Commit Graph

78 Commits

Author SHA1 Message Date
Ruslan Ermilov
64fe190fa0 Moved ngx_array_t definition from ngx_core.h to ngx_array.h. 2013-03-21 16:04:09 +00:00
Maxim Dounin
74ad4494a6 OCSP stapling: loading OCSP responses.
This includes the ssl_stapling_responder directive (defaults to OCSP
responder set in certificate's AIA extension).

OCSP response for a given certificate is requested once we get at least
one connection with certificate_status extension in ClientHello, and
certificate status won't be sent in the connection in question.  This due
to limitations in the OpenSSL API (certificate status callback is blocking).

Note: SSL_CTX_use_certificate_chain_file() was reimplemented as it doesn't
allow to access the certificate loaded via SSL_CTX.
2012-10-01 12:47:55 +00:00
Andrey Belov
bd1e719bf9 Added disable_symlinks directive.
To completely disable symlinks (disable_symlinks on)
we use openat(O_NOFOLLOW) for each path component
to avoid races.

To allow symlinks with the same owner (disable_symlinks if_not_owner),
use openat() (followed by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW),
and then compare uids between fstat() and fstatat().

As there is a race between openat() and fstatat() we don't
know if openat() in fact opened symlink or not.  Therefore,
we have to compare uids even if fstatat() reports the opened
component isn't a symlink (as we don't know whether it was
symlink during openat() or not).

Default value is off, i.e. symlinks are allowed.
2012-02-13 16:29:04 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Igor Sysoev
42f1e1cb96 ngx_murmur_hash2() 2011-04-15 10:59:24 +00:00
Igor Sysoev
104ff87c39 ngx_min() 2009-11-16 12:48:41 +00:00
Igor Sysoev
c05f20ec2e regex named captures 2009-11-16 12:19:02 +00:00
Igor Sysoev
a962506498 FreeBSD and Linux AIO support 2009-08-28 08:12:35 +00:00
Igor Sysoev
dfc8dadd04 *) autoconfigure struct dirent capabilities
*) move src/os/.../ngx_types.h's content into src/os/.../ngx_files.h and
   delete src/os/.../ngx_types.h
2008-09-05 15:43:34 +00:00
Igor Sysoev
53fcff1efe fix previous commit 2007-11-23 17:27:01 +00:00
Igor Sysoev
48bf997e10 ngx_queue.h 2007-11-23 16:32:50 +00:00
Igor Sysoev
d92bee51ea open file cache 2007-09-01 12:11:21 +00:00
Igor Sysoev
3364dc6eb7 move the session cache callbacks to the ngx_openssl_module 2007-01-03 15:25:40 +00:00
Igor Sysoev
3d2fd18a39 upstream choice modules 2006-12-04 16:46:13 +00:00
Igor Sysoev
67cd336d88 slab allocator in shared memory 2006-11-20 08:51:45 +00:00
Igor Sysoev
3d7f00d414 axe src/core/ngx_unix_domain.* 2006-10-24 13:43:19 +00:00
Igor Sysoev
5864fc0fcc ngx_crc32() 2006-10-18 19:00:21 +00:00
Igor Sysoev
6f134cc275 nginx-0.3.47-RELEASE import
*) Feature: the "upstream" directive.

    *) Change: now the "\" escape symbol in the "\"" and "\'" pairs in the
       SSI command is always removed.
2006-05-23 14:54:58 +00:00
Igor Sysoev
ffe714403d nginx-0.3.27-RELEASE import
*) Change: the "variables_hash_max_size" and
       "variables_hash_bucket_size" directives.

    *) Feature: the $body_bytes_sent variable can be used not only in the
       "log_format" directive.

    *) Feature: the $ssl_protocol and $ssl_cipher variables.

    *) Feature: the cache line size detection for widespread CPUs at start
       time.

    *) Feature: now the "accept_mutex" directive is supported using
       fcntl(2) on platforms different from i386, amd64, sparc64, and ppc.

    *) Feature: the "lock_file" directive and the --with-lock-path=PATH
       autoconfiguration directive.

    *) Bugfix: if the HTTPS protocol was used in the "proxy_pass" directive
       then the requests with the body was not transferred.
2006-02-08 15:33:12 +00:00
Igor Sysoev
9e58019dc2 nginx-0.3.24-RELEASE import
*) Workaround: for bug in FreeBSD kqueue.

    *) Bugfix: now a response generated by the "post_action" directive is
       not transferred to a client.

    *) Bugfix: the memory leaks were occurring if many log files were used.

    *) Bugfix: the first "proxy_redirect" directive was working inside one
       location.

    *) Bugfix: on 64-bit platforms segmentation fault may occurred on start
       if the many names were used in the "server_name" directives; the bug
       had appeared in 0.3.18.
2006-02-01 18:22:15 +00:00
Igor Sysoev
0e5dc5cff6 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
1bfa7bc78a nginx-0.3.1-RELEASE import
*) Bugfix: the segmentation fault occurred when the signal queue
       overflowed if the "rtsig" method was used; the bug had appeared in
       0.2.0.

    *) Change: correct handling of the "\\", "\"", "\'", and "\$" pairs in
       SSI.
2005-10-10 12:59:41 +00:00
Igor Sysoev
208eed2210 nginx-0.3.0-RELEASE import
*) Change: the 10-days live time limit of worker process was
       eliminated. The limit was introduced because of millisecond timers
       overflow.
2005-10-07 13:30:52 +00:00
Igor Sysoev
9fa5a823c4 nginx-0.2.2-RELEASE import
*) Feature: the "config errmsg" command of the ngx_http_ssi_module.

    *) Change: the ngx_http_geo_module variables can be overridden by the
       "set" directive.

    *) Feature: the "ssl_protocols" and "ssl_prefer_server_ciphers"
       directives of the ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Bugfix: the ngx_http_autoindex_module did not show correctly the
       long file names;

    *) Bugfix: the ngx_http_autoindex_module now do not show the files
       starting by dot.

    *) Bugfix: if the SSL handshake failed then another connection may be
       closed too.
       Thanks to Rob Mueller.

    *) Bugfix: the export versions of MSIE 5.x could not connect via HTTPS.
2005-09-30 14:41:25 +00:00
Igor Sysoev
02f742b45e nginx-0.1.28-RELEASE import
*) Bugfix: nginx hogs CPU while proxying the huge files.

    *) Bugfix: nginx could not be built by gcc 4.0 on Linux.
2005-04-08 15:18:55 +00:00
Igor Sysoev
805d9db723 nginx-0.1.17-RELEASE import
*) Change: the ngx_http_rewrite_module was rewritten from the scratch.
       Now it is possible to redirect, to return the error codes, to check
       the variables and referrers. The directives can be used inside
       locations. The redirect directive was canceled.

    *) Feature: the ngx_http_geo_module.

    *) Feature: the proxy_set_x_var and fastcgi_set_var directives.

    *) Bugfix: the location configuration with "=" modifier may be used in
       another location.

    *) Bugfix: the correct content type was set only for requests that use
       small caps letters in extension.

    *) Bugfix: if the proxy_pass or fastcgi_pass directives were set in the
       location, and access was denied, and the error was redirected to a
       static page, then the segmentation fault occurred.

    *) Bugfix: if in a proxied "Location" header was a relative URL, then a
       host name and a slash were added to them; the bug had appeared in
       0.1.14.

    *) Bugfix: the system error message was not logged on Linux.
2005-02-03 19:33:37 +00:00
Igor Sysoev
02025fd6bd nginx-0.1.14-RELEASE import
*) Feature: the autoconfiguration directives:
       --http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and
       --http-fastcgi-temp-path=PATH

    *) Change: the directory name for the temporary files with the client
       request body is specified by directive client_body_temp_path, by
       default it is <prefix>/client_body_temp.

    *) Feature: the ngx_http_fastcgi_module and the directives:
       fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params,
       fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout,
       fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers,
       fastcgi_busy_buffers_size, fastcgi_temp_path,
       fastcgi_max_temp_file_size, fastcgi_temp_file_write_size,
       fastcgi_next_upstream, and fastcgi_x_powered_by.

    *) Bugfix: the "[alert] zero size buf" error; the bug had appeared in
       0.1.3.

    *) Change: the URI must be specified after the host name in the
       proxy_pass directive.

    *) Change: the %3F symbol in the URI was considered as the argument
       string start.

    *) Feature: the unix domain sockets support in the
       ngx_http_proxy_module.

    *) Feature: the ssl_engine and ssl_ciphers directives.
       Thanks to Sergey Skvortsov for SSL-accelerator.
2005-01-18 13:03:58 +00:00
Igor Sysoev
c0edbcce58 nginx-0.1.2-RELEASE import
*) Feature: the --user=USER, --group=GROUP, and --with-ld-opt=OPTIONS
       options in configure.

    *) Feature: the server_name directive supports *.domain.tld.

    *) Bugfix: the portability improvements.

    *) Bugfix: if configuration file was set in command line, the
       reconfiguration was impossible; the bug had appeared in 0.1.1.

    *) Bugfix: proxy module may get caught in an endless loop when sendfile
       is not used.

    *) Bugfix: with sendfile the response was not recoded according to the
       charset module directives; the bug had appeared in 0.1.1.

    *) Bugfix: very seldom bug in the kqueue processing.

    *) Bugfix: the gzip module compressed the proxied responses that was
       already compressed.
2004-10-21 15:34:38 +00:00
Igor Sysoev
6d2eb20711 nginx-0.1.0-2004-09-30-10:38:49 import 2004-09-30 06:38:49 +00:00
Igor Sysoev
ff8da91784 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright 2004-09-29 16:00:49 +00:00
Igor Sysoev
d90282d8ba nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files 2004-09-28 08:34:51 +00:00
Igor Sysoev
b9e344175f nginx-0.0.10-2004-09-03-19:50:30 import 2004-09-03 15:50:30 +00:00
Igor Sysoev
f38e046a0a nginx-0.0.7-2004-07-16-21:11:43 import 2004-07-16 17:11:43 +00:00
Igor Sysoev
1c3567ecc8 nginx-0.0.7-2004-07-15-20:35:51 import 2004-07-15 16:35:51 +00:00
Igor Sysoev
4aa888820d nginx-0.0.7-2004-07-15-00:07:58 import 2004-07-14 20:07:58 +00:00
Igor Sysoev
c02473048c nginx-0.0.7-2004-06-27-22:01:57 import 2004-06-27 18:01:57 +00:00
Igor Sysoev
a1796d747c nginx-0.0.7-2004-06-23-09:54:27 import 2004-06-23 05:54:27 +00:00
Igor Sysoev
415b1ce1b9 nginx-0.0.7-2004-06-17-21:18:53 import 2004-06-17 17:18:53 +00:00
Igor Sysoev
87350f269d nginx-0.0.7-2004-06-15-11:55:11 import 2004-06-15 07:55:11 +00:00
Igor Sysoev
0ab91b9012 nginx-0.0.3-2004-06-06-23:49:18 import 2004-06-06 19:49:18 +00:00
Igor Sysoev
369145cef1 nginx-0.0.3-2004-05-28-19:49:23 import; rename ngx_hunk_t to ngx_buf_t 2004-05-28 15:49:23 +00:00
Igor Sysoev
822834e227 nginx-0.0.3-2004-05-25-19:28:46 import 2004-05-25 15:28:46 +00:00
Igor Sysoev
10a543a810 nginx-0.0.2-2004-03-16-10:10:12 import 2004-03-16 07:10:12 +00:00
Igor Sysoev
a536298c7b nginx-0.0.2-2004-03-04-10:04:55 import 2004-03-04 07:04:55 +00:00
Igor Sysoev
ea17edc917 nginx-0.0.2-2004-03-03-00:14:37 import 2004-03-02 21:14:37 +00:00
Igor Sysoev
b54698b579 nginx-0.0.2-2004-02-23-23:57:12 import 2004-02-23 20:57:12 +00:00
Igor Sysoev
3c3ca17358 nginx-0.0.1-2004-01-05-23:55:48 import 2004-01-05 20:55:48 +00:00
Igor Sysoev
e89c4581f4 nginx-0.0.1-2003-12-19-11:15:11 import 2003-12-19 08:15:11 +00:00
Igor Sysoev
5f80078c67 nginx-0.0.1-2003-12-08-23:48:12 import 2003-12-08 20:48:12 +00:00
Igor Sysoev
f5003d8a66 nginx-0.0.1-2003-12-04-17:53:00 import 2003-12-04 14:53:00 +00:00