nginx.git/src, branch release-1.9.14

HTTP/2: support for unbuffered upload of request body.

2016-04-01T12:57:10+00:00

HTTP/2: rewritten handling of request body.

2016-04-01T12:56:03+00:00

There are two improvements:

  1. Support for request body filters;

  2. Receiving of request body is started only after
     the ngx_http_read_client_request_body() call.

The last one fixes the problem when the client_max_body_size value might not be
respected from the right location if the location was changed either during the
process of receiving body or after the whole body had been received.

HTTP/2: sending RST_STREAM with NO_ERROR to discard request body.

2016-04-01T12:56:03+00:00

RFC 7540 states that "A server can send a complete response prior to the client
sending an entire request if the response does not depend on any portion of the
request that has not been sent and received.  When this is true, a server MAY
request that the client abort transmission of a request without error by sending
a RST_STREAM with an error code of NO_ERROR after sending a complete response
(i.e., a frame with the END_STREAM flag)."

This should prevent a client from blocking on the stream window, since it isn't
maintained for closed streams.  Currently, quite big initial stream windows are
used, so such blocking is very unlikly, but that will be changed in the further
patches.

Core: removed incorrect GCC 2.7 check.

2016-04-01T10:17:12+00:00

It was broken since introduction (__GNU__ instead of __GNUC__) and did
nothing.  Moreover, GCC 2.7 is happy with the normal version of the code.

Reported by Joel Cunningham,
http://mailman.nginx.org/pipermail/nginx-devel/2016-March/007964.html.

SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.

2016-03-31T20:38:38+00:00

SSLeay_version() and SSLeay() are no longer available if OPENSSL_API_COMPAT
is set to 0x10100000L.  Switched to using OpenSSL_version() instead.

Additionally, we now compare version strings instead of version numbers,
and this correctly works for LibreSSL as well.

SSL: X509 was made opaque in OpenSSL 1.1.0.

2016-03-31T20:38:37+00:00

To increment reference counters we now use newly introduced X509_up_ref()
function.

SSL: EVP_MD_CTX was made opaque in OpenSSL 1.1.0.

2016-03-31T20:38:36+00:00

SSL: RSA_generate_key() is deprecated in OpenSSL 1.1.0.

2016-03-31T20:38:34+00:00

OpenSSL removed support for all 40 and 56 bit ciphers.

SSL: initialization changes for OpenSSL 1.1.0.

2016-03-31T20:38:33+00:00

OPENSSL_config() deprecated in OpenSSL 1.1.0.  Additionally,
SSL_library_init(), SSL_load_error_strings() and OpenSSL_add_all_algorithms()
are no longer available if OPENSSL_API_COMPAT is set to 0x10100000L.

The OPENSSL_init_ssl() function is now used instead with appropriate
arguments to trigger the same behaviour.  The configure test changed to
use SSL_CTX_set_options().

Deinitialization now happens automatically in OPENSSL_cleanup() called
via atexit(3), so we no longer call EVP_cleanup() and ENGINE_cleanup()
directly.

SSL: get_session callback changed in OpenSSL 1.1.0.

2016-03-31T20:38:32+00:00