Mercurial > hg > nginx-vendor-0-7
diff src/event/ngx_event_openssl.c @ 506:b9fdcaf2062b NGINX_0_7_65
nginx 0.7.65
*) Security: now nginx/Windows ignores trailing spaces in URI.
Thanks to Dan Crowley, Core Security Technologies.
*) Security: now nginx/Windows ignores short files names.
Thanks to Dan Crowley, Core Security Technologies.
*) Change: now the "009" status code is written to an access log for
proxied HTTP/0.9 responses.
*) Change: now the default buffer size of the
"large_client_header_buffers" directive is 8K.
Thanks to Andrew Cholakian.
*) Change: now default SSL ciphers are "HIGH:!ADH:!MD5".
*) Change: now SSLv2 protocol is disabled by default.
*) Change: now $host variable value is always low case.
*) Feature: the conf/fastcgi.conf for simple FastCGI configurations.
*) Feature: now URI part is not required a "proxy_pass" directive if
variables are used.
*) Feature: the $ssl_session_id variable.
*) Bugfix: if a proxied or FastCGI request was internally redirected to
another proxied or FastCGI location, then $upstream_response_time
variable may have abnormally large value; the bug had appeared in
0.7.63.
*) Bugfix: if the "expires modified" set date in the past, then a
negative number was set in the "Cache-Control" response header
line.
Thanks to Alex Kapranoff.
*) Bugfix: nginx closed a connection if a cached response had an empty
body.
Thanks to Piotr Sikora.
*) Bugfix: nginx cached a 304 response if there was the "If-None-Match"
header line in a proxied request.
Thanks to Tim Dettrick and David Kostal.
*) Bugfix: nginx did not treat a comma as separator in the
"Cache-Control" backend response header line.
*) Bugfix: cached HTTP/0.9 responses were handled incorrectly.
*) Bugfix: nginx sent gzipped responses to clients those do not support
gzip, if "gzip_static on" and "gzip_vary off"; the bug had appeared
in 0.8.16.
*) Bugfix: nginx always added "Content-Encoding: gzip" response header
line in 304 responses sent by ngx_http_gzip_static_module.
*) Bugfix: the "!-x" operator did not work.
Thanks to Maxim Dounin.
*) Bugfix: a segmentation fault might occur in a worker process, if
limit_rate was used in HTTPS server.
Thanks to Maxim Dounin.
*) Bugfix: a segmentation fault might occur in a worker process while
$limit_rate logging.
Thanks to Maxim Dounin.
*) Bugfix: nginx did not support dates in 2038 year on 32-bit platforms;
*) Bugfix: nginx/Windows tried to delete a temporary file twice if the
file should replace an already existent file.
*) Bugfix: nginx/Windows tried to rename a temporary file twice if the
file should replace an already existent file.
*) Bugfix: nginx/Windows might not create temporary file, a cache file,
or "proxy/fastcgi_store"d file if a worker had no enough access
rights for top level directories.
*) Bugfix: in UTF-8 encoding support by "try_files" directive in
nginx/Windows.
*) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module.
Thanks to Maxim Dounin.
*) Bugfix: the ngx_http_autoindex_module did not show the trailing
slash in links to a directory; the bug had appeared in 0.7.15.
*) Bugfix: nginx did not close a log file set by the --error-log-path
configuration option; the bug had appeared in 0.7.53.
*) Bugfix: "addition_types" directive was incorrectly named
"addtion_types".
*) Bugfix: invalid request line in $request variable was written in
access_log only if error_log was set to "info" or "debug" level.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 01 Feb 2010 00:00:00 +0000 |
parents | 706fef7f4dcc |
children | 68c0ae0a4959 |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -986,7 +986,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, for ( ;; ) { - while (in && buf->last < buf->end) { + while (in && buf->last < buf->end && send < limit) { if (in->buf->last_buf || in->buf->flush) { flush = 1; } @@ -1013,8 +1013,8 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_memcpy(buf->last, in->buf->pos, size); buf->last += size; - in->buf->pos += size; + send += size; if (in->buf->pos == in->buf->last) { in = in->next; @@ -1039,7 +1039,6 @@ ngx_ssl_send_chain(ngx_connection_t *c, } buf->pos += n; - send += n; c->sent += n; if (n < size) { @@ -1313,6 +1312,7 @@ ngx_ssl_connection_error(ngx_connection_ || n == SSL_R_NO_SHARED_CIPHER /* 193 */ || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ || n == SSL_R_UNEXPECTED_RECORD /* 245 */ + || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ @@ -1628,7 +1628,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_ hash = ngx_crc32_short(sess->session_id, sess->session_id_length); ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, - "http ssl new session: %08XD:%d:%d", + "ssl new session: %08XD:%d:%d", hash, sess->session_id_length, len); sess_id->node.key = hash; @@ -1691,7 +1691,7 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_ *copy = 0; ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, - "http ssl get session: %08XD:%d", hash, len); + "ssl get session: %08XD:%d", hash, len); shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), ngx_ssl_session_cache_index); @@ -1805,7 +1805,7 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx hash = ngx_crc32_short(id, len); ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, - "http ssl remove session: %08XD:%uz", hash, len); + "ssl remove session: %08XD:%uz", hash, len); shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; @@ -1969,6 +1969,40 @@ ngx_ssl_get_cipher_name(ngx_connection_t ngx_int_t +ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + int len; + u_char *p, *buf; + SSL_SESSION *sess; + + sess = SSL_get0_session(c->ssl->connection); + + len = i2d_SSL_SESSION(sess, NULL); + + buf = ngx_alloc(len, c->log); + if (buf == NULL) { + return NGX_ERROR; + } + + s->len = 2 * len; + s->data = ngx_pnalloc(pool, 2 * len); + if (s->data == NULL) { + ngx_free(buf); + return NGX_ERROR; + } + + p = buf; + i2d_SSL_SESSION(sess, &p); + + ngx_hex_dump(s->data, buf, len); + + ngx_free(buf); + + return NGX_OK; +} + + +ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) { size_t len;