx_vslprintf(), ngx_slprintf() 2009-04-27 13:06:20 +00:00
Igor Sysoev
bd91999ea5 Win32 master/workers model 2009-04-20 06:08:47 +00:00
Igor Sysoev
694bdea2a9 add variadic macros support for msvc8 2009-04-19 16:25:02 +00:00
Igor Sysoev
f7a08d5f9a support attaching to an existent Win32 shared memory 2009-04-18 19:27:28 +00:00
Igor Sysoev
c7f876bd4c move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory 2009-04-16 19:25:09 +00:00
Igor Sysoev
ee0da9ad53 fix building by MSVC8 2009-04-15 19:28:10 +00:00
Igor Sysoev
a2c8d9a0a8 improve ngx_slab_alloc() error logging 2009-03-27 17:00:42 +00:00
Igor Sysoev
52859f2f13 a prelimiary proxy cache support 2009-03-23 13:14:51 +00:00
Igor Sysoev
288e503e92 lower ECONNRESET level 2009-02-25 14:27:34 +00:00
Igor Sysoev
36860101ec prepare ngx_ptocidr() for IPv6 2009-02-24 14:01:40 +00:00
Igor Sysoev
1f4220ee86 small optimization: " == NGX_ERROR" > " != NGX_OK" 2009-02-24 10:42:23 +00:00
Igor Sysoev
9b4a1d0094 use variable for often used field 2009-02-24 08:32:02 +00:00
Igor Sysoev
a35eaccdec a prelimiary IPv6 support, HTTP listen 2009-02-21 07:02:02 +00:00
Igor Sysoev
be63760fc5 load SSL engine before certificates,
otherwise RSA keys will use built-in RSA methods
2009-02-16 13:37:58 +00:00
Igor Sysoev
c9aae14a7e use "!= NGX_OK" instead of "== NGX_ERROR" 2008-12-09 17:27:48 +00:00
Igor Sysoev
1bf7dc1884 low some SSL handshake errors level 2008-11-18 16:05:00 +00:00
Igor Sysoev
a862c46ffa always use buffer, if connection is buffered,
this fixes OpenSSL "bad write retry" error, when
*) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL,
*) OpenSSL returns SSL_ERROR_WANT_WRITE,
*) after some time nginx has to send a new data,
*) so there are at least two bufs nginx does pass them directly to OpenSSL,
*) but copies the first buf part to buffer, and sends the buffer to OpenSSL.
*) because the data length is lesser than it was in previous SSL_write():
   16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.
2008-10-23 05:58:10 +00:00
Igor Sysoev
e17cc987d3 dynamic accept threshold 2008-09-19 12:47:13 +00:00
Igor Sysoev
9c388c0a7f *) refactor ngx_ptocidr()
*) allow address without bitmask
*) thus now ngx_http_geo_module accepts addresses without bitmask
2008-08-26 14:19:37 +00:00
Igor Sysoev
c5849a6381 ngx_sock_ntop() takes family from sockaddr, remove duplicate field 2008-08-21 19:24:07 +00:00
Igor Sysoev
a408b2ba2d backout both r2162 and r2128 and implement a new fix 2008-08-12 12:04:49 +00:00
Igor Sysoev
2ff9a4b334 SSL connection readiness is required for level-triggered events only,
broken in r2128
2008-08-11 15:25:40 +00:00
Igor Sysoev
ec0b579f75 update connection readiness after SSL handshake,
this fixes mail proxy SSL connection hanging if level-triggered event is used
2008-07-30 06:12:30 +00:00
Igor Sysoev
49ed6f3eec *) ssl_verify_client ask
*) test ssl_client_certificate for ssl_verify_client
*) $ssl_client_cert adds TAB before each line except first one
*) $ssl_client_raw_cert contains certificate as is
2008-07-29 14:29:02 +00:00
Igor Sysoev
58e9f22bfd handle connect()'s EAGAIN on Linux 2008-07-09 15:42:13 +00:00
Igor Sysoev
ce1e64f404 prepare to allow various number of connections in child processes 2008-06-23 13:23:29 +00:00
Igor Sysoev
da02ddc6fd fix "proxy_pass https://..." broken in r1427 2008-06-20 14:42:54 +00:00
Igor Sysoev
7f6b2ffc60 *) back out r2040
*) refactor ngx_palloc()
*) introduce ngx_pnalloc()
*) additional pool blocks have smaller header
2008-06-17 15:00:30 +00:00
Igor Sysoev
81f9c9dc72 $ssl_client_cert 2008-06-16 05:54:18 +00:00
Igor Sysoev
df83e6f81a DH parameters, ssl_dhparam 2008-06-16 05:51:32 +00:00
Igor Sysoev
d6548faf64 ssl_session_cache none 2008-05-26 07:14:13 +00:00
Igor Sysoev
3b30476068 style fix 2008-05-22 12:09:41 +00:00
Igor Sysoev
396abff226 get certificate info only for debug build 2008-04-28 08:52:32 +00:00
Igor Sysoev
58d3821cf0 fix memory leak when ssl_verify_client is on 2008-04-28 08:50:39 +00:00
Igor Sysoev
439e288a1b fix memory leak when ssl_verify_client is on 2008-04-23 18:57:25 +00:00
Igor Sysoev
8da1fa935f low some SSL handshake errors level 2008-03-18 10:35:00 +00:00
Igor Sysoev
b9186ad856 restore building --test-build-rtsig and --test-build-eventport on FreeBSD 6 2008-03-13 15:47:14 +00:00
Igor Sysoev
472233d0a3 invalidate SSL session if there is no valid client certificate 2008-03-10 14:47:07 +00:00
Igor Sysoev
02aa53be83 left open sockets were not really tested 2008-02-28 20:31:33 +00:00
Igor Sysoev
704e1c1324 low SSL handshake close notify alert error level 2008-02-04 20:46:58 +00:00
Igor Sysoev
b1d4a6cc80 low SSL handshake errors level 2008-02-01 14:05:18 +00:00
Igor Sysoev
c20d3769bc backout r1757, we really need SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 2008-01-31 15:10:45 +00:00
Igor Sysoev
6e8bc2b72d fix building --test-build-rtsig and --test-build-eventport on FreeBSD 7 2008-01-28 16:24:01 +00:00
Igor Sysoev
02d8e8e377 add NGX_ENETDOWN, NGX_ENETUNREACH, and NGX_EHOSTDOWN 2008-01-25 14:57:35 +00:00
Igor Sysoev
c783c35b5f pull all errors 2008-01-25 14:56:37 +00:00
Igor Sysoev
efe0016a11 fix bogus crit log message "SSL_shutdown() failed" introduced in r1755 2008-01-22 16:04:35 +00:00
Igor Sysoev
8b99e3f1ea pull all errors 2008-01-10 08:45:00 +00:00
Igor Sysoev
e965c47113 grammar fix 2008-01-10 08:36:14 +00:00
Igor Sysoev
b548e13cdf fix comment 2007-12-29 16:55:31 +00:00
Igor Sysoev
f25abef8dc fix segfault introduced in r1780 2007-12-27 18:35:52 +00:00
Igor Sysoev
cd2aa8e172 create ssl buffer on demand and free it before keep-alive 2007-12-26 21:07:30 +00:00
Igor Sysoev
6ff850baf8 ssl_session_cache off 2007-12-26 20:27:22 +00:00
Igor Sysoev
01a129d823 use ngx_queue.h 2007-12-20 21:01:00 +00:00
Igor Sysoev
181abe549f embed session_rbtree and sentinel inside ngx_ssl_session_cache_t 2007-12-20 20:35:23 +00:00
Igor Sysoev
0a0024bdb5 omit useless test 2007-12-20 20:30:45 +00:00
Igor Sysoev
711e9031fe use ngx_time() instead of ngx_timeofday() 2007-12-20 20:11:45 +00:00
Igor Sysoev
6675abe3b4 remove SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, we never need it,
the "bad write retry" error was caused by SSL_shutdown() error
2007-12-20 13:49:07 +00:00
Igor Sysoev
fc28270ac2 cleaning stale global SSL error 2007-12-20 13:04:20 +00:00
Igor Sysoev
94b3ea319b SSL_shutdown() never returns -1, on error it returns 0.
This fixes incidental "bad write retry" errors.
2007-12-20 12:59:05 +00:00
Igor Sysoev
7912e4ba5d optimize rbtree initialization and insert 2007-12-17 08:52:00 +00:00
Igor Sysoev
86ef6aaa6b move condition declarations inside blocks where they are used 2007-12-10 12:09:51 +00:00
Igor Sysoev
e67d46189c ngx_udp_recv() 2007-12-03 16:46:46 +00:00
Igor Sysoev
479c786e0d TransmitPackets(), ConnectEx(), and DisconnectEx() 2007-11-11 18:56:50 +00:00
Igor Sysoev
408dfc1714 fix segfaults 2007-11-08 15:20:56 +00:00
Igor Sysoev
3bb547dfdf 64-bit update lost in r1355 2007-10-23 14:09:12 +00:00
Igor Sysoev
2d3f3f6eb6 fix English grammar 2007-10-14 18:56:15 +00:00
Igor Sysoev
708fe2e526 64-bit update lost in r1355 2007-09-10 09:08:12 +00:00
Igor Sysoev
a2883a66df NGX_USE_VNODE_EVENT and NGX_FLUSH_EVENT 2007-09-01 11:59:36 +00:00
Igor Sysoev
954e7e0739 add comment 2007-09-01 11:21:00 +00:00
Igor Sysoev
d1eedde904 update comments 2007-09-01 09:33:25 +00:00
Igor Sysoev
54a553b721 update comment 2007-08-31 09:50:23 +00:00
Igor Sysoev
31d6785397 style fix 2007-08-31 09:41:45 +00:00
Igor Sysoev
6f8030e339 use ev->log, because ev->data may be connection stub only 2007-08-31 09:40:38 +00:00
Igor Sysoev
181a7141f9 style fix 2007-08-31 09:22:53 +00:00
Igor Sysoev
7f789168ef add guard code 2007-08-29 11:26:42 +00:00
Igor Sysoev
bb3799d89f fix comment 2007-08-29 07:19:22 +00:00
Igor Sysoev
89884a0a84 disable pair event on POLLREMOVE 2007-08-29 07:18:54 +00:00
Igor Sysoev
6fe1303fb5 do not set read->eof, ready, and error prematurely 2007-08-27 19:44:35 +00:00
Igor Sysoev
da69848428 mark connection as not ready, this fixes endless loop introduced in r1368 2007-08-27 15:01:08 +00:00
Igor Sysoev
e101338634 upstream sendfile bit was overridden by r->connection->sendfile 2007-08-14 20:44:09 +00:00
Igor Sysoev
845f6d553a ignore meaningless bits in CIDR and warn about them 2007-08-10 13:13:28 +00:00
Igor Sysoev
83a6851b28 make 64-bit ngx_int_t on 64-bit platforms 2007-07-29 18:24:53 +00:00
Igor Sysoev
a1df416d65 --sysconfdir=DIR 2007-07-29 18:05:45 +00:00
Igor Sysoev
d2c996a57c fix segfault when event port returns POLLERR without POLLIN or POLLOUT 2007-07-11 10:45:55 +00:00
Igor Sysoev
8b0a3d2810 fix segfault when session was freed twice 2007-07-10 21:04:37 +00:00
Igor Sysoev
da8c05a5fd style fix 2007-05-23 18:28:54 +00:00
Igor Sysoev
70f65c4948 ngx_ssl_recv_chain() must not update buf->last,
it fixes proxy_pass https://...
2007-03-31 19:48:48 +00:00
Igor Sysoev
e7f83eefa2 fix building without --with-debug on Solaris 2007-03-21 11:16:14 +00:00
Igor Sysoev
b32d04f07c decrease log level from alert to debug for POLLERR|POLLHUP|POLLNVAL 2007-03-06 11:01:50 +00:00
Igor Sysoev
7cc1ea31e9 correct r1100 2007-02-12 14:58:45 +00:00
Igor Sysoev
915ef4f7c8 fix segfault when a large FastCGI response was written to a temporary file 2007-02-09 14:02:42 +00:00
Igor Sysoev
1e428098fb style fix 2007-01-31 07:31:50 +00:00
Igor Sysoev
6ed365fa8b unused value 2007-01-18 19:49:00 +00:00
Igor Sysoev
8c5edab7d3 style fix: remove trailing spaces 2007-01-18 19:40:31 +00:00
Igor Sysoev
97c0d35037 fix FastCGI "zero size buf" alert,
the previous commit did not fix too
2007-01-18 07:07:55 +00:00
Igor Sysoev
aafa2004d7 fix FastCGI "zero size buf" alert,
r841 did not fix it
2007-01-17 16:10:40 +00:00
Igor Sysoev
4502bf57b3 add debug logging for FastCGI zero size buf alert 2007-01-15 16:00:51 +00:00
Igor Sysoev
ec3cabdcd9 ngx_strn2cmp() > ngx_memn2cmp() 2007-01-12 21:58:02 +00:00
Igor Sysoev
8785136a92 fix duplicate rbtree keys case 2007-01-12 20:57:34 +00:00
Igor Sysoev
6043c80639 style fix: remove tabs 2007-01-12 20:26:39 +00:00
Igor Sysoev
6a23cf06e8 add comment 2007-01-12 19:26:38 +00:00
Igor Sysoev
b1d65e50d6 axe aio drafts 2007-01-11 22:08:50 +00:00
Igor Sysoev
aa50359569 axe long ago unnecessary file 2007-01-11 22:05:15 +00:00
Igor Sysoev
927666265d optimize the SSL session cache allocations on 64-bit platforms 2007-01-11 18:59:17 +00:00
Igor Sysoev
7fe33a9f58 ssl_session_timeout was set only if builtin cache was used 2007-01-11 18:57:09 +00:00
Igor Sysoev
b317945089 optimize the SSL session cache allocations 2007-01-11 17:39:02 +00:00
Igor Sysoev
e532b0194c stop rbtree search early if equal hash was found 2007-01-11 17:05:18 +00:00
Igor Sysoev
4e77a2bb83 pass the inherited shm_zone data 2007-01-09 15:59:20 +00:00
Igor Sysoev
61fc473b9c d2i_SSL_SESSION() was changed in 0.9.7f 2007-01-08 16:20:33 +00:00
Igor Sysoev
3364dc6eb7 move the session cache callbacks to the ngx_openssl_module 2007-01-03 15:25:40 +00:00
Igor Sysoev
ebf2bbc310 ngx_ssl_get_server_conf() 2007-01-02 23:37:25 +00:00
Igor Sysoev
7504a40130 OPENSSL_config() 2007-01-02 23:32:41 +00:00
Igor Sysoev
e2bec9066a fix typo 2006-12-15 21:18:44 +00:00
Igor Sysoev
3d2fd18a39 upstream choice modules 2006-12-04 16:46:13 +00:00
Igor Sysoev
17e0e1a554 fix segfault 2006-11-23 20:22:24 +00:00
Igor Sysoev
67cd336d88 slab allocator in shared memory 2006-11-20 08:51:45 +00:00
Igor Sysoev
cae66582d5 fix the previous commit 2006-11-19 07:27:10 +00:00
Igor Sysoev
2573f71e14 fix endless loop when too many FastCGI sent too many to stderr 2006-11-18 21:46:16 +00:00
Igor Sysoev
8c5f37e7d3 rbtree insert procedure 2006-11-16 15:34:52 +00:00
Igor Sysoev
ff3540af3a fix FastCGI "zero size buf" alert 2006-11-06 18:46:00 +00:00
Igor Sysoev
0593b63c6a undo the previous wrong commit 2006-10-28 14:32:39 +00:00
Igor Sysoev
e6d99d831c bad commit 2006-10-28 14:20:13 +00:00
Igor Sysoev
fc3f068bc5 style fix: remove trailing spaces 2006-10-09 15:38:59 +00:00
Igor Sysoev
4524fb0dcd Solaris 10 event ports support 2006-09-26 12:20:12 +00:00
Igor Sysoev
183f71ee9d rename variable 2006-09-25 14:34:29 +00:00
Igor Sysoev
92da28f5f8 remove unused oneshot flag 2006-09-22 14:46:03 +00:00
Igor Sysoev
c55a104fcb nginx-0.3.57-RELEASE import
*) Feature: the $ssl_client_serial variable.

    *) Bugfix: in the "!-e" operator of the "if" directive.
       Thanks to Andrian Budanstov.

    *) Bugfix: while a client certificate verification nginx did not send
       to a client the required certificates information.

    *) Bugfix: the $document_root variable did not support the variables in
       the "root" directive.
2006-08-09 19:59:45 +00:00
Igor Sysoev
8f1255877c nginx-0.3.55-RELEASE import
*) Feature: the "stub" parameter in the "include" SSI command.

    *) Feature: the "block" SSI command.

    *) Feature: the unicode2nginx script was added to contrib.

    *) Bugfix: if a "root" was specified by variable only, then the root
       was relative to a server prefix.

    *) Bugfix: if the request contained "//" or "/./" and escaped symbols
       after them, then the proxied request was sent unescaped.

    *) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now
       returns all "Cookie" header lines.

    *) Bugfix: a segmentation fault occurred if
       "client_body_in_file_only on" was used and nginx switched to a next
       upstream.

    *) Bugfix: on some condition while reconfiguration character codes
       inside the "charset_map" may be treated invalid; the bug had
       appeared in 0.3.50.
2006-07-28 15:16:17 +00:00
Igor Sysoev
bb28b6d3a4 nginx-0.3.54-RELEASE import
*) Feature: nginx now logs the subrequest information to the error log.

    *) Feature: the "proxy_next_upstream", "fastcgi_next_upstream", and
       "memcached_next_upstream" directives support the "off" parameter.

    *) Feature: the "debug_connection" directive supports the CIDR address
       form.

    *) Bugfix: if a response of proxied server or FastCGI server was
       converted from UTF-8 or back, then it may be transferred incomplete.

    *) Bugfix: the $upstream_response_time variable had the time of the
       first request to a backend only.

    *) Bugfix: nginx could not be built on amd64 platform; the bug had
       appeared in 0.3.53.
2006-07-11 13:20:19 +00:00
Igor Sysoev
1765f47544 nginx-0.3.53-RELEASE import
*) Change: the "add_header" directive adds the string to 204, 301, and
       302 responses.

    *) Feature: the "server" directive in the "upstream" context supports
       the "weight" parameter.

    *) Feature: the "server_name" directive supports the "*" wildcard.

    *) Feature: nginx supports the request body size more than 2G.

    *) Bugfix: if a client was successfully authorized using "satisfy_any
       on", then anyway the message "access forbidden by rule" was written
       in the log.

    *) Bugfix: the "PUT" method may erroneously not create a file and
       return the 409 code.

    *) Bugfix: if the IMAP/POP3 backend returned an error, then nginx
       continued proxying anyway.
2006-07-07 16:33:19 +00:00
Igor Sysoev
6f134cc275 nginx-0.3.47-RELEASE import
*) Feature: the "upstream" directive.

    *) Change: now the "\" escape symbol in the "\"" and "\'" pairs in the
       SSI command is always removed.
2006-05-23 14:54:58 +00:00
Igor Sysoev
44d872259c nginx-0.3.45-RELEASE import
*) Feature: the "ssl_verify_client", "ssl_verify_depth", and
       "ssl_client_certificate" directives.

    *) Change: the $request_method variable now returns the main request
       method.

    *) Change: the &deg; symbol codes were changed in koi-win conversion
       table.

    *) Feature: the euro and N symbols were added to koi-win conversion
       table.

    *) Bugfix: if nginx distributed the requests among several backends and
       some backend failed, then requests intended for this backend was
       directed to one live backend only instead of being distributed among
       the rest.
2006-05-06 16:28:56 +00:00
Igor Sysoev
7f7846d820 nginx-0.3.42-RELEASE import
*) Feature: the "bind" option of the "listen" directive in IMAP/POP3
       proxy.

    *) Bugfix: if the same capture in the "rewrite" directive was used more
       then once.

    *) Bugfix: the $sent_http_content_type, $sent_http_content_length,
       $sent_http_last_modified, $sent_http_connection,
       $sent_http_keep_alive, and $sent_http_transfer_encoding variables
       were not written to access log.

    *) Bugfix: the $sent_http_cache_control returned value of the single
       "Cache-Control" response header line.
2006-04-26 09:52:47 +00:00
Igor Sysoev
cdf609a925 nginx-0.3.39-RELEASE import
*) Feature: the "uninitialized_variable_warn" directive; the logging
       level of the "uninitialized variable" message was lowered from
       "alert" to "warn".

    *) Feature: the "override_charset" directive.

    *) Change: now if the unknown variable is used in the "echo" and "if
       expr='$name'" SSI-commands, then the "unknown variable" message is
       not logged.

    *) Bugfix: the active connection counter increased on the exceeding of
       the connection limit specified by the "worker_connections"
       directive; the bug had appeared in 0.2.0.

    *) Bugfix: the limit rate might not work on some condition; the bug had
       appeared in 0.3.38.
2006-04-17 19:55:41 +00:00
Igor Sysoev
8fea885cbf nginx-0.3.33-RELEASE import
*) Feature: the "http_503" parameter of the "proxy_next_upstream" or
       "fastcgi_next_upstream" directives.

    *) Bugfix: ngx_http_perl_module did not work with inlined in the
       configuration code, if it was not started with the "sub" word.

    *) Bugfix: in the "post_action" directive.
2006-03-15 09:53:04 +00:00
Igor Sysoev
13c68741f2 nginx-0.3.31-RELEASE import
*) Change: now nginx passes the malformed proxied backend responses.

    *) Feature: the "listen" directives support the address in the "*:port"
       form.

    *) Feature: the EVFILER_TIMER support in MacOSX 10.4.

    *) Workaround: for MacOSX 64-bit kernel kqueue millisecond timeout
       bug.
       Thanks to Andrei Nigmatulin.

    *) Bugfix: if there were several "listen" directives listening one
       various addresses inside one server, then server names like
       "*.domain.tld" worked for first address only; the bug had appeared
       in 0.3.18.

    *) Bugfix: if the HTTPS protocol was used in the "proxy_pass" directive
       and the request body was in temporarily file then the request was
       not transferred.

    *) Bugfix: perl 5.8.8 compatibility.
2006-03-10 12:51:52 +00:00
Igor Sysoev
cce886c71d nginx-0.3.30-RELEASE import
*) Change: the ECONNABORTED error log level was changed to "error" from
       "crit".

    *) Bugfix: the ngx_http_perl_module could not be build without the
       ngx_http_ssi_filter_module.

    *) Bugfix: nginx could not be built on i386 platform, if the PIC was
       used; the bug had appeared in 0.3.27.
2006-02-22 19:41:39 +00:00
Igor Sysoev
69d73da629 nginx-0.3.29-RELEASE import
*) Feature: now nginx uses less memory, if PHP in FastCGI mode sends
       many warnings before the response.

    *) Bugfix: the "Transfer-Encoding: chunked" header line was issued in
       the 204 responses for the HTTP/1.1 requests.

    *) Bugfix: nginx returned the 502 response, if the complete response
       header lines were transferred in a separate FastCGI records.

    *) Bugfix: if the proxied URI was specified in the "post_action"
       directive, then it ran only after a successful completion of a
       request.
2006-02-20 16:48:17 +00:00
Igor Sysoev
c2807ecf45 nginx-0.3.28-RELEASE import
*) Feature: the "restrict_host_names" directive was canceled.

    *) Feature: the --with-cpu-opt=ppc64 configuration parameter.

    *) Bugfix: on some condition the proxied connection with a client was
       terminated prematurely.
       Thanks to Vladimir Shutoff.

    *) Bugfix: the "X-Accel-Limit-Rate" header line was not taken into
       account if the request was redirected using the "X-Accel-Redirect"
       header line.

    *) Bugfix: the "post_action" directive ran only after a successful
       completion of a request.

    *) Bugfix: the proxied response body generated by the "post_action"
       directive was transferred to a client.
2006-02-16 15:26:46 +00:00
Igor Sysoev
ffe714403d nginx-0.3.27-RELEASE import
*) Change: the "variables_hash_max_size" and
       "variables_hash_bucket_size" directives.

    *) Feature: the $body_bytes_sent variable can be used not only in the
       "log_format" directive.

    *) Feature: the $ssl_protocol and $ssl_cipher variables.

    *) Feature: the cache line size detection for widespread CPUs at start
       time.

    *) Feature: now the "accept_mutex" directive is supported using
       fcntl(2) on platforms different from i386, amd64, sparc64, and ppc.

    *) Feature: the "lock_file" directive and the --with-lock-path=PATH
       autoconfiguration directive.

    *) Bugfix: if the HTTPS protocol was used in the "proxy_pass" directive
       then the requests with the body was not transferred.
2006-02-08 15:33:12 +00:00
Igor Sysoev
9e58019dc2 nginx-0.3.24-RELEASE import
*) Workaround: for bug in FreeBSD kqueue.

    *) Bugfix: now a response generated by the "post_action" directive is
       not transferred to a client.

    *) Bugfix: the memory leaks were occurring if many log files were used.

    *) Bugfix: the first "proxy_redirect" directive was working inside one
       location.

    *) Bugfix: on 64-bit platforms segmentation fault may occurred on start
       if the many names were used in the "server_name" directives; the bug
       had appeared in 0.3.18.
2006-02-01 18:22:15 +00:00
Igor Sysoev
df3254aa49 nginx-0.3.20-RELEASE import
*) Bugfix: in SSI handling.

    *) Bugfix: the ngx_http_memcached_module did not support the keys in
       the "/usr?args" form.
2006-01-11 15:26:57 +00:00
Igor Sysoev
43f279dc9c nginx-0.3.17-RELEASE import
*) Change: now on Linux configure checks the presence of epoll and
       sendfile64() in kernel.

    *) Feature: the "map" directive supports domain names in the
       ".domain.tld" form.

    *) Bugfix: the timeouts were not used in SSL handshake; the bug had
       appeared in 0.2.4.

    *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive.

    *) Bugfix: when the HTTPS protocol was used in the "proxy_pass"
       directive the port 80 was used by default.
2005-12-18 16:02:44 +00:00
Igor Sysoev
2402502c2f nginx-0.3.16-RELEASE import
*) Feature: the ngx_http_map_module.

    *) Feature: the "types_hash_max_size" and "types_hash_bucket_size"
       directives.

    *) Feature: the "ssi_value_length" directive.

    *) Feature: the "worker_rlimit_core" directive.

    *) Workaround: the connection number in logs was always 1 if nginx was
       built by the icc 8.1 or 9.0 compilers with optimization for
       Pentium 4.

    *) Bugfix: the "config timefmt" SSI command set incorrect time format.

    *) Bugfix: nginx did not close connection to IMAP/POP3 backend for the
       SSL connections; the bug had appeared in 0.3.13.
       Thanks to Rob Mueller.

    *) Bugfix: segmentation fault may occurred in at SSL shutdown; the bug
       had appeared in 0.3.13.
2005-12-16 15:07:08 +00:00
Igor Sysoev
cdc463042b nginx-0.3.15-RELEASE import
*) Feature: the new 444 code of the "return" directive to close
       connection.

    *) Feature: the "so_keepalive" directive in IMAP/POP3 proxy.

    *) Bugfix: if there are unclosed connection nginx now calls abort()
       only on gracefull quit and active "debug_points" directive.
2005-12-07 14:51:31 +00:00
Igor Sysoev
d3283ff922 nginx-0.3.13-RELEASE import
*) Feature: the IMAP/POP3 proxy supports STARTTLS and STLS.

    *) Bugfix: the IMAP/POP3 proxy did not work with the select, poll, and
       /dev/poll methods.

    *) Bugfix: in SSI handling.

    *) Bugfix: now Solaris sendfilev() is not used to transfer the client
       request body to FastCGI-server via the unix domain socket.

    *) Bugfix: the "auth_basic" directive did not disable the
       authorization; the bug had appeared in 0.3.11.
2005-12-05 13:18:09 +00:00
Igor Sysoev
c31a9bb5e3 nginx-0.3.12-RELEASE import
*) Security: if nginx was built with the ngx_http_realip_module and the
       "satisfy_any on" directive was used, then access and authorization
       directives did not work. The ngx_http_realip_module was not built
       and is not built by default.

    *) Change: the "$time_gmt" variable name was changed to "$time_local".

    *) Change: the "proxy_header_buffer_size" and
       "fastcgi_header_buffer_size" directives was renamed to the
       "proxy_buffer_size" and "fastcgi_buffer_size" directives.

    *) Feature: the ngx_http_memcached_module.

    *) Feature: the "proxy_buffering" directive.

    *) Bugfix: the changes in accept mutex handling when the "rtsig" method
       was used; the bug had appeared in 0.3.0.

    *) Bugfix: if the client sent the "Transfer-Encoding: chunked" header
       line, then nginx returns the 411 error.

    *) Bugfix: if the "auth_basic" directive was inherited from the http
       level, then the realm in the "WWW-Authenticate" header line was
       without the "Basic realm" text.

    *) Bugfix: if the "combined" format was explicitly specified in the
       "access_log" directive, then the empty lines was written to the log;
       the bug had appeared in 0.3.8.

    *) Bugfix: nginx did not run on the sparc platform under any OS except
       Solaris.

    *) Bugfix: now it is not necessary to place space between the quoted
       string and closing bracket in the "if" directive.
2005-11-26 10:11:11 +00:00
Igor Sysoev
0e5dc5cff6 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
09c684b2d5 nginx-0.3.8-RELEASE import
*) Security: nginx now checks URI got from a backend in
       "X-Accel-Redirect" header line or in SSI file for the "/../" paths
       and zeroes.

    *) Change: nginx now does not treat the empty user name in the
       "Authorization" header line as valid one.

    *) Feature: the "ssl_session_timeout" directives of the
       ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Feature: the "auth_http_header" directive of the
       ngx_imap_auth_http_module.

    *) Feature: the "add_header" directive.

    *) Feature: the ngx_http_realip_module.

    *) Feature: the new variables to use in the "log_format" directive:
       $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
       $request_time, $request_length, $upstream_status,
       $upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
       $connection, $pipe, and $msec. The parameters in the "%name" form
       will be canceled soon.

    *) Change: now the false variable values in the "if" directive are the
       empty string "" and string starting with "0".

    *) Bugfix: while using proxied or FastCGI-server nginx may leave
       connections and temporary files with client requests in open state.

    *) Bugfix: the worker processes did not flush the buffered logs on
       graceful exit.

    *) Bugfix: if the request URI was changes by the "rewrite" directive
       and the request was proxied in location given by regular expression,
       then the incorrect request was transferred to backend; the bug had
       appeared in 0.2.6.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" header.

    *) Bugfix: nginx may stop to accept requests if the "rtsig" method and
       several worker processes were used.

    *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
       SSI commands.

    *) Bugfix: if the response was ended just after the SSI command and
       gzipping was used, then the response did not transferred complete or
       did not transferred at all.
2005-11-09 17:25:55 +00:00
Igor Sysoev
697d1aea0c nginx-0.3.7-RELEASE import
*) Feature: the "access_log" supports the "buffer=" parameter.

    *) Bugfix: nginx could not be built on platforms different from i386,
       amd64, sparc, and ppc; the bug had appeared in 0.3.2.
2005-10-27 15:46:13 +00:00
Igor Sysoev
055951dc96 nginx-0.3.5-RELEASE import
*) Bugfix: the segmentation fault may occurred if the IMAP/POP3 login
       was changed by authorization server; the bug had appeared in 0.2.2.

    *) Bugfix: the accept mutex did not work and all connections were
       handled by one process; the bug had appeared in 0.3.3.

    *) Bugfix: the timeout did not work if the "rtsig" method and the
       "timer_resolution" directive were used.
2005-10-21 19:12:18 +00:00
Igor Sysoev
e173ceabff nginx-0.3.4-RELEASE import
*) Bugfix: nginx could not be built on Linux 2.4+ and MacOS X; the bug
       had appeared in 0.3.3.
2005-10-19 13:34:28 +00:00
Igor Sysoev
c2068d08f0 nginx-0.3.3-RELEASE import
*) Change: the "bl" and "af" parameters of the "listen" directive was
       renamed to the "backlog" and "accept_filter".

    *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
       directive.

    *) Change: the "$msec" log parameter does not require now the
       additional the gettimeofday() system call.

    *) Feature: the -t switch now tests the "listen" directives.

    *) Bugfix: if the invalid address was specified in the "listen"
       directive, then after the -HUP signal nginx left an open socket in
       the CLOSED state.

    *) Bugfix: the mime type may be incorrectly set to default value for
       index file with variable in the name; the bug had appeared in 0.3.0.

    *) Feature: the "timer_resolution" directive.

    *) Feature: the millisecond "$upstream_response_time" log parameter.

    *) Bugfix: a temporary file with client request body now is removed
       just after the response header was transferred to a client.

    *) Bugfix: OpenSSL 0.9.6 compatibility.

    *) Bugfix: the SSL certificate and key file paths could not be relative.

    *) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
       the ngx_imap_ssl_module.

    *) Bugfix: the "ssl_protocols" directive allowed to specify the single
       protocol only.
2005-10-19 12:33:58 +00:00
Igor Sysoev
784522377e nginx-0.3.2-RELEASE import
*) Feature: the Sun Studio 10 C compiler support.

    *) Feature: the "proxy_upstream_max_fails",
       "proxy_upstream_fail_timeout", "fastcgi_upstream_max_fails", and
       "fastcgi_upstream_fail_timeout" directives.
2005-10-12 13:50:36 +00:00
Igor Sysoev
1bfa7bc78a nginx-0.3.1-RELEASE import
*) Bugfix: the segmentation fault occurred when the signal queue
       overflowed if the "rtsig" method was used; the bug had appeared in
       0.2.0.

    *) Change: correct handling of the "\\", "\"", "\'", and "\$" pairs in
       SSI.
2005-10-10 12:59:41 +00:00
Igor Sysoev
208eed2210 nginx-0.3.0-RELEASE import
*) Change: the 10-days live time limit of worker process was
       eliminated. The limit was introduced because of millisecond timers
       overflow.
2005-10-07 13:30:52 +00:00
Igor Sysoev
82dc95eadd nginx-0.2.4-RELEASE import
*) Feature: the ngx_http_ssi_module supports "$var=text", "$var!=text",
       "$var=/text/", and "$var!=/text/" expressions in the "if" command.

    *) Bugfix: in proxying location without trailing slash; the bug had
       appeared in 0.1.44.

    *) Bugfix: the segmentation fault may occurred if the "rtsig" method
       was used; the bug had appeared in 0.2.0.
2005-10-03 12:53:14 +00:00
Igor Sysoev
71371effff nginx-0.2.3-RELEASE import
*) Bugfix: nginx could not be built without the --with-debug option;
       the bug had appeared in 0.2.2.
2005-09-30 16:02:34 +00:00
Igor Sysoev
9fa5a823c4 nginx-0.2.2-RELEASE import
*) Feature: the "config errmsg" command of the ngx_http_ssi_module.

    *) Change: the ngx_http_geo_module variables can be overridden by the
       "set" directive.

    *) Feature: the "ssl_protocols" and "ssl_prefer_server_ciphers"
       directives of the ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Bugfix: the ngx_http_autoindex_module did not show correctly the
       long file names;

    *) Bugfix: the ngx_http_autoindex_module now do not show the files
       starting by dot.

    *) Bugfix: if the SSL handshake failed then another connection may be
       closed too.
       Thanks to Rob Mueller.

    *) Bugfix: the export versions of MSIE 5.x could not connect via HTTPS.
2005-09-30 14:41:25 +00:00
Igor Sysoev
09a2439612 nginx-0.2.1-RELEASE import
*) Bugfix: if all backend using in load-balancing failed after one
       error, then nginx may got caught in an endless loop; the bug had
       appeared in 0.2.0.
2005-09-23 14:43:49 +00:00
Igor Sysoev
31eb8c015d nginx-0.2.0-RELEASE import
*) The pid-file names used during online upgrade was changed and now is
       not required a manual rename operation. The old master process adds
       the ".oldbin" suffix to its pid-file and executes a new binary file.
       The new master process creates usual pid-file without the ".newbin"
       suffix. If the master process exits, then old master process renames
       back its pid-file with the ".oldbin" suffix to the pid-file without
       suffix.

    *) Change: the "worker_connections" directive, new name of the
       "connections" directive; now the directive specifies maximum number
       of connections, but not maximum socket descriptor number.

    *) Feature: SSL supports the session cache inside one worker process.

    *) Feature: the "satisfy_any" directive.

    *) Change: the ngx_http_access_module and ngx_http_auth_basic_module do
       not run for subrequests.

    *) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending"
       directives.

    *) Bugfix: if all backend using in load-balancing failed after one
       error, then nginx did not try do connect to them during 60 seconds.

    *) Bugfix: in IMAP/POP3 command argument parsing.
       Thanks to Rob Mueller.

    *) Bugfix: errors while using SSL in IMAP/POP3 proxy.

    *) Bugfix: errors while using SSI and gzipping.

    *) Bugfix: the "Expires" and "Cache-Control" header lines were omitted
       from the 304 responses.
       Thanks to Alexandr Kukushkin.
2005-09-23 11:02:22 +00:00
Igor Sysoev
e573380f24 nginx-0.1.45-RELEASE import
*) Change: the "ssl_engine" directive was canceled in the
       ngx_http_ssl_module and now is introduced at global level.

    *) Bugfix: the responses with SSI subrequests did not transferred via
       SSL connection.

    *) Various bug fixes in the IMAP/POP3 proxy.
2005-09-08 14:36:09 +00:00
Igor Sysoev
ceb992921c nginx-0.1.44-RELEASE import
*) Feature: the IMAP/POP3 proxy supports SSL.

    *) Feature: the "proxy_timeout" directive of the ngx_imap_proxy_module.

    *) Feature: the "userid_mark" directive.

    *) Feature: the $remote_user variable value is determined independently
       of authorization use.
2005-09-06 16:09:32 +00:00
Igor Sysoev
b85fd593e0 nginx-0.1.42-RELEASE import
*) Bugfix: if the request URI had a zero length after the processing in
       the ngx_http_proxy_module, then the segmentation fault or bus error
       occurred in the ngx_http_proxy_module.

    *) Bugfix: the "limit_rate" directive did not work inside the "if"
       block; the bug had appeared in 0.1.38.
2005-08-23 15:36:54 +00:00
Igor Sysoev
5192b3651f nginx-0.1.38-RELEASE import
*) Feature: the "limit_rate" directive is supported in in proxy and
       FastCGI mode.

    *) Feature: the "X-Accel-Limit-Rate" response header line is supported
       in proxy and FastCGI mode.

    *) Feature: the "break" directive.

    *) Feature: the "log_not_found" directive.

    *) Bugfix: the response status code was not changed when request was
       redirected by the ""X-Accel-Redirect" header line.

    *) Bugfix: the variables set by the "set" directive could not be used
       in SSI.

    *) Bugfix: the segmentation fault may occurred if the SSI page has more
       than one remote subrequest.

    *) Bugfix: nginx treated the backend response as invalid if the status
       line in the header was transferred in two packets; the bug had
       appeared in 0.1.29.

    *) Feature: the "ssi_types" directive.

    *) Feature: the "autoindex_exact_size" directive.

    *) Bugfix: the ngx_http_autoindex_module did not support the long file
       names in UTF-8.

    *) Feature: the IMAP/POP3 proxy.
2005-07-08 14:34:20 +00:00
Igor Sysoev
85ef94ba85 nginx-0.1.37-RELEASE import
*) Change: now the "\n" is added to the end of the "nginx.pid" file.

    *) Bugfix: the responses may be transferred not completely, if many
       parts or the big parts were included by SSI.

    *) Bugfix: if all backends had returned the 404 reponse and the
       "http_404" parameter of the "proxy_next_upstream" or
       "fastcgi_next_upstream" directives was used, then nginx started to
       request all backends again.
2005-06-23 13:41:06 +00:00
Igor Sysoev
b145b067e2 nginx-0.1.36-RELEASE import
*) Change: if the request header has duplicate the "Host",
       "Connection", "Content-Length", or "Authorization" lines, then nginx
       now returns the 400 error.

    *) Change: the "post_accept_timeout" directive was canceled.

    *) Feature: the "default", "af=", "bl=", "deferred", and "bind"
       parameters of the "listen" directive.

    *) Feature: the FreeBSD accept filters support.

    *) Feature: the Linux TCP_DEFER_ACCEPT support.

    *) Bugfix: the ngx_http_autoindex_module did not support the file names
       in UTF-8.

    *) Bugfix: the new log file can be rotated by the -USR1 signal only if
       the reconfiguration by the -HUP signal was made twice.
2005-06-15 18:33:41 +00:00
Igor Sysoev
7b190b41b0 nginx-0.1.35-RELEASE import
*) Feature: the "working_directory" directive.

    *) Feature: the "port_in_redirect" directive.

    *) Bugfix: the segmentation fault was occurred if the backend response
       header was in several packets; the bug had appeared in 0.1.29.

    *) Bugfix: if more than 10 servers were configured or some server did
       not use the "listen" directive, then the segmentation fault was
       occurred on the start.

    *) Bugfix: the segmentation fault might occur if the response was
       bigger than the temporary file.

    *) Bugfix: nginx returned the 400 response on requests like
       "GET http://www.domain.com/uri HTTP/1.0"; the bug had appeared in
       0.1.28.
2005-06-07 15:56:31 +00:00
Igor Sysoev
e31e90b3e1 nginx-0.1.32-RELEASE import
*) Bugfix: the arguments were omitted in the redirects, issued by the
       "rewrite" directive; the bug had appeared in 0.1.29.

    *) Feature: the "if" directive supports the captures in regular
       expressions.

    *) Feature: the "set" directive supports the variables and the captures
       of regular expressions.

    *) Feature: the "X-Accel-Redirect" response header line is supported in
       proxy and FastCGI mode.
2005-05-19 13:25:22 +00:00
Igor Sysoev
d52477ff6d nginx-0.1.31-RELEASE import
*) Bugfix: the response encrypted by SSL may not transferred complete.

    *) Bugfix: errors while processing FastCGI response by SSI.

    *) Bugfix: errors while using SSI and gzipping.

    *) Bugfix: the redirect with the 301 code was transferred without
       response body; the bug had appeared in 0.1.30.
2005-05-16 13:53:20 +00:00
Igor Sysoev
3362b8df04 nginx-0.1.30-RELEASE import
*) Bugfix: the worker process may got caught in an endless loop if the
       SSI was used.

    *) Bugfix: the response encrypted by SSL may not transferred complete.

    *) Bugfix: if the length of the response part received at once from
       proxied or FastCGI server was equal to 500, then nginx returns the
       500 response code; in proxy mode the the bug had appeared in 0.1.29
       only.

    *) Bugfix: nginx did not consider the directives with 8 or 9 parameters
       as invalid.

    *) Feature: the "return" directive can return the 204 response code.

    *) Feature: the "ignore_invalid_headers" directive.
2005-05-14 18:42:03 +00:00
Igor Sysoev
899b44eab2 nginx-0.1.29-RELEASE import
*) Feature: the ngx_http_ssi_module supports "include virtual" command.

    *) Feature: the ngx_http_ssi_module supports the condition command like
       'if expr="$NAME"' and "else" and "endif" commands. Only one nested
       level is supported.

    *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and
       DATE_GMT variables and "config timefmt" command.

    *) Feature: the "ssi_ignore_recycled_buffers" directive.

    *) Bugfix: the "echo" command did not show the default value for the
       empty QUERY_STRING variable.

    *) Change: the ngx_http_proxy_module was rewritten.

    *) Feature: the "proxy_redirect", "proxy_pass_request_headers",
       "proxy_pass_request_body", and "proxy_method" directives.

    *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was
       canceled and must be replaced with the proxy_set_header directive.

    *) Change: the "proxy_preserve_host" is canceled and must be replaced
       with the "proxy_set_header Host $host" and the "proxy_redirect off"
       directives, the "proxy_set_header Host $host:$proxy_port" directive
       and the appropriate proxy_redirect directives.

    *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced
       with the "proxy_set_header X-Real-IP $remote_addr" directive.

    *) Change: the "proxy_add_x_forwarded_for" is canceled and must be
       replaced with
       the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
       directive.

    *) Change: the "proxy_set_x_url" is canceled and must be replaced with
       the "proxy_set_header X-URL http://$host:$server_port$request_uri"
       directive.

    *) Feature: the "fastcgi_param" directive.

    *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params"
       directive are canceled and must be replaced with the fastcgi_param
       directives.

    *) Feature: the "index" directive can use the variables.

    *) Feature: the "index" directive can be used at http and server levels.

    *) Change: the last index only in the "index" directive can be absolute.

    *) Feature: the "rewrite" directive can use the variables.

    *) Feature: the "internal" directive.

    *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR,
       SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME,
       REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables.

    *) Change: nginx now passes the invalid lines in a client request
       headers or a backend response header.

    *) Bugfix: if the backend did not transfer response for a long time and
       the "send_timeout" was less than "proxy_read_timeout", then nginx
       returned the 408 response.

    *) Bugfix: the segmentation fault was occurred if the backend sent an
       invalid line in response header; the bug had appeared in 0.1.26.

    *) Bugfix: the segmentation fault may occurred in FastCGI fault
       tolerance configuration.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" and "Cache-Control" headers.

    *) Bugfix: nginx did not take into account trailing dot in "Host"
       header line.

    *) Bugfix: the ngx_http_auth_module did not work under Linux.

    *) Bugfix: the rewrite directive worked incorrectly, if the arguments
       were in a request.

    *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 14:58:06 +00:00
Igor Sysoev
02f742b45e nginx-0.1.28-RELEASE import
*) Bugfix: nginx hogs CPU while proxying the huge files.

    *) Bugfix: nginx could not be built by gcc 4.0 on Linux.
2005-04-08 15:18:55 +00:00
Igor Sysoev
4d656dcd0b nginx-0.1.26-RELEASE import
*) Change: the invalid client header lines are now ignored and logged
       at the info level.

    *) Change: the server name is also logged in error log.

    *) Feature: the ngx_http_auth_basic_module module and the auth_basic
       and auth_basic_user_file directives.
2005-03-22 16:02:46 +00:00
Igor Sysoev
c15717285d nginx-0.1.25-RELEASE import
*) Bugfix: nginx did run on Linux parisc.

    *) Feature: nginx now does not start under FreeBSD if the sysctl
       kern.ipc.somaxconn value is too big.

    *) Bugfix: if a request was internally redirected by the
       ngx_http_index_module module to the ngx_http_proxy_module or
       ngx_http_fastcgi_module modules, then the index file was not closed
       after request completion.

    *) Feature: the "proxy_pass" can be used in location with regular
       expression.

    *) Feature: the ngx_http_rewrite_filter_module module supports the
       condition like "if ($HTTP_USER_AGENT ~ MSIE)".

    *) Bugfix: nginx started too slow if the large number of addresses and
       text values were used in the "geo" directive.

    *) Change: a variable name must be declared as "$name" in the "geo"
       directive. The previous variant without "$" is still supported, but
       will be removed soon.

    *) Feature: the "%{VARIABLE}v" logging parameter.

    *) Feature: the "set $name value" directive.

    *) Bugfix: gcc 4.0 compatibility.

    *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 12:38:37 +00:00
Igor Sysoev
8184d1b3a7 nginx-0.1.24-RELEASE import
*) Feature: the ngx_http_ssi_filter_module supports the QUERY_STRING
       and DOCUMENT_URI variables.

    *) Bugfix: the ngx_http_autoindex_module may some times return the 404
       response for existent directory, if this directory was used in
       "alias" directive.

    *) Bugfix: the ngx_http_ssi_filter_module ran incorrectly for large
       responses.

    *) Bugfix: the lack of the "Referer" header line was always accounted
       as valid referrer.
2005-03-04 14:06:57 +00:00
Igor Sysoev
11d753231b nginx-0.1.23-RELEASE import
*) Feature: the ngx_http_ssi_filter_module and the ssi,
       ssi_silent_errors, and ssi_min_file_chunk directives. The 'echo
       var="HTTP_..." default=""' and 'echo var="REMOTE_ADDR"' commands are
       supported.

    *) Feature: the %request_time log parameter.

    *) Feature: if the request has no the "Host" header line, then the
       "proxy_preserve_host" directive set this header line to the first
       server name of the "server_name" directive.

    *) Bugfix: nginx could not be built on platforms different from i386,
       amd64, sparc, and ppc; the bug had appeared in 0.1.22.

    *) Bugfix: the ngx_http_autoindex_module now shows the information not
       about the symlink, but about file or directory it points to.

    *) Bugfix: the %apache_length parameter logged the negative length of
       the response header if the no response was transferred to a client.
2005-03-01 15:20:36 +00:00
Igor Sysoev
4a71559d9b nginx-0.1.22-RELEASE import
*) Bugfix: the ngx_http_stub_status_module showed incorrect handled
       connections statistics if the proxying or FastCGI server were used.

    *) Bugfix: the installation paths were incorrectly quoted on Linux and
       Solaris; the bug had appeared in 0.1.21.
2005-02-24 12:29:09 +00:00
Igor Sysoev
d039a2e193 nginx-0.1.21-RELEASE import
*) Bugfix: the ngx_http_stub_status_module showed incorrect statistics
       if "rtsig" method was used or if several worker process ran on SMP.

    *) Bugfix: nginx could not be built by the icc compiler on Linux or if
       the zlib-1.2.x library was building from sources.

    *) Bugfix: nginx could not be built on NetBSD 2.0.
2005-02-22 14:40:13 +00:00
Igor Sysoev
37601ce471 nginx-0.1.20-RELEASE import
*) Feature: the new "script_filename" and "remote_port" parameters of
       the fastcgi_params directive.

    *) Bugfix: the FastCGI stderr stream was handled incorrectly.
2005-02-17 11:59:36 +00:00
Igor Sysoev
1ebfead9da nginx-0.1.19-RELEASE import
*) Bugfix: now, if request contains the zero, then the 404 error is
       returned for the local requests.

    *) Bugfix: nginx could not be built on NetBSD 2.0.

    *) Bugfix: the timeout may occur while reading of the the client
       request body via SSL connections.
2005-02-16 13:40:36 +00:00
Igor Sysoev
aa8286101a nginx-0.1.18-RELEASE import
*) Workaround: the default values of the devpoll_events and the
       devpoll_changes directives changed from 512 to 32 to be compatible
       with Solaris 10.

    *) Bugfix: the proxy_set_x_var and fastcgi_set_var directives were not
       inherited.

    *) Bugfix: in the redirect rewrite directive the arguments were
       concatenated with URI by the "&" rather than the "?".

    *) Bugfix: the lines without trailing ";" in the file being included by
       the ngx_http_geo_module were silently ignored.

    *) Feature: the ngx_http_stub_status_module.

    *) Bugfix: the unknown log format in the access_log directive caused
       the segmentation fault.

    *) Feature: the new "document_root" parameter of the fastcgi_params
       directive.

    *) Feature: the fastcgi_redirect_errors directive.

    *) Feature: the new "break" modifier of the "rewrite" directive allows
       to stop the rewrite/location cycle and sets the current
       configuration to the request.
2005-02-09 14:31:07 +00:00
Igor Sysoev
e5a222c6fe nginx-0.1.16-RELEASE import
*) Bugfix: if the response were transferred by chunks, then on the HEAD
       request the final chunk was issued.

    *) Bugfix: the "Connection: keep-alive" header were issued, even if the
       keepalive_timeout directive forbade the keep-alive use.

    *) Bugfix: the errors in the ngx_http_fastcgi_module caused the
       segmentation faults.

    *) Bugfix: the compressed response encrypted by SSL may not transferred
       complete.

    *) Bugfix: the TCP-specific TCP_NODELAY, TCP_NOPSUH, and TCP_CORK
       options, are not used for the unix domain sockets.

    *) Feature: the rewrite directive supports the arguments rewriting.

    *) Bugfix: the response code 400 was returned for the POST request with
       the "Content-Length: 0" header; the bug had appeared in 0.1.14.
2005-01-25 12:27:35 +00:00
Igor Sysoev
3259e85b7a nginx-0.1.15-RELEASE import
*) Bugfix: the error while the connecting to the FastCGI server caused
       segmentation fault.

    *) Bugfix: the correct handling of the regular expression, that has
       different number of the captures and substitutions.

    *) Feature: the location, that is passed to the FastCGI server, can be
       regular expression.

    *) Bugfix: the FastCGI's parameter REQUEST_URI is now passed with the
       arguments and in the original state.

    *) Bugfix: the ngx_http_rewrite_module module was required to be built
       to use the regular expressions in locations.

    *) Bugfix: the directive "proxy_preserve_host  on" adds port 80 to the
       "Host" headers, if upstream listen on port 80; the bug had appeared
       in 0.1.14.

    *) Bugfix: the same paths in autoconfiguration parameters
       --http-client-body-temp-path=PATH and --http-proxy-temp-path=PATH,
       or --http-client-body-temp-path=PATH and
       --http-fastcgi-temp-path=PATH caused segmentation fault.
2005-01-19 13:10:56 +00:00
Igor Sysoev
02025fd6bd nginx-0.1.14-RELEASE import
*) Feature: the autoconfiguration directives:
       --http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and
       --http-fastcgi-temp-path=PATH

    *) Change: the directory name for the temporary files with the client
       request body is specified by directive client_body_temp_path, by
       default it is <prefix>/client_body_temp.

    *) Feature: the ngx_http_fastcgi_module and the directives:
       fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params,
       fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout,
       fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers,
       fastcgi_busy_buffers_size, fastcgi_temp_path,
       fastcgi_max_temp_file_size, fastcgi_temp_file_write_size,
       fastcgi_next_upstream, and fastcgi_x_powered_by.

    *) Bugfix: the "[alert] zero size buf" error; the bug had appeared in
       0.1.3.

    *) Change: the URI must be specified after the host name in the
       proxy_pass directive.

    *) Change: the %3F symbol in the URI was considered as the argument
       string start.

    *) Feature: the unix domain sockets support in the
       ngx_http_proxy_module.

    *) Feature: the ssl_engine and ssl_ciphers directives.
       Thanks to Sergey Skvortsov for SSL-accelerator.
2005-01-18 13:03:58 +00:00