Mercurial > hg > nginx-vendor-1-0
comparison src/http/ngx_http_request.c @ 510:24b676623d4f NGINX_0_8_7
nginx 0.8.7
*) Change: minimum supported OpenSSL version is 0.9.7.
*) Change: the "ask" parameter of the "ssl_verify_client" directive was
changed to the "optional" parameter and now it checks a client
certificate if it was offered.
Thanks to Brice Figureau.
*) Feature: the $ssl_client_verify variable.
Thanks to Brice Figureau.
*) Feature: the "ssl_crl" directive.
Thanks to Brice Figureau.
*) Feature: the "proxy" parameter of the "geo" directive.
*) Feature: the "image_filter" directive supports variables for setting
size.
*) Bugfix: the $ssl_client_cert variable usage corrupted memory; the
bug had appeared in 0.7.7.
Thanks to Sergey Zhuravlev.
*) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did
not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate",
"X-Accel-Buffering", and "X-Accel-Charset" lines from backend
response header.
Thanks to Maxim Dounin.
*) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend
response header lines; the bug had appeared in 0.7.44.
Thanks to Maxim Dounin.
*) Bugfix: the "[alert] zero size buf" error if subrequest returns an
empty response; the bug had appeared in 0.8.5.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 27 Jul 2009 00:00:00 +0400 |
parents | 4b0d7f0bf22b |
children | 86dad910eeb6 |
comparison
equal
deleted
inserted
replaced
509:41f4e459ace8 | 510:24b676623d4f |
---|---|
127 ngx_http_process_unique_header_line }, | 127 ngx_http_process_unique_header_line }, |
128 | 128 |
129 { ngx_string("Keep-Alive"), offsetof(ngx_http_headers_in_t, keep_alive), | 129 { ngx_string("Keep-Alive"), offsetof(ngx_http_headers_in_t, keep_alive), |
130 ngx_http_process_header_line }, | 130 ngx_http_process_header_line }, |
131 | 131 |
132 #if (NGX_HTTP_PROXY || NGX_HTTP_REALIP) | 132 #if (NGX_HTTP_PROXY || NGX_HTTP_REALIP || NGX_HTTP_GEO) |
133 { ngx_string("X-Forwarded-For"), | 133 { ngx_string("X-Forwarded-For"), |
134 offsetof(ngx_http_headers_in_t, x_forwarded_for), | 134 offsetof(ngx_http_headers_in_t, x_forwarded_for), |
135 ngx_http_process_header_line }, | 135 ngx_http_process_header_line }, |
136 #endif | 136 #endif |
137 | 137 |
382 r->main_conf = cscf->ctx->main_conf; | 382 r->main_conf = cscf->ctx->main_conf; |
383 r->srv_conf = cscf->ctx->srv_conf; | 383 r->srv_conf = cscf->ctx->srv_conf; |
384 r->loc_conf = cscf->ctx->loc_conf; | 384 r->loc_conf = cscf->ctx->loc_conf; |
385 | 385 |
386 rev->handler = ngx_http_process_request_line; | 386 rev->handler = ngx_http_process_request_line; |
387 r->read_event_handler = ngx_http_block_reading; | |
387 | 388 |
388 #if (NGX_HTTP_SSL) | 389 #if (NGX_HTTP_SSL) |
389 | 390 |
390 { | 391 { |
391 ngx_http_ssl_srv_conf_t *sscf; | 392 ngx_http_ssl_srv_conf_t *sscf; |
1522 X509 *cert; | 1523 X509 *cert; |
1523 ngx_http_ssl_srv_conf_t *sscf; | 1524 ngx_http_ssl_srv_conf_t *sscf; |
1524 | 1525 |
1525 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); | 1526 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); |
1526 | 1527 |
1527 if (sscf->verify == 1) { | 1528 if (sscf->verify) { |
1528 rc = SSL_get_verify_result(c->ssl->connection); | 1529 rc = SSL_get_verify_result(c->ssl->connection); |
1529 | 1530 |
1530 if (rc != X509_V_OK) { | 1531 if (rc != X509_V_OK) { |
1531 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1532 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1532 "client SSL certificate verify error: (%l:%s)", | 1533 "client SSL certificate verify error: (%l:%s)", |
1537 | 1538 |
1538 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); | 1539 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); |
1539 return; | 1540 return; |
1540 } | 1541 } |
1541 | 1542 |
1542 cert = SSL_get_peer_certificate(c->ssl->connection); | 1543 if (sscf->verify == 1) { |
1543 | 1544 cert = SSL_get_peer_certificate(c->ssl->connection); |
1544 if (cert == NULL) { | 1545 |
1545 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1546 if (cert == NULL) { |
1546 "client sent no required SSL certificate"); | 1547 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1547 | 1548 "client sent no required SSL certificate"); |
1548 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | 1549 |
1550 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | |
1549 (SSL_get0_session(c->ssl->connection))); | 1551 (SSL_get0_session(c->ssl->connection))); |
1550 | 1552 |
1551 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); | 1553 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); |
1552 return; | 1554 return; |
1553 } | 1555 } |
1554 | 1556 |
1555 X509_free(cert); | 1557 X509_free(cert); |
1558 } | |
1556 } | 1559 } |
1557 } | 1560 } |
1558 | 1561 |
1559 #endif | 1562 #endif |
1560 | 1563 |
2713 | 2716 |
2714 if (r == r->main && !r->post_action) { | 2717 if (r == r->main && !r->post_action) { |
2715 b->last_buf = 1; | 2718 b->last_buf = 1; |
2716 | 2719 |
2717 } else { | 2720 } else { |
2721 b->sync = 1; | |
2718 b->last_in_chain = 1; | 2722 b->last_in_chain = 1; |
2719 } | 2723 } |
2720 } | 2724 } |
2721 | 2725 |
2722 if (flags & NGX_HTTP_FLUSH) { | 2726 if (flags & NGX_HTTP_FLUSH) { |