Mercurial > hg > nginx-quic

view auto/cc/icc @ 7367:bf1ac3dc1e68

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: fixed segfault on renegotiation (ticket #1646). In e3ba4026c02d (1.15.4) nginx own renegotiation checks were disabled if SSL_OP_NO_RENEGOTIATION is available. But since SSL_OP_NO_RENEGOTIATION is only set on a connection, not in an SSL context, SSL_clear_option() removed it as long as a matching virtual server was found. This resulted in a segmentation fault similar to the one fixed in a6902a941279 (1.9.8), affecting nginx built with OpenSSL 1.1.0h or higher. To fix this, SSL_OP_NO_RENEGOTIATION is now explicitly set in ngx_http_ssl_servername() after adjusting options. Additionally, instead of c->ssl->renegotiation we now check c->ssl->handshaked, which seems to be a more correct flag to test, and will prevent the segmentation fault from happening even if SSL_OP_NO_RENEGOTIATION is not working.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 02 Oct 2018 17:46:18 +0300
parents 9eefb38f0005
children
line wrap: on
line source


# Copyright (C) Igor Sysoev
# Copyright (C) Nginx, Inc.


# Intel C++ compiler 7.1, 8.0, 8.1, 9.0, 11.1

NGX_ICC_VER=`$CC -V 2>&1 | grep 'Version' 2>&1 \
                         | sed -e 's/^.* Version \([^ ]*\) *Build.*$/\1/'`

echo " + icc version: $NGX_ICC_VER"

have=NGX_COMPILER value="\"Intel C Compiler $NGX_ICC_VER\"" . auto/define


# optimizations

CFLAGS="$CFLAGS -O"

CORE_LINK="$CORE_LINK -opt_report_file=$NGX_OBJS/opt_report_file"


case $CPU in
    pentium)
        # optimize for Pentium and Athlon
        CPU_OPT="-march=pentium"
    ;;

    pentiumpro)
        # optimize for Pentium Pro, Pentium II and Pentium III
        CPU_OPT="-mcpu=pentiumpro -march=pentiumpro"
    ;;

    pentium4)
        # optimize for Pentium 4, default
        CPU_OPT="-march=pentium4"
    ;;
esac

CFLAGS="$CFLAGS $CPU_OPT"

if [ ".$PCRE_OPT" = "." ]; then
    PCRE_OPT="-O $CPU_OPT"
fi

if [ ".$ZLIB_OPT" = "." ]; then
    ZLIB_OPT="-O $CPU_OPT"
fi


# warnings

CFLAGS="$CFLAGS -w2"

# disable some warnings

# invalid type conversion: "int" to "char *"
CFLAGS="$CFLAGS -wd171"
# argument is incompatible with corresponding format string conversion
CFLAGS="$CFLAGS -wd181"
# zero used for undefined preprocessing identifier
CFLAGS="$CFLAGS -wd193"
# the format string ends before this argument
CFLAGS="$CFLAGS -wd268"
# invalid format string conversion
CFLAGS="$CFLAGS -wd269"
# conversion from "long long" to "size_t" may lose significant bits
CFLAGS="$CFLAGS -wd810"
# parameter was never referenced
CFLAGS="$CFLAGS -wd869"
# attribute "unused" is only allowed in a function definition, warning on pTHX_
CFLAGS="$CFLAGS -wd1301"

# STUB
# enumerated type mixed with another type
CFLAGS="$CFLAGS -wd188"
# controlling expression is constant
CFLAGS="$CFLAGS -wd279"
# operands are evaluated in unspecified order
CFLAGS="$CFLAGS -wd981"
# external definition with no prior declaration
CFLAGS="$CFLAGS -wd1418"
# external declaration in primary source file
CFLAGS="$CFLAGS -wd1419"

case "$NGX_ICC_VER" in
    9.*)
        # "cc" clobber ignored, warnings for Linux's htonl()/htons()
        CFLAGS="$CFLAGS -wd1469"
        # explicit conversion of a 64-bit integral type to a smaller
        # integral type
        CFLAGS="$CFLAGS -wd1683"
        # conversion from pointer to same-sized integral type,
        # warning on offsetof()
        CFLAGS="$CFLAGS -wd1684"
        # floating-point equality and inequality comparisons are unreliable,
        # warning on SvTRUE()
        CFLAGS="$CFLAGS -wd1572"
    ;;

    8.*)
        # "cc" clobber ignored, warnings for Linux's htonl()/htons()
        CFLAGS="$CFLAGS -wd1469"
        # floating-point equality and inequality comparisons are unreliable,
        # warning on SvTRUE()
        CFLAGS="$CFLAGS -wd1572"
    ;;

    *)
    ;;
esac

# stop on warning
CFLAGS="$CFLAGS -Werror"

# debug
CFLAGS="$CFLAGS -g"