Mercurial > hg > nginx-vendor-0-7
comparison src/mail/ngx_mail_ssl_module.c @ 502:89dc5654117c NGINX_0_7_63
nginx 0.7.63
*) Security: now "/../" are disabled in "Destination" request header
line.
*) Change: minimum supported OpenSSL version is 0.9.7.
*) Change: the "ask" parameter of the "ssl_verify_client" directive was
changed to the "optional" parameter and now it checks a client
certificate if it was offered.
Thanks to Brice Figureau.
*) Feature: now the "-V" switch shows TLS SNI support.
*) Feature: the $ssl_client_verify variable.
Thanks to Brice Figureau.
*) Feature: the "ssl_crl" directive.
Thanks to Brice Figureau.
*) Bugfix: the $ssl_client_cert variable usage corrupted memory; the
bug had appeared in 0.7.7.
Thanks to Sergey Zhuravlev.
*) Feature: now the start cache loader runs in a separate process; this
should improve large caches handling.
*) Feature: now temporary files and permanent storage area may reside
at different file systems.
*) Bugfix: nginx counted incorrectly disk cache size.
*) Change: now directive "gzip_disable msie6" does not disable gzipping
for MSIE 6.0 SV1.
*) Bugfix: nginx always added "Vary: Accept-Encoding" response header
line, if both "gzip_static" and "gzip_vary" were on.
*) Feature: the "proxy" parameter of the "geo" directive.
*) Feature: the ngx_http_geoip_module.
*) Feature: the "limit_rate_after" directive.
Thanks to Ivan Debnar.
*) Feature: the "limit_req_log_level" and "limit_conn_log_level"
directives.
*) Bugfix: now "limit_req" directive conforms to the leaky bucket
algorithm.
Thanks to Maxim Dounin.
*) Bugfix: in ngx_http_limit_req_module.
Thanks to Maxim Dounin.
*) Bugfix: now nginx allows underscores in a request method.
*) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did
not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate",
"X-Accel-Buffering", and "X-Accel-Charset" lines from backend
response header.
Thanks to Maxim Dounin.
*) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend
response header lines; the bug had appeared in 0.7.44.
Thanks to Maxim Dounin.
*) Feature: the "image_filter_transparency" directive.
*) Feature: the "image_filter" directive supports variables for setting
size.
*) Bugfix: in PNG alpha-channel support in the
ngx_http_image_filter_module.
*) Bugfix: in transparency support in the ngx_http_image_filter_module.
*) Feature: now several "perl_modules" directives may be used.
*) Bugfix: ngx_http_perl_module responses did not work in subrequests.
*) Bugfix: nginx sent '\0' in a "Location" response header line on
MKCOL request.
Thanks to Xie Zhenye.
*) Bugfix: an "error_page" directive did not redirect a 413 error; the
bug had appeared in 0.6.10.
*) Bugfix: in memory allocation error handling.
Thanks to Maxim Dounin and Kirill A. Korinskiy.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Mon, 26 Oct 2009 00:00:00 +0300 |
| parents | 392c16f2d858 |
| children | b9fdcaf2062b |
comparison
equal
deleted
inserted
replaced
| 501:dc87c92181c7 | 502:89dc5654117c |
|---|---|
| 20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, | 20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, |
| 21 void *conf); | 21 void *conf); |
| 22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
| 23 void *conf); | 23 void *conf); |
| 24 | 24 |
| 25 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
| 26 | |
| 27 static char *ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 28 void *conf); | |
| 29 | |
| 30 static char ngx_mail_ssl_openssl097[] = "OpenSSL 0.9.7 and higher"; | |
| 31 | |
| 32 #endif | |
| 33 | |
| 34 | 25 |
| 35 static ngx_conf_enum_t ngx_http_starttls_state[] = { | 26 static ngx_conf_enum_t ngx_http_starttls_state[] = { |
| 36 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, | 27 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, |
| 37 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, | 28 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, |
| 38 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, | 29 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, |
| 100 offsetof(ngx_mail_ssl_conf_t, ciphers), | 91 offsetof(ngx_mail_ssl_conf_t, ciphers), |
| 101 NULL }, | 92 NULL }, |
| 102 | 93 |
| 103 { ngx_string("ssl_prefer_server_ciphers"), | 94 { ngx_string("ssl_prefer_server_ciphers"), |
| 104 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, | 95 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
| 105 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
| 106 ngx_conf_set_flag_slot, | 96 ngx_conf_set_flag_slot, |
| 107 NGX_MAIL_SRV_CONF_OFFSET, | 97 NGX_MAIL_SRV_CONF_OFFSET, |
| 108 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), | 98 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), |
| 109 NULL }, | 99 NULL }, |
| 110 #else | |
| 111 ngx_mail_ssl_nosupported, 0, 0, ngx_mail_ssl_openssl097 }, | |
| 112 #endif | |
| 113 | 100 |
| 114 { ngx_string("ssl_session_cache"), | 101 { ngx_string("ssl_session_cache"), |
| 115 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, | 102 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, |
| 116 ngx_mail_ssl_session_cache, | 103 ngx_mail_ssl_session_cache, |
| 117 NGX_MAIL_SRV_CONF_OFFSET, | 104 NGX_MAIL_SRV_CONF_OFFSET, |
| 164 { | 151 { |
| 165 ngx_mail_ssl_conf_t *scf; | 152 ngx_mail_ssl_conf_t *scf; |
| 166 | 153 |
| 167 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t)); | 154 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t)); |
| 168 if (scf == NULL) { | 155 if (scf == NULL) { |
| 169 return NGX_CONF_ERROR; | 156 return NULL; |
| 170 } | 157 } |
| 171 | 158 |
| 172 /* | 159 /* |
| 173 * set by ngx_pcalloc(): | 160 * set by ngx_pcalloc(): |
| 174 * | 161 * |
| 295 "SSL_CTX_set_cipher_list(\"%V\") failed", | 282 "SSL_CTX_set_cipher_list(\"%V\") failed", |
| 296 &conf->ciphers); | 283 &conf->ciphers); |
| 297 } | 284 } |
| 298 } | 285 } |
| 299 | 286 |
| 300 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
| 301 | |
| 302 if (conf->prefer_server_ciphers) { | 287 if (conf->prefer_server_ciphers) { |
| 303 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | 288 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |
| 304 } | 289 } |
| 305 | |
| 306 #endif | |
| 307 | 290 |
| 308 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 291 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
| 309 return NGX_CONF_ERROR; | 292 return NGX_CONF_ERROR; |
| 310 } | 293 } |
| 311 | 294 |
| 490 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 473 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
| 491 "invalid session cache \"%V\"", &value[i]); | 474 "invalid session cache \"%V\"", &value[i]); |
| 492 | 475 |
| 493 return NGX_CONF_ERROR; | 476 return NGX_CONF_ERROR; |
| 494 } | 477 } |
| 495 | |
| 496 | |
| 497 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
| 498 | |
| 499 static char * | |
| 500 ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 501 { | |
| 502 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
| 503 "\"%V\" directive is available only in %s,", | |
| 504 &cmd->name, cmd->post); | |
| 505 | |
| 506 return NGX_CONF_ERROR; | |
| 507 } | |
| 508 | |
| 509 #endif |