nginx.git/src, branch release-1.29.2

SSL: fixed "key values mismatch" with object cache inheritance.

2025-10-06T08:56:42+00:00

In rare cases, it was possible to get into this error state on reload
with improperly updated file timestamps for certificate and key pairs.

The fix is to retry on X509_R_KEY_VALUES_MISMATCH, similar to 5d5d9adcc.
Additionally, loading SSL certificate is updated to avoid certificates
discarded on retry to appear in ssl->certs and in extra chain.

Mail: xtext encoding (RFC 3461) in XCLIENT LOGIN.

2025-09-26T13:04:20+00:00

The XCLIENT command uses xtext encoding for attribute values,
as specified in https://www.postfix.org/XCLIENT_README.html.

Reported by Igor Morgenstern of Aisle Research.

Upstream: overflow detection in Cache-Control delta-seconds.

2025-09-26T12:50:13+00:00

Overflowing calculations are now aligned to the greatest positive integer
as specified in RFC 9111, Section 1.2.2.

SSL: AWS-LC compatibility.

2025-09-25T15:28:36+00:00

QUIC: a new macro to differentiate BoringSSL specific EVP API.

2025-09-25T15:28:36+00:00

QUIC: localized OpenSSL headers used for QUIC protection.

2025-09-25T15:28:36+00:00

SNI: support for early ClientHello callback with BoringSSL.

2025-09-25T15:25:08+00:00

This brings feature parity with OpenSSL after the previous change,
making it possible to set SSL protocols per virtual server.

SNI: using the ClientHello callback.

2025-09-25T15:25:08+00:00

The change introduces an SNI based virtual server selection during
early ClientHello processing.  The callback is available since
OpenSSL 1.1.1; for older OpenSSL versions, the previous behaviour
is kept.

Using the ClientHello callback sets a reasonable processing order
for the "server_name" TLS extension.  Notably, session resumption
decision now happens after applying server configuration chosen by
SNI, useful with enabled verification of client certificates, which
brings consistency with BoringSSL behaviour.  The change supersedes
and reverts a fix made in 46b9f5d38 for TLSv1.3 resumed sessions.

In addition, since the callback is invoked prior to the protocol
version negotiation, this makes it possible to set "ssl_protocols"
on a per-virtual server basis.

To keep the $ssl_server_name variable working with TLSv1.2 resumed
sessions, as previously fixed in fd97b2a80, a limited server name
callback is preserved in order to acknowledge the extension.

Note that to allow third-party modules to properly chain the call to
ngx_ssl_client_hello_callback(), the servername callback function is
passed through exdata.

Fixed inaccurate index directive error report.

2025-09-18T14:16:22+00:00

QUIC: fixed ssl_reject_handshake error handling.

2025-09-12T13:57:48+00:00

This was broken in 7468a10b6 (1.29.0), resulting in a missing diagnostics
and SSL error queue not cleared for SSL handshakes rejected by SNI, seen
as "ignoring stale global SSL error" alerts, for instance, when doing SSL
shutdown of a long standing connection after rejecting another one by SNI.

The fix is to move the qc->error check after c->ssl->handshake_rejected is
handled first, to make the error queue cleared.  Although not practicably
visible as needed, this is accompanied by clearing the error queue under
the qc->error case as well, to be on the safe side.

As an implementation note, due to the way of handling invalid transport
parameters for OpenSSL 3.5 and above, which leaves a passed pointer not
advanced on error, SSL_get_error() may return either SSL_ERROR_WANT_READ
or SSL_ERROR_WANT_WRITE depending on a library.  To cope with that, both
qc->error and c->ssl->handshake_rejected checks were moved out of
"sslerr != SSL_ERROR_WANT_READ".

Also, this reconstructs a missing "SSL_do_handshake() failed" diagnostics
for the qc->error case, replacing using ngx_ssl_connection_error() with
ngx_connection_error().  It is made this way to avoid logging at the crit
log level because qc->error set is expected to have an empty error queue.

Reported and tested by Vladimir Homutov.