Mercurial > hg > nginx-vendor-0-7
view src/event/ngx_event_openssl.h @ 508:68c0ae0a4959 NGINX_0_7_66
nginx 0.7.66
*) Security: now nginx/Windows ignores default file stream name.
Thanks to Jose Antonio Vazquez Gonzalez.
*) Change: now the charset filter runs before the SSI filter.
*) Change: now no message is written in an error log if a variable is
not found by $r->variable() method.
*) Change: now keepalive connections after POST requests are not
disabled for MSIE 7.0+.
Thanks to Adam Lounds.
*) Feature: the "proxy_no_cache" and "fastcgi_no_cache" directives.
*) Feature: now the "rewrite" directive does a redirect automatically
if the $scheme variable is used.
Thanks to Piotr Sikora.
*) Feature: the "chunked_transfer_encoding" directive.
*) Feature: the $geoip_city_continent_code, $geoip_latitude, and
$geoip_longitude variables.
Thanks to Arvind Sundararajan.
*) Feature: now the ngx_http_image_filter_module deletes always EXIF
and other application specific data if the data consume more than 5%
of a JPEG file.
*) Feature: now the "msie_padding" directive works for Chrome too.
*) Workaround: now keepalive connections are disabled for Safari.
Thanks to Joshua Sierles.
*) Bugfix: nginx ignored the "private" and "no-store" values in the
"Cache-Control" backend response header line.
*) Bugfix: an "&" character was not escaped when it was copied in
arguments part in a rewrite rule.
*) Bugfix: nginx might be terminated abnormally while a signal
processing or if the directive "timer_resolution" was used on
platforms which do not support kqueue or eventport notification
methods.
Thanks to George Xie and Maxim Dounin.
*) Bugfix: if temporary files and permanent storage area resided at
different file systems, then permanent file modification times were
incorrect.
Thanks to Maxim Dounin.
*) Bugfix: ngx_http_memcached_module might issue the error message
"memcached sent invalid trailer".
Thanks to Maxim Dounin.
*) Bugfix: nginx could not built zlib-1.2.4 library using the library
sources.
Thanks to Maxim Dounin.
*) Bugfix: values of the $query_string, $arg_..., etc. variables cached
in main request were used by the SSI module in subrequests.
*) Bugfix: nginx did not support HTTPS referrers.
*) Bugfix: nginx/Windows might not find file if path in configuration
was given in other character case; the bug had appeared in 0.7.65.
*) Bugfix: the $date_local variable has an incorrect value, if the "%s"
format was used.
Thanks to Maxim Dounin.
*) Bugfix: nginx did not support all ciphers and digests used in client
certificates.
Thanks to Innocenty Enikeew.
*) Bugfix: if ssl_session_cache was not set or was set to "none", then
during client certificate verify the error "session id context
uninitialized" might occur; the bug had appeared in 0.7.1.
*) Bugfix: OpenSSL-1.0.0 compatibility on 64-bit Linux.
Thanks to Maxim Dounin.
*) Bugfix: a geo range returned default value if the range included two
or more /16 networks and did not begin at /16 network boundary.
*) Bugfix: the $uid_got variable might not be used in the SSI and perl
modules.
*) Bugfix: a worker process hung if a FIFO file was requested.
Thanks to Vicente Aguilar and Maxim Dounin.
*) Bugfix: a variable value was repeatedly encoded after each an "echo"
SSI-command output; the bug had appeared in 0.6.14.
*) Bugfix: a "stub" parameter of an "include" SSI directive was not
used, if empty response has 200 status code.
*) Bugfix: a block used in a "stub" parameter of an "include" SSI
directive was output with "text/plain" MIME type.
*) Bugfix: if a proxied or FastCGI request was internally redirected to
another proxied or FastCGI location, then a segmentation fault might
occur in a worker process; the bug had appeared in 0.7.65.
Thanks to Yichun Zhang.
*) Bugfix: IMAP connections may hang until they timed out while talking
to Zimbra server.
Thanks to Alan Batie.
*) Bugfix: nginx did not support chunked transfer encoding for 201
responses.
Thanks to Julian Reich.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 07 Jun 2010 00:00:00 +0400 |
parents | b9fdcaf2062b |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev */ #ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_ #define _NGX_EVENT_OPENSSL_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <openssl/ssl.h> #include <openssl/err.h> #include <openssl/conf.h> #include <openssl/engine.h> #include <openssl/evp.h> #define NGX_SSL_NAME "OpenSSL" #define ngx_ssl_session_t SSL_SESSION #define ngx_ssl_conn_t SSL typedef struct { SSL_CTX *ctx; ngx_log_t *log; } ngx_ssl_t; typedef struct { ngx_ssl_conn_t *connection; ngx_int_t last; ngx_buf_t *buf; ngx_connection_handler_pt handler; ngx_event_handler_pt saved_read_handler; ngx_event_handler_pt saved_write_handler; unsigned handshaked:1; unsigned renegotiation:1; unsigned buffer:1; unsigned no_wait_shutdown:1; unsigned no_send_shutdown:1; } ngx_ssl_connection_t; #define NGX_SSL_NO_SCACHE -2 #define NGX_SSL_NONE_SCACHE -3 #define NGX_SSL_NO_BUILTIN_SCACHE -4 #define NGX_SSL_DFLT_BUILTIN_SCACHE -5 #define NGX_SSL_MAX_SESSION_SIZE 4096 typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t; struct ngx_ssl_sess_id_s { ngx_rbtree_node_t node; u_char *id; size_t len; u_char *session; ngx_queue_t queue; time_t expire; #if (NGX_PTR_SIZE == 8) void *stub; u_char sess_id[32]; #endif }; typedef struct { ngx_rbtree_t session_rbtree; ngx_rbtree_node_t sentinel; ngx_queue_t expire_queue; } ngx_ssl_session_cache_t; #define NGX_SSL_SSLv2 2 #define NGX_SSL_SSLv3 4 #define NGX_SSL_TLSv1 8 #define NGX_SSL_BUFFER 1 #define NGX_SSL_CLIENT 2 #define NGX_SSL_BUFSIZE 16384 ngx_int_t ngx_ssl_init(ngx_log_t *log); ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data); ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_str_t *key); ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_int_t depth); ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); ngx_int_t ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl); ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags); void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess); ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session); #define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection) #define ngx_ssl_free_session SSL_SESSION_free #define ngx_ssl_get_connection(ssl_conn) \ SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index) #define ngx_ssl_get_server_conf(ssl_ctx) \ SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index) ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_handshake(ngx_connection_t *c); ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size); ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl); ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit); void ngx_ssl_free_buffer(ngx_connection_t *c); ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c); void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...); void ngx_ssl_cleanup_ctx(void *data); extern int ngx_ssl_connection_index; extern int ngx_ssl_server_conf_index; extern int ngx_ssl_session_cache_index; #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */