Mercurial > hg > nginx-ranges
comparison src/event/ngx_event_openssl.c @ 576:da3c99095432 NGINX_0_8_34
nginx 0.8.34
*) Bugfix: nginx did not support all ciphers and digests used in client
certificates.
Thanks to Innocenty Enikeew.
*) Bugfix: nginx cached incorrectly FastCGI responses if there was
large stderr output before response.
*) Bugfix: nginx did not support HTTPS referrers.
*) Bugfix: nginx/Windows might not find file if path in configuration
was given in other character case; the bug had appeared in 0.8.34.
*) Bugfix: the $date_local variable has an incorrect value, if the "%s"
format was used.
Thanks to Maxim Dounin.
*) Bugfix: if ssl_session_cache was not set or was set to "none", then
during client certificate verify the error "session id context
uninitialized" might occur; the bug had appeared in 0.7.1.
*) Bugfix: a geo range returned default value if the range included two
or more /16 networks and did not begin at /16 network boundary.
*) Bugfix: a block used in a "stub" parameter of an "include" SSI
directive was output with "text/plain" MIME type.
*) Bugfix: $r->sleep() did not work; the bug had appeared in 0.8.11.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Wed, 03 Mar 2010 00:00:00 +0300 |
| parents | 43e02819c5cf |
| children | be4f34123024 |
comparison
equal
deleted
inserted
replaced
| 575:66adffc35a46 | 576:da3c99095432 |
|---|---|
| 104 SSL_library_init(); | 104 SSL_library_init(); |
| 105 SSL_load_error_strings(); | 105 SSL_load_error_strings(); |
| 106 | 106 |
| 107 ENGINE_load_builtin_engines(); | 107 ENGINE_load_builtin_engines(); |
| 108 | 108 |
| 109 OpenSSL_add_all_algorithms(); | |
| 110 | |
| 109 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 111 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
| 110 | 112 |
| 111 if (ngx_ssl_connection_index == -1) { | 113 if (ngx_ssl_connection_index == -1) { |
| 112 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); | 114 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); |
| 113 return NGX_ERROR; | 115 return NGX_ERROR; |
| 1306 | 1308 |
| 1307 n = ERR_GET_REASON(ERR_peek_error()); | 1309 n = ERR_GET_REASON(ERR_peek_error()); |
| 1308 | 1310 |
| 1309 /* handshake failures */ | 1311 /* handshake failures */ |
| 1310 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | 1312 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ |
| 1313 || n == SSL_R_LENGTH_MISMATCH /* 159 */ | |
| 1311 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ | 1314 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ |
| 1315 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ | |
| 1312 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ | 1316 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ |
| 1317 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ | |
| 1313 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ | 1318 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ |
| 1314 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ | 1319 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ |
| 1320 || n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */ | |
| 1315 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ | 1321 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ |
| 1316 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ | 1322 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ |
| 1317 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ | 1323 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ |
| 1318 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ | 1324 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ |
| 1319 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ | 1325 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ |
| 1422 if (builtin_session_cache == NGX_SSL_NO_SCACHE) { | 1428 if (builtin_session_cache == NGX_SSL_NO_SCACHE) { |
| 1423 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); | 1429 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); |
| 1424 return NGX_OK; | 1430 return NGX_OK; |
| 1425 } | 1431 } |
| 1426 | 1432 |
| 1433 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len); | |
| 1434 | |
| 1427 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { | 1435 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { |
| 1428 | 1436 |
| 1429 /* | 1437 /* |
| 1430 * If the server explicitly says that it does not support | 1438 * If the server explicitly says that it does not support |
| 1431 * session reuse (see SSL_SESS_CACHE_OFF above), then | 1439 * session reuse (see SSL_SESS_CACHE_OFF above), then |
| 1452 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) { | 1460 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) { |
| 1453 cache_mode |= SSL_SESS_CACHE_NO_INTERNAL; | 1461 cache_mode |= SSL_SESS_CACHE_NO_INTERNAL; |
| 1454 } | 1462 } |
| 1455 | 1463 |
| 1456 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode); | 1464 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode); |
| 1457 | |
| 1458 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len); | |
| 1459 | 1465 |
| 1460 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) { | 1466 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) { |
| 1461 | 1467 |
| 1462 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) { | 1468 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) { |
| 1463 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache); | 1469 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache); |
| 2309 | 2315 |
| 2310 | 2316 |
| 2311 static void | 2317 static void |
| 2312 ngx_openssl_exit(ngx_cycle_t *cycle) | 2318 ngx_openssl_exit(ngx_cycle_t *cycle) |
| 2313 { | 2319 { |
| 2320 EVP_cleanup(); | |
| 2314 ENGINE_cleanup(); | 2321 ENGINE_cleanup(); |
| 2315 } | 2322 } |