nginx-quic

Commit Graph

Author	SHA1	Message	Date
Igor Sysoev	8b6279ef16	merge r3489, r3493: ) MSVC8 compatibility with OpenSSL 1.0.0 ) fix building OpenSSL-1.0.0 on 64-bit Linux: make installs the libraries in lib64 directory and build nginx/Windows against OpenSSL-0.9.8n	2010-06-07 11:55:20 +00:00
Igor Sysoev	5ff6279efa	merge r3456, r3458, r3465: SSL fixes: ) decrease SSL handshake error level to info ) Set SSL session context for "ssl_session_cache none". This fixes a bug when client certficate is used and nginx closes connection with the message: "SSL_GET_PREV_SESSION:session id context uninitialized". *) add OpenSSL_add_all_algorithms(), this fixes the error "ASN1_item_verify:unknown message digest algorithm" occurred if client certificate is signed using sha256WithRSAEncryption	2010-06-07 10:09:14 +00:00
Igor Sysoev	7ac538bd2a	merge r3283, r3284: fix segfault if $limit_rate was logged fix segfault in SSL if limit_rate is used	2010-02-01 15:20:43 +00:00
Igor Sysoev	70a7d24817	merge r3155, r3156, r3160, r969, r3191, r3197, r3358: SSL fixes: ) $ssl_session_id ) allow "make clean" for OpenSSL, the bug was introduced in r2874 ) disable SSLv2 and use only strong ciphers by default ) decrease SSL handshake error level to info	2010-02-01 14:39:16 +00:00
Igor Sysoev	09dd51fe1f	r3301 merge: disable SSL renegotiation (CVE-2009-3555)	2009-11-16 15:24:39 +00:00
Igor Sysoev	66e573174e	merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232: various SSL fixes and features: ) $ssl_client_verify ) "ssl_verify_client ask" was changed to "ssl_verify_client optional" ) ssl_crl ) delete OpenSSL pre-0.9.7 compatibility: the sources were not actually compatible with OpenSSL 0.9.6 since ssl_session_cache introduction ) fix memory corruption in $ssl_client_cert ) issue SNI warning instead of failure: this is too common case ) use ngx_log_error(), since OpenSSL does not set an error on the failure ) add SNI support in -V output	2009-10-26 16:53:34 +00:00
Igor Sysoev	c11383c4f2	merge r2903, r2911, r2912, r3002: fix various failures handling	2009-10-26 15:54:29 +00:00
Igor Sysoev	70eb9fa979	use ngx_vslprintf(), ngx_slprintf()	2009-04-27 13:06:20 +00:00
Igor Sysoev	523bf6b61f	support attaching to an existent Win32 shared memory	2009-04-18 19:27:28 +00:00
Igor Sysoev	692c1103da	move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory	2009-04-16 19:25:09 +00:00
Igor Sysoev	9cc2c1a656	fix building by MSVC8	2009-04-15 19:28:10 +00:00
Igor Sysoev	5405ac4039	improve ngx_slab_alloc() error logging	2009-03-27 17:00:42 +00:00
Igor Sysoev	12c14b31e3	small optimization: " == NGX_ERROR" > " != NGX_OK"	2009-02-24 10:42:23 +00:00
Igor Sysoev	106c630bbc	load SSL engine before certificates, otherwise RSA keys will use built-in RSA methods	2009-02-16 13:37:58 +00:00
Igor Sysoev	8e7faf90f4	use "!= NGX_OK" instead of "== NGX_ERROR"	2008-12-09 17:27:48 +00:00
Igor Sysoev	760972dc88	low some SSL handshake errors level	2008-11-18 16:05:00 +00:00
Igor Sysoev	f67453d7d1	always use buffer, if connection is buffered, this fixes OpenSSL "bad write retry" error, when ) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL, ) OpenSSL returns SSL_ERROR_WANT_WRITE, ) after some time nginx has to send a new data, ) so there are at least two bufs nginx does pass them directly to OpenSSL, ) but copies the first buf part to buffer, and sends the buffer to OpenSSL. ) because the data length is lesser than it was in previous SSL_write(): 16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.	2008-10-23 05:58:10 +00:00
Igor Sysoev	b0dc32eec3	backout both r2162 and r2128 and implement a new fix	2008-08-12 12:04:49 +00:00
Igor Sysoev	5eb3a4f909	SSL connection readiness is required for level-triggered events only, broken in r2128	2008-08-11 15:25:40 +00:00
Igor Sysoev	056c6b563b	update connection readiness after SSL handshake, this fixes mail proxy SSL connection hanging if level-triggered event is used	2008-07-30 06:12:30 +00:00
Igor Sysoev	1754fe97a7	) ssl_verify_client ask ) test ssl_client_certificate for ssl_verify_client ) $ssl_client_cert adds TAB before each line except first one ) $ssl_client_raw_cert contains certificate as is	2008-07-29 14:29:02 +00:00
Igor Sysoev	98054926fb	fix "proxy_pass https://..." broken in r1427	2008-06-20 14:42:54 +00:00
Igor Sysoev	0ebc285aa0	) back out r2040 ) refactor ngx_palloc() ) introduce ngx_pnalloc() ) additional pool blocks have smaller header	2008-06-17 15:00:30 +00:00
Igor Sysoev	6bf65f677d	$ssl_client_cert	2008-06-16 05:54:18 +00:00
Igor Sysoev	d512987c1e	DH parameters, ssl_dhparam	2008-06-16 05:51:32 +00:00
Igor Sysoev	f4e540c64d	ssl_session_cache none	2008-05-26 07:14:13 +00:00
Igor Sysoev	297030bd24	get certificate info only for debug build	2008-04-28 08:52:32 +00:00
Igor Sysoev	4fbcbbbdef	fix memory leak when ssl_verify_client is on	2008-04-28 08:50:39 +00:00
Igor Sysoev	c2fdce089d	fix memory leak when ssl_verify_client is on	2008-04-23 18:57:25 +00:00
Igor Sysoev	56d658736f	low some SSL handshake errors level	2008-03-18 10:35:00 +00:00
Igor Sysoev	6bdb1e9451	invalidate SSL session if there is no valid client certificate	2008-03-10 14:47:07 +00:00
Igor Sysoev	5d76c1f897	low SSL handshake close notify alert error level	2008-02-04 20:46:58 +00:00
Igor Sysoev	18a1a9a9a6	low SSL handshake errors level	2008-02-01 14:05:18 +00:00
Igor Sysoev	4e7e486b56	backout r1757, we really need SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER	2008-01-31 15:10:45 +00:00
Igor Sysoev	db38365ab7	add NGX_ENETDOWN, NGX_ENETUNREACH, and NGX_EHOSTDOWN	2008-01-25 14:57:35 +00:00
Igor Sysoev	929d881e1d	pull all errors	2008-01-25 14:56:37 +00:00
Igor Sysoev	2257b8aea1	fix bogus crit log message "SSL_shutdown() failed" introduced in r1755	2008-01-22 16:04:35 +00:00
Igor Sysoev	2ebe2174bc	pull all errors	2008-01-10 08:45:00 +00:00
Igor Sysoev	c366bd9136	grammar fix	2008-01-10 08:36:14 +00:00
Igor Sysoev	fdcadd6b50	fix segfault introduced in r1780	2007-12-27 18:35:52 +00:00
Igor Sysoev	93d1079897	create ssl buffer on demand and free it before keep-alive	2007-12-26 21:07:30 +00:00
Igor Sysoev	efcf5c7468	ssl_session_cache off	2007-12-26 20:27:22 +00:00
Igor Sysoev	dac5d9ad46	use ngx_queue.h	2007-12-20 21:01:00 +00:00
Igor Sysoev	9176fbab73	embed session_rbtree and sentinel inside ngx_ssl_session_cache_t	2007-12-20 20:35:23 +00:00
Igor Sysoev	19132f7adb	omit useless test	2007-12-20 20:30:45 +00:00
Igor Sysoev	135f78830c	use ngx_time() instead of ngx_timeofday()	2007-12-20 20:11:45 +00:00
Igor Sysoev	ad772dab83	remove SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, we never need it, the "bad write retry" error was caused by SSL_shutdown() error	2007-12-20 13:49:07 +00:00
Igor Sysoev	8425d35bc2	cleaning stale global SSL error	2007-12-20 13:04:20 +00:00
Igor Sysoev	2c227d3c34	SSL_shutdown() never returns -1, on error it returns 0. This fixes incidental "bad write retry" errors.	2007-12-20 12:59:05 +00:00
Igor Sysoev	c61f8cd4a8	optimize rbtree initialization and insert	2007-12-17 08:52:00 +00:00

1 2 3

108 Commits