nginx.git/src/event, branch release-1.4.7 nginx SSL: fixed $ssl_session_id possible segfault after 97e3769637a7. 2014-01-23T14:32:26+00:00 Maxim Dounin mdounin@mdounin.ru 2014-01-23T14:32:26+00:00 54316a276d4dd8efab9d4d8fe4154546e3345686 Even during execution of a request it is possible that there will be no session available, notably in case of renegotiation. As a result logging of $ssl_session_id in some cases caused NULL pointer dereference after revision 97e3769637a7 (1.5.9). The check added returns an empty string if there is no session available. 
Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation.  As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9).  The check added returns an empty
string if there is no session available.
SSL: fixed $ssl_session_id variable. 2014-01-22T12:05:06+00:00 Maxim Dounin mdounin@mdounin.ru 2014-01-22T12:05:06+00:00 23ddf1464817e4fe1479427e9aed14c2ae64f44c Previously, it used to contain full session serialized instead of just a session id, making it almost impossible to use the variable in a safe way. Thanks to Ivan Ristić. 
Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.

Thanks to Ivan Ristić.
SSL: fixed c->read->ready handling in ngx_ssl_recv(). 2013-11-29T13:16:06+00:00 Maxim Dounin mdounin@mdounin.ru 2013-11-29T13:16:06+00:00 79f0766f356d74f0331b9ff283b32408cf59adbb If c->read->ready was reset, but later some data were read from a socket buffer due to a call to ngx_ssl_recv(), the c->read->ready flag should be restored if not all data were read from OpenSSL buffers (as kernel won't notify us about the data anymore). More details are available here: http://mailman.nginx.org/pipermail/nginx/2013-November/041178.html 
If c->read->ready was reset, but later some data were read from a socket
buffer due to a call to ngx_ssl_recv(), the c->read->ready flag should
be restored if not all data were read from OpenSSL buffers (as kernel
won't notify us about the data anymore).

More details are available here:
http://mailman.nginx.org/pipermail/nginx/2013-November/041178.html
Win32: accept_mutex now always disabled (ticket #362). 2013-05-31T10:59:26+00:00 Maxim Dounin mdounin@mdounin.ru 2013-05-31T10:59:26+00:00 7dc6290ef6e2cd7a3ec787dbb236979e31d3b2c3 Use of accept mutex on win32 may result in a deadlock if there are multiple worker_processes configured and the mutex is grabbed by a process which can't accept connections. 
Use of accept mutex on win32 may result in a deadlock if there are multiple
worker_processes configured and the mutex is grabbed by a process which
can't accept connections.
OCSP stapling: fix error logging of successful OCSP responses. 2013-05-16T22:37:13+00:00 Piotr Sikora piotr@cloudflare.com 2013-05-16T22:37:13+00:00 4ca32c31a0f842f2980c2d6a6584d6f680bfe839 Due to a bad argument list, nginx worker would crash (SIGSEGV) while trying to log the fact that it received OCSP response with "revoked" or "unknown" certificate status. While there, fix similar (but non-crashing) error a few lines above. Signed-off-by: Piotr Sikora <piotr@cloudflare.com> 
Due to a bad argument list, nginx worker would crash (SIGSEGV) while
trying to log the fact that it received OCSP response with "revoked"
or "unknown" certificate status.

While there, fix similar (but non-crashing) error a few lines above.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
Events: backout eventport changes (r5172) for now. 2013-04-16T12:58:03+00:00 Maxim Dounin mdounin@mdounin.ru 2013-04-16T12:58:03+00:00 77d60d2cef7fa7b3aa0364d277904c59e18cda14 Evenport method needs more work. Changes in r5172, while being correct, introduce various new regressions with current code. 
Evenport method needs more work.  Changes in r5172, while being correct,
introduce various new regressions with current code.
Events: fixed typos in two previous commits. 2013-04-12T17:31:08+00:00 Valentin Bartenev vbart@nginx.com 2013-04-12T17:31:08+00:00 c79802924151aed853fd22cb52f21769a0da19d6 






Events: handle only active events in eventport.
2013-04-12T15:04:23+00:00

Valentin Bartenev
vbart@nginx.com

2013-04-12T15:04:23+00:00

c6aebf6c7411c5d43bd63cf61db08a1ec914dc5c

We generate both read and write events if an error event was returned by
port_getn() without POLLIN/POLLOUT, but we should not try to handle inactive
events, they may even have no handler.





We generate both read and write events if an error event was returned by
port_getn() without POLLIN/POLLOUT, but we should not try to handle inactive
events, they may even have no handler.







Events: protection from stale events in eventport and devpoll.
2013-04-12T15:02:33+00:00

Valentin Bartenev
vbart@nginx.com

2013-04-12T15:02:33+00:00

ed9f87c90119832c3c96fb9c352e53db61943fe4

Stale write event may happen if read and write events was reported both,
and processing of the read event closed descriptor.

In practice this might result in "sendfilev() failed (134: ..." or
"writev() failed (134: ..." errors when switching to next upstream server.

See report here:
http://mailman.nginx.org/pipermail/nginx/2013-April/038421.html





Stale write event may happen if read and write events was reported both,
and processing of the read event closed descriptor.

In practice this might result in "sendfilev() failed (134: ..." or
"writev() failed (134: ..." errors when switching to next upstream server.

See report here:
http://mailman.nginx.org/pipermail/nginx/2013-April/038421.html







Event connect: don't penalize AF_INET6 connections.
2013-03-27T15:16:45+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-03-27T15:16:45+00:00

3b9e7adcf44d3970944913fb1e3f0b4f3979f3a9

Problems with setsockopt(TCP_NODELAY) and setsockopt(TCP_NOPUSH), as well
as sendfile() syscall on Solaris, are specific to UNIX-domain sockets.
Other address families, i.e. AF_INET and AF_INET6, are fine.





Problems with setsockopt(TCP_NODELAY) and setsockopt(TCP_NOPUSH), as well
as sendfile() syscall on Solaris, are specific to UNIX-domain sockets.
Other address families, i.e. AF_INET and AF_INET6, are fine.