Mercurial > hg > nginx-vendor-0-7
annotate src/os/unix/ngx_user.c @ 502:89dc5654117c NGINX_0_7_63
nginx 0.7.63
*) Security: now "/../" are disabled in "Destination" request header
line.
*) Change: minimum supported OpenSSL version is 0.9.7.
*) Change: the "ask" parameter of the "ssl_verify_client" directive was
changed to the "optional" parameter and now it checks a client
certificate if it was offered.
Thanks to Brice Figureau.
*) Feature: now the "-V" switch shows TLS SNI support.
*) Feature: the $ssl_client_verify variable.
Thanks to Brice Figureau.
*) Feature: the "ssl_crl" directive.
Thanks to Brice Figureau.
*) Bugfix: the $ssl_client_cert variable usage corrupted memory; the
bug had appeared in 0.7.7.
Thanks to Sergey Zhuravlev.
*) Feature: now the start cache loader runs in a separate process; this
should improve large caches handling.
*) Feature: now temporary files and permanent storage area may reside
at different file systems.
*) Bugfix: nginx counted incorrectly disk cache size.
*) Change: now directive "gzip_disable msie6" does not disable gzipping
for MSIE 6.0 SV1.
*) Bugfix: nginx always added "Vary: Accept-Encoding" response header
line, if both "gzip_static" and "gzip_vary" were on.
*) Feature: the "proxy" parameter of the "geo" directive.
*) Feature: the ngx_http_geoip_module.
*) Feature: the "limit_rate_after" directive.
Thanks to Ivan Debnar.
*) Feature: the "limit_req_log_level" and "limit_conn_log_level"
directives.
*) Bugfix: now "limit_req" directive conforms to the leaky bucket
algorithm.
Thanks to Maxim Dounin.
*) Bugfix: in ngx_http_limit_req_module.
Thanks to Maxim Dounin.
*) Bugfix: now nginx allows underscores in a request method.
*) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did
not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate",
"X-Accel-Buffering", and "X-Accel-Charset" lines from backend
response header.
Thanks to Maxim Dounin.
*) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend
response header lines; the bug had appeared in 0.7.44.
Thanks to Maxim Dounin.
*) Feature: the "image_filter_transparency" directive.
*) Feature: the "image_filter" directive supports variables for setting
size.
*) Bugfix: in PNG alpha-channel support in the
ngx_http_image_filter_module.
*) Bugfix: in transparency support in the ngx_http_image_filter_module.
*) Feature: now several "perl_modules" directives may be used.
*) Bugfix: ngx_http_perl_module responses did not work in subrequests.
*) Bugfix: nginx sent '\0' in a "Location" response header line on
MKCOL request.
Thanks to Xie Zhenye.
*) Bugfix: an "error_page" directive did not redirect a 413 error; the
bug had appeared in 0.6.10.
*) Bugfix: in memory allocation error handling.
Thanks to Maxim Dounin and Kirill A. Korinskiy.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 26 Oct 2009 00:00:00 +0300 |
parents | 984bb0b1399b |
children | e1f4748dc78e |
rev | line source |
---|---|
52 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 | |
10 | |
11 /* | |
12 * Solaris has thread-safe crypt() | |
13 * Linux has crypt_r(); "struct crypt_data" is more than 128K | |
14 * FreeBSD needs the mutex to protect crypt() | |
15 * | |
16 * TODO: | |
17 * ngx_crypt_init() to init mutex | |
18 */ | |
19 | |
20 | |
54 | 21 #if (NGX_CRYPT) |
22 | |
76 | 23 #if (NGX_HAVE_GNU_CRYPT_R) |
52 | 24 |
25 ngx_int_t | |
26 ngx_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) | |
27 { | |
28 char *value; | |
29 size_t len; | |
58 | 30 ngx_err_t err; |
52 | 31 struct crypt_data cd; |
32 | |
58 | 33 ngx_set_errno(0); |
34 | |
35 cd.initialized = 0; | |
78 | 36 /* work around the glibc bug */ |
37 cd.current_salt[0] = ~salt[0]; | |
58 | 38 |
52 | 39 value = crypt_r((char *) key, (char *) salt, &cd); |
40 | |
58 | 41 err = ngx_errno; |
42 | |
43 if (err == 0) { | |
52 | 44 len = ngx_strlen(value); |
45 | |
382 | 46 *encrypted = ngx_pnalloc(pool, len); |
52 | 47 if (*encrypted) { |
48 ngx_memcpy(*encrypted, value, len + 1); | |
49 return NGX_OK; | |
50 } | |
51 } | |
52 | |
58 | 53 ngx_log_error(NGX_LOG_CRIT, pool->log, err, "crypt_r() failed"); |
54 | |
52 | 55 return NGX_ERROR; |
56 } | |
57 | |
58 #else | |
59 | |
60 ngx_int_t | |
61 ngx_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) | |
62 { | |
63 char *value; | |
64 size_t len; | |
58 | 65 ngx_err_t err; |
52 | 66 |
67 #if (NGX_THREADS && NGX_NONREENTRANT_CRYPT) | |
68 | |
69 /* crypt() is a time consuming funtion, so we only try to lock */ | |
70 | |
71 if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) { | |
72 return NGX_AGAIN; | |
73 } | |
74 | |
75 #endif | |
76 | |
58 | 77 ngx_set_errno(0); |
52 | 78 |
79 value = crypt((char *) key, (char *) salt); | |
80 | |
81 if (value) { | |
82 len = ngx_strlen(value); | |
83 | |
382 | 84 *encrypted = ngx_pnalloc(pool, len); |
52 | 85 if (*encrypted) { |
86 ngx_memcpy(*encrypted, value, len + 1); | |
87 } | |
58 | 88 |
89 #if (NGX_THREADS && NGX_NONREENTRANT_CRYPT) | |
90 ngx_mutex_unlock(ngx_crypt_mutex); | |
91 #endif | |
92 return NGX_OK; | |
52 | 93 } |
94 | |
58 | 95 err = ngx_errno; |
96 | |
52 | 97 #if (NGX_THREADS && NGX_NONREENTRANT_CRYPT) |
98 ngx_mutex_unlock(ngx_crypt_mutex); | |
99 #endif | |
100 | |
58 | 101 ngx_log_error(NGX_LOG_CRIT, pool->log, err, "crypt() failed"); |
102 | |
103 return NGX_ERROR; | |
52 | 104 } |
105 | |
106 #endif | |
54 | 107 |
108 #endif /* NGX_CRYPT */ |