Mercurial > hg > nginx-vendor-1-0
comparison src/http/modules/ngx_http_ssl_module.c @ 92:45945fa8b8ba NGINX_0_2_0
nginx 0.2.0
*) The pid-file names used during online upgrade was changed and now is
not required a manual rename operation. The old master process adds
the ".oldbin" suffix to its pid-file and executes a new binary file.
The new master process creates usual pid-file without the ".newbin"
suffix. If the master process exits, then old master process renames
back its pid-file with the ".oldbin" suffix to the pid-file without
suffix.
*) Change: the "worker_connections" directive, new name of the
"connections" directive; now the directive specifies maximum number
of connections, but not maximum socket descriptor number.
*) Feature: SSL supports the session cache inside one worker process.
*) Feature: the "satisfy_any" directive.
*) Change: the ngx_http_access_module and ngx_http_auth_basic_module do
not run for subrequests.
*) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending"
directives.
*) Bugfix: if all backend using in load-balancing failed after one
error, then nginx did not try do connect to them during 60 seconds.
*) Bugfix: in IMAP/POP3 command argument parsing.
Thanks to Rob Mueller.
*) Bugfix: errors while using SSL in IMAP/POP3 proxy.
*) Bugfix: errors while using SSI and gzipping.
*) Bugfix: the "Expires" and "Cache-Control" header lines were omitted
from the 304 responses.
Thanks to Alexandr Kukushkin.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Fri, 23 Sep 2005 00:00:00 +0400 |
parents | 71c46860eb55 |
children | ca4f70b3ccc6 |
comparison
equal
deleted
inserted
replaced
91:c3eee83ea942 | 92:45945fa8b8ba |
---|---|
81 NULL, /* exit master */ | 81 NULL, /* exit master */ |
82 NGX_MODULE_V1_PADDING | 82 NGX_MODULE_V1_PADDING |
83 }; | 83 }; |
84 | 84 |
85 | 85 |
86 static u_char ngx_http_session_id_ctx[] = "HTTP"; | |
87 | |
88 | |
86 static void * | 89 static void * |
87 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | 90 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) |
88 { | 91 { |
89 ngx_http_ssl_srv_conf_t *scf; | 92 ngx_http_ssl_srv_conf_t *scf; |
90 | 93 |
145 { | 148 { |
146 return NGX_CONF_ERROR; | 149 return NGX_CONF_ERROR; |
147 } | 150 } |
148 | 151 |
149 | 152 |
150 #if 0 | |
151 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); | |
152 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_NO_SSLv3); | |
153 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_SINGLE_DH_USE); | |
154 #endif | |
155 | |
156 if (conf->ciphers.len) { | 153 if (conf->ciphers.len) { |
157 if (SSL_CTX_set_cipher_list(conf->ssl_ctx, | 154 if (SSL_CTX_set_cipher_list(conf->ssl_ctx, |
158 (const char *) conf->ciphers.data) == 0) | 155 (const char *) conf->ciphers.data) == 0) |
159 { | 156 { |
160 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 157 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
180 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", | 177 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", |
181 conf->certificate_key.data); | 178 conf->certificate_key.data); |
182 return NGX_CONF_ERROR; | 179 return NGX_CONF_ERROR; |
183 } | 180 } |
184 | 181 |
185 SSL_CTX_set_verify(conf->ssl_ctx, SSL_VERIFY_NONE, NULL); | 182 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); |
183 | |
184 SSL_CTX_set_mode(conf->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
185 | |
186 SSL_CTX_set_read_ahead(conf->ssl_ctx, 1); | |
187 | |
188 SSL_CTX_set_session_cache_mode(conf->ssl_ctx, SSL_SESS_CACHE_SERVER); | |
189 | |
190 SSL_CTX_set_session_id_context(conf->ssl_ctx, ngx_http_session_id_ctx, | |
191 sizeof(ngx_http_session_id_ctx) - 1); | |
186 | 192 |
187 return NGX_CONF_OK; | 193 return NGX_CONF_OK; |
188 } | 194 } |
189 | 195 |
190 | 196 |