If the main request was finalized while a background request performed an asynchronous operation, the main request ended up in ngx_http_writer() and was not finalized until a network event or a timeout. For example, cache background update with aio enabled made nginx unable to process further client requests or close the connection, keeping it open until client closes it. Now regular finalization of the main request is not suspended because of an asynchronous operation in another request. If a background request was terminated while an asynchronous operation was in progress, background request's write event handler was changed to ngx_http_request_finalizer() and never called again. Now, whenever a request is terminated while an asynchronous operation is in progress, connection error flag is set to make further finalizations of any request with this connection lead to termination. These issues appeared in 1aeaae6e9446 (not yet released).
In http these checks were changed in a6d6d762c554, though mail module was missed at that time. Since then, the stream module was introduced based on mail, using "== NGX_ERROR" check.
With OpenSSL 1.1.0+, the workaround for handshake buffer size as introduced in a720f0b0e083 (ticket #413) no longer works, as OpenSSL no longer exposes handshake buffers, see https://github.com/openssl/openssl/commit/2e7dc7cd688. Moreover, it is no longer possible to adjust handshake buffers at all now. To avoid additional RTT if handshake uses more than 4k we now set TCP_NODELAY on SSL connections before handshake. While this still results in sub-optimal network utilization due to incomplete packets being sent, it seems to be better than nothing.
Previously, cache background update might not work as expected, making client wait for it to complete before receiving the final part of a stale response. This could happen if the response could not be sent to the client socket in one filter chain call. Now background cache update is done in a background subrequest. This type of subrequest does not block any other subrequests or the main request.
Previously, the read event of the accepted connection was marked ready, but not available. This made EPOLLRDHUP-related code (for example, in ngx_unix_recv()) expect more data from the socket, leading to unexpected behavior. For example, if SSL, PROXY protocol and deferred accept were enabled on a listen socket, the client connection was aborted due to unexpected return value of c->recv().
If allocation of cleanup handler in the HTTP/2 header filter failed, then a stream might be freed with a HEADERS frame left in the output queue. Now the HEADERS frame is accounted in the queue before trying to allocate the cleanup handler.
Abnormally exited workers may leave locked cache entries, this can result in the cache size on disk exceeding max_size and shared memory exhaustion. This change mitigates the issue by ignoring locked entries during forced expire. It also increases the visibility of the problem by logging such entries.
Previously, an allocation error resulted in uninitialized memory access when evaluating $upstream_http_ variables. On a related note, see r->headers_out.headers cleanup work in 0cdee26605f3.