- Apr 07, 2015
-
-
Maxim Dounin authored
-
- Mar 26, 2015
-
-
Ruslan Ermilov authored
The new thread pools code uses spinlocks.
-
- Apr 06, 2015
-
-
Sergey Kandaurov authored
Similar to ngx_http_file_cache_set_slot(), the last component of file->name with a fixed length of 10 bytes, as generated in ngx_create_temp_path(), is used as a source for the names of intermediate subdirectories with each one taking its own part. Ensure that the sum of specified levels with slashes fits into the length (ticket #731).
-
Sergey Kandaurov authored
Level hierarchy is pre-zeroed in ngx_pcalloc() of the surrounding ngx_path_t.
-
Sergey Kandaurov authored
-
Ruslan Ermilov authored
-
Valentin Bartenev authored
This fixes unbuffered proxying to SSL backends, since it prevents ngx_ssl_send_chain() from accumulation of request body in the SSL buffer.
-
Valentin Bartenev authored
-
- Apr 03, 2015
-
-
Maxim Dounin authored
-
- Apr 01, 2015
-
-
Filipe da Silva authored
Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init fails. Missing call to OCSP_CERTID_free when OCSP_request_add0_id fails. Possible leaks in vary particular scenariis of memory shortage.
-
Valentin Bartenev authored
-
- Mar 31, 2015
-
-
Sergey Kandaurov authored
Found by Valgrind.
-
- Mar 27, 2015
-
-
Valentin Bartenev authored
The main thread could wake up and start processing the notify event before the handler was set.
-
Valentin Bartenev authored
-
- Mar 23, 2015
-
-
Valentin Bartenev authored
This helps to avoid suboptimal behavior when a client waits for a control frame or more data to increase window size, but the frames have been delayed in the socket buffer. The delays can be caused by bad interaction between Nagle's algorithm on nginx side and delayed ACK on the client side or by TCP_CORK/TCP_NOPUSH if SPDY was working without SSL and sendfile() was used. The pushing code is now very similar to ngx_http_set_keepalive().
-
Valentin Bartenev authored
-
- Mar 26, 2015
-
-
Maxim Dounin authored
-
- Mar 25, 2015
-
-
Maxim Dounin authored
If any preread body bytes were sent in the first chain, chunk size was incorrectly added before the whole chain, including header, resulting in an invalid request sent to upstream. Fixed to properly add chunk size after the header.
-
- Mar 24, 2015
-
-
Maxim Dounin authored
-
Maxim Dounin authored
-
- Mar 23, 2015
-
-
Maxim Dounin authored
-
Maxim Dounin authored
-
Maxim Dounin authored
-
Maxim Dounin authored
The r->request_body_no_buffering flag was introduced. It instructs client request body reading code to avoid reading the whole body, and to call post_handler early instead. The caller should use the ngx_http_read_unbuffered_request_body() function to read remaining parts of the body. Upstream module is now able to use this mode, if configured with the proxy_request_buffering directive.
-
Maxim Dounin authored
-
Maxim Dounin authored
-
Maxim Dounin authored
-
Maxim Dounin authored
-
Maxim Dounin authored
Now we log a "zero size buf in chain writer" alert if we encounter a zero sized buffer in ngx_chain_writer(), and skip the buffer.
-
Maxim Dounin authored
-
Maxim Dounin authored
If the last header evaluation resulted in an empty header, the e.skip flag was set and was not reset when we've switched to evaluation of body_values. This incorrectly resulted in body values being skipped instead of producing some correct body as set by proxy_set_body. Fix is to properly reset the e.skip flag. As the problem only appeared if the last potentially non-empty header happened to be empty, it only manifested itself if proxy_set_body was used with proxy_cache.
-
Valentin Bartenev authored
-
Valentin Bartenev authored
No functional changes.
-
Valentin Bartenev authored
It's not needed for completed tasks queue since the previous change. No functional changes.
-
Valentin Bartenev authored
-
Ruslan Ermilov authored
-
- Mar 22, 2015
-
-
Maxim Dounin authored
-
Maxim Dounin authored
The SSL_MODE_NO_AUTO_CHAIN mode prevents OpenSSL from automatically building a certificate chain on the fly if there is no certificate chain explicitly provided. Before this change, certificates provided via the ssl_client_certificate and ssl_trusted_certificate directives were used by OpenSSL to automatically build certificate chains, resulting in unexpected (and in some cases unneeded) chains being sent to clients.
-
Maxim Dounin authored
LibreSSL removed support for export ciphers and a call to SSL_CTX_set_tmp_rsa_callback() results in an error left in the error queue. This caused alerts "ignoring stale global SSL error (...called a function you should not call) while SSL handshaking" on a first connection in each worker process.
-
Maxim Dounin authored
LibreSSL 2.1.1+ started to set SSL_OP_NO_SSLv3 option by default on new contexts. This makes sure to clear it to make it possible to use SSLv3 with LibreSSL if enabled in nginx config. Prodded by Kuramoto Eiji.
-