Mercurial > hg > nginx-vendor-0-7
comparison src/event/ngx_event_openssl.c @ 506:b9fdcaf2062b NGINX_0_7_65
nginx 0.7.65
*) Security: now nginx/Windows ignores trailing spaces in URI.
Thanks to Dan Crowley, Core Security Technologies.
*) Security: now nginx/Windows ignores short files names.
Thanks to Dan Crowley, Core Security Technologies.
*) Change: now the "009" status code is written to an access log for
proxied HTTP/0.9 responses.
*) Change: now the default buffer size of the
"large_client_header_buffers" directive is 8K.
Thanks to Andrew Cholakian.
*) Change: now default SSL ciphers are "HIGH:!ADH:!MD5".
*) Change: now SSLv2 protocol is disabled by default.
*) Change: now $host variable value is always low case.
*) Feature: the conf/fastcgi.conf for simple FastCGI configurations.
*) Feature: now URI part is not required a "proxy_pass" directive if
variables are used.
*) Feature: the $ssl_session_id variable.
*) Bugfix: if a proxied or FastCGI request was internally redirected to
another proxied or FastCGI location, then $upstream_response_time
variable may have abnormally large value; the bug had appeared in
0.7.63.
*) Bugfix: if the "expires modified" set date in the past, then a
negative number was set in the "Cache-Control" response header
line.
Thanks to Alex Kapranoff.
*) Bugfix: nginx closed a connection if a cached response had an empty
body.
Thanks to Piotr Sikora.
*) Bugfix: nginx cached a 304 response if there was the "If-None-Match"
header line in a proxied request.
Thanks to Tim Dettrick and David Kostal.
*) Bugfix: nginx did not treat a comma as separator in the
"Cache-Control" backend response header line.
*) Bugfix: cached HTTP/0.9 responses were handled incorrectly.
*) Bugfix: nginx sent gzipped responses to clients those do not support
gzip, if "gzip_static on" and "gzip_vary off"; the bug had appeared
in 0.8.16.
*) Bugfix: nginx always added "Content-Encoding: gzip" response header
line in 304 responses sent by ngx_http_gzip_static_module.
*) Bugfix: the "!-x" operator did not work.
Thanks to Maxim Dounin.
*) Bugfix: a segmentation fault might occur in a worker process, if
limit_rate was used in HTTPS server.
Thanks to Maxim Dounin.
*) Bugfix: a segmentation fault might occur in a worker process while
$limit_rate logging.
Thanks to Maxim Dounin.
*) Bugfix: nginx did not support dates in 2038 year on 32-bit platforms;
*) Bugfix: nginx/Windows tried to delete a temporary file twice if the
file should replace an already existent file.
*) Bugfix: nginx/Windows tried to rename a temporary file twice if the
file should replace an already existent file.
*) Bugfix: nginx/Windows might not create temporary file, a cache file,
or "proxy/fastcgi_store"d file if a worker had no enough access
rights for top level directories.
*) Bugfix: in UTF-8 encoding support by "try_files" directive in
nginx/Windows.
*) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module.
Thanks to Maxim Dounin.
*) Bugfix: the ngx_http_autoindex_module did not show the trailing
slash in links to a directory; the bug had appeared in 0.7.15.
*) Bugfix: nginx did not close a log file set by the --error-log-path
configuration option; the bug had appeared in 0.7.53.
*) Bugfix: "addition_types" directive was incorrectly named
"addtion_types".
*) Bugfix: invalid request line in $request variable was written in
access_log only if error_log was set to "info" or "debug" level.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Mon, 01 Feb 2010 00:00:00 +0000 |
| parents | 706fef7f4dcc |
| children | 68c0ae0a4959 |
comparison
equal
deleted
inserted
replaced
| 505:c62da3dcc544 | 506:b9fdcaf2062b |
|---|---|
| 984 send = 0; | 984 send = 0; |
| 985 flush = (in == NULL) ? 1 : 0; | 985 flush = (in == NULL) ? 1 : 0; |
| 986 | 986 |
| 987 for ( ;; ) { | 987 for ( ;; ) { |
| 988 | 988 |
| 989 while (in && buf->last < buf->end) { | 989 while (in && buf->last < buf->end && send < limit) { |
| 990 if (in->buf->last_buf || in->buf->flush) { | 990 if (in->buf->last_buf || in->buf->flush) { |
| 991 flush = 1; | 991 flush = 1; |
| 992 } | 992 } |
| 993 | 993 |
| 994 if (ngx_buf_special(in->buf)) { | 994 if (ngx_buf_special(in->buf)) { |
| 1011 "SSL buf copy: %d", size); | 1011 "SSL buf copy: %d", size); |
| 1012 | 1012 |
| 1013 ngx_memcpy(buf->last, in->buf->pos, size); | 1013 ngx_memcpy(buf->last, in->buf->pos, size); |
| 1014 | 1014 |
| 1015 buf->last += size; | 1015 buf->last += size; |
| 1016 | |
| 1017 in->buf->pos += size; | 1016 in->buf->pos += size; |
| 1017 send += size; | |
| 1018 | 1018 |
| 1019 if (in->buf->pos == in->buf->last) { | 1019 if (in->buf->pos == in->buf->last) { |
| 1020 in = in->next; | 1020 in = in->next; |
| 1021 } | 1021 } |
| 1022 } | 1022 } |
| 1037 c->buffered |= NGX_SSL_BUFFERED; | 1037 c->buffered |= NGX_SSL_BUFFERED; |
| 1038 return in; | 1038 return in; |
| 1039 } | 1039 } |
| 1040 | 1040 |
| 1041 buf->pos += n; | 1041 buf->pos += n; |
| 1042 send += n; | |
| 1043 c->sent += n; | 1042 c->sent += n; |
| 1044 | 1043 |
| 1045 if (n < size) { | 1044 if (n < size) { |
| 1046 break; | 1045 break; |
| 1047 } | 1046 } |
| 1311 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | 1310 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ |
| 1312 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ | 1311 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ |
| 1313 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ | 1312 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ |
| 1314 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ | 1313 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ |
| 1315 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ | 1314 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ |
| 1315 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ | |
| 1316 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ | 1316 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ |
| 1317 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ | 1317 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ |
| 1318 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ | 1318 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ |
| 1319 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ | 1319 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ |
| 1320 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */ | 1320 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */ |
| 1626 ngx_memcpy(id, sess->session_id, sess->session_id_length); | 1626 ngx_memcpy(id, sess->session_id, sess->session_id_length); |
| 1627 | 1627 |
| 1628 hash = ngx_crc32_short(sess->session_id, sess->session_id_length); | 1628 hash = ngx_crc32_short(sess->session_id, sess->session_id_length); |
| 1629 | 1629 |
| 1630 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1630 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 1631 "http ssl new session: %08XD:%d:%d", | 1631 "ssl new session: %08XD:%d:%d", |
| 1632 hash, sess->session_id_length, len); | 1632 hash, sess->session_id_length, len); |
| 1633 | 1633 |
| 1634 sess_id->node.key = hash; | 1634 sess_id->node.key = hash; |
| 1635 sess_id->node.data = (u_char) sess->session_id_length; | 1635 sess_id->node.data = (u_char) sess->session_id_length; |
| 1636 sess_id->id = id; | 1636 sess_id->id = id; |
| 1689 | 1689 |
| 1690 hash = ngx_crc32_short(id, (size_t) len); | 1690 hash = ngx_crc32_short(id, (size_t) len); |
| 1691 *copy = 0; | 1691 *copy = 0; |
| 1692 | 1692 |
| 1693 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1693 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 1694 "http ssl get session: %08XD:%d", hash, len); | 1694 "ssl get session: %08XD:%d", hash, len); |
| 1695 | 1695 |
| 1696 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), | 1696 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), |
| 1697 ngx_ssl_session_cache_index); | 1697 ngx_ssl_session_cache_index); |
| 1698 | 1698 |
| 1699 cache = shm_zone->data; | 1699 cache = shm_zone->data; |
| 1803 len = (size_t) sess->session_id_length; | 1803 len = (size_t) sess->session_id_length; |
| 1804 | 1804 |
| 1805 hash = ngx_crc32_short(id, len); | 1805 hash = ngx_crc32_short(id, len); |
| 1806 | 1806 |
| 1807 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, | 1807 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
| 1808 "http ssl remove session: %08XD:%uz", hash, len); | 1808 "ssl remove session: %08XD:%uz", hash, len); |
| 1809 | 1809 |
| 1810 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; | 1810 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
| 1811 | 1811 |
| 1812 ngx_shmtx_lock(&shpool->mutex); | 1812 ngx_shmtx_lock(&shpool->mutex); |
| 1813 | 1813 |
| 1967 return NGX_OK; | 1967 return NGX_OK; |
| 1968 } | 1968 } |
| 1969 | 1969 |
| 1970 | 1970 |
| 1971 ngx_int_t | 1971 ngx_int_t |
| 1972 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
| 1973 { | |
| 1974 int len; | |
| 1975 u_char *p, *buf; | |
| 1976 SSL_SESSION *sess; | |
| 1977 | |
| 1978 sess = SSL_get0_session(c->ssl->connection); | |
| 1979 | |
| 1980 len = i2d_SSL_SESSION(sess, NULL); | |
| 1981 | |
| 1982 buf = ngx_alloc(len, c->log); | |
| 1983 if (buf == NULL) { | |
| 1984 return NGX_ERROR; | |
| 1985 } | |
| 1986 | |
| 1987 s->len = 2 * len; | |
| 1988 s->data = ngx_pnalloc(pool, 2 * len); | |
| 1989 if (s->data == NULL) { | |
| 1990 ngx_free(buf); | |
| 1991 return NGX_ERROR; | |
| 1992 } | |
| 1993 | |
| 1994 p = buf; | |
| 1995 i2d_SSL_SESSION(sess, &p); | |
| 1996 | |
| 1997 ngx_hex_dump(s->data, buf, len); | |
| 1998 | |
| 1999 ngx_free(buf); | |
| 2000 | |
| 2001 return NGX_OK; | |
| 2002 } | |
| 2003 | |
| 2004 | |
| 2005 ngx_int_t | |
| 1972 ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 2006 ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
| 1973 { | 2007 { |
| 1974 size_t len; | 2008 size_t len; |
| 1975 BIO *bio; | 2009 BIO *bio; |
| 1976 X509 *cert; | 2010 X509 *cert; |