nginx-vendor-1-0: src/event/ngx_event

comparison src/event/ngx_event_openssl.c @ 644:ad25218fd14b NGINX_1_0_12

nginx 1.0.12 *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the "ssl_protocols" directive. *) Feature: the "if" SSI command supports captures in regular expressions. *) Bugfix: the "if" SSI command did not work inside the "block" command. *) Bugfix: in AIO error handling on FreeBSD. *) Bugfix: in the OpenSSL library initialization. *) Bugfix: the "worker_cpu_affinity" directive might not work. *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level" directives might not work. *) Bugfix: the "read_ahead" directive might not work combined with "try_files" and "open_file_cache". *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter did not return answer from cache if there were no live upstreams. *) Bugfix: a segmentation fault might occur in a worker process if small time was used in the "inactive" parameter of the "proxy_cache_path" directive. *) Bugfix: responses from cache might hang. *) Bugfix: in error handling while connecting to a backend. Thanks to Piotr Sikora. *) Bugfix: in the "epoll" event method. Thanks to Yichun Zhang. *) Bugfix: the $sent_http_cache_control variable might contain a wrong value if the "expires" directive was used. Thanks to Yichun Zhang. *) Bugfix: the "limit_rate" directive did not allow to use full throughput, even if limit value was very high. *) Bugfix: the "sendfile_max_chunk" directive did not work, if the "limit_rate" directive was used. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.0.11. *) Bugfix: in the ngx_http_scgi_module. *) Bugfix: in the ngx_http_mp4_module.

author	Igor Sysoev <http://sysoev.ru>
date	Mon, 06 Feb 2012 00:00:00 +0400
parents	692f4d4d7f10
children	09a689c5e494

comparison

equal deleted inserted replaced

-:d81e1c257a02
+:ad25218fd14b
 /*
 * Copyright (C) Igor Sysoev
+* Copyright (C) Nginx, Inc.
 */
 #include <ngx_config.h>
 #include <ngx_core.h>
 ngx_openssl_exit,                      /* exit master */
 NGX_MODULE_V1_PADDING
 };
-static long  ngx_ssl_protocols[] = {
-SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1,
-SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1,
-SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1,
-SSL_OP_NO_TLSv1,
-SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3,
-SSL_OP_NO_SSLv3,
-SSL_OP_NO_SSLv2,
-0,
-};
 int  ngx_ssl_connection_index;
 int  ngx_ssl_server_conf_index;
 int  ngx_ssl_session_cache_index;
 {
 OPENSSL_config(NULL);
 SSL_library_init();
 SSL_load_error_strings();
-ENGINE_load_builtin_engines();
 OpenSSL_add_all_algorithms();
 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
-if (ngx_ssl_protocols[protocols >> 1] != 0) {
+if (!(protocols & NGX_SSL_SSLv2)) {
-SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
+SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
 }
+if (!(protocols & NGX_SSL_SSLv3)) {
+SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
+}
+if (!(protocols & NGX_SSL_TLSv1)) {
+SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
+}
+#ifdef SSL_OP_NO_TLSv1_1
+if (!(protocols & NGX_SSL_TLSv1_1)) {
+SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
+}
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+if (!(protocols & NGX_SSL_TLSv1_2)) {
+SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
+}
+#endif
 #ifdef SSL_OP_NO_COMPRESSION
 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
 #endif

Mercurial > hg > nginx-vendor-1-0

comparison src/event/ngx_event_openssl.c @ 644:ad25218fd14b NGINX_1_0_12