nginx.git/src/mail, branch release-1.15.2 nginx SSL: deprecated the "ssl" directive. 2018-04-25T11:57:24+00:00 Ruslan Ermilov ru@nginx.com 2018-04-25T11:57:24+00:00 658a84f4252b65ef060b1d33b2ff0e749902978b 






SSL: detect "listen ... ssl" without certificates (ticket #178).
2018-04-24T12:29:01+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-04-24T12:29:01+00:00

76be1ea9de13c5e8bb0d9523c6a2ad4009a5d7cf

In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.

In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.





In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.

In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.







Mail: fixed error message about missing ssl_certificate_key.
2018-04-24T12:28:58+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-04-24T12:28:58+00:00

5d3a854ebd4f59854ade798b94070ff1ee3eddcf

In 51e1f047d15d, the "ssl" directive name was incorrectly hardcoded
in the error message shown when there are some SSL keys defined, but
not for all certificates.  Right approach is to use the "mode" variable,
which can be either "ssl" or "starttls".





In 51e1f047d15d, the "ssl" directive name was incorrectly hardcoded
in the error message shown when there are some SSL keys defined, but
not for all certificates.  Right approach is to use the "mode" variable,
which can be either "ssl" or "starttls".







SSL: using default server context in session remove (closes #1464).
2018-01-30T14:46:31+00:00

Sergey Kandaurov
pluknet@nginx.com

2018-01-30T14:46:31+00:00

57dde2ab37708423d97333be19830437732b3f4f

This fixes segfault in configurations with multiple virtual servers sharing
the same port, where a non-default virtual server block misses certificate.





This fixes segfault in configurations with multiple virtual servers sharing
the same port, where a non-default virtual server block misses certificate.







Fixed worker_shutdown_timeout in various cases.
2017-11-20T13:31:07+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-11-20T13:31:07+00:00

b32cb6b61079d2eff69c89e0e718a79258507717

The ngx_http_upstream_process_upgraded() did not handle c->close request,
and upgraded connections do not use the write filter.  As a result,
worker_shutdown_timeout did not affect upgraded connections (ticket #1419).
Fix is to handle c->close in the ngx_http_request_handler() function, thus
covering most of the possible cases in http handling.

Additionally, mail proxying did not handle neither c->close nor c->error,
and thus worker_shutdown_timeout did not work for mail connections.  Fix is
to add c->close handling to ngx_mail_proxy_handler().

Also, added explicit handling of c->close to stream proxy,
ngx_stream_proxy_process_connection().  This improves worker_shutdown_timeout
handling in stream, it will no longer wait for some data being transferred
in a connection before closing it, and will also provide appropriate
logging at the "info" level.





The ngx_http_upstream_process_upgraded() did not handle c->close request,
and upgraded connections do not use the write filter.  As a result,
worker_shutdown_timeout did not affect upgraded connections (ticket #1419).
Fix is to handle c->close in the ngx_http_request_handler() function, thus
covering most of the possible cases in http handling.

Additionally, mail proxying did not handle neither c->close nor c->error,
and thus worker_shutdown_timeout did not work for mail connections.  Fix is
to add c->close handling to ngx_mail_proxy_handler().

Also, added explicit handling of c->close to stream proxy,
ngx_stream_proxy_process_connection().  This improves worker_shutdown_timeout
handling in stream, it will no longer wait for some data being transferred
in a connection before closing it, and will also provide appropriate
logging at the "info" level.







Style: changed checks of ngx_ssl_create_connection() to != NGX_OK.
2017-05-29T13:34:35+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-05-29T13:34:35+00:00

0514e14a8bbd8e5977712c892b53aa471a91fcb5

In http these checks were changed in a6d6d762c554, though mail module
was missed at that time.  Since then, the stream module was introduced
based on mail, using "== NGX_ERROR" check.





In http these checks were changed in a6d6d762c554, though mail module
was missed at that time.  Since then, the stream module was introduced
based on mail, using "== NGX_ERROR" check.







SSL: added support for TLSv1.3 in ssl_protocols directive.
2017-04-18T12:12:38+00:00

Sergey Kandaurov
pluknet@nginx.com

2017-04-18T12:12:38+00:00

9a37eb3a62130473596e0e4c2e388d80bdb14956

Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1.





Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1.







Mail: configurable socket buffer sizes.
2017-04-03T14:30:34+00:00

Vladimir Homutov
vl@nginx.com

2017-04-03T14:30:34+00:00

a965e1d76642095f3f4e5f43d13a8b0379296e43

The "rcvbuf" and "sndbuf" parameters are now supported by
the "listen" directive.





The "rcvbuf" and "sndbuf" parameters are now supported by
the "listen" directive.







Mail: don't emit separator in capability lists for APOP.
2017-03-06T14:56:23+00:00

Sergey Kandaurov
pluknet@nginx.com

2017-03-06T14:56:23+00:00

fbe9759e4b8d0a80863a4000a724111b0741a9ab

Notably, this fixes CAPA and AUTH output.

The bug had appeared in nginx 1.11.6 (73b451d304c0).





Notably, this fixes CAPA and AUTH output.

The bug had appeared in nginx 1.11.6 (73b451d304c0).







Mail: make it possible to disable SASL EXTERNAL.
2017-01-12T16:22:03+00:00

Sergey Kandaurov
pluknet@nginx.com

2017-01-12T16:22:03+00:00

b5a3cc3781e95068cd8d0d8c84a7d8296b6682e6