nginx.git/src/mail, branch release-1.6.3 nginx Mail: discard pipelined commands after SMTP STARTTLS. 2014-08-05T08:22:07+00:00 Maxim Dounin mdounin@mdounin.ru 2014-08-05T08:22:07+00:00 fbd2c8273154524297804e3b6fd5046e6a316b3e The bug had appeared in nginx 1.5.6 (04e43d03e153). Reported by Chris Boulton. 
The bug had appeared in nginx 1.5.6 (04e43d03e153).

Reported by Chris Boulton.
Mail: added a check for the number of arguments in MAIL/RCPT. 2014-05-21T17:56:20+00:00 Maxim Dounin mdounin@mdounin.ru 2014-05-21T17:56:20+00:00 f96771ab0519eaec5808d8816db5ba262c6c1b70 Missed during introduction of the SMTP pipelining support (04e43d03e153, 1.5.6). Previously, the check wasn't needed as s->buffer was used directly and the number of arguments didn't matter. Reported by Svyatoslav Nikolsky. 
Missed during introduction of the SMTP pipelining support (04e43d03e153,
1.5.6).  Previously, the check wasn't needed as s->buffer was used directly
and the number of arguments didn't matter.

Reported by Svyatoslav Nikolsky.
Mail: fixed ngx_mail_send() (ticket #519). 2014-03-31T17:38:27+00:00 Maxim Dounin mdounin@mdounin.ru 2014-03-31T17:38:27+00:00 e042fc903883341806366b39a526711b77f5c34b 






Fixed format specifier in logging of "c->number".
2014-03-06T14:25:59+00:00

Sergey Kandaurov
pluknet@nginx.com

2014-03-06T14:25:59+00:00

bd3516e8d98815a540ff65451889f6a2a0991c71












Mail: fixed passing of IPv6 client address in XCLIENT.
2014-01-17T18:06:04+00:00

Ruslan Ermilov
ru@nginx.com

2014-01-17T18:06:04+00:00

8b7fe56e95f7fe51438566150dda68027735198e












SSL: ssl_session_tickets directive.
2014-01-10T15:12:40+00:00

Dirkjan Bussink
d.bussink@gmail.com

2014-01-10T15:12:40+00:00

58a240d7735652138da46c64b5eb9e661e5533f5

This adds support so it's possible to explicitly disable SSL Session
Tickets. In order to have good Forward Secrecy support either the
session ticket key has to be reloaded by using nginx' binary upgrade
process or using an external key file and reloading the configuration.
This directive adds another possibility to have good support by
disabling session tickets altogether.

If session tickets are enabled and the process lives for a long a time,
an attacker can grab the session ticket from the process and use that to
decrypt any traffic that occured during the entire lifetime of the
process.





This adds support so it's possible to explicitly disable SSL Session
Tickets. In order to have good Forward Secrecy support either the
session ticket key has to be reloaded by using nginx' binary upgrade
process or using an external key file and reloading the configuration.
This directive adds another possibility to have good support by
disabling session tickets altogether.

If session tickets are enabled and the process lives for a long a time,
an attacker can grab the session ticket from the process and use that to
decrypt any traffic that occured during the entire lifetime of the
process.







Resolver: implemented IPv6 name to address resolving.
2013-12-09T06:53:28+00:00

Ruslan Ermilov
ru@nginx.com

2013-12-09T06:53:28+00:00

769eded73267274e018f460dd76b417538aa5934












Changed resolver API to use ngx_addr_t.
2013-12-06T10:30:27+00:00

Ruslan Ermilov
ru@nginx.com

2013-12-06T10:30:27+00:00

3aeefbcaea75c1ccf158be15afe61ce863978be9












SSL: added ability to set keys used for Session Tickets (RFC5077).
2013-10-11T23:05:24+00:00

Piotr Sikora
piotr@cloudflare.com

2013-10-11T23:05:24+00:00

79be6a5462498af8655aaed141f13a1d2a34abc8

In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.

    ssl_session_ticket_key  session_tickets/current.key;
    ssl_session_ticket_key  session_tickets/prev-1h.key;
    ssl_session_ticket_key  session_tickets/prev-2h.key;

Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>





In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.

    ssl_session_ticket_key  session_tickets/current.key;
    ssl_session_ticket_key  session_tickets/prev-1h.key;
    ssl_session_ticket_key  session_tickets/prev-2h.key;

Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>







Mail: fixed segfault with ssl/starttls at mail{} level and no cert.
2013-09-30T18:10:13+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-09-30T18:10:13+00:00

ef8c64acbe7b826b2bbd2dacc0e173cf79b26d37

A configuration like "mail { starttls on; server {}}" triggered NULL
pointer dereference in ngx_mail_ssl_merge_conf() as conf->file was not set.





A configuration like "mail { starttls on; server {}}" triggered NULL
pointer dereference in ngx_mail_ssl_merge_conf() as conf->file was not set.