| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This prevents inappropriate session reuse in unrelated server{}
blocks, while preserving ability to restore sessions on other servers
when using TLS Session Tickets.
Additionally, session context is now set even if there is no session cache
configured. This is needed as it's also used for TLS Session Tickets.
Thanks to Antoine Delignat-Lavaud and Piotr Sikora.
|
|
It might not work if there were more than one "access_log" directives
pointed to the same file and duplicate buffer parameters.
|
|
The new directives {proxy,fastcgi,scgi,uwsgi,memcached}_next_upstream_tries
and {proxy,fastcgi,scgi,uwsgi,memcached}_next_upstream_timeout limit
the number of upstreams tried and the maximum time spent for these tries
when searching for a valid upstream.
|
|
Since peer.tries is never reset it can now be limited if required.
|
|
The "single" parameter is deprecated and ignored since 5b5c07dee156 (1.3.2).
|
|
In fastcgi, scgi and uwsgi modules there are no default cache keys, and
using a cache without a cache key set is likely meaningless.
|
|
|
|
When memory allocation failed in ngx_http_upstream_cache(), the connection
would be terminated directly in ngx_http_upstream_init_request().
Return a INTERNAL_SERVER_ERROR response instead.
|
|
The ngx_init_setproctitle() function, as used on systems without
setproctitle(3), may fail due to memory allocation errors, and
therefore its return code needs to be checked.
Reported by Markus Linnala.
|
|
The etag->hash must be set to 0 to avoid an empty ETag header being
returned with the 500 Internal Server Error page after the memory
allocation failure.
Reported by Markus Linnala.
|
|
Now we actually return NGX_ERROR on errors, and provide an error
string for memory allocation errors.
Reported by Markus Linnala.
|
|
Some of the OpenSSL forks (read: BoringSSL) started removing unused,
no longer necessary and/or not really working bug workarounds along
with the SSL options and defines for them.
Instead of fixing nginx build after each removal, be proactive
and guard use of all SSL options for bug workarounds.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
The messages "ngx_slab_alloc() failed: no memory in cache keys zone"
from the file cache slab allocator are suppressed since the allocation
is likely to succeed after the forced expiration of cache nodes.
The second allocation failure is reported.
|
|
In theory, this can provide a bit better distribution of latencies.
Also it simplifies the code, since ngx_queue_t is now used instead
of custom implementation.
|
|
It's mostly dead code. And the idea of thread support for this task has
been deprecated.
|
|
Currently it isn't used, but it can be suitable to distinguish
objects stored in c->data.
|
|
Made it clear when the selected balancing method does not
support certain parameters of the "server" directive.
|
|
If specified, the header field is set regardless of the status code.
|
|
|
|
Previously, a configuration like
location / {
ssi on;
ssi_types *;
set $http_foo "bar";
return 200 '<!--#echo var="http_foo" -->\n';
}
resulted in NULL pointer dereference in ngx_http_get_variable() as
the variable was explicitly added to the variables hash, but its
get_handler wasn't properly set in the hash. Fix is to make sure
that get_handler is properly set by ngx_http_variables_init_vars().
|
|
|
|
The SPDY module doesn't expect timers can be set on stream events for reasons
other than delaying output. But ngx_http_writer() could add timer on write
event if the delayed flag wasn't set and nginx is waiting for AIO completion.
That could cause delays in sending response over SPDY when file AIO was used.
|
|
If a "resolver_timeout" occurs, only the first waiting request
was notified. Other requests may hang forever.
|
|
The "stub_status" directive does not require an argument.
|
|
|
|
|
|
There's no loc_conf in the mail module.
|
|
Reported by Gang Li.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
perl_parse() function expects argv/argc-style argument list,
which according to the C standard must be NULL-terminated,
that is: argv[argc] == NULL.
This change fixes a crash (SIGSEGV) that could happen because
of the buffer overrun during perl module initialization.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
|
|
|
|
The bug had appeared in nginx 1.5.6 (04e43d03e153).
Reported by Chris Boulton.
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
|
|
|
|
|
|
Once error occured, it could lead to use uninitialized variables to log,
even more segmentation fault.
|
|
LibreSSL developers decided that LibreSSL is OpenSSL-2.0.0, so tests
for OpenSSL-1.0.2+ are now passing, even though the library doesn't
provide functions that are expected from that version of OpenSSL.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
This change adds support for using BoringSSL as a drop-in replacement
for OpenSSL without adding support for any of the BoringSSL-specific
features.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
This is really just a prerequisite for building against BoringSSL,
which doesn't provide either of those features.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
This helps to reduce likelyhood of memory allocations in ngx_readv_chain(),
which are known to lead to noticeable effects in some cases, see
http://mailman.nginx.org/pipermail/nginx/2014-July/044512.html.
|
|
|
|
Timeout may not be set on an upstream connection when we call
ngx_ssl_handshake() in ngx_http_upstream_ssl_init_connection(),
so make sure to arm it if it's not set.
Based on a patch by Yichun Zhang.
|
|
The ngx_http_geoip_city_float_variable and
ngx_http_geoip_city_int_variable functions did not always initialize
all variable fields like "not_found", which could lead to empty values
for those corresponding nginx variables randomly.
|
