Mercurial > hg > nginx
view src/mail/ngx_mail_ssl_module.h @ 9295:c5623963c29e
Upstream: fixed proxy_no_cache when caching errors.
Caching errors, notably intercepted errors and internally generated
502/504 errors, as well as handling of cache revalidation with 304,
did not take into account u->conf->no_cache predicates configured.
As a result, an error might be cached even if configuration explicitly
says not to. Fix is to check u->conf->no_cache in these cases.
To simplify usage in multiple places, checking u->conf->no_cache is now
done in a separate function. As a minor optimization, u->conf->no_cache
is only checked if u->cacheable is set.
As a side effect, this change also fixes caching errors after
proxy_cache_bypass. Also, during cache revalidation u->cacheable is
now tested, so 304 responses which disable caching won't extend
cacheability of stored responses.
Additionally, when caching internally generated 502/504 errors
u->cacheable is now explicitly updated from u->headers_in.no_cache and
u->headers_in.expired, restoring the behaviour before 8041:0784ab86ad08
(1.23.0) when an error happens while reading the response headers.
Reported by Kirill A. Korinsky,
https://freenginx.org/pipermail/nginx/2024-April/000082.html
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 25 Jun 2024 21:44:50 +0300 |
parents | 0aaa09927703 |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_MAIL_SSL_H_INCLUDED_ #define _NGX_MAIL_SSL_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_mail.h> #define NGX_MAIL_STARTTLS_OFF 0 #define NGX_MAIL_STARTTLS_ON 1 #define NGX_MAIL_STARTTLS_ONLY 2 typedef struct { ngx_flag_t prefer_server_ciphers; ngx_ssl_t ssl; ngx_uint_t starttls; ngx_uint_t listen; ngx_uint_t protocols; ngx_uint_t verify; ngx_uint_t verify_depth; ssize_t builtin_session_cache; time_t session_timeout; ngx_array_t *certificates; ngx_array_t *certificate_keys; ngx_str_t dhparam; ngx_str_t ecdh_curve; ngx_str_t client_certificate; ngx_str_t trusted_certificate; ngx_str_t crl; ngx_str_t ciphers; ngx_array_t *passwords; ngx_array_t *conf_commands; ngx_shm_zone_t *shm_zone; ngx_flag_t session_tickets; ngx_array_t *session_ticket_keys; u_char *file; ngx_uint_t line; } ngx_mail_ssl_conf_t; extern ngx_module_t ngx_mail_ssl_module; #endif /* _NGX_MAIL_SSL_H_INCLUDED_ */