nginx.git/src, branch release-1.2.7 nginx Merge of r5027, r5028, r5029: fastcgi_keep_conn fixes. 2013-02-11T16:11:14+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T16:11:14+00:00 7eafb7761e3220b4e882e6c474fc7bebd3190dc7 *) FastCGI: fixed wrong connection close with fastcgi_keep_conn. With fastcgi_keep_conn it was possible that connection was closed after FCGI_STDERR record with zero padding and without any further data read yet. This happended as f->state was set to ngx_http_fastcgi_st_padding and then "break" happened, resulting in p->length being set to f->padding, i.e. 0 (which in turn resulted in connection close). Fix is to make sure we continue the loop after f->state is set. *) FastCGI: unconditional state transitions. Checks for f->padding before state transitions make code hard to follow, remove them and make sure we always do another loop iteration after f->state is set to ngx_http_fastcgi_st_padding. *) FastCGI: proper handling of split fastcgi end request. If fastcgi end request record was split between several network packets, with fastcgi_keep_conn it was possible that connection was saved in incorrect state (e.g. with padding bytes not yet read). 
*) FastCGI: fixed wrong connection close with fastcgi_keep_conn.

   With fastcgi_keep_conn it was possible that connection was closed after
   FCGI_STDERR record with zero padding and without any further data read
   yet.  This happended as f->state was set to ngx_http_fastcgi_st_padding
   and then "break" happened, resulting in p->length being set to
   f->padding, i.e. 0 (which in turn resulted in connection close).

   Fix is to make sure we continue the loop after f->state is set.

*) FastCGI: unconditional state transitions.  Checks for f->padding
   before state transitions make code hard to follow, remove them and
   make sure we always do another loop iteration after f->state is
   set to ngx_http_fastcgi_st_padding.

*) FastCGI: proper handling of split fastcgi end request.  If fastcgi
   end request record was split between several network packets, with
   fastcgi_keep_conn it was possible that connection was saved in
   incorrect state (e.g. with padding bytes not yet read).
Merge of r5018: secure link: fixed configuration inheritance. 2013-02-11T16:09:35+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T16:09:35+00:00 61312182f5b08cafc33bd4ebe15d3c2defb4a998 The "secure_link_secret" directive was always inherited from the outer configuration level even when "secure_link" and "secure_link_md5" were specified on the inner level. 
The "secure_link_secret" directive was always inherited from the outer
configuration level even when "secure_link" and "secure_link_md5" were
specified on the inner level.
Merge of r5017: fixed null dereference with resolver and poll. 2013-02-11T16:06:39+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T16:06:39+00:00 c9e51955ead69cdd7212043610c4c85082b5a41d Events: fixed null pointer dereference with resolver and poll. A POLLERR signalled by poll() without POLLIN/POLLOUT, as seen on Linux, would generate both read and write events, but there's no write event handler for resolver events. A fix is to only call event handler of an active event. 
Events: fixed null pointer dereference with resolver and poll.

A POLLERR signalled by poll() without POLLIN/POLLOUT, as seen on
Linux, would generate both read and write events, but there's no
write event handler for resolver events.  A fix is to only call
event handler of an active event.
Merge of r5014, r5015, r5016, r5030: geoip ipv6 support. 2013-02-11T15:34:30+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T15:34:30+00:00 431111e8d814280b2208d5910f4618b228f5af7d *) Configure: fixed style of include directories. *) Configure: fixed GeoIP library detection. *) GeoIP: IPv6 support. When using IPv6 databases, IPv4 addresses are looked up as IPv4-mapped IPv6 addresses. Mostly based on a patch by Gregor Kališnik (ticket #250). *) GeoIP: removed pseudo-support of "proxy" and "netspeed" databases. 
*) Configure: fixed style of include directories.

*) Configure: fixed GeoIP library detection.

*) GeoIP: IPv6 support.  When using IPv6 databases, IPv4 addresses are
   looked up as IPv4-mapped IPv6 addresses.  Mostly based on a patch
   by Gregor Kališnik (ticket #250).

*) GeoIP: removed pseudo-support of "proxy" and "netspeed" databases.
Merge of r5013: proxy: fixed proxy_method to always add space. 2013-02-11T15:31:10+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T15:31:10+00:00 e8ef9ea62b0b393455bf6fcd588c8ccf5ff72e74 Before the patch if proxy_method was specified at http{} level the code to add trailing space wasn't executed, resulting in incorrect requests to upstream. 
Before the patch if proxy_method was specified at http{} level the code
to add trailing space wasn't executed, resulting in incorrect requests
to upstream.
Merge of r5004, r5019-r5025: ssl fixes. 2013-02-11T15:12:06+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T15:12:06+00:00 a901bd695d6e0df434c002bc8bc9f61ca58a01b5 *) SSL: speedup loading of configs with many ssl servers. The patch saves one EC_KEY_generate_key() call per server{} block by informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before the SSL_CTX_set_tmp_ecdh() call. For a configuration file with 10k simple server{} blocks with SSL enabled this change reduces startup time from 18s to 5s on a slow test box here. *) SSL: removed conditions that always hold true. *) SSL: resetting of flush flag after the data was written. There is no need to flush next chunk of data if it does not contain a buffer with the flush or last_buf flags set. *) SSL: preservation of flush flag for buffered data. Previously, if SSL buffer was not sent we lost information that the data must be flushed. *) SSL: calculation of buffer size moved closer to its usage. No functional changes. *) SSL: avoid calling SSL_write() with zero data size. According to documentation, calling SSL_write() with num=0 bytes to be sent results in undefined behavior. We don't currently call ngx_ssl_send_chain() with empty chain and buffer. This check handles the case of a chain with total data size that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end. In practice such cases resulted in premature connection close and critical error "SSL_write() failed (SSL:)" in the error log. *) SSL: take into account data in the buffer while limiting output. In some rare cases this can result in a more smooth sending rate. *) SSL: fixed ngx_ssl_handshake() with level-triggered event methods. Missing calls to ngx_handle_write_event() and ngx_handle_read_event() resulted in a CPU hog during SSL handshake if an level-triggered event method (e.g. select) was used. 
*) SSL: speedup loading of configs with many ssl servers.  The patch
   saves one EC_KEY_generate_key() call per server{} block by informing
   OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
   the SSL_CTX_set_tmp_ecdh() call.

   For a configuration file with 10k simple server{} blocks with SSL
   enabled this change reduces startup time from 18s to 5s on a slow
   test box here.

*) SSL: removed conditions that always hold true.

*) SSL: resetting of flush flag after the data was written.  There is
   no need to flush next chunk of data if it does not contain a buffer
   with the flush or last_buf flags set.

*) SSL: preservation of flush flag for buffered data.  Previously,
   if SSL buffer was not sent we lost information that the data
   must be flushed.

*) SSL: calculation of buffer size moved closer to its usage.
   No functional changes.

*) SSL: avoid calling SSL_write() with zero data size.  According to
   documentation, calling SSL_write() with num=0 bytes to be sent
   results in undefined behavior.

   We don't currently call ngx_ssl_send_chain() with empty chain and
   buffer.  This check handles the case of a chain with total data size
   that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer
   at the end.

   In practice such cases resulted in premature connection close and
   critical error "SSL_write() failed (SSL:)" in the error log.

*) SSL: take into account data in the buffer while limiting output.
   In some rare cases this can result in a more smooth sending rate.

*) SSL: fixed ngx_ssl_handshake() with level-triggered event methods.
   Missing calls to ngx_handle_write_event() and ngx_handle_read_event()
   resulted in a CPU hog during SSL handshake if an level-triggered event
   method (e.g. select) was used.
Merge of r4999, r5003: detect duplicate "events" and "keepalive". 2013-02-11T14:58:25+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T14:58:25+00:00 635dae7cadfdc67f439f7c7cb79a1c7f51285f4e *) Upstream keepalive: detect duplicate "keepalive" directive. A failure to detect duplicate "keepalive" directive resulted in stack exhaustion. *) Events: added check for duplicate "events" directive. 
*) Upstream keepalive: detect duplicate "keepalive" directive.  A
   failure to detect duplicate "keepalive" directive resulted in
   stack exhaustion.

*) Events: added check for duplicate "events" directive.
Merge of r4992: off-by-one with 32/64 upstream backup servers. 2013-02-11T14:56:14+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T14:56:14+00:00 ff145c057451bfe40b5d59c5873091df07964831 Fixed off-by-one during upstream state resetting when switching to backup servers if there were exactly 32 (64 on 64-bit platforms) backup servers configured. Based on patch by Thomas Chen (ticket #257). 
Fixed off-by-one during upstream state resetting when switching to
backup servers if there were exactly 32 (64 on 64-bit platforms)
backup servers configured.

Based on patch by Thomas Chen (ticket #257).
Merge of r4991: fixed proxied HEAD requests with gzip enabled. 2013-02-11T14:39:49+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T14:39:49+00:00 6b070a4d216eb2083a96b3a3f24996f43940c4cd Fixed HEAD requests handling when proxying is used (ticket #261). 
Fixed HEAD requests handling when proxying is used (ticket #261).
Merge of r4985, r4986, r4987, r4988, r4989, r5002: access_log gzip. 2013-02-11T14:34:00+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-11T14:34:00+00:00 eef05677eb4a6b59ce0e9705aa66f0b796c08493 *) Access log: fixed redundant buffer reallocation. Previously a new buffer was allocated for every "access_log" directive with the same file path and "buffer=" parameters, while only one buffer per file is used. *) Reopening log files code moved to a separate function. The code refactored in a way to call custom handler that can do appropriate cleanup work (if any), like flushing buffers, finishing compress streams, finalizing connections to log daemon, etc.. *) Access log: the "flush" parameter of the "access_log" directive. *) Configure: added the NGX_ZLIB define. This was introduced for conditional compilation of the code that requires the zlib library. *) Access log: the "gzip" parameter of the "access_log" directive. Note: this requires zlib version 1.2.0.4 or above to work. *) The data pointer in ngx_open_file_t objects must be initialized. Uninitialized pointer may result in arbitrary segfaults if access_log is used without buffer and without variables in file path. Patch by Tatsuhiko Kubo (ticket #268). 
*) Access log: fixed redundant buffer reallocation.  Previously a new
   buffer was allocated for every "access_log" directive with the same
   file path and "buffer=" parameters, while only one buffer per file
   is used.

*) Reopening log files code moved to a separate function.  The code
   refactored in a way to call custom handler that can do appropriate
   cleanup work (if any), like flushing buffers, finishing compress
   streams, finalizing connections to log daemon, etc..

*) Access log: the "flush" parameter of the "access_log" directive.

*) Configure: added the NGX_ZLIB define.  This was introduced for
   conditional compilation of the code that requires the zlib library.

*) Access log: the "gzip" parameter of the "access_log" directive.
   Note: this requires zlib version 1.2.0.4 or above to work.

*) The data pointer in ngx_open_file_t objects must be initialized.
   Uninitialized pointer may result in arbitrary segfaults if access_log
   is used without buffer and without variables in file path.
   Patch by Tatsuhiko Kubo (ticket #268).