Merged with the default branch.
This commit is contained in:
commit
03b740ba06
|
@ -5,6 +5,72 @@
|
|||
<change_log title="nginx">
|
||||
|
||||
|
||||
<changes ver="1.23.1" date="2022-07-19">
|
||||
|
||||
<change type="feature">
|
||||
<para lang="ru">
|
||||
оптимизация использования памяти
|
||||
в конфигурациях с SSL-проксированием.
|
||||
</para>
|
||||
<para lang="en">
|
||||
memory usage optimization
|
||||
in configurations with SSL proxying.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="feature">
|
||||
<para lang="ru">
|
||||
теперь с помощью параметра "ipv4=off" директивы "resolver"
|
||||
можно запретить поиск IPv4-адресов при преобразовании имён в адреса.
|
||||
</para>
|
||||
<para lang="en">
|
||||
looking up of IPv4 addresses while resolving now can be disabled
|
||||
with the "ipv4=off" parameter of the "resolver" directive.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="change">
|
||||
<para lang="ru">
|
||||
уровень логгирования ошибок SSL "bad key share", "bad extension",
|
||||
"bad cipher" и "bad ecpoint"
|
||||
понижен с уровня crit до info.
|
||||
</para>
|
||||
<para lang="en">
|
||||
the logging level of the "bad key share", "bad extension",
|
||||
"bad cipher", and "bad ecpoint" SSL errors
|
||||
has been lowered from "crit" to "info".
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
при возврате диапазонов
|
||||
nginx не удалял строку заголовка "Content-Range",
|
||||
если она присутствовала в исходном ответе бэкенда.
|
||||
</para>
|
||||
<para lang="en">
|
||||
while returning byte ranges
|
||||
nginx did not remove the "Content-Range" header line
|
||||
if it was present in the original backend response.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
проксированный ответ мог быть отправлен не полностью
|
||||
при переконфигурации на Linux;
|
||||
ошибка появилась в 1.17.5.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a proxied response might be truncated
|
||||
during reconfiguration on Linux;
|
||||
the bug had appeared in 1.17.5.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.23.0" date="2022-06-21">
|
||||
|
||||
<change>
|
||||
|
|
|
@ -6,7 +6,7 @@ TEMP = tmp
|
|||
|
||||
CC = cl
|
||||
OBJS = objs.msvc8
|
||||
OPENSSL = openssl-1.1.1p
|
||||
OPENSSL = openssl-1.1.1q
|
||||
ZLIB = zlib-1.2.12
|
||||
PCRE = pcre2-10.39
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
#define _NGINX_H_INCLUDED_
|
||||
|
||||
|
||||
#define nginx_version 1023000
|
||||
#define NGINX_VERSION "1.23.0"
|
||||
#define nginx_version 1023001
|
||||
#define NGINX_VERSION "1.23.1"
|
||||
#define NGINX_VER "nginx/" NGINX_VERSION
|
||||
|
||||
#ifdef NGX_BUILD
|
||||
|
|
|
@ -157,6 +157,8 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
cln->handler = ngx_resolver_cleanup;
|
||||
cln->data = r;
|
||||
|
||||
r->ipv4 = 1;
|
||||
|
||||
ngx_rbtree_init(&r->name_rbtree, &r->name_sentinel,
|
||||
ngx_resolver_rbtree_insert_value);
|
||||
|
||||
|
@ -225,6 +227,23 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) {
|
||||
|
||||
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
|
||||
r->ipv4 = 1;
|
||||
|
||||
} else if (ngx_strcmp(&names[i].data[5], "off") == 0) {
|
||||
r->ipv4 = 0;
|
||||
|
||||
} else {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"invalid parameter: %V", &names[i]);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) {
|
||||
|
||||
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
|
||||
|
@ -273,6 +292,14 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
}
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (r->ipv4 + r->ipv6 == 0) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"\"ipv4\" and \"ipv6\" cannot both be \"off\"");
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (n && r->connections.nelts == 0) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "no name servers defined");
|
||||
return NULL;
|
||||
|
@ -836,7 +863,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx,
|
|||
r->last_connection = 0;
|
||||
}
|
||||
|
||||
rn->naddrs = (u_short) -1;
|
||||
rn->naddrs = r->ipv4 ? (u_short) -1 : 0;
|
||||
rn->tcp = 0;
|
||||
#if (NGX_HAVE_INET6)
|
||||
rn->naddrs6 = r->ipv6 ? (u_short) -1 : 0;
|
||||
|
@ -1263,7 +1290,7 @@ ngx_resolver_send_query(ngx_resolver_t *r, ngx_resolver_node_t *rn)
|
|||
rec->log.action = "resolving";
|
||||
}
|
||||
|
||||
if (rn->naddrs == (u_short) -1) {
|
||||
if (rn->query && rn->naddrs == (u_short) -1) {
|
||||
rc = rn->tcp ? ngx_resolver_send_tcp_query(r, rec, rn->query, rn->qlen)
|
||||
: ngx_resolver_send_udp_query(r, rec, rn->query, rn->qlen);
|
||||
|
||||
|
@ -1765,10 +1792,13 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
q = ngx_queue_next(q))
|
||||
{
|
||||
rn = ngx_queue_data(q, ngx_resolver_node_t, queue);
|
||||
qident = (rn->query[0] << 8) + rn->query[1];
|
||||
|
||||
if (qident == ident) {
|
||||
goto dns_error_name;
|
||||
if (rn->query) {
|
||||
qident = (rn->query[0] << 8) + rn->query[1];
|
||||
|
||||
if (qident == ident) {
|
||||
goto dns_error_name;
|
||||
}
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
|
@ -3645,7 +3675,7 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
len = sizeof(ngx_resolver_hdr_t) + nlen + sizeof(ngx_resolver_qs_t);
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
p = ngx_resolver_alloc(r, r->ipv6 ? len * 2 : len);
|
||||
p = ngx_resolver_alloc(r, len * (r->ipv4 + r->ipv6));
|
||||
#else
|
||||
p = ngx_resolver_alloc(r, len);
|
||||
#endif
|
||||
|
@ -3658,19 +3688,21 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (r->ipv6) {
|
||||
rn->query6 = p + len;
|
||||
rn->query6 = r->ipv4 ? (p + len) : p;
|
||||
}
|
||||
#endif
|
||||
|
||||
query = (ngx_resolver_hdr_t *) p;
|
||||
|
||||
ident = ngx_random();
|
||||
if (r->ipv4) {
|
||||
ident = ngx_random();
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
|
||||
"resolve: \"%V\" A %i", name, ident & 0xffff);
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
|
||||
"resolve: \"%V\" A %i", name, ident & 0xffff);
|
||||
|
||||
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
|
||||
query->ident_lo = (u_char) (ident & 0xff);
|
||||
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
|
||||
query->ident_lo = (u_char) (ident & 0xff);
|
||||
}
|
||||
|
||||
/* recursion query */
|
||||
query->flags_hi = 1; query->flags_lo = 0;
|
||||
|
@ -3731,7 +3763,9 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
|
||||
p = rn->query6;
|
||||
|
||||
ngx_memcpy(p, rn->query, rn->qlen);
|
||||
if (r->ipv4) {
|
||||
ngx_memcpy(p, rn->query, rn->qlen);
|
||||
}
|
||||
|
||||
query = (ngx_resolver_hdr_t *) p;
|
||||
|
||||
|
|
|
@ -175,8 +175,10 @@ struct ngx_resolver_s {
|
|||
ngx_queue_t srv_expire_queue;
|
||||
ngx_queue_t addr_expire_queue;
|
||||
|
||||
unsigned ipv4:1;
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
ngx_uint_t ipv6; /* unsigned ipv6:1; */
|
||||
unsigned ipv6:1;
|
||||
ngx_rbtree_t addr6_rbtree;
|
||||
ngx_rbtree_node_t addr6_sentinel;
|
||||
ngx_queue_t addr6_resend_queue;
|
||||
|
|
|
@ -3350,6 +3350,12 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|
|||
#ifdef SSL_R_NO_SUITABLE_KEY_SHARE
|
||||
|| n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */
|
||||
#endif
|
||||
#ifdef SSL_R_BAD_KEY_SHARE
|
||||
|| n == SSL_R_BAD_KEY_SHARE /* 108 */
|
||||
#endif
|
||||
#ifdef SSL_R_BAD_EXTENSION
|
||||
|| n == SSL_R_BAD_EXTENSION /* 110 */
|
||||
#endif
|
||||
#ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM
|
||||
|| n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */
|
||||
#endif
|
||||
|
@ -3364,6 +3370,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|
|||
|| n == SSL_R_NO_CIPHERS_PASSED /* 182 */
|
||||
#endif
|
||||
|| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
|
||||
#ifdef SSL_R_BAD_CIPHER
|
||||
|| n == SSL_R_BAD_CIPHER /* 186 */
|
||||
#endif
|
||||
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|
||||
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */
|
||||
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
|
||||
|
@ -3398,6 +3407,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|
|||
#ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN
|
||||
|| n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */
|
||||
#endif
|
||||
#ifdef SSL_R_BAD_ECPOINT
|
||||
|| n == SSL_R_BAD_ECPOINT /* 306 */
|
||||
#endif
|
||||
#ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
|
||||
|| n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */
|
||||
|| n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */
|
||||
|
|
|
@ -209,6 +209,8 @@ static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf,
|
|||
ngx_command_t *cmd, void *conf);
|
||||
static char *ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post,
|
||||
void *data);
|
||||
static ngx_int_t ngx_http_grpc_merge_ssl(ngx_conf_t *cf,
|
||||
ngx_http_grpc_loc_conf_t *conf, ngx_http_grpc_loc_conf_t *prev);
|
||||
static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf,
|
||||
ngx_http_grpc_loc_conf_t *glcf);
|
||||
#endif
|
||||
|
@ -562,7 +564,7 @@ ngx_http_grpc_handler(ngx_http_request_t *r)
|
|||
ctx->host = glcf->host;
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
u->ssl = (glcf->upstream.ssl != NULL);
|
||||
u->ssl = glcf->ssl;
|
||||
|
||||
if (u->ssl) {
|
||||
ngx_str_set(&u->schema, "grpcs://");
|
||||
|
@ -4463,6 +4465,10 @@ ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
|
||||
#if (NGX_HTTP_SSL)
|
||||
|
||||
if (ngx_http_grpc_merge_ssl(cf, conf, prev) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
|
||||
prev->upstream.ssl_session_reuse, 1);
|
||||
|
||||
|
@ -4524,7 +4530,7 @@ ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
conf->grpc_values = prev->grpc_values;
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
conf->upstream.ssl = prev->upstream.ssl;
|
||||
conf->ssl = prev->ssl;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -4873,18 +4879,64 @@ ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
|
|||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_grpc_merge_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *conf,
|
||||
ngx_http_grpc_loc_conf_t *prev)
|
||||
{
|
||||
ngx_uint_t preserve;
|
||||
|
||||
if (conf->ssl_protocols == 0
|
||||
&& conf->ssl_ciphers.data == NULL
|
||||
&& conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_verify == NGX_CONF_UNSET
|
||||
&& conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
|
||||
&& conf->ssl_trusted_certificate.data == NULL
|
||||
&& conf->ssl_crl.data == NULL
|
||||
&& conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
|
||||
&& conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
|
||||
{
|
||||
if (prev->upstream.ssl) {
|
||||
conf->upstream.ssl = prev->upstream.ssl;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
preserve = 1;
|
||||
|
||||
} else {
|
||||
preserve = 0;
|
||||
}
|
||||
|
||||
conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
|
||||
if (conf->upstream.ssl == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
conf->upstream.ssl->log = cf->log;
|
||||
|
||||
/*
|
||||
* special handling to preserve conf->upstream.ssl
|
||||
* in the "http" section to inherit it to all servers
|
||||
*/
|
||||
|
||||
if (preserve) {
|
||||
prev->upstream.ssl = conf->upstream.ssl;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
|
||||
{
|
||||
ngx_pool_cleanup_t *cln;
|
||||
|
||||
glcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
|
||||
if (glcf->upstream.ssl == NULL) {
|
||||
return NGX_ERROR;
|
||||
if (glcf->upstream.ssl->ctx) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
glcf->upstream.ssl->log = cf->log;
|
||||
|
||||
if (ngx_ssl_create(glcf->upstream.ssl, glcf->ssl_protocols, NULL)
|
||||
!= NGX_OK)
|
||||
{
|
||||
|
|
|
@ -236,6 +236,8 @@ static ngx_int_t ngx_http_proxy_rewrite_regex(ngx_conf_t *cf,
|
|||
ngx_http_proxy_rewrite_t *pr, ngx_str_t *regex, ngx_uint_t caseless);
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
static ngx_int_t ngx_http_proxy_merge_ssl(ngx_conf_t *cf,
|
||||
ngx_http_proxy_loc_conf_t *conf, ngx_http_proxy_loc_conf_t *prev);
|
||||
static ngx_int_t ngx_http_proxy_set_ssl(ngx_conf_t *cf,
|
||||
ngx_http_proxy_loc_conf_t *plcf);
|
||||
#endif
|
||||
|
@ -959,7 +961,7 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
|
|||
ctx->vars = plcf->vars;
|
||||
u->schema = plcf->vars.schema;
|
||||
#if (NGX_HTTP_SSL)
|
||||
u->ssl = (plcf->upstream.ssl != NULL);
|
||||
u->ssl = plcf->ssl;
|
||||
#endif
|
||||
|
||||
} else {
|
||||
|
@ -3724,6 +3726,10 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
|
||||
#if (NGX_HTTP_SSL)
|
||||
|
||||
if (ngx_http_proxy_merge_ssl(cf, conf, prev) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
|
||||
prev->upstream.ssl_session_reuse, 1);
|
||||
|
||||
|
@ -3857,7 +3863,7 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
conf->proxy_values = prev->proxy_values;
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
conf->upstream.ssl = prev->upstream.ssl;
|
||||
conf->ssl = prev->ssl;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -4922,18 +4928,64 @@ ngx_http_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
|
|||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_proxy_merge_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *conf,
|
||||
ngx_http_proxy_loc_conf_t *prev)
|
||||
{
|
||||
ngx_uint_t preserve;
|
||||
|
||||
if (conf->ssl_protocols == 0
|
||||
&& conf->ssl_ciphers.data == NULL
|
||||
&& conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_verify == NGX_CONF_UNSET
|
||||
&& conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
|
||||
&& conf->ssl_trusted_certificate.data == NULL
|
||||
&& conf->ssl_crl.data == NULL
|
||||
&& conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
|
||||
&& conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
|
||||
{
|
||||
if (prev->upstream.ssl) {
|
||||
conf->upstream.ssl = prev->upstream.ssl;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
preserve = 1;
|
||||
|
||||
} else {
|
||||
preserve = 0;
|
||||
}
|
||||
|
||||
conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
|
||||
if (conf->upstream.ssl == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
conf->upstream.ssl->log = cf->log;
|
||||
|
||||
/*
|
||||
* special handling to preserve conf->upstream.ssl
|
||||
* in the "http" section to inherit it to all servers
|
||||
*/
|
||||
|
||||
if (preserve) {
|
||||
prev->upstream.ssl = conf->upstream.ssl;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
|
||||
{
|
||||
ngx_pool_cleanup_t *cln;
|
||||
|
||||
plcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
|
||||
if (plcf->upstream.ssl == NULL) {
|
||||
return NGX_ERROR;
|
||||
if (plcf->upstream.ssl->ctx) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
plcf->upstream.ssl->log = cf->log;
|
||||
|
||||
if (ngx_ssl_create(plcf->upstream.ssl, plcf->ssl_protocols, NULL)
|
||||
!= NGX_OK)
|
||||
{
|
||||
|
|
|
@ -425,6 +425,10 @@ ngx_http_range_singlepart_header(ngx_http_request_t *r,
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (r->headers_out.content_range) {
|
||||
r->headers_out.content_range->hash = 0;
|
||||
}
|
||||
|
||||
r->headers_out.content_range = content_range;
|
||||
|
||||
content_range->hash = 1;
|
||||
|
@ -582,6 +586,11 @@ ngx_http_range_multipart_header(ngx_http_request_t *r,
|
|||
r->headers_out.content_length = NULL;
|
||||
}
|
||||
|
||||
if (r->headers_out.content_range) {
|
||||
r->headers_out.content_range->hash = 0;
|
||||
r->headers_out.content_range = NULL;
|
||||
}
|
||||
|
||||
return ngx_http_next_header_filter(r);
|
||||
}
|
||||
|
||||
|
@ -598,6 +607,10 @@ ngx_http_range_not_satisfiable(ngx_http_request_t *r)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (r->headers_out.content_range) {
|
||||
r->headers_out.content_range->hash = 0;
|
||||
}
|
||||
|
||||
r->headers_out.content_range = content_range;
|
||||
|
||||
content_range->hash = 1;
|
||||
|
|
|
@ -96,6 +96,8 @@ static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf,
|
|||
ngx_command_t *cmd, void *conf);
|
||||
static char *ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post,
|
||||
void *data);
|
||||
static ngx_int_t ngx_http_uwsgi_merge_ssl(ngx_conf_t *cf,
|
||||
ngx_http_uwsgi_loc_conf_t *conf, ngx_http_uwsgi_loc_conf_t *prev);
|
||||
static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf,
|
||||
ngx_http_uwsgi_loc_conf_t *uwcf);
|
||||
#endif
|
||||
|
@ -668,7 +670,7 @@ ngx_http_uwsgi_handler(ngx_http_request_t *r)
|
|||
if (uwcf->uwsgi_lengths == NULL) {
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
u->ssl = (uwcf->upstream.ssl != NULL);
|
||||
u->ssl = uwcf->ssl;
|
||||
|
||||
if (u->ssl) {
|
||||
ngx_str_set(&u->schema, "suwsgi://");
|
||||
|
@ -1865,6 +1867,10 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
|
||||
#if (NGX_HTTP_SSL)
|
||||
|
||||
if (ngx_http_uwsgi_merge_ssl(cf, conf, prev) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
|
||||
prev->upstream.ssl_session_reuse, 1);
|
||||
|
||||
|
@ -1927,7 +1933,7 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
conf->uwsgi_values = prev->uwsgi_values;
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
conf->upstream.ssl = prev->upstream.ssl;
|
||||
conf->ssl = prev->ssl;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -2454,18 +2460,64 @@ ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
|
|||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_uwsgi_merge_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
|
||||
ngx_http_uwsgi_loc_conf_t *prev)
|
||||
{
|
||||
ngx_uint_t preserve;
|
||||
|
||||
if (conf->ssl_protocols == 0
|
||||
&& conf->ssl_ciphers.data == NULL
|
||||
&& conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
|
||||
&& conf->upstream.ssl_verify == NGX_CONF_UNSET
|
||||
&& conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
|
||||
&& conf->ssl_trusted_certificate.data == NULL
|
||||
&& conf->ssl_crl.data == NULL
|
||||
&& conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
|
||||
&& conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
|
||||
{
|
||||
if (prev->upstream.ssl) {
|
||||
conf->upstream.ssl = prev->upstream.ssl;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
preserve = 1;
|
||||
|
||||
} else {
|
||||
preserve = 0;
|
||||
}
|
||||
|
||||
conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
|
||||
if (conf->upstream.ssl == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
conf->upstream.ssl->log = cf->log;
|
||||
|
||||
/*
|
||||
* special handling to preserve conf->upstream.ssl
|
||||
* in the "http" section to inherit it to all servers
|
||||
*/
|
||||
|
||||
if (preserve) {
|
||||
prev->upstream.ssl = conf->upstream.ssl;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
|
||||
{
|
||||
ngx_pool_cleanup_t *cln;
|
||||
|
||||
uwcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
|
||||
if (uwcf->upstream.ssl == NULL) {
|
||||
return NGX_ERROR;
|
||||
if (uwcf->upstream.ssl->ctx) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
uwcf->upstream.ssl->log = cf->log;
|
||||
|
||||
if (ngx_ssl_create(uwcf->upstream.ssl, uwcf->ssl_protocols, NULL)
|
||||
!= NGX_OK)
|
||||
{
|
||||
|
|
|
@ -46,6 +46,7 @@ ngx_readv_chain(ngx_connection_t *c, ngx_chain_t *chain, off_t limit)
|
|||
return 0;
|
||||
|
||||
} else {
|
||||
rev->ready = 0;
|
||||
return NGX_AGAIN;
|
||||
}
|
||||
}
|
||||
|
@ -63,6 +64,7 @@ ngx_readv_chain(ngx_connection_t *c, ngx_chain_t *chain, off_t limit)
|
|||
rev->pending_eof, rev->available);
|
||||
|
||||
if (rev->available == 0 && !rev->pending_eof) {
|
||||
rev->ready = 0;
|
||||
return NGX_AGAIN;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -103,6 +103,8 @@ static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc);
|
|||
static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c);
|
||||
static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s);
|
||||
static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s);
|
||||
static ngx_int_t ngx_stream_proxy_merge_ssl(ngx_conf_t *cf,
|
||||
ngx_stream_proxy_srv_conf_t *conf, ngx_stream_proxy_srv_conf_t *prev);
|
||||
static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
|
||||
ngx_stream_proxy_srv_conf_t *pscf);
|
||||
|
||||
|
@ -801,7 +803,7 @@ ngx_stream_proxy_init_upstream(ngx_stream_session_t *s)
|
|||
|
||||
#if (NGX_STREAM_SSL)
|
||||
|
||||
if (pc->type == SOCK_STREAM && pscf->ssl) {
|
||||
if (pc->type == SOCK_STREAM && pscf->ssl_enable) {
|
||||
|
||||
if (u->proxy_protocol) {
|
||||
if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) {
|
||||
|
@ -2165,6 +2167,10 @@ ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
|
||||
#if (NGX_STREAM_SSL)
|
||||
|
||||
if (ngx_stream_proxy_merge_ssl(cf, conf, prev) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0);
|
||||
|
||||
ngx_conf_merge_value(conf->ssl_session_reuse,
|
||||
|
@ -2213,18 +2219,64 @@ ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
|
||||
#if (NGX_STREAM_SSL)
|
||||
|
||||
static ngx_int_t
|
||||
ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *conf,
|
||||
ngx_stream_proxy_srv_conf_t *prev)
|
||||
{
|
||||
ngx_uint_t preserve;
|
||||
|
||||
if (conf->ssl_protocols == 0
|
||||
&& conf->ssl_ciphers.data == NULL
|
||||
&& conf->ssl_certificate == NGX_CONF_UNSET_PTR
|
||||
&& conf->ssl_certificate_key == NGX_CONF_UNSET_PTR
|
||||
&& conf->ssl_passwords == NGX_CONF_UNSET_PTR
|
||||
&& conf->ssl_verify == NGX_CONF_UNSET
|
||||
&& conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
|
||||
&& conf->ssl_trusted_certificate.data == NULL
|
||||
&& conf->ssl_crl.data == NULL
|
||||
&& conf->ssl_session_reuse == NGX_CONF_UNSET
|
||||
&& conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
|
||||
{
|
||||
if (prev->ssl) {
|
||||
conf->ssl = prev->ssl;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
preserve = 1;
|
||||
|
||||
} else {
|
||||
preserve = 0;
|
||||
}
|
||||
|
||||
conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
|
||||
if (conf->ssl == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
conf->ssl->log = cf->log;
|
||||
|
||||
/*
|
||||
* special handling to preserve conf->ssl
|
||||
* in the "stream" section to inherit it to all servers
|
||||
*/
|
||||
|
||||
if (preserve) {
|
||||
prev->ssl = conf->ssl;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
|
||||
{
|
||||
ngx_pool_cleanup_t *cln;
|
||||
|
||||
pscf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
|
||||
if (pscf->ssl == NULL) {
|
||||
return NGX_ERROR;
|
||||
if (pscf->ssl->ctx) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
pscf->ssl->log = cf->log;
|
||||
|
||||
if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue