nginx.git/src/mail, branch release-1.5.7 nginx SSL: added ability to set keys used for Session Tickets (RFC5077). 2013-10-11T23:05:24+00:00 Piotr Sikora piotr@cloudflare.com 2013-10-11T23:05:24+00:00 79be6a5462498af8655aaed141f13a1d2a34abc8 In order to support key rollover, ssl_session_ticket_key can be defined multiple times. The first key will be used to issue and resume Session Tickets, while the rest will be used only to resume them. ssl_session_ticket_key session_tickets/current.key; ssl_session_ticket_key session_tickets/prev-1h.key; ssl_session_ticket_key session_tickets/prev-2h.key; Please note that nginx supports Session Tickets even without explicit configuration of the keys and this feature should be only used in setups where SSL traffic is distributed across multiple nginx servers. Signed-off-by: Piotr Sikora <piotr@cloudflare.com> 
In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.

    ssl_session_ticket_key  session_tickets/current.key;
    ssl_session_ticket_key  session_tickets/prev-1h.key;
    ssl_session_ticket_key  session_tickets/prev-2h.key;

Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
Mail: fixed segfault with ssl/starttls at mail{} level and no cert. 2013-09-30T18:10:13+00:00 Maxim Dounin mdounin@mdounin.ru 2013-09-30T18:10:13+00:00 ef8c64acbe7b826b2bbd2dacc0e173cf79b26d37 A configuration like "mail { starttls on; server {}}" triggered NULL pointer dereference in ngx_mail_ssl_merge_conf() as conf->file was not set. 
A configuration like "mail { starttls on; server {}}" triggered NULL
pointer dereference in ngx_mail_ssl_merge_conf() as conf->file was not set.
Mail: fixed overrun of allocated memory (ticket #411). 2013-09-30T18:10:08+00:00 Maxim Dounin mdounin@mdounin.ru 2013-09-30T18:10:08+00:00 aa36cc39a40a8d6a1e5fbc7a527b1a39db790d01 Reported by Markus Linnala. 
Reported by Markus Linnala.
Mail: handle smtp multiline replies. 2013-09-30T18:10:03+00:00 Maxim Dounin mdounin@mdounin.ru 2013-09-30T18:10:03+00:00 f2b5192c30e51b3376eb09525c0d0a75fda30c38 See here for details: http://nginx.org/pipermail/nginx/2010-August/021713.html http://nginx.org/pipermail/nginx/2010-August/021784.html http://nginx.org/pipermail/nginx/2010-August/021785.html 
See here for details:

http://nginx.org/pipermail/nginx/2010-August/021713.html
http://nginx.org/pipermail/nginx/2010-August/021784.html
http://nginx.org/pipermail/nginx/2010-August/021785.html
Mail: smtp pipelining support. 2013-09-30T18:09:57+00:00 Maxim Dounin mdounin@mdounin.ru 2013-09-30T18:09:57+00:00 4f6f653f482abc3b963727ea5f2c5d708d8fd605 Basically, this does the following two changes (and corresponding modifications of related code): 1. Does not reset session buffer unless it's reached it's end, and always wait for LF to terminate command (even if we detected invalid command). 2. Record command name to make it available for handlers (since now we can't assume that command starts from s->buffer->start). 
Basically, this does the following two changes (and corresponding
modifications of related code):

1. Does not reset session buffer unless it's reached it's end, and always
wait for LF to terminate command (even if we detected invalid command).

2. Record command name to make it available for handlers (since now we
can't assume that command starts from s->buffer->start).
Mail: added session close on smtp_greeting_delay violation. 2013-09-30T18:09:50+00:00 Maxim Dounin mdounin@mdounin.ru 2013-09-30T18:09:50+00:00 32d6035303426bfd027d00030d0749cc0e85c6fb A server MUST send greeting before other replies, while before this change in case of smtp_greeting_delay violation the 220 greeting was sent after several 503 replies to commands received before greeting, resulting in protocol synchronization loss. Moreover, further commands were accepted after the greeting. While closing a connection isn't strictly RFC compliant (RFC 5321 requires servers to wait for a QUIT before closing a connection), it's probably good enough for practial uses. 
A server MUST send greeting before other replies, while before this
change in case of smtp_greeting_delay violation the 220 greeting was
sent after several 503 replies to commands received before greeting,
resulting in protocol synchronization loss.  Moreover, further commands
were accepted after the greeting.

While closing a connection isn't strictly RFC compliant (RFC 5321
requires servers to wait for a QUIT before closing a connection), it's
probably good enough for practial uses.
SSL: stop loading configs with invalid "ssl_ciphers" values. 2013-09-23T05:36:11+00:00 Piotr Sikora piotr@cloudflare.com 2013-09-23T05:36:11+00:00 f52a2c7585092b980866fde5d1a0569fe2bf43b2 While there, remove unnecessary check in ngx_mail_ssl_module. Signed-off-by: Piotr Sikora <piotr@cloudflare.com> 
While there, remove unnecessary check in ngx_mail_ssl_module.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
Style. 2013-07-11T16:38:27+00:00 Maxim Dounin mdounin@mdounin.ru 2013-07-11T16:38:27+00:00 d10251030ae4553e5f5338b267750f63cd05d1b3 






Core: extended ngx_sock_ntop() with socklen parameter.
2013-07-11T12:07:25+00:00

Vladimir Homutov
vl@nginx.com

2013-07-11T12:07:25+00:00

af18946d769296d9efead825a0d1aa6a1a41fe74

On Linux, sockaddr length is required to process unix socket addresses properly
due to unnamed sockets (which don't have sun_path set at all) and abstract
namespace sockets.





On Linux, sockaddr length is required to process unix socket addresses properly
due to unnamed sockets (which don't have sun_path set at all) and abstract
namespace sockets.







Mail: fixed possible uninitialized memory access.
2013-06-05T15:44:23+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-06-05T15:44:23+00:00

2b356db155a12c0bc403237772b5a7dca4c62a8f

Found by Valgrind.





Found by Valgrind.