nginx.git/src/mail, branch release-1.13.12

SSL: using default server context in session remove (closes #1464).

2018-01-30T14:46:31+00:00

This fixes segfault in configurations with multiple virtual servers sharing
the same port, where a non-default virtual server block misses certificate.

Fixed worker_shutdown_timeout in various cases.

2017-11-20T13:31:07+00:00

The ngx_http_upstream_process_upgraded() did not handle c->close request,
and upgraded connections do not use the write filter.  As a result,
worker_shutdown_timeout did not affect upgraded connections (ticket #1419).
Fix is to handle c->close in the ngx_http_request_handler() function, thus
covering most of the possible cases in http handling.

Additionally, mail proxying did not handle neither c->close nor c->error,
and thus worker_shutdown_timeout did not work for mail connections.  Fix is
to add c->close handling to ngx_mail_proxy_handler().

Also, added explicit handling of c->close to stream proxy,
ngx_stream_proxy_process_connection().  This improves worker_shutdown_timeout
handling in stream, it will no longer wait for some data being transferred
in a connection before closing it, and will also provide appropriate
logging at the "info" level.

Style: changed checks of ngx_ssl_create_connection() to != NGX_OK.

2017-05-29T13:34:35+00:00

In http these checks were changed in a6d6d762c554, though mail module
was missed at that time.  Since then, the stream module was introduced
based on mail, using "== NGX_ERROR" check.

SSL: added support for TLSv1.3 in ssl_protocols directive.

2017-04-18T12:12:38+00:00

Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1.

Mail: configurable socket buffer sizes.

2017-04-03T14:30:34+00:00

The "rcvbuf" and "sndbuf" parameters are now supported by
the "listen" directive.

Mail: don't emit separator in capability lists for APOP.

2017-03-06T14:56:23+00:00

Notably, this fixes CAPA and AUTH output.

The bug had appeared in nginx 1.11.6 (73b451d304c0).

Mail: make it possible to disable SASL EXTERNAL.

2017-01-12T16:22:03+00:00

Win32: fixed some warnings reported by Borland C.

2016-12-24T15:01:14+00:00

Most notably, warning W8012 (comparing signed and unsigned values) reported
in multiple places where an unsigned value of small type (e.g., u_short) is
promoted to an int and compared to an unsigned value.

Warning W8072 (suspicious pointer arithmetic) disabled, it is reported
when we increment base pointer in ngx_shm_alloc().

Mail: support SASL EXTERNAL (RFC 4422).

2016-10-08T07:05:00+00:00

This is needed to allow TLS client certificate auth to work. With
ssl_verify_client configured, the auth daemon can choose to allow the
connection to proceed based on the certificate data.

This has been tested with Thunderbird for IMAP only. I've not yet found a
client that will do client certificate auth for POP3 or SMTP, and the method is
not really documented anywhere that I can find. That said, its simple enough
that the way I've done is probably right.

Mail: extensible auth methods in pop3 module.

2016-10-18T16:38:46+00:00