nginx.git/src/event, branch release-1.5.10 nginx SSL: fixed $ssl_session_id possible segfault after 97e3769637a7. 2014-01-23T14:32:26+00:00 Maxim Dounin mdounin@mdounin.ru 2014-01-23T14:32:26+00:00 1ebb44e3e3dcc7e321819a54915e9eff2aa1aa81 Even during execution of a request it is possible that there will be no session available, notably in case of renegotiation. As a result logging of $ssl_session_id in some cases caused NULL pointer dereference after revision 97e3769637a7 (1.5.9). The check added returns an empty string if there is no session available. 
Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation.  As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9).  The check added returns an empty
string if there is no session available.
SSL: fixed $ssl_session_id variable. 2014-01-22T12:05:06+00:00 Maxim Dounin mdounin@mdounin.ru 2014-01-22T12:05:06+00:00 096bcd03c30280778178fd3698afd56a8e3938e5 Previously, it used to contain full session serialized instead of just a session id, making it almost impossible to use the variable in a safe way. Thanks to Ivan Ristić. 
Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.

Thanks to Ivan Ristić.
SSL: ssl_buffer_size directive. 2013-12-20T12:18:25+00:00 Maxim Dounin mdounin@mdounin.ru 2013-12-20T12:18:25+00:00 37b7de6df74b29153b4bfd0da5bef28fb4dbda77 






Resolver: implemented IPv6 name to address resolving.
2013-12-09T06:53:28+00:00

Ruslan Ermilov
ru@nginx.com

2013-12-09T06:53:28+00:00

769eded73267274e018f460dd76b417538aa5934












Changed resolver API to use ngx_addr_t.
2013-12-06T10:30:27+00:00

Ruslan Ermilov
ru@nginx.com

2013-12-06T10:30:27+00:00

3aeefbcaea75c1ccf158be15afe61ce863978be9












Use ngx_chain_get_free_buf() in pipe input filters.
2013-12-11T17:30:38+00:00

Valentin Bartenev
vbart@nginx.com

2013-12-11T17:30:38+00:00

2576530c5123da466f75169418386887748b99b1

No functional changes.





No functional changes.







Core: keep the length of the local sockaddr.
2013-12-09T06:14:51+00:00

Ruslan Ermilov
ru@nginx.com

2013-12-09T06:14:51+00:00

675e73e3bd70af7780ed8c9dde47d2d28a8a9f56












SSL: fixed c->read->ready handling in ngx_ssl_recv().
2013-11-29T13:16:06+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-11-29T13:16:06+00:00

067c1d2a4f48cbbaace59733c98007b793719f94

If c->read->ready was reset, but later some data were read from a socket
buffer due to a call to ngx_ssl_recv(), the c->read->ready flag should
be restored if not all data were read from OpenSSL buffers (as kernel
won't notify us about the data anymore).

More details are available here:
http://mailman.nginx.org/pipermail/nginx/2013-November/041178.html





If c->read->ready was reset, but later some data were read from a socket
buffer due to a call to ngx_ssl_recv(), the c->read->ready flag should
be restored if not all data were read from OpenSSL buffers (as kernel
won't notify us about the data anymore).

More details are available here:
http://mailman.nginx.org/pipermail/nginx/2013-November/041178.html







SSL: added ability to set keys used for Session Tickets (RFC5077).
2013-10-11T23:05:24+00:00

Piotr Sikora
piotr@cloudflare.com

2013-10-11T23:05:24+00:00

79be6a5462498af8655aaed141f13a1d2a34abc8

In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.

    ssl_session_ticket_key  session_tickets/current.key;
    ssl_session_ticket_key  session_tickets/prev-1h.key;
    ssl_session_ticket_key  session_tickets/prev-2h.key;

Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>





In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.

    ssl_session_ticket_key  session_tickets/current.key;
    ssl_session_ticket_key  session_tickets/prev-1h.key;
    ssl_session_ticket_key  session_tickets/prev-2h.key;

Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>







SSL: SSL_CTX_set_timeout() now always called.
2013-10-14T09:59:35+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-10-14T09:59:35+00:00

a8ad0c02cc19f9684a357aace70a5fbbf9106fc1

The timeout set is used by OpenSSL as a hint for clients in TLS Session
Tickets.  Previous code resulted in a default timeout (5m) used for TLS
Sessions Tickets if there was no session cache configured.

Prodded by Piotr Sikora.





The timeout set is used by OpenSSL as a hint for clients in TLS Session
Tickets.  Previous code resulted in a default timeout (5m) used for TLS
Sessions Tickets if there was no session cache configured.

Prodded by Piotr Sikora.