Compare commits
30 commits
quic
...
stable-1.2
Author | SHA1 | Date | |
---|---|---|---|
|
c04971f65c | ||
|
11a9f6c929 | ||
|
bede588761 | ||
|
19a9a22ffc | ||
|
4bdba693ef | ||
|
9c57f54d54 | ||
|
aa59acf058 | ||
|
2b5c9bf17e | ||
|
c44c7169b0 | ||
|
b150852b65 | ||
|
092dbcea1a | ||
|
6ae41a4c76 | ||
|
ebadd603ee | ||
|
fbd0eb08b0 | ||
|
95d439345b | ||
|
b53023e0e5 | ||
|
2b215d01f2 | ||
|
88c3088474 | ||
|
acc9ee614f | ||
|
dbbb8fda3f | ||
|
cda4356a47 | ||
|
c76b6027aa | ||
|
c7b4ba76f6 | ||
|
f9c3f85f7b | ||
|
dc8f286940 | ||
|
aeb088ebab | ||
|
597d509a1c | ||
|
e95a38cf48 | ||
|
646752ddd9 | ||
|
f471ce1ff5 |
11 changed files with 267 additions and 51 deletions
|
@ -5,6 +5,124 @@
|
|||
<change_log title="nginx">
|
||||
|
||||
|
||||
<changes ver="1.20.2" date="2021-11-16">
|
||||
|
||||
<change type="feature">
|
||||
<para lang="ru">
|
||||
совместимость с OpenSSL 3.0.
|
||||
</para>
|
||||
<para lang="en">
|
||||
OpenSSL 3.0 compatibility.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
SSL-переменные могли быть пустыми при записи в лог;
|
||||
ошибка появилась в 1.19.5.
|
||||
</para>
|
||||
<para lang="en">
|
||||
SSL variables might be empty when used in logs;
|
||||
the bug had appeared in 1.19.5.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
keepalive-соединения с gRPC-бэкендами могли не закрываться
|
||||
после получения GOAWAY-фрейма.
|
||||
</para>
|
||||
<para lang="en">
|
||||
keepalive connections with gRPC backends might not be closed
|
||||
after receiving a GOAWAY frame.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
SSL-соединения к бэкендам в модуле stream
|
||||
могли зависать после SSL handshake.
|
||||
</para>
|
||||
<para lang="en">
|
||||
backend SSL connections in the stream module
|
||||
might hang after an SSL handshake.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
SSL-соединения с gRPC-бэкендами могли зависать,
|
||||
если использовались методы select, poll или /dev/poll.
|
||||
</para>
|
||||
<para lang="en">
|
||||
SSL connections with gRPC backends might hang
|
||||
if select, poll, or /dev/poll methods were used.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в переменной $content_length при использовании chunked transfer encoding.
|
||||
</para>
|
||||
<para lang="en">
|
||||
in the $content_length variable when using chunked transfer encoding.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
при использовании HTTP/2 и директивы aio_write
|
||||
запросы могли зависать.
|
||||
</para>
|
||||
<para lang="en">
|
||||
requests might hang
|
||||
when using HTTP/2 and the "aio_write" directive.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.20.1" date="2021-05-25">
|
||||
|
||||
<change type="security">
|
||||
<para lang="ru">
|
||||
при использовании директивы resolver
|
||||
во время обработки ответа DNS-сервера
|
||||
могла происходить перезапись одного байта памяти,
|
||||
что позволяло атакующему,
|
||||
имеющему возможность подделывать UDP-пакеты от DNS-сервера,
|
||||
вызвать падение рабочего процесса
|
||||
или, потенциально, выполнение произвольного кода (CVE-2021-23017).
|
||||
</para>
|
||||
<para lang="en">
|
||||
1-byte memory overwrite might occur
|
||||
during DNS server response processing
|
||||
if the "resolver" directive was used,
|
||||
allowing an attacker
|
||||
who is able to forge UDP packets from the DNS server
|
||||
to cause worker process crash
|
||||
or, potentially, arbitrary code execution (CVE-2021-23017).
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.20.0" date="2021-04-20">
|
||||
|
||||
<change>
|
||||
<para lang="ru">
|
||||
Стабильная ветка 1.20.x.
|
||||
</para>
|
||||
<para lang="en">
|
||||
1.20.x stable branch.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.19.10" date="2021-04-13">
|
||||
|
||||
<change type="change">
|
||||
|
|
|
@ -6,7 +6,7 @@ TEMP = tmp
|
|||
|
||||
CC = cl
|
||||
OBJS = objs.msvc8
|
||||
OPENSSL = openssl-1.1.1k
|
||||
OPENSSL = openssl-1.1.1l
|
||||
ZLIB = zlib-1.2.11
|
||||
PCRE = pcre-8.44
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
#define _NGINX_H_INCLUDED_
|
||||
|
||||
|
||||
#define nginx_version 1019010
|
||||
#define NGINX_VERSION "1.19.10"
|
||||
#define nginx_version 1020002
|
||||
#define NGINX_VERSION "1.20.2"
|
||||
#define NGINX_VER "nginx/" NGINX_VERSION
|
||||
|
||||
#ifdef NGX_BUILD
|
||||
|
|
|
@ -203,16 +203,16 @@ ngx_chain_update_chains(ngx_pool_t *p, ngx_chain_t **free, ngx_chain_t **busy,
|
|||
while (*busy) {
|
||||
cl = *busy;
|
||||
|
||||
if (ngx_buf_size(cl->buf) != 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
if (cl->buf->tag != tag) {
|
||||
*busy = cl->next;
|
||||
ngx_free_chain(p, cl);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_buf_size(cl->buf) != 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
cl->buf->pos = cl->buf->start;
|
||||
cl->buf->last = cl->buf->start;
|
||||
|
||||
|
|
|
@ -1798,6 +1798,12 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
i = sizeof(ngx_resolver_hdr_t);
|
||||
|
||||
while (i < (ngx_uint_t) n) {
|
||||
|
||||
if (buf[i] & 0xc0) {
|
||||
err = "unexpected compression pointer in DNS response";
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (buf[i] == '\0') {
|
||||
goto found;
|
||||
}
|
||||
|
@ -3939,11 +3945,11 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
|
|||
{
|
||||
char *err;
|
||||
u_char *p, *dst;
|
||||
ssize_t len;
|
||||
size_t len;
|
||||
ngx_uint_t i, n;
|
||||
|
||||
p = src;
|
||||
len = -1;
|
||||
len = 0;
|
||||
|
||||
/*
|
||||
* compression pointers allow to create endless loop, so we set limit;
|
||||
|
@ -3958,6 +3964,16 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
|
|||
}
|
||||
|
||||
if (n & 0xc0) {
|
||||
if ((n & 0xc0) != 0xc0) {
|
||||
err = "invalid label type in DNS response";
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
if (p >= last) {
|
||||
err = "name is out of DNS response";
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
n = ((n & 0x3f) << 8) + *p;
|
||||
p = &buf[n];
|
||||
|
||||
|
@ -3986,7 +4002,7 @@ done:
|
|||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (len == -1) {
|
||||
if (len == 0) {
|
||||
ngx_str_null(name);
|
||||
return NGX_OK;
|
||||
}
|
||||
|
@ -3998,32 +4014,25 @@ done:
|
|||
|
||||
name->data = dst;
|
||||
|
||||
for ( ;; ) {
|
||||
n = *src++;
|
||||
|
||||
for ( ;; ) {
|
||||
if (n == 0) {
|
||||
name->len = dst - name->data - 1;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (n & 0xc0) {
|
||||
n = ((n & 0x3f) << 8) + *src;
|
||||
src = &buf[n];
|
||||
|
||||
n = *src++;
|
||||
|
||||
} else {
|
||||
ngx_strlow(dst, src, n);
|
||||
dst += n;
|
||||
src += n;
|
||||
|
||||
n = *src++;
|
||||
|
||||
if (n != 0) {
|
||||
*dst++ = '.';
|
||||
}
|
||||
}
|
||||
|
||||
if (n == 0) {
|
||||
name->len = dst - name->data;
|
||||
return NGX_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -378,6 +378,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
|||
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
|
||||
#endif
|
||||
|
||||
#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
|
||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
|
||||
#endif
|
||||
|
||||
#ifdef SSL_MODE_RELEASE_BUFFERS
|
||||
SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||
#endif
|
||||
|
@ -1116,6 +1120,8 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
|
|||
}
|
||||
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
RSA *
|
||||
ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
|
||||
int key_length)
|
||||
|
@ -1126,7 +1132,7 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100003L && !defined OPENSSL_NO_DEPRECATED)
|
||||
#ifndef OPENSSL_NO_DEPRECATED
|
||||
|
||||
if (key == NULL) {
|
||||
key = RSA_generate_key(512, RSA_F4, NULL, NULL);
|
||||
|
@ -1137,6 +1143,8 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
|
|||
return key;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
ngx_array_t *
|
||||
ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file)
|
||||
|
@ -1350,7 +1358,6 @@ ngx_ssl_passwords_cleanup(void *data)
|
|||
ngx_int_t
|
||||
ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
|
||||
{
|
||||
DH *dh;
|
||||
BIO *bio;
|
||||
|
||||
if (file->len == 0) {
|
||||
|
@ -1368,6 +1375,10 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#ifdef SSL_CTX_set_tmp_dh
|
||||
{
|
||||
DH *dh;
|
||||
|
||||
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
||||
if (dh == NULL) {
|
||||
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
||||
|
@ -1376,9 +1387,42 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
SSL_CTX_set_tmp_dh(ssl->ctx, dh);
|
||||
if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) {
|
||||
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
||||
"SSL_CTX_set_tmp_dh(\"%s\") failed", file->data);
|
||||
DH_free(dh);
|
||||
BIO_free(bio);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
DH_free(dh);
|
||||
}
|
||||
#else
|
||||
{
|
||||
EVP_PKEY *dh;
|
||||
|
||||
/*
|
||||
* PEM_read_bio_DHparams() and SSL_CTX_set_tmp_dh()
|
||||
* are deprecated in OpenSSL 3.0
|
||||
*/
|
||||
|
||||
dh = PEM_read_bio_Parameters(bio, NULL);
|
||||
if (dh == NULL) {
|
||||
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
||||
"PEM_read_bio_Parameters(\"%s\") failed", file->data);
|
||||
BIO_free(bio);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (SSL_CTX_set0_tmp_dh_pkey(ssl->ctx, dh) != 1) {
|
||||
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
||||
"SSL_CTX_set0_tmp_dh_pkey(\%s\") failed", file->data);
|
||||
BIO_free(bio);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
BIO_free(bio);
|
||||
|
||||
return NGX_OK;
|
||||
|
@ -1740,6 +1784,9 @@ ngx_ssl_handshake(ngx_connection_t *c)
|
|||
c->recv_chain = ngx_ssl_recv_chain;
|
||||
c->send_chain = ngx_ssl_send_chain;
|
||||
|
||||
c->read->ready = 1;
|
||||
c->write->ready = 1;
|
||||
|
||||
#ifndef SSL_OP_NO_RENEGOTIATION
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
|
||||
|
@ -1885,6 +1932,9 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
|
|||
c->recv_chain = ngx_ssl_recv_chain;
|
||||
c->send_chain = ngx_ssl_send_chain;
|
||||
|
||||
c->read->ready = 1;
|
||||
c->write->ready = 1;
|
||||
|
||||
rc = ngx_ssl_ocsp_validate(c);
|
||||
|
||||
if (rc == NGX_ERROR) {
|
||||
|
@ -2896,9 +2946,12 @@ ngx_int_t
|
|||
ngx_ssl_shutdown(ngx_connection_t *c)
|
||||
{
|
||||
int n, sslerr, mode;
|
||||
ngx_int_t rc;
|
||||
ngx_err_t err;
|
||||
ngx_uint_t tries;
|
||||
|
||||
rc = NGX_OK;
|
||||
|
||||
ngx_ssl_ocsp_cleanup(c);
|
||||
|
||||
if (SSL_in_init(c->ssl->connection)) {
|
||||
|
@ -2908,11 +2961,7 @@ ngx_ssl_shutdown(ngx_connection_t *c)
|
|||
* Avoid calling SSL_shutdown() if handshake wasn't completed.
|
||||
*/
|
||||
|
||||
SSL_free(c->ssl->connection);
|
||||
c->ssl = NULL;
|
||||
c->recv = ngx_recv;
|
||||
|
||||
return NGX_OK;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (c->timedout || c->error || c->buffered) {
|
||||
|
@ -2954,11 +3003,7 @@ ngx_ssl_shutdown(ngx_connection_t *c)
|
|||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
|
||||
|
||||
if (n == 1) {
|
||||
SSL_free(c->ssl->connection);
|
||||
c->ssl = NULL;
|
||||
c->recv = ngx_recv;
|
||||
|
||||
return NGX_OK;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (n == 0 && tries-- > 1) {
|
||||
|
@ -2984,11 +3029,11 @@ ngx_ssl_shutdown(ngx_connection_t *c)
|
|||
}
|
||||
|
||||
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ngx_add_timer(c->read, 3000);
|
||||
|
@ -2997,23 +3042,33 @@ ngx_ssl_shutdown(ngx_connection_t *c)
|
|||
}
|
||||
|
||||
if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) {
|
||||
SSL_free(c->ssl->connection);
|
||||
c->ssl = NULL;
|
||||
c->recv = ngx_recv;
|
||||
|
||||
return NGX_OK;
|
||||
goto done;
|
||||
}
|
||||
|
||||
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
|
||||
|
||||
ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed");
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
failed:
|
||||
|
||||
rc = NGX_ERROR;
|
||||
|
||||
done:
|
||||
|
||||
if (c->ssl->shutdown_without_free) {
|
||||
c->ssl->shutdown_without_free = 0;
|
||||
c->recv = ngx_recv;
|
||||
return rc;
|
||||
}
|
||||
|
||||
SSL_free(c->ssl->connection);
|
||||
c->ssl = NULL;
|
||||
c->recv = ngx_recv;
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
|
@ -3229,7 +3284,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
|
|||
|
||||
for ( ;; ) {
|
||||
|
||||
n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
|
||||
n = ERR_peek_error_data(&data, &flags);
|
||||
|
||||
if (n == 0) {
|
||||
break;
|
||||
|
|
|
@ -12,6 +12,8 @@
|
|||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
#define OPENSSL_SUPPRESS_DEPRECATED
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bn.h>
|
||||
|
@ -64,6 +66,16 @@
|
|||
#endif
|
||||
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined SSL_get_peer_certificate)
|
||||
#define SSL_get_peer_certificate(s) SSL_get1_peer_certificate(s)
|
||||
#endif
|
||||
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x30000000L && !defined ERR_peek_error_data)
|
||||
#define ERR_peek_error_data(d, f) ERR_peek_error_line_data(NULL, NULL, d, f)
|
||||
#endif
|
||||
|
||||
|
||||
typedef struct ngx_ssl_ocsp_s ngx_ssl_ocsp_t;
|
||||
|
||||
|
||||
|
@ -100,6 +112,7 @@ struct ngx_ssl_connection_s {
|
|||
unsigned buffer:1;
|
||||
unsigned no_wait_shutdown:1;
|
||||
unsigned no_send_shutdown:1;
|
||||
unsigned shutdown_without_free:1;
|
||||
unsigned handshake_buffer_set:1;
|
||||
unsigned try_early_data:1;
|
||||
unsigned in_early:1;
|
||||
|
@ -195,8 +208,10 @@ ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c);
|
|||
ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s);
|
||||
void ngx_ssl_ocsp_cleanup(ngx_connection_t *c);
|
||||
ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data);
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
|
||||
RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
|
||||
int key_length);
|
||||
#endif
|
||||
ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
|
||||
ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf,
|
||||
ngx_array_t *passwords);
|
||||
|
|
|
@ -124,6 +124,7 @@ typedef struct {
|
|||
unsigned done:1;
|
||||
unsigned status:1;
|
||||
unsigned rst:1;
|
||||
unsigned goaway:1;
|
||||
|
||||
ngx_http_request_t *request;
|
||||
|
||||
|
@ -1213,6 +1214,7 @@ ngx_http_grpc_reinit_request(ngx_http_request_t *r)
|
|||
ctx->done = 0;
|
||||
ctx->status = 0;
|
||||
ctx->rst = 0;
|
||||
ctx->goaway = 0;
|
||||
ctx->connection = NULL;
|
||||
|
||||
return NGX_OK;
|
||||
|
@ -1568,6 +1570,7 @@ ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in)
|
|||
&& ctx->out == NULL
|
||||
&& ctx->output_closed
|
||||
&& !ctx->output_blocked
|
||||
&& !ctx->goaway
|
||||
&& ctx->state == ngx_http_grpc_st_start)
|
||||
{
|
||||
u->keepalive = 1;
|
||||
|
@ -1717,6 +1720,8 @@ ngx_http_grpc_process_header(ngx_http_request_t *r)
|
|||
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
|
||||
}
|
||||
|
||||
ctx->goaway = 1;
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -1910,6 +1915,7 @@ ngx_http_grpc_process_header(ngx_http_request_t *r)
|
|||
&& ctx->out == NULL
|
||||
&& ctx->output_closed
|
||||
&& !ctx->output_blocked
|
||||
&& !ctx->goaway
|
||||
&& b->last == b->pos)
|
||||
{
|
||||
u->keepalive = 1;
|
||||
|
@ -2038,6 +2044,7 @@ ngx_http_grpc_filter(void *data, ssize_t bytes)
|
|||
if (ctx->in == NULL
|
||||
&& ctx->output_closed
|
||||
&& !ctx->output_blocked
|
||||
&& !ctx->goaway
|
||||
&& ctx->state == ngx_http_grpc_st_start)
|
||||
{
|
||||
u->keepalive = 1;
|
||||
|
@ -2207,6 +2214,8 @@ ngx_http_grpc_filter(void *data, ssize_t bytes)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ctx->goaway = 1;
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
@ -3398,6 +3398,8 @@ ngx_http_set_lingering_close(ngx_connection_t *c)
|
|||
if (c->ssl) {
|
||||
ngx_int_t rc;
|
||||
|
||||
c->ssl->shutdown_without_free = 1;
|
||||
|
||||
rc = ngx_ssl_shutdown(c);
|
||||
|
||||
if (rc == NGX_ERROR) {
|
||||
|
|
|
@ -2062,6 +2062,10 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u,
|
|||
c->tcp_nopush = NGX_TCP_NOPUSH_UNSET;
|
||||
}
|
||||
|
||||
if (c->read->ready) {
|
||||
ngx_post_event(c->read, &ngx_posted_events);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -1179,6 +1179,10 @@ ngx_http_variable_content_length(ngx_http_request_t *r,
|
|||
v->no_cacheable = 0;
|
||||
v->not_found = 0;
|
||||
|
||||
} else if (r->headers_in.chunked) {
|
||||
v->not_found = 1;
|
||||
v->no_cacheable = 1;
|
||||
|
||||
} else {
|
||||
v->not_found = 1;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue