nginx.git/src/event, branch release-1.3.14 nginx SSL: retry "sess_id" and "id" allocations. 2013-02-23T11:54:25+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-23T11:54:25+00:00 890ee444cafb9dcce387bd0814c2996a60ecf10e In case of fully populated SSL session cache with no memory left for new allocations, ngx_ssl_new_session() will try to expire the oldest non-expired session and retry, but only in case when slab allocation fails for "cached_sess", not when slab allocation fails for either "sess_id" or "id", which can happen for number of reasons and results in new session not being cached. Patch fixes this by adding retry logic to "sess_id" & "id" allocations. Patch by Piotr Sikora. 
In case of fully populated SSL session cache with no memory left for
new allocations, ngx_ssl_new_session() will try to expire the oldest
non-expired session and retry, but only in case when slab allocation
fails for "cached_sess", not when slab allocation fails for either
"sess_id" or "id", which can happen for number of reasons and results
in new session not being cached.

Patch fixes this by adding retry logic to "sess_id" & "id" allocations.

Patch by Piotr Sikora.
SSL: fixed ngx_ssl_handshake() with level-triggered event methods. 2013-02-01T14:37:43+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-01T14:37:43+00:00 2887c06fdecbb4eccaf69a9e7fbef55f1b49c2b5 Missing calls to ngx_handle_write_event() and ngx_handle_read_event() resulted in a CPU hog during SSL handshake if an level-triggered event method (e.g. select) was used. 
Missing calls to ngx_handle_write_event() and ngx_handle_read_event()
resulted in a CPU hog during SSL handshake if an level-triggered event
method (e.g. select) was used.
SSL: take into account data in the buffer while limiting output. 2013-01-28T15:41:12+00:00 Valentin Bartenev vbart@nginx.com 2013-01-28T15:41:12+00:00 733e6d2ac6c544aa1a3f42dbc93c9e6d4adf7122 In some rare cases this can result in a more smooth sending rate. 
In some rare cases this can result in a more smooth sending rate.
SSL: avoid calling SSL_write() with zero data size. 2013-01-28T15:40:25+00:00 Valentin Bartenev vbart@nginx.com 2013-01-28T15:40:25+00:00 0f0fac70a14fc489eab91888772073ed1259b633 According to documentation, calling SSL_write() with num=0 bytes to be sent results in undefined behavior. We don't currently call ngx_ssl_send_chain() with empty chain and buffer. This check handles the case of a chain with total data size that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end. In practice such cases resulted in premature connection close and critical error "SSL_write() failed (SSL:)" in the error log. 
According to documentation, calling SSL_write() with num=0 bytes to be sent
results in undefined behavior.

We don't currently call ngx_ssl_send_chain() with empty chain and buffer.
This check handles the case of a chain with total data size that is
a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end.

In practice such cases resulted in premature connection close and critical
error "SSL_write() failed (SSL:)" in the error log.
SSL: calculation of buffer size moved closer to its usage. 2013-01-28T15:38:36+00:00 Valentin Bartenev vbart@nginx.com 2013-01-28T15:38:36+00:00 f98b1d256114e7f9bdfd17ea362cdcb137cdc62c No functional changes. 
No functional changes.
SSL: preservation of flush flag for buffered data. 2013-01-28T15:37:11+00:00 Valentin Bartenev vbart@nginx.com 2013-01-28T15:37:11+00:00 0f62e193dc98435f9e186da016681ba2aa5a2064 Previously, if SSL buffer was not sent we lost information that the data must be flushed. 
Previously, if SSL buffer was not sent we lost information that the data
must be flushed.
SSL: resetting of flush flag after the data was written. 2013-01-28T15:35:12+00:00 Valentin Bartenev vbart@nginx.com 2013-01-28T15:35:12+00:00 c857dade60bf7298226e0ba3d817ac56fb4abf49 There is no need to flush next chunk of data if it does not contain a buffer with the flush or last_buf flags set. 
There is no need to flush next chunk of data if it does not contain a buffer
with the flush or last_buf flags set.
SSL: removed conditions that always hold true. 2013-01-28T15:34:09+00:00 Valentin Bartenev vbart@nginx.com 2013-01-28T15:34:09+00:00 693ba0179e4126fe3490e1c499d982183931598d 






Events: fixed null pointer dereference with resolver and poll.
2013-01-25T09:59:28+00:00

Ruslan Ermilov
ru@nginx.com

2013-01-25T09:59:28+00:00

33e934ccc8fcf4f62fbbd08c1eb1b396cac5facb

A POLLERR signalled by poll() without POLLIN/POLLOUT, as seen on
Linux, would generate both read and write events, but there's no
write event handler for resolver events.  A fix is to only call
event handler of an active event.





A POLLERR signalled by poll() without POLLIN/POLLOUT, as seen on
Linux, would generate both read and write events, but there's no
write event handler for resolver events.  A fix is to only call
event handler of an active event.







SSL: speedup loading of configs with many ssl servers.
2013-01-09T14:11:48+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-01-09T14:11:48+00:00

041449a3d34b738a3a5d9012461e2a06f98f7b24

The patch saves one EC_KEY_generate_key() call per server{} block by
informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.

For a configuration file with 10k simple server{} blocks with SSL enabled
this change reduces startup time from 18s to 5s on a slow test box here.





The patch saves one EC_KEY_generate_key() call per server{} block by
informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.

For a configuration file with 10k simple server{} blocks with SSL enabled
this change reduces startup time from 18s to 5s on a slow test box here.