Mercurial > hg > nginx-vendor-0-7
comparison src/mail/ngx_mail_ssl_module.c @ 502:89dc5654117c NGINX_0_7_63
nginx 0.7.63
*) Security: now "/../" are disabled in "Destination" request header
line.
*) Change: minimum supported OpenSSL version is 0.9.7.
*) Change: the "ask" parameter of the "ssl_verify_client" directive was
changed to the "optional" parameter and now it checks a client
certificate if it was offered.
Thanks to Brice Figureau.
*) Feature: now the "-V" switch shows TLS SNI support.
*) Feature: the $ssl_client_verify variable.
Thanks to Brice Figureau.
*) Feature: the "ssl_crl" directive.
Thanks to Brice Figureau.
*) Bugfix: the $ssl_client_cert variable usage corrupted memory; the
bug had appeared in 0.7.7.
Thanks to Sergey Zhuravlev.
*) Feature: now the start cache loader runs in a separate process; this
should improve large caches handling.
*) Feature: now temporary files and permanent storage area may reside
at different file systems.
*) Bugfix: nginx counted incorrectly disk cache size.
*) Change: now directive "gzip_disable msie6" does not disable gzipping
for MSIE 6.0 SV1.
*) Bugfix: nginx always added "Vary: Accept-Encoding" response header
line, if both "gzip_static" and "gzip_vary" were on.
*) Feature: the "proxy" parameter of the "geo" directive.
*) Feature: the ngx_http_geoip_module.
*) Feature: the "limit_rate_after" directive.
Thanks to Ivan Debnar.
*) Feature: the "limit_req_log_level" and "limit_conn_log_level"
directives.
*) Bugfix: now "limit_req" directive conforms to the leaky bucket
algorithm.
Thanks to Maxim Dounin.
*) Bugfix: in ngx_http_limit_req_module.
Thanks to Maxim Dounin.
*) Bugfix: now nginx allows underscores in a request method.
*) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did
not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate",
"X-Accel-Buffering", and "X-Accel-Charset" lines from backend
response header.
Thanks to Maxim Dounin.
*) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend
response header lines; the bug had appeared in 0.7.44.
Thanks to Maxim Dounin.
*) Feature: the "image_filter_transparency" directive.
*) Feature: the "image_filter" directive supports variables for setting
size.
*) Bugfix: in PNG alpha-channel support in the
ngx_http_image_filter_module.
*) Bugfix: in transparency support in the ngx_http_image_filter_module.
*) Feature: now several "perl_modules" directives may be used.
*) Bugfix: ngx_http_perl_module responses did not work in subrequests.
*) Bugfix: nginx sent '\0' in a "Location" response header line on
MKCOL request.
Thanks to Xie Zhenye.
*) Bugfix: an "error_page" directive did not redirect a 413 error; the
bug had appeared in 0.6.10.
*) Bugfix: in memory allocation error handling.
Thanks to Maxim Dounin and Kirill A. Korinskiy.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 26 Oct 2009 00:00:00 +0300 |
parents | 392c16f2d858 |
children | b9fdcaf2062b |
comparison
equal
deleted
inserted
replaced
501:dc87c92181c7 | 502:89dc5654117c |
---|---|
20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, | 20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, |
21 void *conf); | 21 void *conf); |
22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
23 void *conf); | 23 void *conf); |
24 | 24 |
25 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
26 | |
27 static char *ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | |
28 void *conf); | |
29 | |
30 static char ngx_mail_ssl_openssl097[] = "OpenSSL 0.9.7 and higher"; | |
31 | |
32 #endif | |
33 | |
34 | 25 |
35 static ngx_conf_enum_t ngx_http_starttls_state[] = { | 26 static ngx_conf_enum_t ngx_http_starttls_state[] = { |
36 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, | 27 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, |
37 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, | 28 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, |
38 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, | 29 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, |
100 offsetof(ngx_mail_ssl_conf_t, ciphers), | 91 offsetof(ngx_mail_ssl_conf_t, ciphers), |
101 NULL }, | 92 NULL }, |
102 | 93 |
103 { ngx_string("ssl_prefer_server_ciphers"), | 94 { ngx_string("ssl_prefer_server_ciphers"), |
104 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, | 95 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
105 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
106 ngx_conf_set_flag_slot, | 96 ngx_conf_set_flag_slot, |
107 NGX_MAIL_SRV_CONF_OFFSET, | 97 NGX_MAIL_SRV_CONF_OFFSET, |
108 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), | 98 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), |
109 NULL }, | 99 NULL }, |
110 #else | |
111 ngx_mail_ssl_nosupported, 0, 0, ngx_mail_ssl_openssl097 }, | |
112 #endif | |
113 | 100 |
114 { ngx_string("ssl_session_cache"), | 101 { ngx_string("ssl_session_cache"), |
115 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, | 102 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, |
116 ngx_mail_ssl_session_cache, | 103 ngx_mail_ssl_session_cache, |
117 NGX_MAIL_SRV_CONF_OFFSET, | 104 NGX_MAIL_SRV_CONF_OFFSET, |
164 { | 151 { |
165 ngx_mail_ssl_conf_t *scf; | 152 ngx_mail_ssl_conf_t *scf; |
166 | 153 |
167 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t)); | 154 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t)); |
168 if (scf == NULL) { | 155 if (scf == NULL) { |
169 return NGX_CONF_ERROR; | 156 return NULL; |
170 } | 157 } |
171 | 158 |
172 /* | 159 /* |
173 * set by ngx_pcalloc(): | 160 * set by ngx_pcalloc(): |
174 * | 161 * |
295 "SSL_CTX_set_cipher_list(\"%V\") failed", | 282 "SSL_CTX_set_cipher_list(\"%V\") failed", |
296 &conf->ciphers); | 283 &conf->ciphers); |
297 } | 284 } |
298 } | 285 } |
299 | 286 |
300 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
301 | |
302 if (conf->prefer_server_ciphers) { | 287 if (conf->prefer_server_ciphers) { |
303 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | 288 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |
304 } | 289 } |
305 | |
306 #endif | |
307 | 290 |
308 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 291 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
309 return NGX_CONF_ERROR; | 292 return NGX_CONF_ERROR; |
310 } | 293 } |
311 | 294 |
490 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 473 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
491 "invalid session cache \"%V\"", &value[i]); | 474 "invalid session cache \"%V\"", &value[i]); |
492 | 475 |
493 return NGX_CONF_ERROR; | 476 return NGX_CONF_ERROR; |
494 } | 477 } |
495 | |
496 | |
497 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
498 | |
499 static char * | |
500 ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
501 { | |
502 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
503 "\"%V\" directive is available only in %s,", | |
504 &cmd->name, cmd->post); | |
505 | |
506 return NGX_CONF_ERROR; | |
507 } | |
508 | |
509 #endif |