From 31eb8c015d58a5b36b9578d4ee6c217e16cb776f Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Fri, 23 Sep 2005 11:02:22 +0000 Subject: nginx-0.2.0-RELEASE import *) The pid-file names used during online upgrade was changed and now is not required a manual rename operation. The old master process adds the ".oldbin" suffix to its pid-file and executes a new binary file. The new master process creates usual pid-file without the ".newbin" suffix. If the master process exits, then old master process renames back its pid-file with the ".oldbin" suffix to the pid-file without suffix. *) Change: the "worker_connections" directive, new name of the "connections" directive; now the directive specifies maximum number of connections, but not maximum socket descriptor number. *) Feature: SSL supports the session cache inside one worker process. *) Feature: the "satisfy_any" directive. *) Change: the ngx_http_access_module and ngx_http_auth_basic_module do not run for subrequests. *) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending" directives. *) Bugfix: if all backend using in load-balancing failed after one error, then nginx did not try do connect to them during 60 seconds. *) Bugfix: in IMAP/POP3 command argument parsing. Thanks to Rob Mueller. *) Bugfix: errors while using SSL in IMAP/POP3 proxy. *) Bugfix: errors while using SSI and gzipping. *) Bugfix: the "Expires" and "Cache-Control" header lines were omitted from the 304 responses. Thanks to Alexandr Kukushkin. --- src/http/modules/ngx_http_autoindex_module.c | 5 ++++- src/http/modules/ngx_http_headers_filter_module.c | 5 ++++- src/http/modules/ngx_http_proxy_module.c | 2 +- src/http/modules/ngx_http_ssl_module.c | 20 +++++++++++++------- src/http/modules/ngx_http_static_module.c | 5 ++++- 5 files changed, 26 insertions(+), 11 deletions(-) (limited to 'src/http/modules') diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c index 2838e9fc7..fb40669ba 100644 --- a/src/http/modules/ngx_http_autoindex_module.c +++ b/src/http/modules/ngx_http_autoindex_module.c @@ -203,7 +203,10 @@ ngx_http_autoindex_handler(ngx_http_request_t *r) if (ngx_open_dir(&dname, &dir) == NGX_ERROR) { err = ngx_errno; - if (err == NGX_ENOENT || err == NGX_ENOTDIR) { + if (err == NGX_ENOENT + || err == NGX_ENOTDIR + || err == NGX_ENAMETOOLONG) + { level = NGX_LOG_ERR; rc = NGX_HTTP_NOT_FOUND; diff --git a/src/http/modules/ngx_http_headers_filter_module.c b/src/http/modules/ngx_http_headers_filter_module.c index 1ad225fe9..43cb5c8cd 100644 --- a/src/http/modules/ngx_http_headers_filter_module.c +++ b/src/http/modules/ngx_http_headers_filter_module.c @@ -82,7 +82,10 @@ ngx_http_headers_filter(ngx_http_request_t *r) ngx_table_elt_t *expires, *cc, **ccp; ngx_http_headers_conf_t *conf; - if (r->headers_out.status != NGX_HTTP_OK || r->main) { + if ((r->headers_out.status != NGX_HTTP_OK + && r->headers_out.status != NGX_HTTP_NOT_MODIFIED) + || r->main) + { return ngx_http_next_header_filter(r); } diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c index 1415f2180..c807df94d 100644 --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -160,7 +160,7 @@ static ngx_command_t ngx_http_proxy_commands[] = { NULL }, { ngx_string("proxy_pass_unparsed_uri"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, ngx_conf_set_flag_slot, NGX_HTTP_LOC_CONF_OFFSET, offsetof(ngx_http_proxy_loc_conf_t, upstream.pass_unparsed_uri), diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 5137af0d8..130f2b305 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -83,6 +83,9 @@ ngx_module_t ngx_http_ssl_module = { }; +static u_char ngx_http_session_id_ctx[] = "HTTP"; + + static void * ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) { @@ -147,12 +150,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) } -#if 0 - SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); - SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_NO_SSLv3); - SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_SINGLE_DH_USE); -#endif - if (conf->ciphers.len) { if (SSL_CTX_set_cipher_list(conf->ssl_ctx, (const char *) conf->ciphers.data) == 0) @@ -182,7 +179,16 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) return NGX_CONF_ERROR; } - SSL_CTX_set_verify(conf->ssl_ctx, SSL_VERIFY_NONE, NULL); + SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); + + SSL_CTX_set_mode(conf->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + + SSL_CTX_set_read_ahead(conf->ssl_ctx, 1); + + SSL_CTX_set_session_cache_mode(conf->ssl_ctx, SSL_SESS_CACHE_SERVER); + + SSL_CTX_set_session_id_context(conf->ssl_ctx, ngx_http_session_id_ctx, + sizeof(ngx_http_session_id_ctx) - 1); return NGX_CONF_OK; } diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c index eac3c193a..d8884cac8 100644 --- a/src/http/modules/ngx_http_static_module.c +++ b/src/http/modules/ngx_http_static_module.c @@ -203,7 +203,10 @@ ngx_http_static_handler(ngx_http_request_t *r) if (fd == NGX_INVALID_FILE) { err = ngx_errno; - if (err == NGX_ENOENT || err == NGX_ENOTDIR) { + if (err == NGX_ENOENT + || err == NGX_ENOTDIR + || err == NGX_ENAMETOOLONG) + { level = NGX_LOG_ERR; rc = NGX_HTTP_NOT_FOUND; -- cgit