Mercurial > hg > nginx-vendor-0-7
comparison src/event/ngx_event_openssl.c @ 508:68c0ae0a4959 NGINX_0_7_66
nginx 0.7.66
*) Security: now nginx/Windows ignores default file stream name.
Thanks to Jose Antonio Vazquez Gonzalez.
*) Change: now the charset filter runs before the SSI filter.
*) Change: now no message is written in an error log if a variable is
not found by $r->variable() method.
*) Change: now keepalive connections after POST requests are not
disabled for MSIE 7.0+.
Thanks to Adam Lounds.
*) Feature: the "proxy_no_cache" and "fastcgi_no_cache" directives.
*) Feature: now the "rewrite" directive does a redirect automatically
if the $scheme variable is used.
Thanks to Piotr Sikora.
*) Feature: the "chunked_transfer_encoding" directive.
*) Feature: the $geoip_city_continent_code, $geoip_latitude, and
$geoip_longitude variables.
Thanks to Arvind Sundararajan.
*) Feature: now the ngx_http_image_filter_module deletes always EXIF
and other application specific data if the data consume more than 5%
of a JPEG file.
*) Feature: now the "msie_padding" directive works for Chrome too.
*) Workaround: now keepalive connections are disabled for Safari.
Thanks to Joshua Sierles.
*) Bugfix: nginx ignored the "private" and "no-store" values in the
"Cache-Control" backend response header line.
*) Bugfix: an "&" character was not escaped when it was copied in
arguments part in a rewrite rule.
*) Bugfix: nginx might be terminated abnormally while a signal
processing or if the directive "timer_resolution" was used on
platforms which do not support kqueue or eventport notification
methods.
Thanks to George Xie and Maxim Dounin.
*) Bugfix: if temporary files and permanent storage area resided at
different file systems, then permanent file modification times were
incorrect.
Thanks to Maxim Dounin.
*) Bugfix: ngx_http_memcached_module might issue the error message
"memcached sent invalid trailer".
Thanks to Maxim Dounin.
*) Bugfix: nginx could not built zlib-1.2.4 library using the library
sources.
Thanks to Maxim Dounin.
*) Bugfix: values of the $query_string, $arg_..., etc. variables cached
in main request were used by the SSI module in subrequests.
*) Bugfix: nginx did not support HTTPS referrers.
*) Bugfix: nginx/Windows might not find file if path in configuration
was given in other character case; the bug had appeared in 0.7.65.
*) Bugfix: the $date_local variable has an incorrect value, if the "%s"
format was used.
Thanks to Maxim Dounin.
*) Bugfix: nginx did not support all ciphers and digests used in client
certificates.
Thanks to Innocenty Enikeew.
*) Bugfix: if ssl_session_cache was not set or was set to "none", then
during client certificate verify the error "session id context
uninitialized" might occur; the bug had appeared in 0.7.1.
*) Bugfix: OpenSSL-1.0.0 compatibility on 64-bit Linux.
Thanks to Maxim Dounin.
*) Bugfix: a geo range returned default value if the range included two
or more /16 networks and did not begin at /16 network boundary.
*) Bugfix: the $uid_got variable might not be used in the SSI and perl
modules.
*) Bugfix: a worker process hung if a FIFO file was requested.
Thanks to Vicente Aguilar and Maxim Dounin.
*) Bugfix: a variable value was repeatedly encoded after each an "echo"
SSI-command output; the bug had appeared in 0.6.14.
*) Bugfix: a "stub" parameter of an "include" SSI directive was not
used, if empty response has 200 status code.
*) Bugfix: a block used in a "stub" parameter of an "include" SSI
directive was output with "text/plain" MIME type.
*) Bugfix: if a proxied or FastCGI request was internally redirected to
another proxied or FastCGI location, then a segmentation fault might
occur in a worker process; the bug had appeared in 0.7.65.
Thanks to Yichun Zhang.
*) Bugfix: IMAP connections may hang until they timed out while talking
to Zimbra server.
Thanks to Alan Batie.
*) Bugfix: nginx did not support chunked transfer encoding for 201
responses.
Thanks to Julian Reich.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 07 Jun 2010 00:00:00 +0400 |
parents | b9fdcaf2062b |
children |
comparison
equal
deleted
inserted
replaced
507:bfc170196f52 | 508:68c0ae0a4959 |
---|---|
104 SSL_library_init(); | 104 SSL_library_init(); |
105 SSL_load_error_strings(); | 105 SSL_load_error_strings(); |
106 | 106 |
107 ENGINE_load_builtin_engines(); | 107 ENGINE_load_builtin_engines(); |
108 | 108 |
109 OpenSSL_add_all_algorithms(); | |
110 | |
109 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 111 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
110 | 112 |
111 if (ngx_ssl_connection_index == -1) { | 113 if (ngx_ssl_connection_index == -1) { |
112 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); | 114 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); |
113 return NGX_ERROR; | 115 return NGX_ERROR; |
557 } | 559 } |
558 | 560 |
559 #if (NGX_DEBUG) | 561 #if (NGX_DEBUG) |
560 { | 562 { |
561 char buf[129], *s, *d; | 563 char buf[129], *s, *d; |
564 #if OPENSSL_VERSION_NUMBER >= 0x1000000fL | |
565 const | |
566 #endif | |
562 SSL_CIPHER *cipher; | 567 SSL_CIPHER *cipher; |
563 | 568 |
564 cipher = SSL_get_current_cipher(c->ssl->connection); | 569 cipher = SSL_get_current_cipher(c->ssl->connection); |
565 | 570 |
566 if (cipher) { | 571 if (cipher) { |
1306 | 1311 |
1307 n = ERR_GET_REASON(ERR_peek_error()); | 1312 n = ERR_GET_REASON(ERR_peek_error()); |
1308 | 1313 |
1309 /* handshake failures */ | 1314 /* handshake failures */ |
1310 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | 1315 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ |
1316 || n == SSL_R_LENGTH_MISMATCH /* 159 */ | |
1311 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ | 1317 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ |
1318 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ | |
1312 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ | 1319 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ |
1320 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ | |
1313 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ | 1321 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ |
1314 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ | 1322 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ |
1323 || n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */ | |
1315 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ | 1324 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ |
1316 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ | 1325 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ |
1317 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ | 1326 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ |
1318 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ | 1327 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ |
1319 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ | 1328 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ |
1422 if (builtin_session_cache == NGX_SSL_NO_SCACHE) { | 1431 if (builtin_session_cache == NGX_SSL_NO_SCACHE) { |
1423 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); | 1432 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); |
1424 return NGX_OK; | 1433 return NGX_OK; |
1425 } | 1434 } |
1426 | 1435 |
1436 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len); | |
1437 | |
1427 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { | 1438 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { |
1428 | 1439 |
1429 /* | 1440 /* |
1430 * If the server explicitly says that it does not support | 1441 * If the server explicitly says that it does not support |
1431 * session reuse (see SSL_SESS_CACHE_OFF above), then | 1442 * session reuse (see SSL_SESS_CACHE_OFF above), then |
1452 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) { | 1463 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) { |
1453 cache_mode |= SSL_SESS_CACHE_NO_INTERNAL; | 1464 cache_mode |= SSL_SESS_CACHE_NO_INTERNAL; |
1454 } | 1465 } |
1455 | 1466 |
1456 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode); | 1467 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode); |
1457 | |
1458 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len); | |
1459 | 1468 |
1460 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) { | 1469 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) { |
1461 | 1470 |
1462 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) { | 1471 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) { |
1463 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache); | 1472 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache); |
2309 | 2318 |
2310 | 2319 |
2311 static void | 2320 static void |
2312 ngx_openssl_exit(ngx_cycle_t *cycle) | 2321 ngx_openssl_exit(ngx_cycle_t *cycle) |
2313 { | 2322 { |
2323 EVP_cleanup(); | |
2314 ENGINE_cleanup(); | 2324 ENGINE_cleanup(); |
2315 } | 2325 } |