nginx.git, branch release-1.4.5

nginx-1.4.5-RELEASE

2014-02-11T13:24:43+00:00

Updated OpenSSL used for win32 builds.

2014-01-22T12:10:13+00:00

Fixed TCP_DEFER_ACCEPT handling (ticket #353).

2014-01-28T11:40:46+00:00

Backed out 05a56ebb084a, as it turns out that kernel can return connections
without any delay if syncookies are used.  This basically means we can't
assume anything about connections returned with deferred accept set.

To solve original problem the 05a56ebb084a tried to solve, i.e. to don't
wait longer than needed if a connection was accepted after deferred accept
timeout, this patch changes a timeout set with setsockopt(TCP_DEFER_ACCEPT)
to 1 second, unconditionally.  This is believed to be enough for speed
improvements, and doesn't imply major changes to timeouts used.

Note that before 2.6.32 connections were dropped after a timeout.  Though
it is believed that 1s is still appropriate for kernels before 2.6.32,
as previously tcp_synack_retries controlled the actual timeout and 1s results
in more than 1 minute actual timeout by default.

Upstream: reading from a client after connection upgrade.

2014-01-22T12:05:07+00:00

Read event on a client connection might have been disabled during
previous processing, and we at least need to handle events.  Calling
ngx_http_upstream_process_upgraded() is a simpliest way to do it.

Notably this change is needed for select, poll and /dev/poll event
methods.

Previous version of this patch was posted here:
http://mailman.nginx.org/pipermail/nginx/2014-January/041839.html

SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.

2014-01-23T14:32:26+00:00

Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation.  As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9).  The check added returns an empty
string if there is no session available.

SSL: fixed $ssl_session_id variable.

2014-01-22T12:05:06+00:00

Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.

Thanks to Ivan Ristić.

SPDY: fixed possible segfault.

2014-01-22T00:58:19+00:00

While processing a DATA frame, the link to related stream is stored in spdy
connection object as part of connection state.  But this stream can be closed
between receiving parts of the frame.

Year 2014.

2014-01-14T12:24:02+00:00

Fixed "zero size buf in output" alerts.

2014-01-03T23:32:22+00:00

If a request had an empty request body (with Content-Length: 0), and there
were preread data available (e.g., due to a pipelined request in the buffer),
the "zero size buf in output" alert might be logged while proxying the
request to an upstream.

Similar alerts appeared with client_body_in_file_only if a request had an
empty request body.

Request body: fixed r->count increment on allocation failure.

2013-05-11T14:49:19+00:00