nginx.git/auto, branch no-short-read-checks nginx Core: added support for TCP keepalive parameters on macOS. 2025-05-26T21:59:02+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-26T12:11:36+00:00 5b8a5c08ce28639e788734b2528faad70baa113c The support first appeared in OS X Mavericks 10.9 and documented since OS X Yosemite 10.10. It has a subtle implementation difference from other operating systems in that the TCP_KEEPALIVE socket option (used in place of TCP_KEEPIDLE) isn't inherited from a listening socket to an accepted socket. An apparent reason for this behaviour is that it might be preserved for the sake of backward compatibility. The TCP_KEEPALIVE socket option is not inherited since appearance in OS X Panther 10.3, which long predates two other TCP_KEEPINTVL and TCP_KEEPCNT socket options. Thanks to Andy Pan for initial work. 
The support first appeared in OS X Mavericks 10.9 and documented since
OS X Yosemite 10.10.

It has a subtle implementation difference from other operating systems
in that the TCP_KEEPALIVE socket option (used in place of TCP_KEEPIDLE)
isn't inherited from a listening socket to an accepted socket.

An apparent reason for this behaviour is that it might be preserved for
the sake of backward compatibility.  The TCP_KEEPALIVE socket option is
not inherited since appearance in OS X Panther 10.3, which long predates
two other TCP_KEEPINTVL and TCP_KEEPCNT socket options.

Thanks to Andy Pan for initial work.
QUIC: using QUIC API introduced in OpenSSL 3.5. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-02-13T13:00:56+00:00 6a134dfd4888fc3850d22294687cfb3940994c69 Similarly to the QUIC API originated in BoringSSL, this API allows to register custom TLS callbacks for an external QUIC implementation. See the SSL_set_quic_tls_cbs manual page for details. Due to a different approach used in OpenSSL 3.5, handling of CRYPTO frames was streamlined to always write an incoming CRYPTO buffer to the crypto context. Using SSL_provide_quic_data(), this results in transient allocation of chain links and buffers for CRYPTO frames received in order. Testing didn't reveal performance degradation of QUIC handshakes, https://github.com/nginx/nginx/pull/646 provides specific results. 
Similarly to the QUIC API originated in BoringSSL, this API allows
to register custom TLS callbacks for an external QUIC implementation.
See the SSL_set_quic_tls_cbs manual page for details.

Due to a different approach used in OpenSSL 3.5, handling of CRYPTO
frames was streamlined to always write an incoming CRYPTO buffer to
the crypto context.  Using SSL_provide_quic_data(), this results in
transient allocation of chain links and buffers for CRYPTO frames
received in order.  Testing didn't reveal performance degradation of
QUIC handshakes, https://github.com/nginx/nginx/pull/646 provides
specific results.
QUIC: defined SSL API macros in a single place. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-20T23:54:45+00:00 e561f7dbcfc27f5f648e5151de0796e691cbc1b0 All definitions now set in ngx_event_quic.h, this includes moving NGX_QUIC_OPENSSL_COMPAT from autotests to compile time. Further, to improve code readability, a new NGX_QUIC_QUICTLS_API macro is used for QuicTLS that provides old BoringSSL QUIC API. 
All definitions now set in ngx_event_quic.h, this includes moving
NGX_QUIC_OPENSSL_COMPAT from autotests to compile time.  Further,
to improve code readability, a new NGX_QUIC_QUICTLS_API macro is
used for QuicTLS that provides old BoringSSL QUIC API.
Win32: added detection of ARM64 target. 2025-04-18T19:57:26+00:00 Aleksei Bavshin a.bavshin@nginx.com 2025-01-14T19:11:28+00:00 020b1db7eb187d4a9a5f1d6154c664a463473b36 This extends the target selection implemented in dad6ec3aa63f to support Windows ARM64 platforms. OpenSSL support for VC-WIN64-ARM target first appeared in 1.1.1 and is present in all currently supported (3.x) branches. As a side effect, ARM64 Windows builds will get 16-byte alignment along with the rest of non-x86 platforms. This is safe, as malloc on 64-bit Windows guarantees the fundamental alignment of allocations, 16 bytes. 
This extends the target selection implemented in dad6ec3aa63f to support
Windows ARM64 platforms.  OpenSSL support for VC-WIN64-ARM target first
appeared in 1.1.1 and is present in all currently supported (3.x)
branches.

As a side effect, ARM64 Windows builds will get 16-byte alignment along
with the rest of non-x86 platforms.  This is safe, as malloc on 64-bit
Windows guarantees the fundamental alignment of allocations, 16 bytes.
Configure: MSVC compatibility with PCRE2 10.45. 2025-02-18T15:07:11+00:00 Thierry Bastian thierryb@filewave.com 2025-02-17T08:01:27+00:00 3327353ec05f32bf4ef227fcd67bf40efafa04f8 






Core: fix build without libcrypt.
2025-02-18T13:18:10+00:00

Piotr Sikora
piotr@aviatrix.com

2025-02-12T08:40:58+00:00

9a4090f02ab438c47178b3b5a4c15a3c769d5027

libcrypt is no longer part of glibc, so it might not be available.

Signed-off-by: Piotr Sikora <piotr@aviatrix.com>





libcrypt is no longer part of glibc, so it might not be available.

Signed-off-by: Piotr Sikora <piotr@aviatrix.com>







Configure: fixed --with-libatomic=DIR with recent libatomic_ops.
2025-01-30T13:16:10+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-01-17T13:55:21+00:00

e715202220e2260a8ed125eacf5230d1c1eaeec8

The build location of the resulting libatomic_ops.a was changed in v7.4.0
after converting libatomic_ops to use libtool.  The fix is to use library
from the install path, this allows building with both old and new versions.

Initially reported here:
https://mailman.nginx.org/pipermail/nginx/2018-April/056054.html





The build location of the resulting libatomic_ops.a was changed in v7.4.0
after converting libatomic_ops to use libtool.  The fix is to use library
from the install path, this allows building with both old and new versions.

Initially reported here:
https://mailman.nginx.org/pipermail/nginx/2018-April/056054.html







Configure: MSVC compatibility with PCRE2 10.43.
2024-10-15T14:18:33+00:00

Thierry Bastian
thierryb@filewave.com

2024-10-09T07:18:49+00:00

b394d44cfa7e5c2d48a174d06f4b899b6cfd3ccf












SSL: object caching.
2024-10-01T13:59:24+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-09-09T15:03:20+00:00

7d7e8d2cb8d16e409e0d4c777b30f1d8d7838c7b

Added ngx_openssl_cache_module, which indexes a type-aware object cache.
It maps an id to a unique instance, and provides references to it, which
are dropped when the cycle's pool is destroyed.

The cache will be used in subsequent patches.

Based on previous work by Mini Hawthorne.





Added ngx_openssl_cache_module, which indexes a type-aware object cache.
It maps an id to a unique instance, and provides references to it, which
are dropped when the cycle's pool is destroyed.

The cache will be used in subsequent patches.

Based on previous work by Mini Hawthorne.







Configure: fixed building libatomic test.
2024-05-16T09:15:10+00:00

Edgar Bonet
bonet@grenoble.cnrs.fr

2024-05-16T09:15:10+00:00

efc6a217b92985a1ee211b6bb7337cd2f62deb90

Using "long *" instead of "AO_t *" leads either to -Wincompatible-pointer-types
or -Wpointer-sign warnings, depending on whether long and size_t are compatible
types (e.g., ILP32 versus LP64 data models).  Notably, -Wpointer-sign warnings
are enabled by default in Clang only, and -Wincompatible-pointer-types is an
error starting from GCC 14.

Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>





Using "long *" instead of "AO_t *" leads either to -Wincompatible-pointer-types
or -Wpointer-sign warnings, depending on whether long and size_t are compatible
types (e.g., ILP32 versus LP64 data models).  Notably, -Wpointer-sign warnings
are enabled by default in Clang only, and -Wincompatible-pointer-types is an
error starting from GCC 14.

Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>