aboutsummaryrefslogtreecommitdiff
path: root/src/stream
Commit message (Collapse)AuthorAge
* Upstream: fixed passwords support for dynamic certificates.Sergey Kandaurov2025-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Passwords were not preserved in optimized SSL contexts, the bug had appeared in d791b4aab (1.23.1), as in the following configuration: server { proxy_ssl_password_file password; proxy_ssl_certificate $ssl_server_name.crt; proxy_ssl_certificate_key $ssl_server_name.key; location /original/ { proxy_pass https://u1/; } location /optimized/ { proxy_pass https://u2/; } } The fix is to always preserve passwords, by copying to the configuration pool, if dynamic certificates are used. This is done as part of merging "ssl_passwords" configuration. To minimize the number of copies, a preserved version is then used for inheritance. A notable exception is inheritance of preserved empty passwords to the context with statically configured certificates: server { proxy_ssl_certificate $ssl_server_name.crt; proxy_ssl_certificate_key $ssl_server_name.key; location / { proxy_pass ...; proxy_ssl_certificate example.com.crt; proxy_ssl_certificate_key example.com.key; } } In this case, an unmodified version (NULL) of empty passwords is set, to allow reading them from the password prompt on nginx startup. As an additional optimization, a preserved instance of inherited configured passwords is set to the previous level, to inherit it to other contexts: server { proxy_ssl_password_file password; location /1/ { proxy_pass https://u1/; proxy_ssl_certificate $ssl_server_name.crt; proxy_ssl_certificate_key $ssl_server_name.key; } location /2/ { proxy_pass https://u2/; proxy_ssl_certificate $ssl_server_name.crt; proxy_ssl_certificate_key $ssl_server_name.key; } }
* SSL: removed stale comments.Sergey Kandaurov2025-02-26
| | | | It appears to be a relic from prototype locking removed in b0b7b5a35.
* SSL: improved logging of saving sessions from upstream servers.Sergey Kandaurov2025-02-26
| | | | | This makes it easier to understand why sessions may not be saved in shared memory due to size.
* SSL: using static storage for NGX_SSL_MAX_SESSION_SIZE buffers.Sergey Kandaurov2025-02-26
| | | | | | All such transient buffers are converted to the single storage in BSS. In preparation to raise the limit.
* SNI: added restriction for TLSv1.3 cross-SNI session resumption.Sergey Kandaurov2025-02-05
| | | | | | | | | | | | | | | | | In OpenSSL, session resumption always happens in the default SSL context, prior to invoking the SNI callback. Further, unlike in TLSv1.2 and older protocols, SSL_get_servername() returns values received in the resumption handshake, which may be different from the value in the initial handshake. Notably, this makes the restriction added in b720f650b insufficient for sessions resumed with different SNI server name. Considering the example from b720f650b, previously, a client was able to request example.org by presenting a certificate for example.org, then to resume and request example.com. The fix is to reject handshakes resumed with a different server name, if verification of client certificates is enabled in a corresponding server configuration.
* Upstream: caching certificates and certificate keys with variables.Sergey Kandaurov2025-01-17
| | | | | | Caching is enabled with proxy_ssl_certificate_cache and friends. Co-authored-by: Aleksei Bavshin <a.bavshin@nginx.com>
* SSL: caching certificates and certificate keys with variables.Sergey Kandaurov2025-01-17
| | | | | | | | A new directive "ssl_certificate_cache max=N [valid=time] [inactive=time]" enables caching of SSL certificate chain and secret key objects specified by "ssl_certificate" and "ssl_certificate_key" directives with variables. Co-authored-by: Aleksei Bavshin <a.bavshin@nginx.com>
* SSL: a new macro to set default protocol versions.Sergey Kandaurov2024-11-22
| | | | | | | | | This simplifies merging protocol values after ea15896 and ebd18ec. Further, as outlined in ebd18ec18, for libraries preceeding TLSv1.2+ support, only meaningful versions TLSv1 and TLSv1.1 are set by default. While here, fixed indentation.
* SSL: fixed MSVC compilation after ebd18ec1812b.蕭澧邦2024-11-11
| | | | | MSVC generates a compilation error in case #if/#endif is used in a macro parameter.
* Upstream: copy upstream zone DNS valid time during config reload.Mini Hawthorne2024-11-07
| | | | | | | | | | Previously, all upstream DNS entries would be immediately re-resolved on config reload. With a large number of upstreams, this creates a spike of DNS resolution requests. These spikes can overwhelm the DNS server or cause drops on the network. This patch retains the TTL of previous resolutions across reloads by copying each upstream's name's expiry time across configuration cycles. As a result, no additional resolutions are needed.
* Upstream: per-upstream resolver.Vladimir Homutov2024-11-07
| | | | The "resolver" and "resolver_timeout" directives can now be specified directly in the "upstream" block.
* Upstream: pre-resolve servers on reload.Ruslan Ermilov2024-11-07
| | | | | | | | After configuration is reloaded, it may take some time for the re-resolvable upstream servers to resolve and become available as peers. During this time, client requests might get dropped. Such servers are now pre-resolved using the "cache" of already resolved peers from the old shared memory zone.
* Upstream: construct upstream peers from DNS SRV records.Dmitry Volyntsev2024-11-07
|
* Upstream: re-resolvable servers.Ruslan Ermilov2024-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | Specifying the upstream server by a hostname together with the "resolve" parameter will make the hostname to be periodically resolved, and upstream servers added/removed as necessary. This requires a "resolver" at the "http" configuration block. The "resolver_timeout" parameter also affects when the failed DNS requests will be attempted again. Responses with NXDOMAIN will be attempted again in 10 seconds. Upstream has a configuration generation number that is incremented each time servers are added/removed to the primary/backup list. This number is remembered by the peer.init method, and if peer.get detects a change in configuration, it returns NGX_BUSY. Each server has a reference counter. It is incremented by peer.get and decremented by peer.free. When a server is removed, it is removed from the list of servers and is marked as "zombie". The memory allocated by a zombie peer is freed only when its reference count becomes zero. Co-authored-by: Roman Arutyunyan <arut@nginx.com> Co-authored-by: Sergey Kandaurov <pluknet@nginx.com> Co-authored-by: Vladimir Homutov <vl@nginx.com>
* SSL: disabled TLSv1 and TLSv1.1 by default.Sergey Kandaurov2024-10-31
| | | | | | | | | | | | | | | TLSv1 and TLSv1.1 are formally deprecated and forbidden to negotiate due to insufficient security reasons outlined in RFC 8996. TLSv1 and TLSv1.1 are disabled in BoringSSL e95b0cad9 and LibreSSL 3.8.1 in the way they cannot be enabled in nginx configuration. In OpenSSL 3.0, they are only permitted at security level 0 (disabled by default). The support is dropped in Chrome 84, Firefox 78, and deprecated in Safari. This change disables TLSv1 and TLSv1.1 by default for OpenSSL 1.0.1 and newer, where TLSv1.2 support is available. For older library versions, which do not have alternatives, these protocol versions remain enabled.
* SSL: optional ssl_client_certificate for ssl_verify_client.Sergey Kandaurov2024-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | Starting from TLSv1.1 (as seen since draft-ietf-tls-rfc2246-bis-00), the "certificate_authorities" field grammar of the CertificateRequest message was redone to allow no distinguished names. In TLSv1.3, with the restructured CertificateRequest message, this can be similarly done by optionally including the "certificate_authorities" extension. This allows to avoid sending DNs at all. In practice, aside from published TLS specifications, all supported SSL/TLS libraries allow to request client certificates with an empty DN list for any protocol version. For instance, when operating in TLSv1, this results in sending the "certificate_authorities" list as a zero-length vector, which corresponds to the TLSv1.1 specification. Such behaviour goes back to SSLeay. The change relaxes the requirement to specify at least one trusted CA certificate in the ssl_client_certificate directive, which resulted in sending DNs of these certificates (closes #142). Instead, all trusted CA certificates can be specified now using the ssl_trusted_certificate directive if needed. A notable difference that certificates specified in ssl_trusted_certificate are always loaded remains (see 3648ba7db). Co-authored-by: Praveen Chaudhary <praveenc@nvidia.com>
* Stream: OCSP stapling.Sergey Kandaurov2024-08-22
|
* Stream: client certificate validation with OCSP.Sergey Kandaurov2024-08-22
|
* Stream ssl_preread: do not reallocate a parsed SNI host.Sergey Kandaurov2024-08-09
| | | | We own this memory from the session pool.
* Stream: allow servers with no handler.Roman Arutyunyan2024-06-27
| | | | | | | | Previously handlers were mandatory. However they are not always needed. For example, a server configured with ssl_reject_handshake does not need a handler. Such servers required a fake handler to pass the check. Now handler absence check is moved to runtime. If handler is missing, the connection is closed with 500 code.
* Stream pass: disabled passing from or to udp.Roman Arutyunyan2024-05-03
| | | | | | | Passing from udp was not possible for the most part due to preread buffer restriction. Passing to udp could occasionally work, but the connection would still be bound to the original listen rbtree, which prevented it from being deleted on connection closure.
* Stream pass: limited the number of passes per connection.Roman Arutyunyan2024-04-11
| | | | Previously a cycle in pass configuration resulted in stack overflow.
* Fixed undefined behaviour with IPv4-mapped IPv6 addresses.Sergey Kandaurov2024-03-18
| | | | | | | | | | | | | | | | Previously, it could result when left-shifting signed integer due to implicit integer promotion, such that the most significant bit appeared on the sign bit. In practice, though, this results in the same left value as with an explicit cast, at least on known compilers, such as GCC and Clang. The reason is that in_addr_t, which is equivalent to uint32_t and same as "unsigned int" in ILP32 and LP64 data type models, has the same type width as the intermediate after integer promotion, so there's no side effects such as sign-extension. This explains why adding an explicit cast does not change object files in practice. Found with UndefinedBehaviorSanitizer (shift). Based on a patch by Piotr Sikora.
* Geo: fixed uninitialized memory access.Piotr Sikora2024-03-14
| | | | | | | | | | | | While copying ngx_http_variable_value_t structures to geo binary base in ngx_http_geo_copy_values(), and similarly in the stream module, uninitialized parts of these structures are copied as well. These include the "escape" field and possible holes. Calculating crc32 of this data triggers uninitialized memory access. Found with MemorySanitizer. Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
* Stream: $server_name.Sergey Kandaurov2024-03-22
|
* Stream: moved fastopen compatibility check.Roman Arutyunyan2024-01-18
| | | | The move makes the code look similar to the corresponding code in http module.
* Stream: the "setfib" parameter of the "listen" directive.Sergey Kandaurov2024-03-22
| | | | The FreeBSD SO_SETFIB support.
* Stream: the "accept_filter" parameter of the "listen" directive.Sergey Kandaurov2024-03-22
| | | | The FreeBSD accept filters support.
* Stream: the "deferred" parameter of the "listen" directive.Sergey Kandaurov2024-03-22
| | | | The Linux TCP_DEFER_ACCEPT support.
* Stream: reshuffled ngx_stream_listen_opt_t fields.Sergey Kandaurov2024-03-22
| | | | | | In preparation for adding more parameters to the listen directive, and to be in sync with the corresponding structure in the http module. No functional changes.
* Overhauled some diagnostic messages akin to 1b05b9bbcebf.Sergey Kandaurov2024-03-22
|
* Stream: using ngx_stream_ssl_srv_conf_t *sscf naming convention.Sergey Kandaurov2024-03-22
| | | | | | | | Originally, the stream module was developed based on the mail module, following the existing style. Then it was diverged to closely follow the http module development. This change updates style to use sscf naming convention troughout the stream module, which matches the http module code style. No functional changes.
* Stream: ngx_stream_pass_module.Roman Arutyunyan2024-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The module allows to pass connections from Stream to other modules such as HTTP or Mail, as well as back to Stream. Previously, this was only possible with proxying. Connections with preread buffer read out from socket cannot be passed. The module allows selective SSL termination based on SNI. stream { server { listen 8000 default_server; ssl_preread on; ... } server { listen 8000; server_name foo.example.com; pass 127.0.0.1:8001; # to HTTP } server { listen 8000; server_name bar.example.com; ... } } http { server { listen 8001 ssl; ... location / { root html; } } }
* Stream: virtual servers.Roman Arutyunyan2023-12-14
| | | | | | | | | Server name is taken either from ngx_stream_ssl_module or ngx_stream_ssl_preread_module. The change adds "default_server" parameter to the "listen" directive, as well as the following directives: "server_names_hash_max_size", "server_names_hash_bucket_size", "server_name" and "ssl_reject_handshake".
* Stream: socket peek in preread phase.Roman Arutyunyan2023-12-13
| | | | | | | | | | Previously, preread buffer was always read out from socket, which made it impossible to terminate SSL on the connection without introducing additional SSL BIOs. The following patches will rely on this. Now, when possible, recv(MSG_PEEK) is used instead, which keeps data in socket. It's called if SSL is not already terminated and if an egde-triggered event method is used. For epoll, EPOLLRDHUP support is also required.
* SSL: enabled TLSv1.3 by default.Maxim Dounin2023-03-24
|
* Fixed port ranges support in the listen directive.Valentin Bartenev2022-12-18
| | | | | | | | | Ports difference must be respected when checking addresses for duplicates, otherwise configurations like this are broken: listen 127.0.0.1:6000-6005 It was broken by 4cc2bfeff46c (nginx 1.23.3).
* SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.Maxim Dounin2022-12-01
| | | | | | | | | | | | With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(), which used to always reset c->read->ready to 0 when returning errors. This fixes an infinite loop in unbuffered SSL proxying if writing to the client is blocked and an SSL error happens (ticket #2418). With this change, the fix for a similar issue in the stream module (6868:ee3645078759), which used a different approach of explicitly testing c->read->error instead, is no longer needed and was reverted.
* Filtering duplicate addresses in listen (ticket #2400).Maxim Dounin2022-11-23
| | | | | | | | | | | | Due to the glibc bug[1], getaddrinfo("localhost") with AI_ADDRCONFIG on a typical host with glibc and without IPv6 returns two 127.0.0.1 addresses, and therefore "listen localhost:80;" used to result in "duplicate ... address and port pair" after 4f9b72a229c1. Fix is to explicitly filter out duplicate addresses returned during resolution of a name. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=14969
* Increased maximum read PROXY protocol header size.Roman Arutyunyan2022-11-02
| | | | | | | | Maximum size for reading the PROXY protocol header is increased to 4096 to accommodate a bigger number of TLVs, which are supported since cca4c8a715de. Maximum size for writing the PROXY protocol header is not changed since only version 1 is currently supported.
* SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.Sergey Kandaurov2022-10-17
| | | | | | | Now it properly detects invalid shared zone configuration with omitted size. Previously it used to read outside of the buffer boundary. Found with AddressSanitizer.
* PROXY protocol v2 TLV variables.Roman Arutyunyan2022-10-12
| | | | | The variables have prefix $proxy_protocol_tlv_ and are accessible by name and by type. Examples are: $proxy_protocol_tlv_0x01, $proxy_protocol_tlv_alpn.
* Upstream: optimized use of SSL contexts (ticket #1234).Maxim Dounin2022-06-29
| | | | | | | | | | | | To ensure optimal use of memory, SSL contexts for proxying are now inherited from previous levels as long as relevant proxy_ssl_* directives are not redefined. Further, when no proxy_ssl_* directives are redefined in a server block, we now preserve plcf->upstream.ssl in the "http" section configuration to inherit it to all servers. Similar changes made in uwsgi, grpc, and stream proxy.
* Stream: don't flush empty buffers created for read errors.Aleksei Bavshin2022-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we generate the last_buf buffer for an UDP upstream recv error, it does not contain any data from the wire. ngx_stream_write_filter attempts to forward it anyways, which is incorrect (e.g., UDP upstream ECONNREFUSED will be translated to an empty packet). This happens because we mark the buffer as both 'flush' and 'last_buf', and ngx_stream_write_filter has special handling for flush with certain types of connections (see d127837c714f, 32b0ba4855a6). The flags are meant to be mutually exclusive, so the fix is to ensure that flush and last_buf are not set at the same time. Reproduction: stream { upstream unreachable { server 127.0.0.1:8880; } server { listen 127.0.0.1:8998 udp; proxy_pass unreachable; } } 1 0.000000000 127.0.0.1 → 127.0.0.1 UDP 47 45588 → 8998 Len=5 2 0.000166300 127.0.0.1 → 127.0.0.1 UDP 47 51149 → 8880 Len=5 3 0.000172600 127.0.0.1 → 127.0.0.1 ICMP 75 Destination unreachable (Port unreachable) 4 0.000202400 127.0.0.1 → 127.0.0.1 UDP 42 8998 → 45588 Len=0 Fixes d127837c714f.
* Upstream: handling of certificates specified as an empty string.Sergey Kandaurov2022-06-07
| | | | | | | Now, if the directive is given an empty string, such configuration cancels loading of certificates, in particular, if they would be otherwise inherited from the previous level. This restores previous behaviour, before variables support in certificates was introduced (3ab8e1e2f0f7).
* HTTP/2: made it possible to flush response headers (ticket #1743).Maxim Dounin2022-02-03
| | | | | | | | | | | | | | | | Response headers can be buffered in the SSL buffer. But stream's fake connection buffered flag did not reflect this, so any attempts to flush the buffer without sending additional data were stopped by the write filter. It does not seem to be possible to reflect this in fc->buffered though, as we never known if main connection's c->buffered corresponds to the particular stream or not. As such, fc->buffered might prevent request finalization due to sending data on some other stream. Fix is to implement handling of flush buffers when the c->need_flush_buf flag is set, similarly to the existing last buffer handling. The same flag is now used for UDP sockets in the stream module instead of explicit checking of c->type.
* SSL: $ssl_curve (ticket #2135).Sergey Kandaurov2021-11-01
| | | | | | | | | | | | | | | The variable contains a negotiated curve used for the handshake key exchange process. Known curves are listed by their names, unknown ones are shown in hex. Note that for resumed sessions in TLSv1.2 and older protocols, $ssl_curve contains the curve used during the initial handshake, while in TLSv1.3 it contains the curve used during the session resumption (see the SSL_get_negotiated_group manual page for details). The variable is only meaningful when using OpenSSL 3.0 and above. With older versions the variable is empty.
* Style: added missing "static" specifiers.Maxim Dounin2021-10-21
| | | | | Mostly found by gcc -Wtraditional, per "non-static declaration of ... follows static declaration [-Wtraditional]" warnings.
* Stream: the "ssl_alpn" directive.Vladimir Homutov2021-10-19
| | | | | | The directive sets the server list of supported application protocols and requires one of this protocols to be negotiated if client is using ALPN.
* SSL: added $ssl_alpn_protocol variable.Vladimir Homutov2021-10-14
| | | | | The variable contains protocol selected by ALPN during handshake and is empty otherwise.