Mercurial > hg > nginx-vendor-1-0
comparison src/event/ngx_event_openssl.c @ 644:ad25218fd14b NGINX_1_0_12
nginx 1.0.12
*) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
"ssl_protocols" directive.
*) Feature: the "if" SSI command supports captures in regular
expressions.
*) Bugfix: the "if" SSI command did not work inside the "block" command.
*) Bugfix: in AIO error handling on FreeBSD.
*) Bugfix: in the OpenSSL library initialization.
*) Bugfix: the "worker_cpu_affinity" directive might not work.
*) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
directives might not work.
*) Bugfix: the "read_ahead" directive might not work combined with
"try_files" and "open_file_cache".
*) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
did not return answer from cache if there were no live upstreams.
*) Bugfix: a segmentation fault might occur in a worker process if small
time was used in the "inactive" parameter of the "proxy_cache_path"
directive.
*) Bugfix: responses from cache might hang.
*) Bugfix: in error handling while connecting to a backend.
Thanks to Piotr Sikora.
*) Bugfix: in the "epoll" event method.
Thanks to Yichun Zhang.
*) Bugfix: the $sent_http_cache_control variable might contain a wrong
value if the "expires" directive was used.
Thanks to Yichun Zhang.
*) Bugfix: the "limit_rate" directive did not allow to use full
throughput, even if limit value was very high.
*) Bugfix: the "sendfile_max_chunk" directive did not work, if the
"limit_rate" directive was used.
*) Bugfix: nginx could not be built on Solaris; the bug had appeared in
1.0.11.
*) Bugfix: in the ngx_http_scgi_module.
*) Bugfix: in the ngx_http_mp4_module.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 06 Feb 2012 00:00:00 +0400 |
parents | 692f4d4d7f10 |
children | 09a689c5e494 |
comparison
equal
deleted
inserted
replaced
643:d81e1c257a02 | 644:ad25218fd14b |
---|---|
1 | 1 |
2 /* | 2 /* |
3 * Copyright (C) Igor Sysoev | 3 * Copyright (C) Igor Sysoev |
4 * Copyright (C) Nginx, Inc. | |
4 */ | 5 */ |
5 | 6 |
6 | 7 |
7 #include <ngx_config.h> | 8 #include <ngx_config.h> |
8 #include <ngx_core.h> | 9 #include <ngx_core.h> |
76 ngx_openssl_exit, /* exit master */ | 77 ngx_openssl_exit, /* exit master */ |
77 NGX_MODULE_V1_PADDING | 78 NGX_MODULE_V1_PADDING |
78 }; | 79 }; |
79 | 80 |
80 | 81 |
81 static long ngx_ssl_protocols[] = { | |
82 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
83 SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
84 SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1, | |
85 SSL_OP_NO_TLSv1, | |
86 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3, | |
87 SSL_OP_NO_SSLv3, | |
88 SSL_OP_NO_SSLv2, | |
89 0, | |
90 }; | |
91 | |
92 | |
93 int ngx_ssl_connection_index; | 82 int ngx_ssl_connection_index; |
94 int ngx_ssl_server_conf_index; | 83 int ngx_ssl_server_conf_index; |
95 int ngx_ssl_session_cache_index; | 84 int ngx_ssl_session_cache_index; |
96 | 85 |
97 | 86 |
100 { | 89 { |
101 OPENSSL_config(NULL); | 90 OPENSSL_config(NULL); |
102 | 91 |
103 SSL_library_init(); | 92 SSL_library_init(); |
104 SSL_load_error_strings(); | 93 SSL_load_error_strings(); |
105 | |
106 ENGINE_load_builtin_engines(); | |
107 | 94 |
108 OpenSSL_add_all_algorithms(); | 95 OpenSSL_add_all_algorithms(); |
109 | 96 |
110 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 97 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
111 | 98 |
169 | 156 |
170 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | 157 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); |
171 | 158 |
172 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); | 159 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); |
173 | 160 |
174 if (ngx_ssl_protocols[protocols >> 1] != 0) { | 161 if (!(protocols & NGX_SSL_SSLv2)) { |
175 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | 162 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2); |
176 } | 163 } |
164 if (!(protocols & NGX_SSL_SSLv3)) { | |
165 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3); | |
166 } | |
167 if (!(protocols & NGX_SSL_TLSv1)) { | |
168 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1); | |
169 } | |
170 #ifdef SSL_OP_NO_TLSv1_1 | |
171 if (!(protocols & NGX_SSL_TLSv1_1)) { | |
172 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1); | |
173 } | |
174 #endif | |
175 #ifdef SSL_OP_NO_TLSv1_2 | |
176 if (!(protocols & NGX_SSL_TLSv1_2)) { | |
177 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2); | |
178 } | |
179 #endif | |
177 | 180 |
178 #ifdef SSL_OP_NO_COMPRESSION | 181 #ifdef SSL_OP_NO_COMPRESSION |
179 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); | 182 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); |
180 #endif | 183 #endif |
181 | 184 |