nginx.git/src/http/modules, branch release-1.5.9 nginx SSL: fixed ssl_verify_depth to take only one argument. 2014-01-14T11:56:40+00:00 Maxim Dounin mdounin@mdounin.ru 2014-01-14T11:56:40+00:00 70b48a491a0a4dbcbcfc9ca86b22ca966a473ba1 






SSL: ssl_session_tickets directive.
2014-01-10T15:12:40+00:00

Dirkjan Bussink
d.bussink@gmail.com

2014-01-10T15:12:40+00:00

58a240d7735652138da46c64b5eb9e661e5533f5

This adds support so it's possible to explicitly disable SSL Session
Tickets. In order to have good Forward Secrecy support either the
session ticket key has to be reloaded by using nginx' binary upgrade
process or using an external key file and reloading the configuration.
This directive adds another possibility to have good support by
disabling session tickets altogether.

If session tickets are enabled and the process lives for a long a time,
an attacker can grab the session ticket from the process and use that to
decrypt any traffic that occured during the entire lifetime of the
process.





This adds support so it's possible to explicitly disable SSL Session
Tickets. In order to have good Forward Secrecy support either the
session ticket key has to be reloaded by using nginx' binary upgrade
process or using an external key file and reloading the configuration.
This directive adds another possibility to have good support by
disabling session tickets altogether.

If session tickets are enabled and the process lives for a long a time,
an attacker can grab the session ticket from the process and use that to
decrypt any traffic that occured during the entire lifetime of the
process.







Fixed setting of content type in some cases.
2013-12-27T15:40:04+00:00

Ruslan Ermilov
ru@nginx.com

2013-12-27T15:40:04+00:00

2539ce036f6f9d9c2f0e9d6e723d1f0785b9dc0a

This fixes content type set in stub_status and autoindex responses
to be usable in content type checks made by filter modules, such
as charset and sub filters.





This fixes content type set in stub_status and autoindex responses
to be usable in content type checks made by filter modules, such
as charset and sub filters.







Style: removed surplus semicolons.
2013-12-27T14:47:42+00:00

Valentin Bartenev
vbart@nginx.com

2013-12-27T14:47:42+00:00

2b1156d1018bbeb0ebdc46c576cd5adb203db373












Dav: emit a warning about unsafe URI.
2013-12-23T14:12:03+00:00

Ruslan Ermilov
ru@nginx.com

2013-12-23T14:12:03+00:00

9b4a99cf5d5c12557136dc205c87ffa0bdc60012












Teach ngx_http_parse_unsafe_uri() how to unescape URIs.
2013-12-23T14:12:00+00:00

Ruslan Ermilov
ru@nginx.com

2013-12-23T14:12:00+00:00

f7ff5e65d0d20ba0425be7e3d8de4d04ceec9206

This fixes handling of escaped URIs in X-Accel-Redirect (ticket #316),
SSI (ticket #240), and DAV.





This fixes handling of escaped URIs in X-Accel-Redirect (ticket #316),
SSI (ticket #240), and DAV.







SSL: ssl_buffer_size directive.
2013-12-20T12:18:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-12-20T12:18:25+00:00

37b7de6df74b29153b4bfd0da5bef28fb4dbda77












Upstream: simplified peer selection loop in the "ip_hash" module.
2013-12-09T09:43:27+00:00

Vladimir Homutov
vl@nginx.com

2013-12-09T09:43:27+00:00

c7a0b0466528ee588d3352981033e7590783e6bc

Conditions for skipping ineligible peers are rewritten to make adding of new
conditions simpler and be in line with the "round_robin" and "least_conn"
modules.  No functional changes.





Conditions for skipping ineligible peers are rewritten to make adding of new
conditions simpler and be in line with the "round_robin" and "least_conn"
modules.  No functional changes.







Trailing whitespace fix.
2013-12-12T16:28:48+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-12-12T16:28:48+00:00

0c585adfd40ec2757053701fe2aae6cb6948cbeb












Use ngx_chain_get_free_buf() in pipe input filters.
2013-12-11T17:30:38+00:00

Valentin Bartenev
vbart@nginx.com

2013-12-11T17:30:38+00:00

2576530c5123da466f75169418386887748b99b1

No functional changes.





No functional changes.