Fijxu/nginx-quic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
5380 commits 18 branches 0 tags 149 MiB
Commit graph

5380 commits

This branch
This branch
All branches
Author SHA1 Message Date
Maxim Dounin
e8c9f3731c Updated OpenSSL used for win32 builds. 2015-07-14 10:13:51 +03:00
Maxim Dounin
3a75cc3038 OCSP stapling: fixed segfault without nextUpdate. 
OCSP responses may contain no nextUpdate.  As per RFC 6960, this means
that nextUpdate checks should be bypassed.  Handle this gracefully by
using NGX_MAX_TIME_T_VALUE as "valid" in such a case.

The problem was introduced by 6893a1007a7c (1.9.2).

Reported by Matthew Baldwin.
 2015-07-14 01:10:25 +03:00
Maxim Dounin
cec200c26e OCSP stapling: fixed ssl_stapling_file (ticket #769). 
Broken by 6893a1007a7c (1.9.2) during introduction of strict OCSP response
validity checks.  As stapling file is expected to be returned unconditionally,
fix is to set its validity to the maximum supported time.

Reported by Faidon Liambotis.
 2015-07-07 16:38:49 +03:00
Valentin Bartenev
abdcdca430 Stream: fixed possible integer overflow in rate limiting. 2015-07-02 17:20:29 +03:00
Roman Arutyunyan
0197065305 Stream: fixed MSVC compilation warning. 
Thanks to itpp2012.
 2015-07-02 17:15:32 +03:00
Roman Arutyunyan
c138128b55 Stream: upstream "connected" flag. 
Once upstream is connected, the upstream buffer is allocated.  Previously, the
proxy module used the buffer allocation status to check if upstream is
connected.  Now it's enough to check the flag.
 2015-06-25 12:36:52 +03:00
Roman Arutyunyan
6a72ceb695 Stream: upstream and downstream limit rates. 2015-06-23 20:17:48 +03:00
Roman Arutyunyan
f9a2aa9742 Stream: common handler for upstream and downstream. 2015-06-23 20:17:47 +03:00
Piotr Sikora
86efa1ecbe Stream: avoid SSL_CTX_set_tmp_rsa_callback() call with LibreSSL. 
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
 2015-06-18 03:36:41 -07:00
Ruslan Ermilov
d6ce2f87ed Upstream: fixed shared upstreams on win32. 2015-06-16 00:43:00 +03:00
Vladimir Homutov
0262c3d9c6 Stream: connection limiting module. 
stream {
    limit_conn_zone $binary_remote_addr zone=perip:1m;
    limit_conn_log_level error;

    server {
        ...
        limit_conn perip 1;
    }
}
 2015-06-18 14:17:30 +03:00
Sergey Kandaurov
95daabb1cb Resolver: canceled resend timer on empty resend queues. 
This is specifically useful on graceful shutdown.
 2015-06-17 17:57:34 +03:00
Piotr Sikora
b4127c9645 Configure: create missing intermediates for build directory. 
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
 2015-06-10 19:18:19 -07:00
Ruslan Ermilov
dc3691a751 Configure: fix tests with multi-level relative build directory. 
Based on a patch by Piotr Sikora.
 2015-06-17 14:15:27 +03:00
Vladimir Homutov
350b2b1f8b Disabled duplicate http, mail, and stream blocks. 
Such configurations have very limited use, introduce various problems and
are not officially supported.
 2015-06-16 23:28:38 +03:00
Vladimir Homutov
da0505b0a3 Version bump. 2015-06-16 23:31:31 +03:00
Maxim Dounin
43bcde296b release-1.9.2 tag 2015-06-16 17:49:40 +03:00
Maxim Dounin
b038e0e473 nginx-1.9.2-RELEASE 2015-06-16 17:49:39 +03:00
Ruslan Ermilov
14b98283e0 Polished the recent change to the manpage. 2015-06-16 16:52:13 +03:00
Vladimir Homutov
974d5bc0d2 Documentation: added -T option description to the man page. 2015-06-16 16:28:56 +03:00
Vladimir Homutov
1e21e6fe90 Core: store and dump processed configuration. 
If the -T option is passed, additionally to configuration test, configuration
files are output to stdout.

In the debug mode, configuration files are kept in memory and can be accessed
using a debugger.
 2015-05-14 18:54:27 +03:00
Vladimir Homutov
8dbcdb257d Core: added support for writing to stdout. 2015-06-16 15:47:40 +03:00
Roman Arutyunyan
59a94f42da Core: renamed ngx_proxy_protocol_parse to ngx_proxy_protocol_read. 
The new name is consistent with the ngx_proxy_protocol_write function.
 2015-06-16 13:45:19 +03:00
Roman Arutyunyan
8b4835bfab Stream: client-side PROXY protocol. 
The new directive "proxy_protocol" toggles sending out PROXY protocol header
to upstream once connection is established.
 2015-06-16 13:45:16 +03:00
Vladimir Homutov
8cec2c4718 Stream: the "proxy_bind" directive. 2015-06-16 09:02:45 +03:00
Maxim Dounin
fa6529ab39 Updated OpenSSL used for win32 builds. 2015-06-15 20:20:12 +03:00
Maxim Dounin
a5e2da144d OCSP stapling: avoid sending expired responses (ticket #425). 2015-06-11 20:42:39 +03:00
Maxim Dounin
08a4e52aa8 Moved ngx_http_parse_time() to core, renamed accordingly. 
The function is now called ngx_parse_http_time(), and can be used by
any code to parse HTTP-style date and time.  In particular, it will be
used for OCSP stapling.

For compatibility, a macro to map ngx_http_parse_time() to the new name
provided for a while.
 2015-06-11 20:42:31 +03:00
Maxim Dounin
d2b4dc83d4 Removed unused ngx_http_get_time() declaration. 2015-06-11 20:42:24 +03:00
Valentin Bartenev
6a771704df Configure: added gcc5 to the list of known GCC versions. 2015-06-10 19:18:20 +03:00
Ruslan Ermilov
e62e8a0006 Configure: search OpenSSL in a bunch of standard places. 2015-06-10 12:25:45 +03:00
Ruslan Ermilov
05084363d7 Configure: moved NGX_SBIN_PATH variable initialization. 
It's now initialized in auto/options like the rest of variables
for system paths.

As a side effect, the currently unused macro NGX_SBIN_PATH now
gets the correct value.
 2015-06-10 12:25:31 +03:00
Vladimir Homutov
ba1eec3b04 Stream: access module. 
stream {
    server {
        ...
        allow 127.0.0.1;
        deny all;
    }
}
 2015-06-04 13:04:12 +03:00
Vladimir Homutov
7f714ecc48 Stream: added postconfiguration method to stream modules. 2015-06-09 13:00:45 +03:00
Ruslan Ermilov
b5e65d633d Mail: listen backlog=. 2015-06-08 23:13:56 +03:00
Ruslan Ermilov
1c02c89ae9 Stream: listen backlog=. 2015-06-08 23:13:33 +03:00
Ruslan Ermilov
d02654e7b4 Mail: embed ngx_mail_listen_t into ngx_mail_conf_addr_t. 2015-06-08 23:11:58 +03:00
Ruslan Ermilov
2432c09ef7 Stream: embed ngx_stream_listen_t into ngx_stream_conf_addr_t. 2015-06-08 23:11:42 +03:00
Ruslan Ermilov
82f43aeb19 Stream: fixed "reuseport" to actually work. 2015-06-05 23:03:13 +03:00
Maxim Dounin
652fb06a66 Added the REQUEST_SCHEME parameter. 
The REQUEST_SCHEME parameter was introduced in Apache 2.3.11 and seems
to be used by some scripts now.  It looks more logical than previously
used HTTPS.
 2015-06-05 22:23:26 +03:00
Roman Arutyunyan
eaff49e1d7 Upstream keepalive: reduced diffs to the plus version of nginx. 2015-06-04 23:46:44 +03:00
Maxim Dounin
6c28e55dbb Style. 2015-06-05 17:10:34 +03:00
Sergey Kandaurov
83b0d1c750 Event pipe: call ngx_handle_read_event() with a proper flags type. 
The change was missed in f69d1aab6a0f.
 2015-06-03 19:12:26 +03:00
Ruslan Ermilov
1fced9afbd Fixed misspellings of the word "dependencies". 2015-06-03 08:23:35 +03:00
Valentin Bartenev
009fe1ef67 Fixed excessive memory usage while parsing configuration. 
The b->pos points to the next symbol here.

Reported by ilexshen.
 2015-06-01 21:08:56 +03:00
Valentin Bartenev
4741bcb86f Fixed spelling in change logs. 2015-06-01 16:58:07 +03:00
Ruslan Ermilov
e07c020105 Fixed bullying style of comments. 2015-05-29 09:26:33 +03:00
Ruslan Ermilov
8c116d36b1 Version bump. 2015-05-29 09:26:27 +03:00
Maxim Dounin
15b91a96ef release-1.9.1 tag 2015-05-26 16:49:51 +03:00
Maxim Dounin
105cb1e616 nginx-1.9.1-RELEASE 2015-05-26 16:49:50 +03:00