| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
AIO related fixes:
*) Fix for connection drops with AIO.
Connections serving content with AIO to fast clients were dropped with
"client timed out" messages after send_timeout from response start.
*) Fix for socket leak with "aio sendfile" and "limit_rate".
Second aio post happened when timer set by limit_rate expired while we have
aio request in flight, resulting in "second aio post" alert and socket leak.
The patch adds actual protection from aio calls with r->aio already set to
aio sendfile code in ngx_http_copy_filter(). This should fix other cases
as well, e.g. when sending buffered to disk upstream replies while still
talking to upstream.
The ngx_http_writer() is also fixed to handle the above case (though it's
mostly optimization now).
|
|
SSL related fixes:
*) Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).
As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.
Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.
Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+. I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
*) Disabling SSL compression. This saves about 300K per SSL connection.
The SSL_OP_NO_COMPRESSION option is available since OpenSSL 1.0.0.
*) Releasing memory of idle SSL connection. This saves about 34K per SSL
connection. The SSL_MODE_RELEASE_BUFFERS option is available since
OpenSSL 1.0.0d.
*) Decrease of log level of some SSL handshake errors.
*) Fixed segfault on configuration testing with ssl (ticket #37).
The following config caused segmentation fault due to conf->file not
being properly set if "ssl on" was inherited from the http level:
http {
ssl on;
server {
}
}
*) Silently ignoring a stale global SSL error left after disabled renegotiation.
|
|
Request body related fixes:
*) Always set timer in discard body handler, this fixes the cases
when request for static file is redirected by error_page to an SSI page.
*) Correctly set body if it's preread and there are extra data.
Previously all available data was used as body, resulting in garbage after
real body e.g. in case of pipelined requests. Make sure to use only as many
bytes as request's Content-Length specifies.
*) Fix body with request_body_in_single_buf.
If there were preread data and request body was big enough first part
of the request body was duplicated.
See report here:
http://mailman.nginx.org/pipermail/nginx/2011-July/027756.html
*) Bugfix: read event was not blocked after reading body.
Read event should be blocked after reading body, else undefined behaviour
might occur on additional client activity. This fixes segmentation faults
observed with proxy_ignore_client_abort set.
|
|
Lingering closing related fixes:
*) lingering_close "off|on|always"
*) enable lingering close for pipelined requests
*) do not send RST on normal lingering close read timeout,
if reset_timedout_connection is on
|
|
Accept-Encoding refactoring:
*) "gzip; q=0" support
*) and removal of ancient MSIE 4.x test for gzip
|
|
patch by Maxim Dounin
|
|
|
|
|
|
|
|
|
|
|
|
https://bugs.webkit.org/show_bug.cgi?id=5760
|
|
|
|
runs ngx_http_core_run_phases(), and starts a request processing again.
The write event has clear type and remained in a keepalive connection.
The bug was introduced in r3050.
|
|
|
|
|
|
and a request line fills it completely
|
|
the bug had been introduced in r2196
|
|
|
|
Initially building lists of ports, addresses, and server names had been
placed at final configuration stage, because complete set of the "listen"s
and the "server_names" were required for this operation. r3218 broke it,
because the "listen"s go usually first in configuration, and
cscf->server_names is empty at this stage, therefore no virtual names
were configured.
Now server configurations are stored in array for each address:port
to configure virtual names. Also regex captures flag is moved from
server names to core server configuration.
|
|
disables incomplete ngx_http_writer()
|
|
|
|
ngx_http_test_reading(), the bug was introduced in r3050
|
|
discarded, the bug was introduced in r3050
|
|
ngx_http_set_keepalive() while request cleanup
|
|
|
|
|
|
*) move low case convertation from ngx_http_find_virtual_server()
to ngx_http_validate_host()
*) add in ngx_http_validate_host() capability to copy host name in the pool
allocated memory
|
|
|
|
|
|
*) use preallocated terminal_posted_request
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
|
|
|
|
|
|
|
|
|
|
this fixes building at least by gcc 4.2.1 on Mac OS X 10.6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
error_log with zero level, and r2447, r2466, r2467 were not enough
*) remove bogus "stderr" level
*) some functions and fields renames
|
