nginx.git/src/event, branch release-1.13.4

SSL: fixed typo in the error message.

2017-07-25T14:21:59+00:00

Parenthesized ASCII-related calculations.

2017-07-17T14:23:51+00:00

This also fixes potential undefined behaviour in the range and slice filter
modules, caused by local overflows of signed integers in expressions.

Fixed deferred accept with EPOLLRDHUP enabled (ticket #1278).

2017-05-24T10:17:08+00:00

Previously, the read event of the accepted connection was marked ready, but not
available.  This made EPOLLRDHUP-related code (for example, in ngx_unix_recv())
expect more data from the socket, leading to unexpected behavior.

For example, if SSL, PROXY protocol and deferred accept were enabled on a listen
socket, the client connection was aborted due to unexpected return value of
c->recv().

SSL: allowed renegotiation in client mode with OpenSSL < 1.1.0.

2017-05-03T12:15:56+00:00

In ac9b1df5b246 (1.13.0) we attempted to allow renegotiation in client mode,
but when using OpenSSL 1.0.2 or older versions it was additionally disabled
by SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

SSL: compatibility with OpenSSL master branch.

2017-04-18T13:08:46+00:00

The SSL_CTRL_SET_CURVES_LIST macro is removed in the OpenSSL master branch.
SSL_CTX_set1_curves_list is preserved as compatibility with previous versions.

SSL: disabled renegotiation detection in client mode.

2017-04-18T13:08:44+00:00

CVE-2009-3555 is no longer relevant and mitigated by the renegotiation
info extension (secure renegotiation).  On the other hand, unexpected
renegotiation still introduces potential security risks, and hence we do
not allow renegotiation on the server side, as we never request renegotiation.

On the client side the situation is different though.  There are backends
which explicitly request renegotiation, and disabled renegotiation
introduces interoperability problems.  This change allows renegotiation
on the client side, and fixes interoperability problems as observed with
such backends (ticket #872).

Additionally, with TLSv1.3 the SSL_CB_HANDSHAKE_START flag is currently set
by OpenSSL when receiving a NewSessionTicket message, and was detected by
nginx as a renegotiation attempt.  This looks like a bug in OpenSSL, though
this change also allows better interoperability till the problem is fixed.

SSL: added support for TLSv1.3 in ssl_protocols directive.

2017-04-18T12:12:38+00:00

Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1.

Core: set nginx_shared_zone name via ngx_str_set().

2017-03-28T08:28:51+00:00

Fixed a comment.

2017-03-17T09:09:31+00:00

Cancelable timers are now preserved if there are other timers.

2017-03-07T15:51:15+00:00

There is no need to cancel timers early if there are other timers blocking
shutdown anyway.  Preserving such timers allows nginx to continue some
periodic work till the shutdown is actually possible.

With the new approach, timers with ev->cancelable are simply ignored when
checking if there are any timers left during shutdown.