diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2005-09-23 11:02:22 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2005-09-23 11:02:22 +0000 |
| commit | 31eb8c015d58a5b36b9578d4ee6c217e16cb776f (patch) | |
| tree | 28ebccc10deba4132e05414aac1874d5013fdf58 /src/http/modules/ngx_http_ssl_module.c | |
| parent | f44a1f5f579e19441db2d477a7c81d8894ba2262 (diff) | |
| download | nginx-31eb8c015d58a5b36b9578d4ee6c217e16cb776f.tar.gz nginx-31eb8c015d58a5b36b9578d4ee6c217e16cb776f.zip | |
nginx-0.2.0-RELEASE importrelease-0.2.0
*) The pid-file names used during online upgrade was changed and now is
not required a manual rename operation. The old master process adds
the ".oldbin" suffix to its pid-file and executes a new binary file.
The new master process creates usual pid-file without the ".newbin"
suffix. If the master process exits, then old master process renames
back its pid-file with the ".oldbin" suffix to the pid-file without
suffix.
*) Change: the "worker_connections" directive, new name of the
"connections" directive; now the directive specifies maximum number
of connections, but not maximum socket descriptor number.
*) Feature: SSL supports the session cache inside one worker process.
*) Feature: the "satisfy_any" directive.
*) Change: the ngx_http_access_module and ngx_http_auth_basic_module do
not run for subrequests.
*) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending"
directives.
*) Bugfix: if all backend using in load-balancing failed after one
error, then nginx did not try do connect to them during 60 seconds.
*) Bugfix: in IMAP/POP3 command argument parsing.
Thanks to Rob Mueller.
*) Bugfix: errors while using SSL in IMAP/POP3 proxy.
*) Bugfix: errors while using SSI and gzipping.
*) Bugfix: the "Expires" and "Cache-Control" header lines were omitted
from the 304 responses.
Thanks to Alexandr Kukushkin.
Diffstat (limited to 'src/http/modules/ngx_http_ssl_module.c')
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 5137af0d8..130f2b305 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -83,6 +83,9 @@ ngx_module_t ngx_http_ssl_module = { }; +static u_char ngx_http_session_id_ctx[] = "HTTP"; + + static void * ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) { @@ -147,12 +150,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) } -#if 0 - SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); - SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_NO_SSLv3); - SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_SINGLE_DH_USE); -#endif - if (conf->ciphers.len) { if (SSL_CTX_set_cipher_list(conf->ssl_ctx, (const char *) conf->ciphers.data) == 0) @@ -182,7 +179,16 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) return NGX_CONF_ERROR; } - SSL_CTX_set_verify(conf->ssl_ctx, SSL_VERIFY_NONE, NULL); + SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); + + SSL_CTX_set_mode(conf->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + + SSL_CTX_set_read_ahead(conf->ssl_ctx, 1); + + SSL_CTX_set_session_cache_mode(conf->ssl_ctx, SSL_SESS_CACHE_SERVER); + + SSL_CTX_set_session_id_context(conf->ssl_ctx, ngx_http_session_id_ctx, + sizeof(ngx_http_session_id_ctx) - 1); return NGX_CONF_OK; } |