nginx.git/src/stream, branch release-1.22.0 nginx SSL: $ssl_curve (ticket #2135). 2021-11-01T15:09:34+00:00 Sergey Kandaurov pluknet@nginx.com 2021-11-01T15:09:34+00:00 5c3249964403356601e64ab701f2e563a1f98630 The variable contains a negotiated curve used for the handshake key exchange process. Known curves are listed by their names, unknown ones are shown in hex. Note that for resumed sessions in TLSv1.2 and older protocols, $ssl_curve contains the curve used during the initial handshake, while in TLSv1.3 it contains the curve used during the session resumption (see the SSL_get_negotiated_group manual page for details). The variable is only meaningful when using OpenSSL 3.0 and above. With older versions the variable is empty. 
The variable contains a negotiated curve used for the handshake key
exchange process.  Known curves are listed by their names, unknown
ones are shown in hex.

Note that for resumed sessions in TLSv1.2 and older protocols,
$ssl_curve contains the curve used during the initial handshake,
while in TLSv1.3 it contains the curve used during the session
resumption (see the SSL_get_negotiated_group manual page for
details).

The variable is only meaningful when using OpenSSL 3.0 and above.
With older versions the variable is empty.
Style: added missing "static" specifiers. 2021-10-21T15:43:13+00:00 Maxim Dounin mdounin@mdounin.ru 2021-10-21T15:43:13+00:00 3ab1b64463cfc1cea5209f159d8fe3797328be51 Mostly found by gcc -Wtraditional, per "non-static declaration of ... follows static declaration [-Wtraditional]" warnings. 
Mostly found by gcc -Wtraditional, per "non-static declaration of ...
follows static declaration [-Wtraditional]" warnings.
Stream: the "ssl_alpn" directive. 2021-10-19T09:19:59+00:00 Vladimir Homutov vl@nginx.com 2021-10-19T09:19:59+00:00 df472eecc043700275ecae2655206163c786f758 The directive sets the server list of supported application protocols and requires one of this protocols to be negotiated if client is using ALPN. 
The directive sets the server list of supported application protocols
and requires one of this protocols to be negotiated if client is using
ALPN.
SSL: added $ssl_alpn_protocol variable. 2021-10-14T08:46:23+00:00 Vladimir Homutov vl@nginx.com 2021-10-14T08:46:23+00:00 a9f4f25b72c39653795dfb4b1f13b55625fb9fbc The variable contains protocol selected by ALPN during handshake and is empty otherwise. 
The variable contains protocol selected by ALPN during handshake and
is empty otherwise.
Stream: added half-close support. 2021-09-22T07:20:00+00:00 Vladimir Homutov vl@nginx.com 2021-09-22T07:20:00+00:00 e56ba23158b8466d108fd4d571bd7d9a88f2a473 The "proxy_half_close" directive enables handling of TCP half close. If enabled, connection to proxied server is kept open until both read ends get EOF. Write end shutdown is properly transmitted via proxy. 
The "proxy_half_close" directive enables handling of TCP half close.  If
enabled, connection to proxied server is kept open until both read ends get
EOF.  Write end shutdown is properly transmitted via proxy.
SSL: ciphers now set before loading certificates (ticket #2035). 2021-08-16T19:40:31+00:00 Maxim Dounin mdounin@mdounin.ru 2021-08-16T19:40:31+00:00 ce5996cdd1b2e150f645efbc337e5a681dbe241c To load old/weak server or client certificates it might be needed to adjust the security level, as introduced in OpenSSL 1.1.0. This change ensures that ciphers are set before loading the certificates, so security level changes via the cipher string apply to certificate loading. 
To load old/weak server or client certificates it might be needed to adjust
the security level, as introduced in OpenSSL 1.1.0.  This change ensures that
ciphers are set before loading the certificates, so security level changes
via the cipher string apply to certificate loading.
Stream: the "fastopen" parameter of the "listen" directive. 2021-05-20T16:59:16+00:00 Ruslan Ermilov ru@nginx.com 2021-05-20T16:59:16+00:00 ecbe06b9fee57207d84be9ac39d1aa10b2d0fbd8 Based on a patch by Anbang Wen. 
Based on a patch by Anbang Wen.
Upstream: variables support in certificates. 2021-05-05T23:22:09+00:00 Maxim Dounin mdounin@mdounin.ru 2021-05-05T23:22:09+00:00 c7de65228f798c3c5391370fcd2d10032aa6eaf8 






Changed complex value slots to use NGX_CONF_UNSET_PTR.
2021-05-05T23:22:03+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-05-05T23:22:03+00:00

4faa84085379346fa1cf322907a1f9b6a7fbd583

With this change, it is now possible to use ngx_conf_merge_ptr_value()
to merge complex values.  This change follows much earlier changes in
ngx_conf_merge_ptr_value() and ngx_conf_set_str_array_slot()
in 1452:cd586e963db0 (0.6.10) and 1701:40d004d95d88 (0.6.22), and the
change in ngx_conf_set_keyval_slot() (7728:485dba3e2a01, 1.19.4).

To preserve compatibility with existing 3rd party modules, both NULL
and NGX_CONF_UNSET_PTR are accepted for now.





With this change, it is now possible to use ngx_conf_merge_ptr_value()
to merge complex values.  This change follows much earlier changes in
ngx_conf_merge_ptr_value() and ngx_conf_set_str_array_slot()
in 1452:cd586e963db0 (0.6.10) and 1701:40d004d95d88 (0.6.22), and the
change in ngx_conf_set_keyval_slot() (7728:485dba3e2a01, 1.19.4).

To preserve compatibility with existing 3rd party modules, both NULL
and NGX_CONF_UNSET_PTR are accepted for now.







SSL: fixed build by Sun C with old OpenSSL versions.
2021-03-05T14:16:13+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-03-05T14:16:13+00:00

797ac536fe2cc0a311a72ddb861784f320991beb

Sun C complains about "statement not reached" if a "return" is followed
by additional statements.





Sun C complains about "statement not reached" if a "return" is followed
by additional statements.