nginx.git/src/event, branch release-1.5.7 nginx SSL: added ability to set keys used for Session Tickets (RFC5077). 2013-10-11T23:05:24+00:00 Piotr Sikora piotr@cloudflare.com 2013-10-11T23:05:24+00:00 79be6a5462498af8655aaed141f13a1d2a34abc8 In order to support key rollover, ssl_session_ticket_key can be defined multiple times. The first key will be used to issue and resume Session Tickets, while the rest will be used only to resume them. ssl_session_ticket_key session_tickets/current.key; ssl_session_ticket_key session_tickets/prev-1h.key; ssl_session_ticket_key session_tickets/prev-2h.key; Please note that nginx supports Session Tickets even without explicit configuration of the keys and this feature should be only used in setups where SSL traffic is distributed across multiple nginx servers. Signed-off-by: Piotr Sikora <piotr@cloudflare.com> 
In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.

    ssl_session_ticket_key  session_tickets/current.key;
    ssl_session_ticket_key  session_tickets/prev-1h.key;
    ssl_session_ticket_key  session_tickets/prev-2h.key;

Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
SSL: SSL_CTX_set_timeout() now always called. 2013-10-14T09:59:35+00:00 Maxim Dounin mdounin@mdounin.ru 2013-10-14T09:59:35+00:00 a8ad0c02cc19f9684a357aace70a5fbbf9106fc1 The timeout set is used by OpenSSL as a hint for clients in TLS Session Tickets. Previous code resulted in a default timeout (5m) used for TLS Sessions Tickets if there was no session cache configured. Prodded by Piotr Sikora. 
The timeout set is used by OpenSSL as a hint for clients in TLS Session
Tickets.  Previous code resulted in a default timeout (5m) used for TLS
Sessions Tickets if there was no session cache configured.

Prodded by Piotr Sikora.
SSL: fixed build with OpenSSL 0.9.7. 2013-10-14T09:44:09+00:00 Maxim Dounin mdounin@mdounin.ru 2013-10-14T09:44:09+00:00 87a607a031cb42289d01768239d58abcb439b8ff SSL_get_rbio() and SSL_get_wbio() functions used to get non-const pointer in OpenSSL 0.9.7, hence an explicit cast added to drop const qualifier. 
SSL_get_rbio() and SSL_get_wbio() functions used to get non-const pointer
in OpenSSL 0.9.7, hence an explicit cast added to drop const qualifier.
Unused macro and variable removed. 2013-10-02T07:51:04+00:00 Sergey Kandaurov pluknet@nginx.com 2013-10-02T07:51:04+00:00 cfb2b55e8d3e5d9e9da87ad7dd2258c3c571cbb1 The macro NGX_HTTP_DAV_COPY_BLOCK is not used since 8101d9101ed8 (0.8.9). The variable ngx_accept_mutex_lock_file was never used. 
The macro NGX_HTTP_DAV_COPY_BLOCK is not used since 8101d9101ed8 (0.8.9).
The variable ngx_accept_mutex_lock_file was never used.
SSL: adjust buffer used by OpenSSL during handshake (ticket #413). 2013-09-27T15:39:33+00:00 Maxim Dounin mdounin@mdounin.ru 2013-09-27T15:39:33+00:00 af897b7f03260f9672c814733671ac433ef36d65 






SSL: fixed possible memory and file descriptor leak on HUP signal.
2013-09-18T23:51:30+00:00

Piotr Sikora
piotr@cloudflare.com

2013-09-18T23:51:30+00:00

0a5124502dd943906d9d82ebcd05c1c382b02c3a

The problem appeared in 386a06a22c40 (1.3.7).

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>





The problem appeared in 386a06a22c40 (1.3.7).

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>







SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.
2013-09-16T21:24:38+00:00

Piotr Sikora
piotr@cloudflare.com

2013-09-16T21:24:38+00:00

29ea1273fef9c94d213eec53e027cd9aa70780e8

This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>





This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>







Events: support for EPOLLRDHUP (ticket #320).
2013-07-12T10:51:07+00:00

Valentin Bartenev
vbart@nginx.com

2013-07-12T10:51:07+00:00

182a05b9d5b4321be89aa25ade89e41d00f0b4f7

Since Linux 2.6.17, epoll is able to report about peer half-closed connection
using special EPOLLRDHUP flag on a read event.





Since Linux 2.6.17, epoll is able to report about peer half-closed connection
using special EPOLLRDHUP flag on a read event.







Events: removed unused flags from the ngx_event_s structure.
2013-09-05T12:53:02+00:00

Valentin Bartenev
vbart@nginx.com

2013-09-05T12:53:02+00:00

0f0502064dda4e702b4f379ee2af4bbddcb93214

They are not used since 708f8bb772ec (pre 0.0.1).





They are not used since 708f8bb772ec (pre 0.0.1).







SSL: clear error queue after SSL_CTX_load_verify_locations().
2013-09-04T17:17:02+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-09-04T17:17:02+00:00

3d1e616d0bb9278a0291cc0a2a11178e1c1d9710

The SSL_CTX_load_verify_locations() may leave errors in the error queue
while returning success (e.g. if there are duplicate certificates in the file
specified), resulting in "ignoring stale global SSL error" alerts later
at runtime.





The SSL_CTX_load_verify_locations() may leave errors in the error queue
while returning success (e.g. if there are duplicate certificates in the file
specified), resulting in "ignoring stale global SSL error" alerts later
at runtime.