SNI: added restriction on requesting host other than negotiated. According to RFC 6066, client is not supposed to request a different server name at the application layer. Server implementations that rely upon these names being equal must validate that a client did not send a different name in HTTP request. Current versions of Apache HTTP server always return 400 "Bad Request" in such cases. There exist implementations however (e.g., SPDY) that rely on being able to request different host names in one connection. Given this, we only reject requests with differing host names if verification of client certificates is enabled in a corresponding server configuration. An example of configuration that might not work as expected: server { listen 433 ssl default; return 404; } server { listen 433 ssl; server_name example.org; ssl_client_certificate org.cert; ssl_verify_client on; } server { listen 433 ssl; server_name example.com; ssl_client_certificate com.cert; ssl_verify_client on; } Previously, a client was able to request example.com by presenting a certificate for example.org, and vice versa.

geo2nginx.pl 		by Andrei Nigmatulin

	The perl script to convert CSV geoip database ( free download
	at http://www.maxmind.com/app/geoip_country ) to format, suitable
	for use by the ngx_http_geo_module.


unicode2nginx		by Maxim Dounin

	The perl script to convert unicode mappings ( available
	at http://www.unicode.org/Public/MAPPINGS/ ) to the nginx
	configuration file format.
	Two generated full maps for windows-1251 and koi8-r.