Mercurial > hg > nginx-vendor-0-7
comparison src/http/ngx_http_request.c @ 502:89dc5654117c NGINX_0_7_63
nginx 0.7.63
*) Security: now "/../" are disabled in "Destination" request header
line.
*) Change: minimum supported OpenSSL version is 0.9.7.
*) Change: the "ask" parameter of the "ssl_verify_client" directive was
changed to the "optional" parameter and now it checks a client
certificate if it was offered.
Thanks to Brice Figureau.
*) Feature: now the "-V" switch shows TLS SNI support.
*) Feature: the $ssl_client_verify variable.
Thanks to Brice Figureau.
*) Feature: the "ssl_crl" directive.
Thanks to Brice Figureau.
*) Bugfix: the $ssl_client_cert variable usage corrupted memory; the
bug had appeared in 0.7.7.
Thanks to Sergey Zhuravlev.
*) Feature: now the start cache loader runs in a separate process; this
should improve large caches handling.
*) Feature: now temporary files and permanent storage area may reside
at different file systems.
*) Bugfix: nginx counted incorrectly disk cache size.
*) Change: now directive "gzip_disable msie6" does not disable gzipping
for MSIE 6.0 SV1.
*) Bugfix: nginx always added "Vary: Accept-Encoding" response header
line, if both "gzip_static" and "gzip_vary" were on.
*) Feature: the "proxy" parameter of the "geo" directive.
*) Feature: the ngx_http_geoip_module.
*) Feature: the "limit_rate_after" directive.
Thanks to Ivan Debnar.
*) Feature: the "limit_req_log_level" and "limit_conn_log_level"
directives.
*) Bugfix: now "limit_req" directive conforms to the leaky bucket
algorithm.
Thanks to Maxim Dounin.
*) Bugfix: in ngx_http_limit_req_module.
Thanks to Maxim Dounin.
*) Bugfix: now nginx allows underscores in a request method.
*) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did
not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate",
"X-Accel-Buffering", and "X-Accel-Charset" lines from backend
response header.
Thanks to Maxim Dounin.
*) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend
response header lines; the bug had appeared in 0.7.44.
Thanks to Maxim Dounin.
*) Feature: the "image_filter_transparency" directive.
*) Feature: the "image_filter" directive supports variables for setting
size.
*) Bugfix: in PNG alpha-channel support in the
ngx_http_image_filter_module.
*) Bugfix: in transparency support in the ngx_http_image_filter_module.
*) Feature: now several "perl_modules" directives may be used.
*) Bugfix: ngx_http_perl_module responses did not work in subrequests.
*) Bugfix: nginx sent '\0' in a "Location" response header line on
MKCOL request.
Thanks to Xie Zhenye.
*) Bugfix: an "error_page" directive did not redirect a 413 error; the
bug had appeared in 0.6.10.
*) Bugfix: in memory allocation error handling.
Thanks to Maxim Dounin and Kirill A. Korinskiy.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 26 Oct 2009 00:00:00 +0300 |
parents | ed3d382670c7 |
children | 706fef7f4dcc |
comparison
equal
deleted
inserted
replaced
501:dc87c92181c7 | 502:89dc5654117c |
---|---|
127 ngx_http_process_unique_header_line }, | 127 ngx_http_process_unique_header_line }, |
128 | 128 |
129 { ngx_string("Keep-Alive"), offsetof(ngx_http_headers_in_t, keep_alive), | 129 { ngx_string("Keep-Alive"), offsetof(ngx_http_headers_in_t, keep_alive), |
130 ngx_http_process_header_line }, | 130 ngx_http_process_header_line }, |
131 | 131 |
132 #if (NGX_HTTP_PROXY || NGX_HTTP_REALIP) | 132 #if (NGX_HTTP_PROXY || NGX_HTTP_REALIP || NGX_HTTP_GEO) |
133 { ngx_string("X-Forwarded-For"), | 133 { ngx_string("X-Forwarded-For"), |
134 offsetof(ngx_http_headers_in_t, x_forwarded_for), | 134 offsetof(ngx_http_headers_in_t, x_forwarded_for), |
135 ngx_http_process_header_line }, | 135 ngx_http_process_header_line }, |
136 #endif | 136 #endif |
137 | 137 |
382 r->main_conf = cscf->ctx->main_conf; | 382 r->main_conf = cscf->ctx->main_conf; |
383 r->srv_conf = cscf->ctx->srv_conf; | 383 r->srv_conf = cscf->ctx->srv_conf; |
384 r->loc_conf = cscf->ctx->loc_conf; | 384 r->loc_conf = cscf->ctx->loc_conf; |
385 | 385 |
386 rev->handler = ngx_http_process_request_line; | 386 rev->handler = ngx_http_process_request_line; |
387 r->read_event_handler = ngx_http_block_reading; | |
387 | 388 |
388 #if (NGX_HTTP_SSL) | 389 #if (NGX_HTTP_SSL) |
389 | 390 |
390 { | 391 { |
391 ngx_http_ssl_srv_conf_t *sscf; | 392 ngx_http_ssl_srv_conf_t *sscf; |
449 | 450 |
450 if (ngx_list_init(&r->headers_out.headers, r->pool, 20, | 451 if (ngx_list_init(&r->headers_out.headers, r->pool, 20, |
451 sizeof(ngx_table_elt_t)) | 452 sizeof(ngx_table_elt_t)) |
452 != NGX_OK) | 453 != NGX_OK) |
453 { | 454 { |
454 ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); | 455 ngx_destroy_pool(r->pool); |
456 ngx_http_close_connection(c); | |
455 return; | 457 return; |
456 } | 458 } |
457 | 459 |
458 r->ctx = ngx_pcalloc(r->pool, sizeof(void *) * ngx_http_max_module); | 460 r->ctx = ngx_pcalloc(r->pool, sizeof(void *) * ngx_http_max_module); |
459 if (r->ctx == NULL) { | 461 if (r->ctx == NULL) { |
460 ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); | 462 ngx_destroy_pool(r->pool); |
463 ngx_http_close_connection(c); | |
461 return; | 464 return; |
462 } | 465 } |
463 | 466 |
464 cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module); | 467 cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module); |
465 | 468 |
466 r->variables = ngx_pcalloc(r->pool, cmcf->variables.nelts | 469 r->variables = ngx_pcalloc(r->pool, cmcf->variables.nelts |
467 * sizeof(ngx_http_variable_value_t)); | 470 * sizeof(ngx_http_variable_value_t)); |
468 if (r->variables == NULL) { | 471 if (r->variables == NULL) { |
469 ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); | 472 ngx_destroy_pool(r->pool); |
473 ngx_http_close_connection(c); | |
470 return; | 474 return; |
471 } | 475 } |
472 | 476 |
473 c->single_connection = 1; | 477 c->single_connection = 1; |
474 c->destroyed = 0; | 478 c->destroyed = 0; |
1372 switch (msie[5]) { | 1376 switch (msie[5]) { |
1373 case '4': | 1377 case '4': |
1374 r->headers_in.msie4 = 1; | 1378 r->headers_in.msie4 = 1; |
1375 /* fall through */ | 1379 /* fall through */ |
1376 case '5': | 1380 case '5': |
1381 r->headers_in.msie6 = 1; | |
1382 break; | |
1377 case '6': | 1383 case '6': |
1378 r->headers_in.msie6 = 1; | 1384 if (ngx_strstrn(msie + 8, "SV1", 3 - 1) == NULL) { |
1385 r->headers_in.msie6 = 1; | |
1386 } | |
1387 break; | |
1379 } | 1388 } |
1380 } | 1389 } |
1381 | 1390 |
1382 #if 0 | 1391 #if 0 |
1383 /* MSIE ignores the SSL "close notify" alert */ | 1392 /* MSIE ignores the SSL "close notify" alert */ |
1515 X509 *cert; | 1524 X509 *cert; |
1516 ngx_http_ssl_srv_conf_t *sscf; | 1525 ngx_http_ssl_srv_conf_t *sscf; |
1517 | 1526 |
1518 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); | 1527 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); |
1519 | 1528 |
1520 if (sscf->verify == 1) { | 1529 if (sscf->verify) { |
1521 rc = SSL_get_verify_result(c->ssl->connection); | 1530 rc = SSL_get_verify_result(c->ssl->connection); |
1522 | 1531 |
1523 if (rc != X509_V_OK) { | 1532 if (rc != X509_V_OK) { |
1524 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1533 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1525 "client SSL certificate verify error: (%l:%s)", | 1534 "client SSL certificate verify error: (%l:%s)", |
1530 | 1539 |
1531 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); | 1540 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); |
1532 return; | 1541 return; |
1533 } | 1542 } |
1534 | 1543 |
1535 cert = SSL_get_peer_certificate(c->ssl->connection); | 1544 if (sscf->verify == 1) { |
1536 | 1545 cert = SSL_get_peer_certificate(c->ssl->connection); |
1537 if (cert == NULL) { | 1546 |
1538 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1547 if (cert == NULL) { |
1539 "client sent no required SSL certificate"); | 1548 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1540 | 1549 "client sent no required SSL certificate"); |
1541 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | 1550 |
1551 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | |
1542 (SSL_get0_session(c->ssl->connection))); | 1552 (SSL_get0_session(c->ssl->connection))); |
1543 | 1553 |
1544 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); | 1554 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); |
1545 return; | 1555 return; |
1546 } | 1556 } |
1547 | 1557 |
1548 X509_free(cert); | 1558 X509_free(cert); |
1559 } | |
1549 } | 1560 } |
1550 } | 1561 } |
1551 | 1562 |
1552 #endif | 1563 #endif |
1553 | 1564 |
2701 if (b == NULL) { | 2712 if (b == NULL) { |
2702 return NGX_ERROR; | 2713 return NGX_ERROR; |
2703 } | 2714 } |
2704 | 2715 |
2705 if (flags & NGX_HTTP_LAST) { | 2716 if (flags & NGX_HTTP_LAST) { |
2706 b->last_buf = 1; | 2717 |
2718 if (r == r->main && !r->post_action) { | |
2719 b->last_buf = 1; | |
2720 | |
2721 } else { | |
2722 b->sync = 1; | |
2723 b->last_in_chain = 1; | |
2724 } | |
2707 } | 2725 } |
2708 | 2726 |
2709 if (flags & NGX_HTTP_FLUSH) { | 2727 if (flags & NGX_HTTP_FLUSH) { |
2710 b->flush = 1; | 2728 b->flush = 1; |
2711 } | 2729 } |