nginx.git/src/stream, branch release-1.11.7 nginx Map: the "volatile" parameter. 2016-12-08T14:51:49+00:00 Ruslan Ermilov ru@nginx.com 2016-12-08T14:51:49+00:00 72ace363184d4768627c2fd2b0a5236887cdc036 By default, "map" creates cacheable variables [1]. With this parameter it creates a non-cacheable variable. An original idea was to deduce the cacheability of the "map" variable by checking the cacheability of variables specified in source and resulting values, but it turned to be too hard. For example, a cacheable variable can be overridden with the "set" directive or with the SSI "set" command. Also, keeping "map" variables cacheable by default is good for performance reasons. This required adding a new parameter. [1] Before db699978a33f (1.11.0), the cacheability of the "map" variable could vary depending on the cacheability of variables specified in resulting values (ticket #1090). This is believed to be a bug rather than a feature. 
By default, "map" creates cacheable variables [1].  With this
parameter it creates a non-cacheable variable.

An original idea was to deduce the cacheability of the "map"
variable by checking the cacheability of variables specified
in source and resulting values, but it turned to be too hard.
For example, a cacheable variable can be overridden with the
"set" directive or with the SSI "set" command.  Also, keeping
"map" variables cacheable by default is good for performance
reasons.  This required adding a new parameter.

[1] Before db699978a33f (1.11.0), the cacheability of the
"map" variable could vary depending on the cacheability of
variables specified in resulting values (ticket #1090).
This is believed to be a bug rather than a feature.
Map: simplified "map" block parser. 2016-12-08T14:29:01+00:00 Ruslan Ermilov ru@nginx.com 2016-12-08T14:29:01+00:00 41f06845cf5373d6a86e383f946006fd4ee87137 No functional changes. 
No functional changes.
SSL: $ssl_curves (ticket #1088). 2016-12-05T19:23:23+00:00 Maxim Dounin mdounin@mdounin.ru 2016-12-05T19:23:23+00:00 551091951a479e2f512062c51bdcc6157a211164 The variable contains a list of curves as supported by the client. Known curves are listed by their names, unknown ones are shown in hex, e.g., "0x001d:prime256v1:secp521r1:secp384r1". Note that OpenSSL uses session data for SSL_get1_curves(), and it doesn't store full list of curves supported by the client when serializing a session. As a result $ssl_curves is only available for new sessions (and will be empty for reused ones). The variable is only meaningful when using OpenSSL 1.0.2 and above. With older versions the variable is empty. 
The variable contains a list of curves as supported by the client.
Known curves are listed by their names, unknown ones are shown
in hex, e.g., "0x001d:prime256v1:secp521r1:secp384r1".

Note that OpenSSL uses session data for SSL_get1_curves(), and
it doesn't store full list of curves supported by the client when
serializing a session.  As a result $ssl_curves is only available
for new sessions (and will be empty for reused ones).

The variable is only meaningful when using OpenSSL 1.0.2 and above.
With older versions the variable is empty.
SSL: $ssl_ciphers (ticket #870). 2016-12-05T19:23:23+00:00 Maxim Dounin mdounin@mdounin.ru 2016-12-05T19:23:23+00:00 2daf78867bb60bee5e5ca517f20339211391635b The variable contains list of ciphers as supported by the client. Known ciphers are listed by their names, unknown ones are shown in hex, e.g., ""AES128-SHA:AES256-SHA:0x00ff". The variable is fully supported only when using OpenSSL 1.0.2 and above. With older version there is an attempt to provide some information using SSL_get_shared_ciphers(). It only lists known ciphers though. Moreover, as OpenSSL uses session data for SSL_get_shared_ciphers(), and it doesn't store relevant data when serializing a session. As a result $ssl_ciphers is only available for new sessions (and not available for reused ones) when using OpenSSL older than 1.0.2. 
The variable contains list of ciphers as supported by the client.
Known ciphers are listed by their names, unknown ones are shown
in hex, e.g., ""AES128-SHA:AES256-SHA:0x00ff".

The variable is fully supported only when using OpenSSL 1.0.2 and above.
With older version there is an attempt to provide some information
using SSL_get_shared_ciphers().  It only lists known ciphers though.
Moreover, as OpenSSL uses session data for SSL_get_shared_ciphers(),
and it doesn't store relevant data when serializing a session.  As
a result $ssl_ciphers is only available for new sessions (and not
available for reused ones) when using OpenSSL older than 1.0.2.
Upstream: do not unnecessarily create per-request upstreams. 2016-10-31T15:33:36+00:00 Ruslan Ermilov ru@nginx.com 2016-10-31T15:33:36+00:00 149fda55f730c38fb9e2c5b63370da92c0ad7c22 If proxy_pass (and friends) with variables evaluates an upstream specified with literal address, nginx always created a per-request upstream. Now, if there's a matching upstream specified in the configuration (either implicit or explicit), it will be used instead. 
If proxy_pass (and friends) with variables evaluates an upstream
specified with literal address, nginx always created a per-request
upstream.

Now, if there's a matching upstream specified in the configuration
(either implicit or explicit), it will be used instead.
Upstream: added the ngx_http_upstream_resolved_t.name field. 2016-10-31T15:33:33+00:00 Ruslan Ermilov ru@nginx.com 2016-10-31T15:33:33+00:00 3fae83a91c6e5cda012adf6ee2783273e747f613 This fixes inconsistency in what is stored in the "host" field. Normally it would contain the "host" part of the parsed URL (e.g., proxy_pass with variables), but for the case of an implicit upstream specified with literal address it contained the text representation of the socket address (that is, host including port for IP). Now the "host" field always contains the "host" part of the URL, while the text representation of the socket address is stored in the newly added "name" field. The ngx_http_upstream_create_round_robin_peer() function was modified accordingly in a way to be compatible with the code that does not know about the new "name" field. The "stream" code was similarly modified except for not adding compatibility in ngx_stream_upstream_create_round_robin_peer(). This change is also a prerequisite for the next change. 
This fixes inconsistency in what is stored in the "host" field.
Normally it would contain the "host" part of the parsed URL
(e.g., proxy_pass with variables), but for the case of an
implicit upstream specified with literal address it contained
the text representation of the socket address (that is, host
including port for IP).

Now the "host" field always contains the "host" part of the URL,
while the text representation of the socket address is stored
in the newly added "name" field.

The ngx_http_upstream_create_round_robin_peer() function was
modified accordingly in a way to be compatible with the code
that does not know about the new "name" field.

The "stream" code was similarly modified except for not adding
compatibility in ngx_stream_upstream_create_round_robin_peer().

This change is also a prerequisite for the next change.
Upstream: removed unnecessary condition in proxy_eval() and friends. 2016-10-31T15:33:31+00:00 Ruslan Ermilov ru@nginx.com 2016-10-31T15:33:31+00:00 4e1720b0a21c6f8ad9f459630e270372387207ba The first condition added in d3454e719bbb should have just replaced the second one. 
The first condition added in d3454e719bbb should have just replaced
the second one.
SSL: compatibility with BoringSSL. 2016-10-19T15:36:50+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-19T15:36:50+00:00 9b8b33bd4a3f44a4d1a23b7fba09a014e0fcc5ab BoringSSL changed SSL_set_tlsext_host_name() to be a real function with a (const char *) argument, so it now triggers a warning due to conversion from (u_char *). Added an explicit cast to silence the warning. Prodded by Piotr Sikora, Alessandro Ghedini. 
BoringSSL changed SSL_set_tlsext_host_name() to be a real function
with a (const char *) argument, so it now triggers a warning due to
conversion from (u_char *).  Added an explicit cast to silence the
warning.

Prodded by Piotr Sikora, Alessandro Ghedini.
Modules compatibility: removed dependencies on NGX_STREAM_SSL. 2016-10-10T15:44:17+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-10T15:44:17+00:00 78f91756cdf4523a5dd3e71184b09c2265efee6f External structures are now identical regardless of stream SSL module compiled in or not. 
External structures are now identical regardless of stream SSL module
compiled in or not.
Stream ssl_preread: fixed $ssl_preread_server_name variable. 2016-10-05T15:11:39+00:00 Sergey Kandaurov pluknet@nginx.com 2016-10-05T15:11:39+00:00 88dc647481a9280fa6cedb0bed61a34123119b3c Made sure to set the variable length only after successful SNI parsing. 
Made sure to set the variable length only after successful SNI parsing.