Mercurial > hg > nginx-quic
annotate conf/uwsgi_params @ 8573:1a03af395f44
SSL: use of the SSL_OP_IGNORE_UNEXPECTED_EOF option.
A new behaviour was introduced in OpenSSL 1.1.1e, when a peer does not send
close_notify before closing the connection. Previously, it was to return
SSL_ERROR_SYSCALL with errno 0, known since at least OpenSSL 0.9.7, and is
handled gracefully in nginx. Now it returns SSL_ERROR_SSL with a distinct
reason SSL_R_UNEXPECTED_EOF_WHILE_READING ("unexpected eof while reading").
This leads to critical errors seen in nginx within various routines such as
SSL_do_handshake(), SSL_read(), SSL_shutdown(). The behaviour was restored
in OpenSSL 1.1.1f, but presents in OpenSSL 3.0 by default.
Use of the SSL_OP_IGNORE_UNEXPECTED_EOF option added in OpenSSL 3.0 allows
to set a compatible behaviour to return SSL_ERROR_ZERO_RETURN:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=09b90e0
See for additional details: https://github.com/openssl/openssl/issues/11381
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 10 Aug 2021 23:43:17 +0300 |
| parents | 62869a9b2e7d |
| children |
| rev | line source |
|---|---|
|
3541
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1 |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
2 uwsgi_param QUERY_STRING $query_string; |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
3 uwsgi_param REQUEST_METHOD $request_method; |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
4 uwsgi_param CONTENT_TYPE $content_type; |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
5 uwsgi_param CONTENT_LENGTH $content_length; |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
6 |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 uwsgi_param REQUEST_URI $request_uri; |
|
3542
9bf51b3fc1c1
style fix: remove tabs and trailing spaces
Igor Sysoev <igor@sysoev.ru>
parents:
3541
diff
changeset
|
8 uwsgi_param PATH_INFO $document_uri; |
|
3541
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 uwsgi_param DOCUMENT_ROOT $document_root; |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 uwsgi_param SERVER_PROTOCOL $server_protocol; |
|
6168
62869a9b2e7d
Added the REQUEST_SCHEME parameter.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4333
diff
changeset
|
11 uwsgi_param REQUEST_SCHEME $scheme; |
|
4333
352a7b025f2e
Added HTTPS param with Apache-like behaviour to fastcgi/scgi/uwsgi_params (fixes #38).
Valentin Bartenev <vbart@nginx.com>
parents:
3542
diff
changeset
|
12 uwsgi_param HTTPS $https if_not_empty; |
|
3541
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
14 uwsgi_param REMOTE_ADDR $remote_addr; |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
15 uwsgi_param REMOTE_PORT $remote_port; |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 uwsgi_param SERVER_PORT $server_port; |
|
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 uwsgi_param SERVER_NAME $server_name; |