nginx.git/src/event, branch release-1.10.2 nginx SSL: default DH parameters compatible with OpenSSL 1.1.0. 2016-10-18T14:25:38+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-18T14:25:38+00:00 789abf2b8cfd184555a09f7001b59e82c003c43c This is a direct commit to stable as there is no corresponding code in mainline, default DH parameters were removed in 1aa9650a8154. 
This is a direct commit to stable as there is no corresponding code
in mainline, default DH parameters were removed in 1aa9650a8154.
Event pipe: do not set file's thread_handler if not needed. 2016-09-01T17:05:23+00:00 Maxim Dounin mdounin@mdounin.ru 2016-09-01T17:05:23+00:00 09453e10d03571ecb32fe8bc77d4bcc7e10fcf3a This fixes a problem with aio threads and sendfile with aio_write switched off, as observed with range requests after fc72784b1f52 (1.9.13). Potential problems with sendfile in threads were previously described in 9fd738b85fad, and this seems to be one of them. The problem occurred as file's thread_handler was set to NULL by event pipe code after a sendfile thread task was scheduled. As a result, no sendfile completion code was executed, and the same buffer was additionally sent using non-threaded sendfile. Fix is to avoid modifying file's thread_handler if aio_write is switched off. Note that with "aio_write on" it is still possible that sendfile will use thread_handler as set by event pipe. This is believed to be safe though, as handlers used are compatible. 
This fixes a problem with aio threads and sendfile with aio_write switched
off, as observed with range requests after fc72784b1f52 (1.9.13).  Potential
problems with sendfile in threads were previously described in 9fd738b85fad,
and this seems to be one of them.

The problem occurred as file's thread_handler was set to NULL by event pipe
code after a sendfile thread task was scheduled.  As a result, no sendfile
completion code was executed, and the same buffer was additionally sent
using non-threaded sendfile.  Fix is to avoid modifying file's thread_handler
if aio_write is switched off.

Note that with "aio_write on" it is still possible that sendfile will use
thread_handler as set by event pipe.  This is believed to be safe though,
as handlers used are compatible.
SSL: adopted session ticket handling for OpenSSL 1.1.0. 2016-08-22T15:53:21+00:00 Sergey Kandaurov pluknet@nginx.com 2016-08-22T15:53:21+00:00 63260a6842e1b9c4dbe28c669ff2c74a63f8df5c Return 1 in the SSL_CTX_set_tlsext_ticket_key_cb() callback function to indicate that a new session ticket is created, as per documentation. Until 1.1.0, OpenSSL didn't make a distinction between non-negative return values. See https://git.openssl.org/?p=openssl.git;a=commitdiff;h=5c753de for details. 
Return 1 in the SSL_CTX_set_tlsext_ticket_key_cb() callback function
to indicate that a new session ticket is created, as per documentation.
Until 1.1.0, OpenSSL didn't make a distinction between non-negative
return values.

See https://git.openssl.org/?p=openssl.git;a=commitdiff;h=5c753de for details.
SSL: guarded SSL_R_NO_CIPHERS_PASSED not present in OpenSSL 1.1.0. 2016-08-08T10:44:49+00:00 Sergey Kandaurov pluknet@nginx.com 2016-08-08T10:44:49+00:00 f3dfbb5d1fd00659e886a1cdb56cc07a68340e6d It was removed in OpenSSL 1.1.0 Beta 3 (pre-release 6). It was not used since OpenSSL 1.0.1n and 1.0.2b. 
It was removed in OpenSSL 1.1.0 Beta 3 (pre-release 6).  It was
not used since OpenSSL 1.0.1n and 1.0.2b.
Removed redundant "u" format specifier. 2016-04-08T12:03:38+00:00 Ruslan Ermilov ru@nginx.com 2016-04-08T12:03:38+00:00 37a3a2b2e8ef3202045e4095d894f806ed5e7654 It is implied for "x" and "X". 
It is implied for "x" and "X".
Fixed spelling. 2016-04-07T08:50:13+00:00 Josh Soref timeless@gmail.com 2016-04-07T08:50:13+00:00 73d27510c0d7022384a611269af22ff01634c6d0 






SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
2016-03-31T20:38:38+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-03-31T20:38:38+00:00

2e251b1c342370b8b3365cf30eca2cf61d9ef559

SSLeay_version() and SSLeay() are no longer available if OPENSSL_API_COMPAT
is set to 0x10100000L.  Switched to using OpenSSL_version() instead.

Additionally, we now compare version strings instead of version numbers,
and this correctly works for LibreSSL as well.





SSLeay_version() and SSLeay() are no longer available if OPENSSL_API_COMPAT
is set to 0x10100000L.  Switched to using OpenSSL_version() instead.

Additionally, we now compare version strings instead of version numbers,
and this correctly works for LibreSSL as well.







SSL: X509 was made opaque in OpenSSL 1.1.0.
2016-03-31T20:38:37+00:00

Sergey Kandaurov
pluknet@nginx.com

2016-03-31T20:38:37+00:00

d8fbce1deb24a174f327786684f862cc39b5ac0a

To increment reference counters we now use newly introduced X509_up_ref()
function.





To increment reference counters we now use newly introduced X509_up_ref()
function.







SSL: EVP_MD_CTX was made opaque in OpenSSL 1.1.0.
2016-03-31T20:38:36+00:00

Sergey Kandaurov
pluknet@nginx.com

2016-03-31T20:38:36+00:00

66feb8c6f01a682e93f11e2c80c59bf425d70af9












SSL: RSA_generate_key() is deprecated in OpenSSL 1.1.0.
2016-03-31T20:38:34+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-03-31T20:38:34+00:00

8fc90404fb9c7ead8666a74519035e2b6a2333a7

OpenSSL removed support for all 40 and 56 bit ciphers.





OpenSSL removed support for all 40 and 56 bit ciphers.