nginx.git, branch release-1.19.0 nginx nginx-1.19.0-RELEASE 2020-05-26T15:00:20+00:00 Maxim Dounin mdounin@mdounin.ru 2020-05-26T15:00:20+00:00 87c8507f20eb32e757aa3ef2e709f395f577a7f6 






Updated OpenSSL used for win32 builds.
2020-05-25T19:10:37+00:00

Maxim Dounin
mdounin@mdounin.ru

2020-05-25T19:10:37+00:00

f457127cc4f379d64b232bc9f137b7ef278e7c59












HTTP/2: invalid connection preface logging (ticket #1981).
2020-05-25T15:33:42+00:00

Maxim Dounin
mdounin@mdounin.ru

2020-05-25T15:33:42+00:00

4056ce4f4ee4d80d41c56af8c1b4fd41b76144c8

Previously, invalid connection preface errors were only logged at debug
level, providing no visible feedback, in particular, when a plain text
HTTP/2 listening socket is erroneously used for HTTP/1.x connections.
Now these are explicitly logged at the info level, much like other
client-related errors.





Previously, invalid connection preface errors were only logged at debug
level, providing no visible feedback, in particular, when a plain text
HTTP/2 listening socket is erroneously used for HTTP/1.x connections.
Now these are explicitly logged at the info level, much like other
client-related errors.







Fixed format specifiers.
2020-05-23T12:53:08+00:00

Sergey Kandaurov
pluknet@nginx.com

2020-05-23T12:53:08+00:00

9b87626b0bdd0e6c87d76f1a50302ca9e3df2fc1












OCSP: certificate status cache.
2020-05-22T14:25:27+00:00

Roman Arutyunyan
arut@nginx.com

2020-05-22T14:25:27+00:00

5727f9a1e0cca082eb1f3e599e0453a7a9cfe319

When enabled, certificate status is stored in cache and is used to validate
the certificate in future requests.

New directive ssl_ocsp_cache is added to configure the cache.





When enabled, certificate status is stored in cache and is used to validate
the certificate in future requests.

New directive ssl_ocsp_cache is added to configure the cache.







SSL: client certificate validation with OCSP (ticket #1534).
2020-05-22T14:30:12+00:00

Roman Arutyunyan
arut@nginx.com

2020-05-22T14:30:12+00:00

60438ae395d83b0f8b21bf667a1e260d60c3f46a

OCSP validation for client certificates is enabled by the "ssl_ocsp" directive.
OCSP responder can be optionally specified by "ssl_ocsp_responder".

When session is reused, peer chain is not available for validation.
If the verified chain contains certificates from the peer chain not available
at the server, validation will fail.





OCSP validation for client certificates is enabled by the "ssl_ocsp" directive.
OCSP responder can be optionally specified by "ssl_ocsp_responder".

When session is reused, peer chain is not available for validation.
If the verified chain contains certificates from the peer chain not available
at the server, validation will fail.







OCSP stapling: iterate over all responder addresses.
2020-05-22T17:35:05+00:00

Roman Arutyunyan
arut@nginx.com

2020-05-22T17:35:05+00:00

aa94ee82f6040c8e2cbde3ae4de931c23fade3f3

Previously only the first responder address was used per each stapling update.
Now, in case of a network or parsing error, next address is used.

This also fixes the issue with unsupported responder address families
(ticket #1330).





Previously only the first responder address was used per each stapling update.
Now, in case of a network or parsing error, next address is used.

This also fixes the issue with unsupported responder address families
(ticket #1330).







OCSP stapling: keep extra chain in the staple object.
2020-05-17T11:24:35+00:00

Roman Arutyunyan
arut@nginx.com

2020-05-17T11:24:35+00:00

abdb9aebc6fa165cc2a77a555f309a4eec6947dd












OCSP stapling: moved response verification to a separate function.
2020-05-06T18:44:14+00:00

Roman Arutyunyan
arut@nginx.com

2020-05-06T18:44:14+00:00

3f2ac979eb3600fe285f184bfd30673e7c8de85a












Upstream: jump out of loop after matching the status code.
2020-05-13T14:02:47+00:00

Jinhua Tan
312841925@qq.com

2020-05-13T14:02:47+00:00

b47c1f35e2e421bc0e5be67afb897276324c57a4