nginx.git/src/http/modules, branch release-1.25.3 nginx Upstream: fixed handling of Status headers without reason-phrase. 2023-08-31T19:59:17+00:00 Maxim Dounin mdounin@mdounin.ru 2023-08-31T19:59:17+00:00 fa46a5719924a5a4c48c515a903e0c46a4d98bcf Status header with an empty reason-phrase, such as "Status: 404 ", is valid per CGI specification, but looses the trailing space during parsing. Currently, this results in "HTTP/1.1 404" HTTP status line in the response, which violates HTTP specification due to missing trailing space. With this change, only the status code is used from such short Status header lines, so nginx will generate status line itself, with the space and appropriate reason phrase if available. Reported at: https://mailman.nginx.org/pipermail/nginx/2023-August/EX7G4JUUHJWJE5UOAZMO5UD6OJILCYGX.html 
Status header with an empty reason-phrase, such as "Status: 404 ", is
valid per CGI specification, but looses the trailing space during parsing.
Currently, this results in "HTTP/1.1 404" HTTP status line in the response,
which violates HTTP specification due to missing trailing space.

With this change, only the status code is used from such short Status
header lines, so nginx will generate status line itself, with the space
and appropriate reason phrase if available.

Reported at:
https://mailman.nginx.org/pipermail/nginx/2023-August/EX7G4JUUHJWJE5UOAZMO5UD6OJILCYGX.html
SSL: removed the "ssl" directive. 2023-06-08T10:49:27+00:00 Roman Arutyunyan arut@nginx.com 2023-06-08T10:49:27+00:00 d32f66f1e8dc81a0edbadbacf74191684a653d09 It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of the "ssl" parameter of the "listen" directive, which has been available since 2224:109849282793 (0.7.14). 
It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of
the "ssl" parameter of the "listen" directive, which has been available
since 2224:109849282793 (0.7.14).
HTTP/2: "http2" directive. 2023-05-16T12:30:08+00:00 Roman Arutyunyan arut@nginx.com 2023-05-16T12:30:08+00:00 aefd862ab197c3ab49001fcf69be478aab5b0f4e The directive enables HTTP/2 in the current server. The previous way to enable HTTP/2 via "listen ... http2" is now deprecated. The new approach allows to share HTTP/2 and HTTP/0.9-1.1 on the same port. For SSL connections, HTTP/2 is now selected by ALPN callback based on whether the protocol is enabled in the virtual server chosen by SNI. This however only works since OpenSSL 1.0.2h, where ALPN callback is invoked after SNI callback. For older versions of OpenSSL, HTTP/2 is enabled based on the default virtual server configuration. For plain TCP connections, HTTP/2 is now auto-detected by HTTP/2 preface, if HTTP/2 is enabled in the default virtual server. If preface is not matched, HTTP/0.9-1.1 is assumed. 
The directive enables HTTP/2 in the current server.  The previous way to
enable HTTP/2 via "listen ... http2" is now deprecated.  The new approach
allows to share HTTP/2 and HTTP/0.9-1.1 on the same port.

For SSL connections, HTTP/2 is now selected by ALPN callback based on whether
the protocol is enabled in the virtual server chosen by SNI.  This however only
works since OpenSSL 1.0.2h, where ALPN callback is invoked after SNI callback.
For older versions of OpenSSL, HTTP/2 is enabled based on the default virtual
server configuration.

For plain TCP connections, HTTP/2 is now auto-detected by HTTP/2 preface, if
HTTP/2 is enabled in the default virtual server.  If preface is not matched,
HTTP/0.9-1.1 is assumed.
HTTP/3: removed "http3" parameter of "listen" directive. 2023-05-11T09:22:10+00:00 Roman Arutyunyan arut@nginx.com 2023-05-11T09:22:10+00:00 2ce3eeeeb76318e414b62d399da70872d2de23d8 The parameter has been deprecated since c851a2ed5ce8. 
The parameter has been deprecated since c851a2ed5ce8.
Merged with the default branch. 2023-03-29T07:14:25+00:00 Sergey Kandaurov pluknet@nginx.com 2023-03-29T07:14:25+00:00 e8fbc967470b39513248cd961ccccf7a032831ea 






Gzip: compatibility with recent zlib-ng versions.
2023-03-27T18:25:05+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-03-27T18:25:05+00:00

87471918b20957694cb7a7503d2f868c8813c68b

It now uses custom alloc_aligned() wrapper for all allocations,
therefore all allocations are larger than expected by (64 + sizeof(void*)).
Further, they are seen as allocations of 1 element.  Relevant calculations
were adjusted to reflect this, and state allocation is now protected
with a flag to avoid misinterpreting other allocations as the zlib
deflate_state allocation.

Further, it no longer forces window bits to 13 on compression level 1,
so the comment was adjusted to reflect this.





It now uses custom alloc_aligned() wrapper for all allocations,
therefore all allocations are larger than expected by (64 + sizeof(void*)).
Further, they are seen as allocations of 1 element.  Relevant calculations
were adjusted to reflect this, and state allocation is now protected
with a flag to avoid misinterpreting other allocations as the zlib
deflate_state allocation.

Further, it no longer forces window bits to 13 on compression level 1,
so the comment was adjusted to reflect this.







SSL: enabled TLSv1.3 by default.
2023-03-23T23:57:43+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-03-23T23:57:43+00:00

7b24b93d67daa9c16d665129fd5d3e7dbc583e4f












HTTP/3: fixed OpenSSL compatibility layer initialization.
2023-03-24T15:49:50+00:00

Sergey Kandaurov
pluknet@nginx.com

2023-03-24T15:49:50+00:00

4d472cd792cc9699e014995c9f41c3e3e048e975

SSL context is not present if the default server has neither certificates nor
ssl_reject_handshake enabled.  Previously, this led to null pointer dereference
before it would be caught with configuration checks.

Additionally, non-default servers with distinct SSL contexts need to initialize
compatibility layer in order to complete a QUIC handshake.





SSL context is not present if the default server has neither certificates nor
ssl_reject_handshake enabled.  Previously, this led to null pointer dereference
before it would be caught with configuration checks.

Additionally, non-default servers with distinct SSL contexts need to initialize
compatibility layer in order to complete a QUIC handshake.







Fixed "zero size buf" alerts with subrequests.
2023-01-28T02:23:33+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-01-28T02:23:33+00:00

384a8d8dfbf817b98715e8ed5ec7bf3cb545d501

Since 4611:2b6cb7528409 responses from the gzip static, flv, and mp4 modules
can be used with subrequests, though empty files were not properly handled.
Empty gzipped, flv, and mp4 files thus resulted in "zero size buf in output"
alerts.  While valid corresponding files are not expected to be empty, such
files shouldn't result in alerts.

Fix is to set b->sync on such empty subrequest responses, similarly to what
ngx_http_send_special() does.

Additionally, the static module, the ngx_http_send_response() function, and
file cache are modified to do the same instead of not sending the response
body at all in such cases, since not sending the response body at all is
believed to be at least questionable, and might break various filters
which do not expect such behaviour.





Since 4611:2b6cb7528409 responses from the gzip static, flv, and mp4 modules
can be used with subrequests, though empty files were not properly handled.
Empty gzipped, flv, and mp4 files thus resulted in "zero size buf in output"
alerts.  While valid corresponding files are not expected to be empty, such
files shouldn't result in alerts.

Fix is to set b->sync on such empty subrequest responses, similarly to what
ngx_http_send_special() does.

Additionally, the static module, the ngx_http_send_response() function, and
file cache are modified to do the same instead of not sending the response
body at all in such cases, since not sending the response body at all is
believed to be at least questionable, and might break various filters
which do not expect such behaviour.







Style.
2023-01-28T02:20:23+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-01-28T02:20:23+00:00

856a01860e676bd5fe88d0f7ad7189e47cce04d9