nginx-vendor-0-7: src/http/ngx_http

comparison src/http/ngx_http_request.c @ 502:89dc5654117c NGINX_0_7_63

nginx 0.7.63 *) Security: now "/../" are disabled in "Destination" request header line. *) Change: minimum supported OpenSSL version is 0.9.7. *) Change: the "ask" parameter of the "ssl_verify_client" directive was changed to the "optional" parameter and now it checks a client certificate if it was offered. Thanks to Brice Figureau. *) Feature: now the "-V" switch shows TLS SNI support. *) Feature: the $ssl_client_verify variable. Thanks to Brice Figureau. *) Feature: the "ssl_crl" directive. Thanks to Brice Figureau. *) Bugfix: the $ssl_client_cert variable usage corrupted memory; the bug had appeared in 0.7.7. Thanks to Sergey Zhuravlev. *) Feature: now the start cache loader runs in a separate process; this should improve large caches handling. *) Feature: now temporary files and permanent storage area may reside at different file systems. *) Bugfix: nginx counted incorrectly disk cache size. *) Change: now directive "gzip_disable msie6" does not disable gzipping for MSIE 6.0 SV1. *) Bugfix: nginx always added "Vary: Accept-Encoding" response header line, if both "gzip_static" and "gzip_vary" were on. *) Feature: the "proxy" parameter of the "geo" directive. *) Feature: the ngx_http_geoip_module. *) Feature: the "limit_rate_after" directive. Thanks to Ivan Debnar. *) Feature: the "limit_req_log_level" and "limit_conn_log_level" directives. *) Bugfix: now "limit_req" directive conforms to the leaky bucket algorithm. Thanks to Maxim Dounin. *) Bugfix: in ngx_http_limit_req_module. Thanks to Maxim Dounin. *) Bugfix: now nginx allows underscores in a request method. *) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate", "X-Accel-Buffering", and "X-Accel-Charset" lines from backend response header. Thanks to Maxim Dounin. *) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend response header lines; the bug had appeared in 0.7.44. Thanks to Maxim Dounin. *) Feature: the "image_filter_transparency" directive. *) Feature: the "image_filter" directive supports variables for setting size. *) Bugfix: in PNG alpha-channel support in the ngx_http_image_filter_module. *) Bugfix: in transparency support in the ngx_http_image_filter_module. *) Feature: now several "perl_modules" directives may be used. *) Bugfix: ngx_http_perl_module responses did not work in subrequests. *) Bugfix: nginx sent '\0' in a "Location" response header line on MKCOL request. Thanks to Xie Zhenye. *) Bugfix: an "error_page" directive did not redirect a 413 error; the bug had appeared in 0.6.10. *) Bugfix: in memory allocation error handling. Thanks to Maxim Dounin and Kirill A. Korinskiy.

author	Igor Sysoev <http://sysoev.ru>
date	Mon, 26 Oct 2009 00:00:00 +0300
parents	ed3d382670c7
children	706fef7f4dcc

comparison

equal deleted inserted replaced

-:dc87c92181c7
+:89dc5654117c
 ngx_http_process_unique_header_line },
 { ngx_string("Keep-Alive"), offsetof(ngx_http_headers_in_t, keep_alive),
 ngx_http_process_header_line },
-#if (NGX_HTTP_PROXY || NGX_HTTP_REALIP)
+#if (NGX_HTTP_PROXY || NGX_HTTP_REALIP || NGX_HTTP_GEO)
 { ngx_string("X-Forwarded-For"),
 offsetof(ngx_http_headers_in_t, x_forwarded_for),
 ngx_http_process_header_line },
 #endif
 r->main_conf = cscf->ctx->main_conf;
 r->srv_conf = cscf->ctx->srv_conf;
 r->loc_conf = cscf->ctx->loc_conf;
 rev->handler = ngx_http_process_request_line;
+r->read_event_handler = ngx_http_block_reading;
 #if (NGX_HTTP_SSL)
 {
 ngx_http_ssl_srv_conf_t  *sscf;
 if (ngx_list_init(&r->headers_out.headers, r->pool, 20,
 sizeof(ngx_table_elt_t))
 != NGX_OK)
 {
-ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ngx_destroy_pool(r->pool);
+ngx_http_close_connection(c);
 return;
 }
 r->ctx = ngx_pcalloc(r->pool, sizeof(void *) * ngx_http_max_module);
 if (r->ctx == NULL) {
-ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ngx_destroy_pool(r->pool);
+ngx_http_close_connection(c);
 return;
 }
 cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module);
 r->variables = ngx_pcalloc(r->pool, cmcf->variables.nelts
 * sizeof(ngx_http_variable_value_t));
 if (r->variables == NULL) {
-ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ngx_destroy_pool(r->pool);
+ngx_http_close_connection(c);
 return;
 }
 c->single_connection = 1;
 c->destroyed = 0;
 switch (msie[5]) {
 case '4':
 r->headers_in.msie4 = 1;
 /* fall through */
 case '5':
+r->headers_in.msie6 = 1;
+break;
 case '6':
-r->headers_in.msie6 = 1;
+if (ngx_strstrn(msie + 8, "SV1", 3 - 1) == NULL) {
+r->headers_in.msie6 = 1;
+}
+break;
 }
 }
 #if 0
 /* MSIE ignores the SSL "close notify" alert */
 X509                     *cert;
 ngx_http_ssl_srv_conf_t  *sscf;
 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
-if (sscf->verify == 1) {
+if (sscf->verify) {
 rc = SSL_get_verify_result(c->ssl->connection);
 if (rc != X509_V_OK) {
 ngx_log_error(NGX_LOG_INFO, c->log, 0,
 "client SSL certificate verify error: (%l:%s)",
 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
 return;
 }
-cert = SSL_get_peer_certificate(c->ssl->connection);
+if (sscf->verify == 1) {
+cert = SSL_get_peer_certificate(c->ssl->connection);
-if (cert == NULL) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
+if (cert == NULL) {
-"client sent no required SSL certificate");
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"client sent no required SSL certificate");
-ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ngx_ssl_remove_cached_session(sscf->ssl.ctx,
 (SSL_get0_session(c->ssl->connection)));
 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
 return;
 }
 X509_free(cert);
+}
 }
 }
 #endif
 if (b == NULL) {
 return NGX_ERROR;
 }
 if (flags & NGX_HTTP_LAST) {
-b->last_buf = 1;
+if (r == r->main && !r->post_action) {
+b->last_buf = 1;
+} else {
+b->sync = 1;
+b->last_in_chain = 1;
+}
 }
 if (flags & NGX_HTTP_FLUSH) {
 b->flush = 1;
 }

Mercurial > hg > nginx-vendor-0-7

comparison src/http/ngx_http_request.c @ 502:89dc5654117c NGINX_0_7_63