nginx.git/src/http/modules, branch release-1.0.9

Merging r4209:

2011-11-01T14:19:13+00:00

Skipping location rewrite phase for server null location.

Merging r4189, r4197:

2011-11-01T14:15:42+00:00

Perl related fixes:

*) Handling of Content-Encoding set from perl.

   This fixes double gzipping in case of gzip filter being enabled while perl
   returns already gzipped response.

*) Fixed macro name.

Merging r4193, r4194:

2011-11-01T14:09:15+00:00

Autoindex fixes:

*) Autoindex: escape '?' in file names.

   For files with '?' in their names autoindex generated links with '?' not
   escaped.  This resulted in effectively truncated links as '?' indicates
   query string start.

   This is an updated version of the patch originally posted at [1].  It
   introduces generic NGX_ESCAPE_URI_COMPONENT which escapes everything but
   unreserved characters as per RFC 3986.  This approach also renders unneeded
   special colon processing (as colon is percent-encoded now), it's dropped
   accordingly.

   [1] http://nginx.org/pipermail/nginx-devel/2010-February/000112.html

*) Autoindex: escape html in file names.

Merging r4158:

2011-11-01T14:04:23+00:00

Added uwsgi_buffering and scgi_buffering directives.

Patch by Peter Smit.

Merging r4190, r4232:

2011-11-01T14:02:07+00:00

MP4 related fixes:

*) Fixing mp4 module seeking on 32-bit platforms.

*) Adding m4a and m4v MIME types (ticket #42).

Merging r4147, r4148, r4149, r4150, r4207:

2011-11-01T13:45:33+00:00

Fixes of combination of error_page and return directives:

*) Fix for incorrect 201 replies from dav module.

   Replies with 201 code contain body, and we should clearly indicate it's
   empty if it's empty.  Before 0.8.32 chunked was explicitly disabled for
   201 replies and as a result empty body was indicated by connection close
   (not perfect, but worked).  Since 0.8.32 chunked is enabled, and this
   causes incorrect responses from dav module when HTTP/1.1 is used: with
   "Transfer-Encoding: chunked" but no chunks at all.

   Fix is to actually return empty body in special response handler instead
   of abusing r->header_only flag.

   See here for initial report:
   http://mailman.nginx.org/pipermail/nginx-ru/2010-October/037535.html

*) Fix for double content when return is used in error_page handler.

   Test case:

      location / {
          error_page 405 /nope;
          return 405;
      }

      location /nope {
          return 200;
      }

   This is expected to return 405 with empty body, but in 0.8.42+ will return
   builtin 405 error page as well (though not counted in Content-Length, thus
   breaking protocol).

   Fix is to use status provided by rewrite script execution in case
   it's less than NGX_HTTP_BAD_REQUEST even if r->error_status set.  This
   check is in line with one in ngx_http_script_return_code().

   Note that this patch also changes behaviour for "return 302 ..." and
   "rewrite ... redirect" used as error handler.  E.g.

       location / {
           error_page 405 /redirect;
           return 405;
       }

       location /redirect {
           rewrite ^ http://example.com/;
       }

   will actually return redirect to "http://example.com/" instead of builtin
   405 error page with meaningless Location header.  This looks like correct
   change and it's in line with what happens on e.g. directory redirects
   in error handlers.

*) Fix for "return 202" not discarding body.

   Big POST (not fully preread) to a

       location / {
           return 202;
       }

   resulted in incorrect behaviour due to "return" code path not calling
   ngx_http_discard_request_body().  The same applies to all "return" used
   with 2xx/3xx codes except 201 and 204, and to all "return ... text" uses.

   Fix is to add ngx_http_discard_request_body() call to
   ngx_http_send_response() function where it looks appropriate.
   Discard body call from emtpy gif module removed as it's now redundant.

   Reported by Pyry Hakulinen, see
   http://mailman.nginx.org/pipermail/nginx/2011-August/028503.html

*) Incorrect special case for "return 204" removed.

   The special case in question leads to replies without body in
   configuration like

       location / { error_page 404 /zero; return 404; }
       location /zero { return 204; }

   while replies with empty body are expected per protocol specs.

   Correct one will look like

       if (status == NGX_HTTP_NO_CONTENT) {

           rc = ngx_http_send_header(r);

           if (rc == NGX_ERROR || r->header_only) {
               return rc;
           }

           return ngx_http_send_special(r, NGX_HTTP_LAST);
       }

   though it looks like it's better to drop this special case at all.

*) Clear old Location header (if any) while adding a new one.

   This prevents incorrect behaviour when another redirect is issued within
   error_page 302 handler.

Merging r4132, r4134, r4143, r4183, r4191, r4199:

2011-11-01T13:24:50+00:00

Various fixes related to error messages:

*) Removed old warning that suggested to use "server_name_in_redirect off"
   (now the default) in place of no longer supported "server_name *".

*) Fixing directive name in error message if types hash size is not enough.

*) Replaced "can not" with "cannot" and "could not" in a bunch of places.
   Fixed nearby grammar errors.

*) Overhauled error messages.

Merging r4034, r4186, r4187, r4229, r4235, r4237:

2011-11-01T13:00:30+00:00

SSL related fixes:

*) Better handling of various per-server ssl options with SNI.

   SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
   structure, it only changes certificates (at least as of now, OpenSSL
   1.0.0d and earlier).

   As a result settings like ssl_verify_client, ssl_verify_depth,
   ssl_prefer_server_ciphers are only configurable on per-socket basis while
   with SNI it should be possible to specify them different for two servers
   listening on the same socket.

   Workaround is to explicitly re-apply settings we care about from context
   to ssl connection in servername callback.

   Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.
   with older versions it is not possible to clear ssl_prefer_server_ciphers
   option if it's set in default server for a socket.

*) Disabling SSL compression. This saves about 300K per SSL connection.
   The SSL_OP_NO_COMPRESSION option is available since OpenSSL 1.0.0.

*) Releasing memory of idle SSL connection. This saves about 34K per SSL
   connection. The SSL_MODE_RELEASE_BUFFERS option is available since
   OpenSSL 1.0.0d.

*) Decrease of log level of some SSL handshake errors.

*) Fixed segfault on configuration testing with ssl (ticket #37).

   The following config caused segmentation fault due to conf->file not
   being properly set if "ssl on" was inherited from the http level:

   http {
       ssl on;
       server {
       }
   }

*) Silently ignoring a stale global SSL error left after disabled renegotiation.

Merging r4009, r4133, r4184, r4201, r4202, r4203, r4204, r4205:

2011-11-01T11:19:58+00:00

Miscellaneous fixes:

*) Fix of names of the referer hash size directives introduced in r3940.

*) Cosmetics: replaced NGX_CONF_TAKE1 to NGX_CONF_FLAG for "sendfile"
   and "chunked_transfer_encoding" directives, to be in line with all
   directives taking a boolean argument.  Both flags will ensure that
   a directive takes one argument.

*) Improved ngx_parse_time() code readability.

*) Preallocating exact number of default MIME types entries.

*) Stylistic change in checking the boolean expression.

*) Replaced magic constants representing default values of some directives
   with appropriate #define's.

*) Fixed grammar in a comment.

*) Fixed two minor bugs in "types" parsing code.

Merging r3992, r4192:

2011-11-01T11:06:31+00:00

access_log related fixes:

*) Removal of error message about %name log_format parameters,
   they have been deleted long ago in 0.5.0-RELEASE.

*) Improved access log escaping to better protect other software.
   Some character sets (notably ISO-8859-1) have C1 control characters in
   upper half, make sure to escape them.