mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 09:42:39 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,287 Commits 22 Branches 572 Tags 102 MiB
a35eaccdec
Commit Graph

443 Commits

Author SHA1 Message Date
Igor Sysoev
a35eaccdec a prelimiary IPv6 support, HTTP listen 2009-02-21 07:02:02 +00:00
Igor Sysoev
be63760fc5 load SSL engine before certificates, 
otherwise RSA keys will use built-in RSA methods
 2009-02-16 13:37:58 +00:00
Igor Sysoev
c9aae14a7e use "!= NGX_OK" instead of "== NGX_ERROR" 2008-12-09 17:27:48 +00:00
Igor Sysoev
1bf7dc1884 low some SSL handshake errors level 2008-11-18 16:05:00 +00:00
Igor Sysoev
a862c46ffa always use buffer, if connection is buffered, 
this fixes OpenSSL "bad write retry" error, when
*) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL,
*) OpenSSL returns SSL_ERROR_WANT_WRITE,
*) after some time nginx has to send a new data,
*) so there are at least two bufs nginx does pass them directly to OpenSSL,
*) but copies the first buf part to buffer, and sends the buffer to OpenSSL.
*) because the data length is lesser than it was in previous SSL_write():
   16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.
 2008-10-23 05:58:10 +00:00
Igor Sysoev
e17cc987d3 dynamic accept threshold 2008-09-19 12:47:13 +00:00
Igor Sysoev
9c388c0a7f *) refactor ngx_ptocidr() 
*) allow address without bitmask
*) thus now ngx_http_geo_module accepts addresses without bitmask
 2008-08-26 14:19:37 +00:00
Igor Sysoev
c5849a6381 ngx_sock_ntop() takes family from sockaddr, remove duplicate field 2008-08-21 19:24:07 +00:00
Igor Sysoev
a408b2ba2d backout both r2162 and r2128 and implement a new fix 2008-08-12 12:04:49 +00:00
Igor Sysoev
2ff9a4b334 SSL connection readiness is required for level-triggered events only, 
broken in r2128
 2008-08-11 15:25:40 +00:00
Igor Sysoev
ec0b579f75 update connection readiness after SSL handshake, 
this fixes mail proxy SSL connection hanging if level-triggered event is used
 2008-07-30 06:12:30 +00:00
Igor Sysoev
49ed6f3eec *) ssl_verify_client ask 
*) test ssl_client_certificate for ssl_verify_client
*) $ssl_client_cert adds TAB before each line except first one
*) $ssl_client_raw_cert contains certificate as is
 2008-07-29 14:29:02 +00:00
Igor Sysoev
58e9f22bfd handle connect()'s EAGAIN on Linux 2008-07-09 15:42:13 +00:00
Igor Sysoev
ce1e64f404 prepare to allow various number of connections in child processes 2008-06-23 13:23:29 +00:00
Igor Sysoev
da02ddc6fd fix "proxy_pass https://..." broken in r1427 2008-06-20 14:42:54 +00:00
Igor Sysoev
7f6b2ffc60 *) back out r2040 
*) refactor ngx_palloc()
*) introduce ngx_pnalloc()
*) additional pool blocks have smaller header
 2008-06-17 15:00:30 +00:00
Igor Sysoev
81f9c9dc72 $ssl_client_cert 2008-06-16 05:54:18 +00:00
Igor Sysoev
df83e6f81a DH parameters, ssl_dhparam 2008-06-16 05:51:32 +00:00
Igor Sysoev
d6548faf64 ssl_session_cache none 2008-05-26 07:14:13 +00:00
Igor Sysoev
3b30476068 style fix 2008-05-22 12:09:41 +00:00
Igor Sysoev
396abff226 get certificate info only for debug build 2008-04-28 08:52:32 +00:00
Igor Sysoev
58d3821cf0 fix memory leak when ssl_verify_client is on 2008-04-28 08:50:39 +00:00
Igor Sysoev
439e288a1b fix memory leak when ssl_verify_client is on 2008-04-23 18:57:25 +00:00
Igor Sysoev
8da1fa935f low some SSL handshake errors level 2008-03-18 10:35:00 +00:00
Igor Sysoev
b9186ad856 restore building --test-build-rtsig and --test-build-eventport on FreeBSD 6 2008-03-13 15:47:14 +00:00
Igor Sysoev
472233d0a3 invalidate SSL session if there is no valid client certificate 2008-03-10 14:47:07 +00:00
Igor Sysoev
02aa53be83 left open sockets were not really tested 2008-02-28 20:31:33 +00:00
Igor Sysoev
704e1c1324 low SSL handshake close notify alert error level 2008-02-04 20:46:58 +00:00
Igor Sysoev
b1d4a6cc80 low SSL handshake errors level 2008-02-01 14:05:18 +00:00
Igor Sysoev
c20d3769bc backout r1757, we really need SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 2008-01-31 15:10:45 +00:00
Igor Sysoev
6e8bc2b72d fix building --test-build-rtsig and --test-build-eventport on FreeBSD 7 2008-01-28 16:24:01 +00:00
Igor Sysoev
02d8e8e377 add NGX_ENETDOWN, NGX_ENETUNREACH, and NGX_EHOSTDOWN 2008-01-25 14:57:35 +00:00
Igor Sysoev
c783c35b5f pull all errors 2008-01-25 14:56:37 +00:00
Igor Sysoev
efe0016a11 fix bogus crit log message "SSL_shutdown() failed" introduced in r1755 2008-01-22 16:04:35 +00:00
Igor Sysoev
8b99e3f1ea pull all errors 2008-01-10 08:45:00 +00:00
Igor Sysoev
e965c47113 grammar fix 2008-01-10 08:36:14 +00:00
Igor Sysoev
b548e13cdf fix comment 2007-12-29 16:55:31 +00:00
Igor Sysoev
f25abef8dc fix segfault introduced in r1780 2007-12-27 18:35:52 +00:00
Igor Sysoev
cd2aa8e172 create ssl buffer on demand and free it before keep-alive 2007-12-26 21:07:30 +00:00
Igor Sysoev
6ff850baf8 ssl_session_cache off 2007-12-26 20:27:22 +00:00
Igor Sysoev
01a129d823 use ngx_queue.h 2007-12-20 21:01:00 +00:00
Igor Sysoev
181abe549f embed session_rbtree and sentinel inside ngx_ssl_session_cache_t 2007-12-20 20:35:23 +00:00
Igor Sysoev
0a0024bdb5 omit useless test 2007-12-20 20:30:45 +00:00
Igor Sysoev
711e9031fe use ngx_time() instead of ngx_timeofday() 2007-12-20 20:11:45 +00:00
Igor Sysoev
6675abe3b4 remove SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, we never need it, 
the "bad write retry" error was caused by SSL_shutdown() error
 2007-12-20 13:49:07 +00:00
Igor Sysoev
fc28270ac2 cleaning stale global SSL error 2007-12-20 13:04:20 +00:00
Igor Sysoev
94b3ea319b SSL_shutdown() never returns -1, on error it returns 0. 
This fixes incidental "bad write retry" errors.
 2007-12-20 12:59:05 +00:00
Igor Sysoev
7912e4ba5d optimize rbtree initialization and insert 2007-12-17 08:52:00 +00:00
Igor Sysoev
86ef6aaa6b move condition declarations inside blocks where they are used 2007-12-10 12:09:51 +00:00
Igor Sysoev
e67d46189c ngx_udp_recv() 2007-12-03 16:46:46 +00:00