Mercurial > hg > nginx
comparison src/imap/ngx_imap_ssl_module.c @ 573:58475592100c release-0.3.8
nginx-0.3.8-RELEASE import
*) Security: nginx now checks URI got from a backend in
"X-Accel-Redirect" header line or in SSI file for the "/../" paths
and zeroes.
*) Change: nginx now does not treat the empty user name in the
"Authorization" header line as valid one.
*) Feature: the "ssl_session_timeout" directives of the
ngx_http_ssl_module and ngx_imap_ssl_module.
*) Feature: the "auth_http_header" directive of the
ngx_imap_auth_http_module.
*) Feature: the "add_header" directive.
*) Feature: the ngx_http_realip_module.
*) Feature: the new variables to use in the "log_format" directive:
$bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
$request_time, $request_length, $upstream_status,
$upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
$connection, $pipe, and $msec. The parameters in the "%name" form
will be canceled soon.
*) Change: now the false variable values in the "if" directive are the
empty string "" and string starting with "0".
*) Bugfix: while using proxied or FastCGI-server nginx may leave
connections and temporary files with client requests in open state.
*) Bugfix: the worker processes did not flush the buffered logs on
graceful exit.
*) Bugfix: if the request URI was changes by the "rewrite" directive
and the request was proxied in location given by regular expression,
then the incorrect request was transferred to backend; the bug had
appeared in 0.2.6.
*) Bugfix: the "expires" directive did not remove the previous
"Expires" header.
*) Bugfix: nginx may stop to accept requests if the "rtsig" method and
several worker processes were used.
*) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
SSI commands.
*) Bugfix: if the response was ended just after the SSI command and
gzipping was used, then the response did not transferred complete or
did not transferred at all.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Wed, 09 Nov 2005 17:25:55 +0000 |
parents | 9c2f3ed7a247 |
children | 4d9ea73a627a |
comparison
equal
deleted
inserted
replaced
572:ae8920455206 | 573:58475592100c |
---|---|
81 NULL }, | 81 NULL }, |
82 #else | 82 #else |
83 ngx_imap_ssl_nosupported, 0, 0, ngx_imap_ssl_openssl097 }, | 83 ngx_imap_ssl_nosupported, 0, 0, ngx_imap_ssl_openssl097 }, |
84 #endif | 84 #endif |
85 | 85 |
86 { ngx_string("ssl_session_timeout"), | |
87 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | |
88 ngx_conf_set_sec_slot, | |
89 NGX_IMAP_SRV_CONF_OFFSET, | |
90 offsetof(ngx_imap_ssl_conf_t, session_timeout), | |
91 NULL }, | |
86 | 92 |
87 ngx_null_command | 93 ngx_null_command |
88 }; | 94 }; |
89 | 95 |
90 | 96 |
138 * scf->ciphers.len = 0; | 144 * scf->ciphers.len = 0; |
139 * scf->ciphers.data = NULL; | 145 * scf->ciphers.data = NULL; |
140 */ | 146 */ |
141 | 147 |
142 scf->enable = NGX_CONF_UNSET; | 148 scf->enable = NGX_CONF_UNSET; |
149 scf->session_timeout = NGX_CONF_UNSET; | |
143 scf->prefer_server_ciphers = NGX_CONF_UNSET; | 150 scf->prefer_server_ciphers = NGX_CONF_UNSET; |
144 | 151 |
145 return scf; | 152 return scf; |
146 } | 153 } |
147 | 154 |
157 ngx_conf_merge_value(conf->enable, prev->enable, 0); | 164 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
158 | 165 |
159 if (conf->enable == 0) { | 166 if (conf->enable == 0) { |
160 return NGX_CONF_OK; | 167 return NGX_CONF_OK; |
161 } | 168 } |
169 | |
170 ngx_conf_merge_value(conf->session_timeout, | |
171 prev->session_timeout, 300); | |
162 | 172 |
163 ngx_conf_merge_value(conf->prefer_server_ciphers, | 173 ngx_conf_merge_value(conf->prefer_server_ciphers, |
164 prev->prefer_server_ciphers, 0); | 174 prev->prefer_server_ciphers, 0); |
165 | 175 |
166 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 176 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
223 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); | 233 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); |
224 | 234 |
225 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_imap_session_id_ctx, | 235 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_imap_session_id_ctx, |
226 sizeof(ngx_imap_session_id_ctx) - 1); | 236 sizeof(ngx_imap_session_id_ctx) - 1); |
227 | 237 |
238 SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout); | |
239 | |
228 return NGX_CONF_OK; | 240 return NGX_CONF_OK; |
229 } | 241 } |
230 | 242 |
231 | 243 |
232 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | 244 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |