nginx.git/auto, branch release-1.25.4 nginx SSL: avoid using OpenSSL config in build directory (ticket #2404). 2023-06-20T22:29:53+00:00 Maxim Dounin mdounin@mdounin.ru 2023-06-20T22:29:53+00:00 bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017 With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx is asked to build OpenSSL itself. And with this macro automatic loading of OpenSSL configuration (from the build directory) is prevented unless the OPENSSL_CONF environment variable is explicitly set. Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a (fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350). If nginx is used to compile these OpenSSL versions, configuring nginx with NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround. 
With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx
is asked to build OpenSSL itself.  And with this macro automatic loading
of OpenSSL configuration (from the build directory) is prevented unless
the OPENSSL_CONF environment variable is explicitly set.

Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a
(fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350).
If nginx is used to compile these OpenSSL versions, configuring nginx with
NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround.
HTTP/2: removed server push (ticket #2432). 2023-06-08T12:56:46+00:00 Sergey Kandaurov pluknet@nginx.com 2023-06-08T12:56:46+00:00 6915d2fb2e88e0c339fe37b37ce14f5fe446c1c6 Although it has better implementation status than HTTP/3 server push, it remains of limited use, with adoption numbers seen as negligible. Per IETF 102 materials, server push was used only in 0.04% of sessions. It was considered to be "difficult to use effectively" in RFC 9113. Its use is further limited by badly matching to fetch/cache/connection models in browsers, see related discussions linked from [1]. Server push was disabled in Chrome 106 [2]. The http2_push, http2_push_preload, and http2_max_concurrent_pushes directives are made obsolete. In particular, this essentially reverts 7201:641306096f5b and 7207:3d2b0b02bd3d. [1] https://jakearchibald.com/2017/h2-push-tougher-than-i-thought/ [2] https://chromestatus.com/feature/6302414934114304 
Although it has better implementation status than HTTP/3 server push,
it remains of limited use, with adoption numbers seen as negligible.
Per IETF 102 materials, server push was used only in 0.04% of sessions.
It was considered to be "difficult to use effectively" in RFC 9113.
Its use is further limited by badly matching to fetch/cache/connection
models in browsers, see related discussions linked from [1].

Server push was disabled in Chrome 106 [2].

The http2_push, http2_push_preload, and http2_max_concurrent_pushes
directives are made obsolete.  In particular, this essentially reverts
7201:641306096f5b and 7207:3d2b0b02bd3d.

[1] https://jakearchibald.com/2017/h2-push-tougher-than-i-thought/
[2] https://chromestatus.com/feature/6302414934114304
Stream: removed QUIC support. 2023-05-14T08:05:35+00:00 Roman Arutyunyan arut@nginx.com 2023-05-14T08:05:35+00:00 779bfcff5f7544494c7c85ac73f41a033e749528 






QUIC: disabled datagram fragmentation.
2023-05-06T12:23:27+00:00

Roman Arutyunyan
arut@nginx.com

2023-05-06T12:23:27+00:00

1465a34067b927963b311136bf15a79981cb9d6e

As per RFC 9000, Section 14:

  UDP datagrams MUST NOT be fragmented at the IP layer.





As per RFC 9000, Section 14:

  UDP datagrams MUST NOT be fragmented at the IP layer.







Merged with the default branch.
2023-03-29T07:14:25+00:00

Sergey Kandaurov
pluknet@nginx.com

2023-03-29T07:14:25+00:00

e8fbc967470b39513248cd961ccccf7a032831ea












Win32: OpenSSL compilation for x64 targets with MSVC.
2023-02-23T15:16:08+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-02-23T15:16:08+00:00

dad6ec3aa63fbd3b427d74842fa659f7a0b82f3b

To ensure proper target selection the NGX_MACHINE variable is now set
based on the MSVC compiler output, and the OpenSSL target is set based
on it.

This is not important as long as "no-asm" is used (as in misc/GNUmakefile
and win32 build instructions), but might be beneficial if someone is trying
to build OpenSSL with assembler code.





To ensure proper target selection the NGX_MACHINE variable is now set
based on the MSVC compiler output, and the OpenSSL target is set based
on it.

This is not important as long as "no-asm" is used (as in misc/GNUmakefile
and win32 build instructions), but might be beneficial if someone is trying
to build OpenSSL with assembler code.







Win32: i386 now assumed when crossbuilding (ticket #2416).
2023-02-23T15:15:59+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-02-23T15:15:59+00:00

62b790c3318a56971e461a1e1f5b79197b604e89

Previously, NGX_MACHINE was not set when crossbuilding, resulting in
NGX_ALIGNMENT=16 being used in 32-bit builds (if not explicitly set to a
correct value).  This in turn might result in memory corruption in
ngx_palloc() (as there are no usable aligned allocator on Windows, and
normal malloc() is used instead, which provides 8 byte alignment on
32-bit platforms).

To fix this, now i386 machine is set when crossbuilding, so nginx won't
assume strict alignment requirements.





Previously, NGX_MACHINE was not set when crossbuilding, resulting in
NGX_ALIGNMENT=16 being used in 32-bit builds (if not explicitly set to a
correct value).  This in turn might result in memory corruption in
ngx_palloc() (as there are no usable aligned allocator on Windows, and
normal malloc() is used instead, which provides 8 byte alignment on
32-bit platforms).

To fix this, now i386 machine is set when crossbuilding, so nginx won't
assume strict alignment requirements.







Win32: handling of localized MSVC cl output.
2023-02-23T15:15:57+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-02-23T15:15:57+00:00

180be97d3157c6ed81efc0272dea6472241304c3

Output examples in English, Russian, and Spanish:

Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01 for 80x86
Оптимизирующий 32-разрядный компилятор Microsoft (R) C/C++ версии 16.00.30319.01 для 80x86
Compilador de optimización de C/C++ de Microsoft (R) versión 16.00.30319.01 para x64

Since most of the words are translated, instead of looking for the words
"Compiler Version" we now search for "C/C++" and the version number.





Output examples in English, Russian, and Spanish:

Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01 for 80x86
Оптимизирующий 32-разрядный компилятор Microsoft (R) C/C++ версии 16.00.30319.01 для 80x86
Compilador de optimización de C/C++ de Microsoft (R) versión 16.00.30319.01 para x64

Since most of the words are translated, instead of looking for the words
"Compiler Version" we now search for "C/C++" and the version number.







Win32: removed unneeded wildcard in NGX_CC_NAME test for msvc.
2023-02-23T15:15:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-02-23T15:15:53+00:00

504ca566861dde3d20a558fc02c7066e9bb54bfd

Wildcards for msvc in NGX_CC_NAME tests are not needed since 78f8ac479735.





Wildcards for msvc in NGX_CC_NAME tests are not needed since 78f8ac479735.







QUIC: OpenSSL compatibility layer.
2023-02-22T15:16:53+00:00

Roman Arutyunyan
arut@nginx.com

2023-02-22T15:16:53+00:00

a36ebf7e95baebf445b0973bd270bc009b0b0e9a

The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.

This implementation does not support 0-RTT.





The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.

This implementation does not support 0-RTT.