nginx.git/src/event, branch release-1.28.2 nginx SSL: fixed "key values mismatch" with object cache inheritance. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-29T13:49:48+00:00 592bda7bb6c202e48da8e4181de936f70edff58e In rare cases, it was possible to get into this error state on reload with improperly updated file timestamps for certificate and key pairs. The fix is to retry on X509_R_KEY_VALUES_MISMATCH, similar to 5d5d9adcc. Additionally, loading SSL certificate is updated to avoid certificates discarded on retry to appear in ssl->certs and in extra chain. 
In rare cases, it was possible to get into this error state on reload
with improperly updated file timestamps for certificate and key pairs.

The fix is to retry on X509_R_KEY_VALUES_MISMATCH, similar to 5d5d9adcc.
Additionally, loading SSL certificate is updated to avoid certificates
discarded on retry to appear in ssl->certs and in extra chain.
Events: compatibility with NetBSD 10.0 in kqueue. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-07-10T12:59:05+00:00 8d00372555bc09fd394ffa767e75c9b15b68c27b The kevent udata field was changed from intptr_t to "void *", similar to other BSDs and Darwin. The NGX_KQUEUE_UDATA_T macro is adjusted to reflect that change, fixing -Werror=int-conversion errors. 
The kevent udata field was changed from intptr_t to "void *",
similar to other BSDs and Darwin.

The NGX_KQUEUE_UDATA_T macro is adjusted to reflect that change,
fixing -Werror=int-conversion errors.
Configure: set NGX_KQUEUE_UDATA_T at compile time. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-07-10T12:30:35+00:00 089da0a48b68eb5409ce4a4d8fdd01283097d9a2 The NGX_KQUEUE_UDATA_T macro is used to compensate the incompatible kqueue() API in NetBSD, it doesn't really belong to feature tests. The change limits the macro visibility to the kqueue event module. Moving from autotests also simplifies testing a particular NetBSD version as seen in a subsequent change. 
The NGX_KQUEUE_UDATA_T macro is used to compensate the incompatible
kqueue() API in NetBSD, it doesn't really belong to feature tests.

The change limits the macro visibility to the kqueue event module.
Moving from autotests also simplifies testing a particular NetBSD
version as seen in a subsequent change.
Events: fixed -Wzero-as-null-pointer-constant warnings in kqueue. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-07-08T18:45:33+00:00 2009d46d6d1a7840eae1e70c1178145d420acf30 The kevent udata field is special in that we maintain compatibility with NetBSD versions that predate using the "void *" type. The fix is to cast to intermediate uintptr_t that is casted back to "void *" where appropriate. 
The kevent udata field is special in that we maintain compatibility
with NetBSD versions that predate using the "void *" type.

The fix is to cast to intermediate uintptr_t that is casted back to
"void *" where appropriate.
SSL: fixed testing OPENSSL_VERSION_NUMBER for OpenSSL 3.0+. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-07-08T14:07:04+00:00 2787d67e89ea8642f658d895a37ecb9987abd3f8 Prior to OpenSSL 3.0, OPENSSL_VERSION_NUMBER used the following format: MNNFFPPS: major minor fix patch status Where the status nibble (S) has 0+ for development and f for release. The format was changed in OpenSSL 3.0.0, where it is always zero: MNN00PP0: major minor patch 
Prior to OpenSSL 3.0, OPENSSL_VERSION_NUMBER used the following format:

MNNFFPPS: major minor fix patch status

Where the status nibble (S) has 0+ for development and f for release.

The format was changed in OpenSSL 3.0.0, where it is always zero:

MNN00PP0: major minor patch
SSL: SSL_group_to_name() compatibility macro. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-07-08T13:59:50+00:00 4bd5b1b59a2d03a7fb8521970752a9ae3f1d85fe No functional changes. 
No functional changes.
Use NULL instead of 0 for null pointer constant. 2025-12-23T18:40:33+00:00 Andrew Clayton a.clayton@nginx.com 2025-05-21T21:30:20+00:00 a39be5d9d296b72091f3181eea58303ac8d0828f There were a few random places where 0 was being used as a null pointer constant. We have a NULL macro for this very purpose, use it. There is also some interest in actually deprecating the use of 0 as a null pointer constant in C. This was found with -Wzero-as-null-pointer-constant which was enabled for C in GCC 15 (not enabled with Wall or Wextra... yet). Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117059> 
There were a few random places where 0 was being used as a null pointer
constant.

We have a NULL macro for this very purpose, use it.

There is also some interest in actually deprecating the use of 0 as a
null pointer constant in C.

This was found with -Wzero-as-null-pointer-constant which was enabled
for C in GCC 15 (not enabled with Wall or Wextra... yet).

Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117059>
QUIC: do not block ACKs by congestion control. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-04-25T19:32:24+00:00 af8b6ac13e84371f598064b23f401e8764dde881 Previously, it was not possible to send acknowledgments if the congestion window was limited or temporarily exceeded, such as after sending a large response or MTU probe. If ACKs were not received from the peer for some reason to update the in-flight bytes counter below the congestion window, this might result in a stalled connection. The fix is to send ACKs regardless of congestion control. This meets RFC 9002, Section 7: : Similar to TCP, packets containing only ACK frames do not count : toward bytes in flight and are not congestion controlled. This is a simplified implementation to send ACK frames from the head of the queue. This was made possible after 6f5f17358. Reported in trac ticket #2621 and subsequently by Vladimir Homutov: https://mailman.nginx.org/pipermail/nginx-devel/2025-April/ZKBAWRJVQXSZ2ISG3YJAF3EWMDRDHCMO.html 
Previously, it was not possible to send acknowledgments if the
congestion window was limited or temporarily exceeded, such as
after sending a large response or MTU probe.  If ACKs were not
received from the peer for some reason to update the in-flight
bytes counter below the congestion window, this might result in
a stalled connection.

The fix is to send ACKs regardless of congestion control.  This
meets RFC 9002, Section 7:
: Similar to TCP, packets containing only ACK frames do not count
: toward bytes in flight and are not congestion controlled.

This is a simplified implementation to send ACK frames from the
head of the queue.  This was made possible after 6f5f17358.

Reported in trac ticket #2621 and subsequently by Vladimir Homutov:
https://mailman.nginx.org/pipermail/nginx-devel/2025-April/ZKBAWRJVQXSZ2ISG3YJAF3EWMDRDHCMO.html
SSL: fixed build with OPENSSL_NO_DH. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-04-16T16:58:57+00:00 ed88e47faf6fb3f340e97fdf472ee4a651d79757 






SSL: fixed build with OPENSSL_NO_DEPRECATED.
2025-12-23T18:40:33+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-04-16T16:50:29+00:00

b0f1d2f97b11ddd2b92464237f6b0ca4795149ff