Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_ssl_module.c @ 573:58475592100c release-0.3.8
nginx-0.3.8-RELEASE import
*) Security: nginx now checks URI got from a backend in
"X-Accel-Redirect" header line or in SSI file for the "/../" paths
and zeroes.
*) Change: nginx now does not treat the empty user name in the
"Authorization" header line as valid one.
*) Feature: the "ssl_session_timeout" directives of the
ngx_http_ssl_module and ngx_imap_ssl_module.
*) Feature: the "auth_http_header" directive of the
ngx_imap_auth_http_module.
*) Feature: the "add_header" directive.
*) Feature: the ngx_http_realip_module.
*) Feature: the new variables to use in the "log_format" directive:
$bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
$request_time, $request_length, $upstream_status,
$upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
$connection, $pipe, and $msec. The parameters in the "%name" form
will be canceled soon.
*) Change: now the false variable values in the "if" directive are the
empty string "" and string starting with "0".
*) Bugfix: while using proxied or FastCGI-server nginx may leave
connections and temporary files with client requests in open state.
*) Bugfix: the worker processes did not flush the buffered logs on
graceful exit.
*) Bugfix: if the request URI was changes by the "rewrite" directive
and the request was proxied in location given by regular expression,
then the incorrect request was transferred to backend; the bug had
appeared in 0.2.6.
*) Bugfix: the "expires" directive did not remove the previous
"Expires" header.
*) Bugfix: nginx may stop to accept requests if the "rtsig" method and
several worker processes were used.
*) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
SSI commands.
*) Bugfix: if the response was ended just after the SSI command and
gzipping was used, then the response did not transferred complete or
did not transferred at all.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Wed, 09 Nov 2005 17:25:55 +0000 |
parents | 9c2f3ed7a247 |
children | 869b6444d234 |
comparison
equal
deleted
inserted
replaced
572:ae8920455206 | 573:58475592100c |
---|---|
5 | 5 |
6 | 6 |
7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
9 #include <ngx_http.h> | 9 #include <ngx_http.h> |
10 | |
10 | 11 |
11 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | 12 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" |
12 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | 13 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" |
13 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 14 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" |
14 | 15 |
81 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | 82 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), |
82 NULL }, | 83 NULL }, |
83 #else | 84 #else |
84 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 }, | 85 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 }, |
85 #endif | 86 #endif |
87 | |
88 { ngx_string("ssl_session_timeout"), | |
89 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
90 ngx_conf_set_sec_slot, | |
91 NGX_HTTP_SRV_CONF_OFFSET, | |
92 offsetof(ngx_http_ssl_srv_conf_t, session_timeout), | |
93 NULL }, | |
86 | 94 |
87 ngx_null_command | 95 ngx_null_command |
88 }; | 96 }; |
89 | 97 |
90 | 98 |
144 * scf->ciphers.len = 0; | 152 * scf->ciphers.len = 0; |
145 * scf->ciphers.data = NULL; | 153 * scf->ciphers.data = NULL; |
146 */ | 154 */ |
147 | 155 |
148 scf->enable = NGX_CONF_UNSET; | 156 scf->enable = NGX_CONF_UNSET; |
157 scf->session_timeout = NGX_CONF_UNSET; | |
149 scf->prefer_server_ciphers = NGX_CONF_UNSET; | 158 scf->prefer_server_ciphers = NGX_CONF_UNSET; |
150 | 159 |
151 return scf; | 160 return scf; |
152 } | 161 } |
153 | 162 |
163 ngx_conf_merge_value(conf->enable, prev->enable, 0); | 172 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
164 | 173 |
165 if (conf->enable == 0) { | 174 if (conf->enable == 0) { |
166 return NGX_CONF_OK; | 175 return NGX_CONF_OK; |
167 } | 176 } |
177 | |
178 ngx_conf_merge_value(conf->session_timeout, | |
179 prev->session_timeout, 300); | |
168 | 180 |
169 ngx_conf_merge_value(conf->prefer_server_ciphers, | 181 ngx_conf_merge_value(conf->prefer_server_ciphers, |
170 prev->prefer_server_ciphers, 0); | 182 prev->prefer_server_ciphers, 0); |
171 | 183 |
172 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 184 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
227 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); | 239 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); |
228 | 240 |
229 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, | 241 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, |
230 sizeof(ngx_http_session_id_ctx) - 1); | 242 sizeof(ngx_http_session_id_ctx) - 1); |
231 | 243 |
244 SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout); | |
245 | |
232 return NGX_CONF_OK; | 246 return NGX_CONF_OK; |
233 } | 247 } |
234 | 248 |
235 | 249 |
236 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | 250 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |