Mercurial > hg > nginx-vendor-current
comparison src/http/modules/ngx_http_ssl_module.c @ 122:d25a1d6034f1 NGINX_0_3_8
nginx 0.3.8
*) Security: nginx now checks URI got from a backend in
"X-Accel-Redirect" header line or in SSI file for the "/../" paths
and zeroes.
*) Change: nginx now does not treat the empty user name in the
"Authorization" header line as valid one.
*) Feature: the "ssl_session_timeout" directives of the
ngx_http_ssl_module and ngx_imap_ssl_module.
*) Feature: the "auth_http_header" directive of the
ngx_imap_auth_http_module.
*) Feature: the "add_header" directive.
*) Feature: the ngx_http_realip_module.
*) Feature: the new variables to use in the "log_format" directive:
$bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
$request_time, $request_length, $upstream_status,
$upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
$connection, $pipe, and $msec. The parameters in the "%name" form
will be canceled soon.
*) Change: now the false variable values in the "if" directive are the
empty string "" and string starting with "0".
*) Bugfix: while using proxied or FastCGI-server nginx may leave
connections and temporary files with client requests in open state.
*) Bugfix: the worker processes did not flush the buffered logs on
graceful exit.
*) Bugfix: if the request URI was changes by the "rewrite" directive
and the request was proxied in location given by regular expression,
then the incorrect request was transferred to backend; bug appeared
in 0.2.6.
*) Bugfix: the "expires" directive did not remove the previous
"Expires" header.
*) Bugfix: nginx may stop to accept requests if the "rtsig" method and
several worker processes were used.
*) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
SSI commands.
*) Bugfix: if the response was ended just after the SSI command and
gzipping was used, then the response did not transferred complete or
did not transferred at all.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Wed, 09 Nov 2005 00:00:00 +0300 |
| parents | 408f195b3482 |
| children | ea622d8acb38 |
comparison
equal
deleted
inserted
replaced
| 121:737953b238a4 | 122:d25a1d6034f1 |
|---|---|
| 5 | 5 |
| 6 | 6 |
| 7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
| 8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
| 9 #include <ngx_http.h> | 9 #include <ngx_http.h> |
| 10 | |
| 10 | 11 |
| 11 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | 12 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" |
| 12 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | 13 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" |
| 13 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 14 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" |
| 14 | 15 |
| 81 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | 82 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), |
| 82 NULL }, | 83 NULL }, |
| 83 #else | 84 #else |
| 84 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 }, | 85 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 }, |
| 85 #endif | 86 #endif |
| 87 | |
| 88 { ngx_string("ssl_session_timeout"), | |
| 89 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 90 ngx_conf_set_sec_slot, | |
| 91 NGX_HTTP_SRV_CONF_OFFSET, | |
| 92 offsetof(ngx_http_ssl_srv_conf_t, session_timeout), | |
| 93 NULL }, | |
| 86 | 94 |
| 87 ngx_null_command | 95 ngx_null_command |
| 88 }; | 96 }; |
| 89 | 97 |
| 90 | 98 |
| 144 * scf->ciphers.len = 0; | 152 * scf->ciphers.len = 0; |
| 145 * scf->ciphers.data = NULL; | 153 * scf->ciphers.data = NULL; |
| 146 */ | 154 */ |
| 147 | 155 |
| 148 scf->enable = NGX_CONF_UNSET; | 156 scf->enable = NGX_CONF_UNSET; |
| 157 scf->session_timeout = NGX_CONF_UNSET; | |
| 149 scf->prefer_server_ciphers = NGX_CONF_UNSET; | 158 scf->prefer_server_ciphers = NGX_CONF_UNSET; |
| 150 | 159 |
| 151 return scf; | 160 return scf; |
| 152 } | 161 } |
| 153 | 162 |
| 163 ngx_conf_merge_value(conf->enable, prev->enable, 0); | 172 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
| 164 | 173 |
| 165 if (conf->enable == 0) { | 174 if (conf->enable == 0) { |
| 166 return NGX_CONF_OK; | 175 return NGX_CONF_OK; |
| 167 } | 176 } |
| 177 | |
| 178 ngx_conf_merge_value(conf->session_timeout, | |
| 179 prev->session_timeout, 300); | |
| 168 | 180 |
| 169 ngx_conf_merge_value(conf->prefer_server_ciphers, | 181 ngx_conf_merge_value(conf->prefer_server_ciphers, |
| 170 prev->prefer_server_ciphers, 0); | 182 prev->prefer_server_ciphers, 0); |
| 171 | 183 |
| 172 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 184 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
| 227 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); | 239 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); |
| 228 | 240 |
| 229 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, | 241 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, |
| 230 sizeof(ngx_http_session_id_ctx) - 1); | 242 sizeof(ngx_http_session_id_ctx) - 1); |
| 231 | 243 |
| 244 SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout); | |
| 245 | |
| 232 return NGX_CONF_OK; | 246 return NGX_CONF_OK; |
| 233 } | 247 } |
| 234 | 248 |
| 235 | 249 |
| 236 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | 250 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |