Permalink
Browse files

Changes with nginx 1.5.6 01 Oct 2013

*) Feature: the "fastcgi_buffering" directive.

*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
Thanks to Piotr Sikora.

*) Feature: optimization of SSL handshakes when using long certificate
chains.

*) Feature: the mail proxy supports SMTP pipelining.

*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.

*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.

*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.

*) Bugfix: in the mail proxy server.

*) Bugfix: in the ngx_http_spdy_module.
  • Loading branch information...
1 parent c6e358d commit e52bddaaa90e64b2291f6e58ef1a2cff71604f6a nginx committed with kolbyjack Oct 1, 2013
View
29 CHANGES
@@ -1,4 +1,33 @@
+Changes with nginx 1.5.6 01 Oct 2013
+
+ *) Feature: the "fastcgi_buffering" directive.
+
+ *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
+ directives.
+ Thanks to Piotr Sikora.
+
+ *) Feature: optimization of SSL handshakes when using long certificate
+ chains.
+
+ *) Feature: the mail proxy supports SMTP pipelining.
+
+ *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
+ password encryption method.
+ Thanks to Markus Linnala.
+
+ *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
+ be used to process a request if locations were given using characters
+ in different cases.
+
+ *) Bugfix: automatic redirect with appended trailing slash for proxied
+ locations might not work.
+
+ *) Bugfix: in the mail proxy server.
+
+ *) Bugfix: in the ngx_http_spdy_module.
+
+
Changes with nginx 1.5.5 17 Sep 2013
*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
View
@@ -1,4 +1,32 @@
+Изменения в nginx 1.5.6 01.10.2013
+
+ *) Добавление: директива fastcgi_buffering.
+
+ *) Добавление: директивы proxy_ssl_protocols и proxy_ssl_ciphers.
+ Спасибо Piotr Sikora.
+
+ *) Добавление: оптимизация SSL handshake при использовании длинных
+ цепочек сертификатов.
+
+ *) Добавление: почтовый прокси-сервер поддерживает SMTP pipelining.
+
+ *) Исправление: в модуле ngx_http_auth_basic_module при использовании
+ метода шифрования паролей "$apr1$".
+ Спасибо Markus Linnala.
+
+ *) Исправление: на MacOSX, Cygwin и nginx/Windows для обработки запроса
+ мог использоваться неверный location, если для задания location'ов
+ использовались символы разных регистров.
+
+ *) Исправление: автоматическое перенаправление с добавлением
+ завершающего слэша для проксированных location'ов могло не работать.
+
+ *) Исправление: в почтовом прокси-сервере.
+
+ *) Исправление: в модуле ngx_http_spdy_module.
+
+
Изменения в nginx 1.5.5 17.09.2013
*) Изменение: теперь nginx по умолчанию использует HTTP/1.0, если точно
View
@@ -483,6 +483,8 @@ if [ $MAIL = YES ]; then
modules="$modules $MAIL_PROXY_MODULE"
MAIL_SRCS="$MAIL_SRCS $MAIL_PROXY_SRCS"
+
+ NGX_ADDON_DEPS="$NGX_ADDON_DEPS \$(MAIL_DEPS)"
fi
View
@@ -26,6 +26,7 @@ types {
application/font-woff woff;
application/java-archive jar war ear;
+ application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
View
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1005005
-#define NGINX_VERSION "1.5.5"
+#define nginx_version 1005006
+#define NGINX_VERSION "1.5.6"
#define NGINX_VER "nginx/" NGINX_VERSION
#define NGINX_VAR "NGINX"
View
@@ -137,7 +137,7 @@ ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
/* output */
- *encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 16 + 1);
+ *encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 1 + 22 + 1);
if (*encrypted == NULL) {
return NGX_ERROR;
}
View
@@ -852,6 +852,46 @@ ngx_dns_strcmp(u_char *s1, u_char *s2)
}
+ngx_int_t
+ngx_filename_cmp(u_char *s1, u_char *s2, size_t n)
+{
+ ngx_uint_t c1, c2;
+
+ while (n) {
+ c1 = (ngx_uint_t) *s1++;
+ c2 = (ngx_uint_t) *s2++;
+
+#if (NGX_HAVE_CASELESS_FILESYSTEM)
+ c1 = tolower(c1);
+ c2 = tolower(c2);
+#endif
+
+ if (c1 == c2) {
+
+ if (c1) {
+ n--;
+ continue;
+ }
+
+ return 0;
+ }
+
+ /* we need '/' to be the lowest character */
+
+ if (c1 == 0 || c2 == 0) {
+ return c1 - c2;
+ }
+
+ c1 = (c1 == '/') ? 0 : c1;
+ c2 = (c2 == '/') ? 0 : c2;
+
+ return c1 - c2;
+ }
+
+ return 0;
+}
+
+
ngx_int_t
ngx_atoi(u_char *line, size_t n)
{
View
@@ -167,6 +167,7 @@ ngx_int_t ngx_rstrncmp(u_char *s1, u_char *s2, size_t n);
ngx_int_t ngx_rstrncasecmp(u_char *s1, u_char *s2, size_t n);
ngx_int_t ngx_memn2cmp(u_char *s1, u_char *s2, size_t n1, size_t n2);
ngx_int_t ngx_dns_strcmp(u_char *s1, u_char *s2);
+ngx_int_t ngx_filename_cmp(u_char *s1, u_char *s2, size_t n);
ngx_int_t ngx_atoi(u_char *line, size_t n);
ngx_int_t ngx_atofp(u_char *line, size_t n, size_t point);
@@ -280,6 +280,8 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
{
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_set_ex_data() failed");
+ X509_free(x509);
+ BIO_free(bio);
return NGX_ERROR;
}
@@ -519,6 +521,7 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
static void
ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
{
+ BIO *rbio, *wbio;
ngx_connection_t *c;
if (where & SSL_CB_HANDSHAKE_START) {
@@ -529,6 +532,31 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation");
}
}
+
+ if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
+ c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+
+ if (!c->ssl->handshake_buffer_set) {
+ /*
+ * By default OpenSSL uses 4k buffer during a handshake,
+ * which is too low for long certificate chains and might
+ * result in extra round-trips.
+ *
+ * To adjust a buffer size we detect that buffering was added
+ * to write side of the connection by comparing rbio and wbio.
+ * If they are different, we assume that it's due to buffering
+ * added to wbio, and set buffer size.
+ */
+
+ rbio = SSL_get_rbio(ssl_conn);
+ wbio = SSL_get_wbio(ssl_conn);
+
+ if (rbio != wbio) {
+ (void) BIO_set_write_buffer_size(wbio, NGX_SSL_BUFSIZE);
+ c->ssl->handshake_buffer_set = 1;
+ }
+ }
+ }
}
@@ -48,6 +48,7 @@ typedef struct {
unsigned buffer:1;
unsigned no_wait_shutdown:1;
unsigned no_send_shutdown:1;
+ unsigned handshake_buffer_set:1;
} ngx_ssl_connection_t;
Oops, something went wrong.

0 comments on commit e52bdda

Please sign in to comment.