Mercurial > hg > nginx-ranges
comparison src/http/modules/ngx_http_ssl_module.c @ 92:45945fa8b8ba NGINX_0_2_0
nginx 0.2.0
*) The pid-file names used during online upgrade was changed and now is
not required a manual rename operation. The old master process adds
the ".oldbin" suffix to its pid-file and executes a new binary file.
The new master process creates usual pid-file without the ".newbin"
suffix. If the master process exits, then old master process renames
back its pid-file with the ".oldbin" suffix to the pid-file without
suffix.
*) Change: the "worker_connections" directive, new name of the
"connections" directive; now the directive specifies maximum number
of connections, but not maximum socket descriptor number.
*) Feature: SSL supports the session cache inside one worker process.
*) Feature: the "satisfy_any" directive.
*) Change: the ngx_http_access_module and ngx_http_auth_basic_module do
not run for subrequests.
*) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending"
directives.
*) Bugfix: if all backend using in load-balancing failed after one
error, then nginx did not try do connect to them during 60 seconds.
*) Bugfix: in IMAP/POP3 command argument parsing.
Thanks to Rob Mueller.
*) Bugfix: errors while using SSL in IMAP/POP3 proxy.
*) Bugfix: errors while using SSI and gzipping.
*) Bugfix: the "Expires" and "Cache-Control" header lines were omitted
from the 304 responses.
Thanks to Alexandr Kukushkin.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Fri, 23 Sep 2005 00:00:00 +0400 |
| parents | 71c46860eb55 |
| children | ca4f70b3ccc6 |
comparison
equal
deleted
inserted
replaced
| 91:c3eee83ea942 | 92:45945fa8b8ba |
|---|---|
| 81 NULL, /* exit master */ | 81 NULL, /* exit master */ |
| 82 NGX_MODULE_V1_PADDING | 82 NGX_MODULE_V1_PADDING |
| 83 }; | 83 }; |
| 84 | 84 |
| 85 | 85 |
| 86 static u_char ngx_http_session_id_ctx[] = "HTTP"; | |
| 87 | |
| 88 | |
| 86 static void * | 89 static void * |
| 87 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | 90 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) |
| 88 { | 91 { |
| 89 ngx_http_ssl_srv_conf_t *scf; | 92 ngx_http_ssl_srv_conf_t *scf; |
| 90 | 93 |
| 145 { | 148 { |
| 146 return NGX_CONF_ERROR; | 149 return NGX_CONF_ERROR; |
| 147 } | 150 } |
| 148 | 151 |
| 149 | 152 |
| 150 #if 0 | |
| 151 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); | |
| 152 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_NO_SSLv3); | |
| 153 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_SINGLE_DH_USE); | |
| 154 #endif | |
| 155 | |
| 156 if (conf->ciphers.len) { | 153 if (conf->ciphers.len) { |
| 157 if (SSL_CTX_set_cipher_list(conf->ssl_ctx, | 154 if (SSL_CTX_set_cipher_list(conf->ssl_ctx, |
| 158 (const char *) conf->ciphers.data) == 0) | 155 (const char *) conf->ciphers.data) == 0) |
| 159 { | 156 { |
| 160 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 157 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
| 180 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", | 177 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", |
| 181 conf->certificate_key.data); | 178 conf->certificate_key.data); |
| 182 return NGX_CONF_ERROR; | 179 return NGX_CONF_ERROR; |
| 183 } | 180 } |
| 184 | 181 |
| 185 SSL_CTX_set_verify(conf->ssl_ctx, SSL_VERIFY_NONE, NULL); | 182 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); |
| 183 | |
| 184 SSL_CTX_set_mode(conf->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
| 185 | |
| 186 SSL_CTX_set_read_ahead(conf->ssl_ctx, 1); | |
| 187 | |
| 188 SSL_CTX_set_session_cache_mode(conf->ssl_ctx, SSL_SESS_CACHE_SERVER); | |
| 189 | |
| 190 SSL_CTX_set_session_id_context(conf->ssl_ctx, ngx_http_session_id_ctx, | |
| 191 sizeof(ngx_http_session_id_ctx) - 1); | |
| 186 | 192 |
| 187 return NGX_CONF_OK; | 193 return NGX_CONF_OK; |
| 188 } | 194 } |
| 189 | 195 |
| 190 | 196 |