aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Win32: fixed init_process without master process (ticket #453).Maxim Dounin2013-11-29
| | | | | Init process callbacks are called by ngx_worker_thread(), there is no need to call them in ngx_single_process_cycle().
* Upstream: skip empty cache headers.Maxim Dounin2013-11-29
| | | | | Notably this fixes HTTP_IF_MODIFIED_SINCE which was always sent with cache enabled in fastcgi/scgi/uwsgi after 43ccaf8e8728.
* SSL: fixed c->read->ready handling in ngx_ssl_recv().Maxim Dounin2013-11-29
| | | | | | | | | | If c->read->ready was reset, but later some data were read from a socket buffer due to a call to ngx_ssl_recv(), the c->read->ready flag should be restored if not all data were read from OpenSSL buffers (as kernel won't notify us about the data anymore). More details are available here: http://mailman.nginx.org/pipermail/nginx/2013-November/041178.html
* Version bump.Maxim Dounin2013-11-29
|
* release-1.5.7 tagMaxim Dounin2013-11-19
|
* nginx-1.5.7-RELEASErelease-1.5.7Maxim Dounin2013-11-19
|
* Proper backtracking after space in a request line.Ruslan Ermilov2013-11-19
|
* Upstream: cache revalidation with conditional requests.Maxim Dounin2013-11-18
| | | | | | | | | | | | The following new directives are introduced: proxy_cache_revalidate, fastcgi_cache_revalidate, scgi_cache_revalidate, uwsgi_cache_revalidate. Default is off. When set to on, they enable cache revalidation using conditional requests with If-Modified-Since for expired cache items. As of now, no attempts are made to merge headers given in a 304 response during cache revalidation with headers previously stored in a cache item. Headers in a 304 response are only used to calculate new validity time of a cache item.
* SPDY: fixed request hang with the auth request module.Valentin Bartenev2013-11-11
| | | | | | We should just call post_handler() when subrequest wants to read body, like it happens for HTTP since rev. f458156fd46a. An attempt to init request body for subrequests results in hang if the body was not already read.
* Configure: call "make distclean" for libatomic.Piotr Sikora2013-11-11
| | | | Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
* Configure: call "make clean" for OpenSSL only if Makefile exists.Piotr Sikora2013-11-04
| | | | | | This change allows to build nginx against git checkout of OpenSSL. Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
* Win32: plugged memory leak.Maxim Dounin2013-10-31
|
* Gunzip: proper error handling on gunzipping an empty response.Maxim Dounin2013-10-31
| | | | | With previous code, an empty (malformed) response resulted in a request finalized without sending anything to a client.
* Gunzip: "error" logging level on inflate() errors.Maxim Dounin2013-10-31
| | | | | Errors can easily happen due to broken upstream responses, there is no need to log them at "alert" level.
* Removed extra allocation for $sent_http_last_modified.Maxim Dounin2013-10-31
| | | | | There is no need to allocate memory for "Last-Modified: " string, the variable only contains date itself.
* Auth basic: "info" logging level on no user/password.Maxim Dounin2013-10-31
| | | | | This isn't an exceptional condition and normally happens on first request from a client.
* Gzip, gunzip: flush pending data when incoming chain is NULL.Yichun Zhang2013-10-28
|
* Core: handling of getsockopt(TCP_DEFER_ACCEPT) failures.Maxim Dounin2013-10-31
| | | | | | Recent Linux versions started to return EOPNOTSUPP to getsockopt() calls on unix sockets, resulting in log pollution on binary upgrade. Such errors are silently ignored now.
* Core: apply missed options to sockets added during binary upgrade.Piotr Sikora2013-10-24
| | | | | | | The accept_filter and deferred options were not applied to sockets that were added to configuration during binary upgrade cycle. Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
* Upstream: optimize loops in ngx_http_upstream_init_round_robin().Xiaochen Wang2013-10-21
|
* Fixed "satisfy any" if 403 is returned after 401 (ticket #285).Maxim Dounin2013-10-18
| | | | | | | | | | | | The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the latter should be returned with the WWW-Authenticate header to request authentication by a client. The problem could be triggered with 3rd party modules and the "deny" directive, or with auth_basic and auth_request which returns 403 (in 1.5.4+). Patch by Jan Marc Hoffmann.
* Headers filter: empty Cache-Control is no longer added.Maxim Dounin2013-10-18
| | | | | | Much like with other headers, "add_header Cache-Control $value;" no longer results in anything added to response headers if $value evaluates to an empty string.
* Style.Maxim Dounin2013-10-18
|
* SSL: added ability to set keys used for Session Tickets (RFC5077).Piotr Sikora2013-10-11
| | | | | | | | | | | | | | | | In order to support key rollover, ssl_session_ticket_key can be defined multiple times. The first key will be used to issue and resume Session Tickets, while the rest will be used only to resume them. ssl_session_ticket_key session_tickets/current.key; ssl_session_ticket_key session_tickets/prev-1h.key; ssl_session_ticket_key session_tickets/prev-2h.key; Please note that nginx supports Session Tickets even without explicit configuration of the keys and this feature should be only used in setups where SSL traffic is distributed across multiple nginx servers. Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
* SSL: SSL_CTX_set_timeout() now always called.Maxim Dounin2013-10-14
| | | | | | | | The timeout set is used by OpenSSL as a hint for clients in TLS Session Tickets. Previous code resulted in a default timeout (5m) used for TLS Sessions Tickets if there was no session cache configured. Prodded by Piotr Sikora.
* SSL: fixed build with OpenSSL 0.9.7.Maxim Dounin2013-10-14
| | | | | SSL_get_rbio() and SSL_get_wbio() functions used to get non-const pointer in OpenSSL 0.9.7, hence an explicit cast added to drop const qualifier.
* Limit req: fixed "nodelay" parsing.Maxim Dounin2013-10-02
| | | | | Previously arguments starting with "nodelay" were considered valid, e.g. "limit_req ... nodelayFOO;".
* Upstream: fixed "down" and "backup" parsing.Maxim Dounin2013-10-02
| | | | | Previously arguments starting with "down" or "backup" were considered valid, e.g. "server ... downFOO;".
* Unused macro and variable removed.Sergey Kandaurov2013-10-02
| | | | | The macro NGX_HTTP_DAV_COPY_BLOCK is not used since 8101d9101ed8 (0.8.9). The variable ngx_accept_mutex_lock_file was never used.
* Version bump.Sergey Kandaurov2013-10-02
|
* release-1.5.6 tagMaxim Dounin2013-10-01
|
* nginx-1.5.6-RELEASErelease-1.5.6Maxim Dounin2013-10-01
|
* SPDY: ignore priority when queuing blocked frames.Valentin Bartenev2013-10-01
| | | | | | | | | With this change all such frames will be added in front of the output queue, and will be sent first. It prevents HOL blocking when response with higher priority is blocked by response with lower priority in the middle of the queue because the order of their SYN_REPLY frames cannot be changed. Proposed by Yury Kirpichev.
* SPDY: set empty write handler during connection finalization.Valentin Bartenev2013-10-01
| | | | | While ngx_http_spdy_write_handler() should not make any harm with current code, calling it during finalization of SPDY connection was not intended.
* SPDY: fixed connection leak while waiting for request headers.Valentin Bartenev2013-10-01
| | | | | | | If an error occurs in a SPDY connection, the c->error flag is set on every fake request connection, and its read or write event handler is called, in order to finalize it. But while waiting for request headers, it was a no-op since the read event handler had been set to ngx_http_empty_handler().
* SPDY: fixed connection leak while waiting for request body.Valentin Bartenev2013-10-01
| | | | | | | | If an error occurs in a SPDY connection, the c->error flag is set on every fake request connection, and its read or write event handler is called, in order to finalize it. But while waiting for a request body, it was a no-op since the read event handler ngx_http_request_handler() calls r->read_event_handler that had been set to ngx_http_block_reading().
* Mail: fixed segfault with ssl/starttls at mail{} level and no cert.Maxim Dounin2013-09-30
| | | | | A configuration like "mail { starttls on; server {}}" triggered NULL pointer dereference in ngx_mail_ssl_merge_conf() as conf->file was not set.
* Mail: fixed overrun of allocated memory (ticket #411).Maxim Dounin2013-09-30
| | | | Reported by Markus Linnala.
* Mail: handle smtp multiline replies.Maxim Dounin2013-09-30
| | | | | | | | See here for details: http://nginx.org/pipermail/nginx/2010-August/021713.html http://nginx.org/pipermail/nginx/2010-August/021784.html http://nginx.org/pipermail/nginx/2010-August/021785.html
* Mail: smtp pipelining support.Maxim Dounin2013-09-30
| | | | | | | | | | | Basically, this does the following two changes (and corresponding modifications of related code): 1. Does not reset session buffer unless it's reached it's end, and always wait for LF to terminate command (even if we detected invalid command). 2. Record command name to make it available for handlers (since now we can't assume that command starts from s->buffer->start).
* Mail: mail dependencies are now honored while building addons.Maxim Dounin2013-09-30
|
* Mail: added session close on smtp_greeting_delay violation.Maxim Dounin2013-09-30
| | | | | | | | | | | | A server MUST send greeting before other replies, while before this change in case of smtp_greeting_delay violation the 220 greeting was sent after several 503 replies to commands received before greeting, resulting in protocol synchronization loss. Moreover, further commands were accepted after the greeting. While closing a connection isn't strictly RFC compliant (RFC 5321 requires servers to wait for a QUIT before closing a connection), it's probably good enough for practial uses.
* SSL: adjust buffer used by OpenSSL during handshake (ticket #413).Maxim Dounin2013-09-27
|
* FastCGI: non-buffered mode support.Maxim Dounin2013-09-27
|
* Upstream: subrequest_in_memory support for SCGI and uwsgi enabled.Maxim Dounin2013-09-27
| | | | | This was missed in 9d59a8eda373 when non-buffered support was added to SCGI and uwsgi.
* Upstream: subrequest_in_memory fix.Maxim Dounin2013-09-27
| | | | | | | With previous code only part of u->buffer might be emptied in case of special responses, resulting in partial responses seen by SSI set in case of simple protocols, or spurious errors like "upstream sent invalid chunked response" in case of complex ones.
* Upstream: proxy_no_cache, fastcgi_no_cache warnings removed.Maxim Dounin2013-09-27
|
* Proxy: added the "proxy_ssl_ciphers" directive.Piotr Sikora2013-09-23
| | | | Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
* Added ngx_filename_cmp() with "/" sorted to the left.Maxim Dounin2013-09-23
| | | | | | | | | | | | | | | | | | | | | | This patch fixes incorrect handling of auto redirect in configurations like: location /0 { } location /a- { } location /a/ { proxy_pass ... } With previously used sorting, this resulted in the following locations tree (as "-" is less than "/"): "/a-" "/0" "/a/" and a request to "/a" didn't match "/a/" with auto_redirect, as it didn't traverse relevant tree node during lookup (it tested "/a-", then "/0", and then falled back to null location). To preserve locale use for non-ASCII characters on case-insensetive systems, libc's tolower() used.
* Caseless location tree construction (ticket #90).Maxim Dounin2013-09-23
| | | | | | | | | | | | Location tree was always constructed using case-sensitive comparison, even on case-insensitive systems. This resulted in incorrect operation if uppercase letters were used in location directives. Notably, the following config: location /a { ... } location /B { ... } failed to properly map requests to "/B" into "location /B".
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 07:39:55 +0000