nginx.git/src/http, branch release-1.2.6 nginx Merge of r4921, r4922, r4923, r4924, r4925: request body fixes. 2012-12-11T13:18:50+00:00 Maxim Dounin mdounin@mdounin.ru 2012-12-11T13:18:50+00:00 663e14e10d0f90fdf61f059d268dd4eb7e5be7f8 *) Request body: fixed "501 Not Implemented" error handling. It is not about "Method" but a generic message, and is expected to be used e.g. if specified Transfer-Encoding is not supported. Fixed message to match RFC 2616. Additionally, disable keepalive on such errors as we won't be able to read request body correctly if we don't understand Transfer-Encoding used. *) Request body: $request_body variable generalization. The $request_body variable was assuming there can't be more than two buffers. While this is currently true due to request body reading implementation details, this is not a good thing to depend on and may change in the future. *) Request body: code duplication reduced, no functional changes. The r->request_body_in_file_only with empty body case is now handled in ngx_http_write_request_body(). *) Request body: fixed socket leak on errors. The r->main->count reference counter was always incremented in ngx_http_read_client_request_body(), while it is only needs to be incremented on positive returns. *) Request body: properly handle events while discarding body. An attempt to call ngx_handle_read_event() before actually reading data from a socket might result in read event being disabled, which is wrong. Catched by body.t test on Solaris. 
*) Request body: fixed "501 Not Implemented" error handling.

   It is not about "Method" but a generic message, and is expected to be used
   e.g. if specified Transfer-Encoding is not supported.  Fixed message to
   match RFC 2616.

   Additionally, disable keepalive on such errors as we won't be able to read
   request body correctly if we don't understand Transfer-Encoding used.

*) Request body: $request_body variable generalization.

   The $request_body variable was assuming there can't be more than two
   buffers.  While this is currently true due to request body reading
   implementation details, this is not a good thing to depend on and may
   change in the future.

*) Request body: code duplication reduced, no functional changes.

   The r->request_body_in_file_only with empty body case is now handled in
   ngx_http_write_request_body().

*) Request body: fixed socket leak on errors.

   The r->main->count reference counter was always incremented in
   ngx_http_read_client_request_body(), while it is only needs to be
   incremented on positive returns.

*) Request body: properly handle events while discarding body.

   An attempt to call ngx_handle_read_event() before actually reading
   data from a socket might result in read event being disabled, which is
   wrong.  Catched by body.t test on Solaris.
Merge of r4919: fixed segfault on PUT in dav module. 2012-12-10T17:51:10+00:00 Maxim Dounin mdounin@mdounin.ru 2012-12-10T17:51:10+00:00 c460629181248f47c6a77edacd9d17b7c1f26f12 Dav: fixed segfault on PUT if body was already read (ticket #238). If request body reading happens with different options it's possible that there will be no r->request_body->temp_file available (or even no r->request_body available if body was discarded). Return internal server error in this case instead of committing suicide by dereferencing a null pointer. 
Dav: fixed segfault on PUT if body was already read (ticket #238).

If request body reading happens with different options it's possible
that there will be no r->request_body->temp_file available (or even
no r->request_body available if body was discarded).  Return internal
server error in this case instead of committing suicide by dereferencing
a null pointer.
Merge of r4915, r4916, r4917: upstream minor fixes. 2012-12-10T16:35:32+00:00 Maxim Dounin mdounin@mdounin.ru 2012-12-10T16:35:32+00:00 72bba4144b29c22753fc7463088597b871c087fa *) Upstream: honor the "down" flag for a single server. If an upstream block was defined with the only server marked as "down", e.g. upstream u { server 127.0.0.1:8080 down; } an attempt was made to contact the server despite the "down" flag. It is believed that immediate 502 response is better in such a case, and it's also consistent with what is currently done in case of multiple servers all marked as "down". *) Upstream: better detection of connect() failures with kqueue. Pending EOF might be reported on both read and write events, whichever comes first, so check both of them. Patch by Yichun Zhang (agentzh), slightly modified. 
*) Upstream: honor the "down" flag for a single server.

   If an upstream block was defined with the only server marked as
   "down", e.g.

       upstream u {
           server 127.0.0.1:8080 down;
       }

   an attempt was made to contact the server despite the "down" flag.
   It is believed that immediate 502 response is better in such a
   case, and it's also consistent with what is currently done in case
   of multiple servers all marked as "down".

*) Upstream: better detection of connect() failures with kqueue.

   Pending EOF might be reported on both read and write events, whichever
   comes first, so check both of them.

   Patch by Yichun Zhang (agentzh), slightly modified.
Merge of r4914: variables $request_time and $msec. 2012-12-10T16:03:56+00:00 Maxim Dounin mdounin@mdounin.ru 2012-12-10T16:03:56+00:00 18590cd21ed25d77f57a26c9989c735fb7f4cbc8 Log module counterparts are preserved for efficiency. 
Log module counterparts are preserved for efficiency.
Version bump. 2012-12-10T15:43:41+00:00 Maxim Dounin mdounin@mdounin.ru 2012-12-10T15:43:41+00:00 2948d7cfc2700c957fb2f74f05099778b5f77925 






Merge of r4896: event pipe: fixed handling of buf_to_file data.
2012-11-13T11:24:14+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-11-13T11:24:14+00:00

13cda62555b28dd1afb927705eeff0c5f66cdbaf

Input filter might free a buffer if there is no data in it, and in case
of first buffer (used for cache header and request header, aka p->buf_to_file)
this resulted in cache corruption.  Buffer memory was reused to read upstream
response before headers were written to disk.

Fix is to avoid moving pointers in ngx_event_pipe_add_free_buf() to a buffer
start if we were asked to free a buffer used by p->buf_to_file.

This fixes occasional cache file corruption, usually resulted
in "cache file ... has md5 collision" alerts.

Reported by Anatoli Marinov.





Input filter might free a buffer if there is no data in it, and in case
of first buffer (used for cache header and request header, aka p->buf_to_file)
this resulted in cache corruption.  Buffer memory was reused to read upstream
response before headers were written to disk.

Fix is to avoid moving pointers in ngx_event_pipe_add_free_buf() to a buffer
start if we were asked to free a buffer used by p->buf_to_file.

This fixes occasional cache file corruption, usually resulted
in "cache file ... has md5 collision" alerts.

Reported by Anatoli Marinov.







Merge of r4892: keepalive memory usage optimization.
2012-11-13T11:21:31+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-11-13T11:21:31+00:00

1954cf149aa79ba2bb1ce0b7b20422ab2ca6c93a

The ngx_http_keepalive_handler() function is now trying to not
keep c->buffer's memory for idle connections.

This behaviour is consistent with the ngx_http_set_keepalive()
function and it should decrease memory usage in some cases (especially
if epoll/rtsig is used).





The ngx_http_keepalive_handler() function is now trying to not
keep c->buffer's memory for idle connections.

This behaviour is consistent with the ngx_http_set_keepalive()
function and it should decrease memory usage in some cases (especially
if epoll/rtsig is used).







Merge of r4886, r4887, r4894: log variables generalization:
2012-11-13T10:45:23+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-11-13T10:45:23+00:00

3f72b594126f0b05303fadb5a051de24d2646454

*) Log: $apache_bytes_sent removed.  It was renamed to $body_bytes_sent
   in nginx 0.3.10 and the old name is deprecated since then.

*) Variable $bytes_sent.  It replicates variable $bytes_sent as previously
   available in log module only.  Patch by Benjamin Grössing (with minor
   changes).

*) Variables $connection and $connection_requests.  Log module
   counterparts are removed as they aren't used often and there is no
   need to preserve them for efficiency.





*) Log: $apache_bytes_sent removed.  It was renamed to $body_bytes_sent
   in nginx 0.3.10 and the old name is deprecated since then.

*) Variable $bytes_sent.  It replicates variable $bytes_sent as previously
   available in log module only.  Patch by Benjamin Grössing (with minor
   changes).

*) Variables $connection and $connection_requests.  Log module
   counterparts are removed as they aren't used often and there is no
   need to preserve them for efficiency.







Merge of r4885: ssl_verify_client optional_no_ca.
2012-11-13T10:42:16+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-11-13T10:42:16+00:00

71b6604e4465b6aac478f04c3608a6be5c6500e6

SSL: the "ssl_verify_client" directive parameter "optional_no_ca".

This parameter allows to don't require certificate to be signed by
a trusted CA, e.g. if CA certificate isn't known in advance, like in
WebID protocol.

Note that it doesn't add any security unless the certificate is actually
checked to be trusted by some external means (e.g. by a backend).

Patch by Mike Kazantsev, Eric O'Connor.





SSL: the "ssl_verify_client" directive parameter "optional_no_ca".

This parameter allows to don't require certificate to be signed by
a trusted CA, e.g. if CA certificate isn't known in advance, like in
WebID protocol.

Note that it doesn't add any security unless the certificate is actually
checked to be trusted by some external means (e.g. by a backend).

Patch by Mike Kazantsev, Eric O'Connor.







Version bump.
2012-11-12T17:03:38+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-11-12T17:03:38+00:00

de68f145bf583e2319809f39ba0807e32f536213