nginx.git/src/http/modules, branch release-1.25.0 nginx HTTP/3: removed "http3" parameter of "listen" directive. 2023-05-11T09:22:10+00:00 Roman Arutyunyan arut@nginx.com 2023-05-11T09:22:10+00:00 2ce3eeeeb76318e414b62d399da70872d2de23d8 The parameter has been deprecated since c851a2ed5ce8. 
The parameter has been deprecated since c851a2ed5ce8.
Merged with the default branch. 2023-03-29T07:14:25+00:00 Sergey Kandaurov pluknet@nginx.com 2023-03-29T07:14:25+00:00 e8fbc967470b39513248cd961ccccf7a032831ea 






Gzip: compatibility with recent zlib-ng versions.
2023-03-27T18:25:05+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-03-27T18:25:05+00:00

87471918b20957694cb7a7503d2f868c8813c68b

It now uses custom alloc_aligned() wrapper for all allocations,
therefore all allocations are larger than expected by (64 + sizeof(void*)).
Further, they are seen as allocations of 1 element.  Relevant calculations
were adjusted to reflect this, and state allocation is now protected
with a flag to avoid misinterpreting other allocations as the zlib
deflate_state allocation.

Further, it no longer forces window bits to 13 on compression level 1,
so the comment was adjusted to reflect this.





It now uses custom alloc_aligned() wrapper for all allocations,
therefore all allocations are larger than expected by (64 + sizeof(void*)).
Further, they are seen as allocations of 1 element.  Relevant calculations
were adjusted to reflect this, and state allocation is now protected
with a flag to avoid misinterpreting other allocations as the zlib
deflate_state allocation.

Further, it no longer forces window bits to 13 on compression level 1,
so the comment was adjusted to reflect this.







SSL: enabled TLSv1.3 by default.
2023-03-23T23:57:43+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-03-23T23:57:43+00:00

7b24b93d67daa9c16d665129fd5d3e7dbc583e4f












HTTP/3: fixed OpenSSL compatibility layer initialization.
2023-03-24T15:49:50+00:00

Sergey Kandaurov
pluknet@nginx.com

2023-03-24T15:49:50+00:00

4d472cd792cc9699e014995c9f41c3e3e048e975

SSL context is not present if the default server has neither certificates nor
ssl_reject_handshake enabled.  Previously, this led to null pointer dereference
before it would be caught with configuration checks.

Additionally, non-default servers with distinct SSL contexts need to initialize
compatibility layer in order to complete a QUIC handshake.





SSL context is not present if the default server has neither certificates nor
ssl_reject_handshake enabled.  Previously, this led to null pointer dereference
before it would be caught with configuration checks.

Additionally, non-default servers with distinct SSL contexts need to initialize
compatibility layer in order to complete a QUIC handshake.







Fixed "zero size buf" alerts with subrequests.
2023-01-28T02:23:33+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-01-28T02:23:33+00:00

384a8d8dfbf817b98715e8ed5ec7bf3cb545d501

Since 4611:2b6cb7528409 responses from the gzip static, flv, and mp4 modules
can be used with subrequests, though empty files were not properly handled.
Empty gzipped, flv, and mp4 files thus resulted in "zero size buf in output"
alerts.  While valid corresponding files are not expected to be empty, such
files shouldn't result in alerts.

Fix is to set b->sync on such empty subrequest responses, similarly to what
ngx_http_send_special() does.

Additionally, the static module, the ngx_http_send_response() function, and
file cache are modified to do the same instead of not sending the response
body at all in such cases, since not sending the response body at all is
believed to be at least questionable, and might break various filters
which do not expect such behaviour.





Since 4611:2b6cb7528409 responses from the gzip static, flv, and mp4 modules
can be used with subrequests, though empty files were not properly handled.
Empty gzipped, flv, and mp4 files thus resulted in "zero size buf in output"
alerts.  While valid corresponding files are not expected to be empty, such
files shouldn't result in alerts.

Fix is to set b->sync on such empty subrequest responses, similarly to what
ngx_http_send_special() does.

Additionally, the static module, the ngx_http_send_response() function, and
file cache are modified to do the same instead of not sending the response
body at all in such cases, since not sending the response body at all is
believed to be at least questionable, and might break various filters
which do not expect such behaviour.







Style.
2023-01-28T02:20:23+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-01-28T02:20:23+00:00

856a01860e676bd5fe88d0f7ad7189e47cce04d9












HTTP/3: "quic" parameter of "listen" directive.
2023-02-27T10:00:56+00:00

Roman Arutyunyan
arut@nginx.com

2023-02-27T10:00:56+00:00

815ef96124176baef4e940c4beaec158305b368a

Now "listen" directve has a new "quic" parameter which enables QUIC protocol
for the address.  Further, to enable HTTP/3, a new directive "http3" is
introduced.  The hq-interop protocol is enabled by "http3_hq" as before.
Now application protocol is chosen by ALPN.

Previously used "http3" parameter of "listen" is deprecated.





Now "listen" directve has a new "quic" parameter which enables QUIC protocol
for the address.  Further, to enable HTTP/3, a new directive "http3" is
introduced.  The hq-interop protocol is enabled by "http3_hq" as before.
Now application protocol is chosen by ALPN.

Previously used "http3" parameter of "listen" is deprecated.







QUIC: OpenSSL compatibility layer.
2023-02-22T15:16:53+00:00

Roman Arutyunyan
arut@nginx.com

2023-02-22T15:16:53+00:00

a36ebf7e95baebf445b0973bd270bc009b0b0e9a

The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.

This implementation does not support 0-RTT.





The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.

This implementation does not support 0-RTT.







Gzip static: ranges support (ticket #2349).
2023-01-24T00:01:51+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-01-24T00:01:51+00:00

5c18b5bc3fe14aac969d1fb1e383bc696932e1f5

In contrast to on-the-fly gzipping with gzip filter, static gzipped
representation as returned by gzip_static is persistent, and therefore
the same binary representation is available for future requests, making
it possible to use range requests.

Further, if a gzipped representation is re-generated with different
compression settings, it is expected to result in different ETag and
different size reported in the Content-Range header, making it possible
to safely use range requests anyway.

As such, ranges are now allowed for files returned by gzip_static.





In contrast to on-the-fly gzipping with gzip filter, static gzipped
representation as returned by gzip_static is persistent, and therefore
the same binary representation is available for future requests, making
it possible to use range requests.

Further, if a gzipped representation is re-generated with different
compression settings, it is expected to result in different ETag and
different size reported in the Content-Range header, making it possible
to safely use range requests anyway.

As such, ranges are now allowed for files returned by gzip_static.