Permalink
Browse files

Changes with nginx 1.5.6 01 Oct 2013

*) Feature: the "fastcgi_buffering" directive.

*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
Thanks to Piotr Sikora.

*) Feature: optimization of SSL handshakes when using long certificate
chains.

*) Feature: the mail proxy supports SMTP pipelining.

*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.

*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.

*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.

*) Bugfix: in the mail proxy server.

*) Bugfix: in the ngx_http_spdy_module.
  • Loading branch information...
nginx authored and kolbyjack committed Oct 1, 2013
1 parent c6e358d commit e52bddaaa90e64b2291f6e58ef1a2cff71604f6a
View
29 CHANGES
@@ -1,4 +1,33 @@
Changes with nginx 1.5.6 01 Oct 2013
*) Feature: the "fastcgi_buffering" directive.
*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
Thanks to Piotr Sikora.
*) Feature: optimization of SSL handshakes when using long certificate
chains.
*) Feature: the mail proxy supports SMTP pipelining.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.
*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.
*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.
*) Bugfix: in the mail proxy server.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.5 17 Sep 2013
*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
View
@@ -1,4 +1,32 @@
Изменения в nginx 1.5.6 01.10.2013
*) Добавление: директива fastcgi_buffering.
*) Добавление: директивы proxy_ssl_protocols и proxy_ssl_ciphers.
Спасибо Piotr Sikora.
*) Добавление: оптимизация SSL handshake при использовании длинных
цепочек сертификатов.
*) Добавление: почтовый прокси-сервер поддерживает SMTP pipelining.
*) Исправление: в модуле ngx_http_auth_basic_module при использовании
метода шифрования паролей "$apr1$".
Спасибо Markus Linnala.
*) Исправление: на MacOSX, Cygwin и nginx/Windows для обработки запроса
мог использоваться неверный location, если для задания location'ов
использовались символы разных регистров.
*) Исправление: автоматическое перенаправление с добавлением
завершающего слэша для проксированных location'ов могло не работать.
*) Исправление: в почтовом прокси-сервере.
*) Исправление: в модуле ngx_http_spdy_module.
Изменения в nginx 1.5.5 17.09.2013
*) Изменение: теперь nginx по умолчанию использует HTTP/1.0, если точно
View
@@ -483,6 +483,8 @@ if [ $MAIL = YES ]; then
modules="$modules $MAIL_PROXY_MODULE"
MAIL_SRCS="$MAIL_SRCS $MAIL_PROXY_SRCS"
NGX_ADDON_DEPS="$NGX_ADDON_DEPS \$(MAIL_DEPS)"
fi
View
@@ -26,6 +26,7 @@ types {
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
View
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
#define nginx_version 1005005
#define NGINX_VERSION "1.5.5"
#define nginx_version 1005006
#define NGINX_VERSION "1.5.6"
#define NGINX_VER "nginx/" NGINX_VERSION
#define NGINX_VAR "NGINX"
View
@@ -137,7 +137,7 @@ ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
/* output */
*encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 16 + 1);
*encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 1 + 22 + 1);
if (*encrypted == NULL) {
return NGX_ERROR;
}
View
@@ -852,6 +852,46 @@ ngx_dns_strcmp(u_char *s1, u_char *s2)
}
ngx_int_t
ngx_filename_cmp(u_char *s1, u_char *s2, size_t n)
{
ngx_uint_t c1, c2;
while (n) {
c1 = (ngx_uint_t) *s1++;
c2 = (ngx_uint_t) *s2++;
#if (NGX_HAVE_CASELESS_FILESYSTEM)
c1 = tolower(c1);
c2 = tolower(c2);
#endif
if (c1 == c2) {
if (c1) {
n--;
continue;
}
return 0;
}
/* we need '/' to be the lowest character */
if (c1 == 0 || c2 == 0) {
return c1 - c2;
}
c1 = (c1 == '/') ? 0 : c1;
c2 = (c2 == '/') ? 0 : c2;
return c1 - c2;
}
return 0;
}
ngx_int_t
ngx_atoi(u_char *line, size_t n)
{
View
@@ -167,6 +167,7 @@ ngx_int_t ngx_rstrncmp(u_char *s1, u_char *s2, size_t n);
ngx_int_t ngx_rstrncasecmp(u_char *s1, u_char *s2, size_t n);
ngx_int_t ngx_memn2cmp(u_char *s1, u_char *s2, size_t n1, size_t n2);
ngx_int_t ngx_dns_strcmp(u_char *s1, u_char *s2);
ngx_int_t ngx_filename_cmp(u_char *s1, u_char *s2, size_t n);
ngx_int_t ngx_atoi(u_char *line, size_t n);
ngx_int_t ngx_atofp(u_char *line, size_t n, size_t point);
@@ -280,6 +280,8 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
{
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_set_ex_data() failed");
X509_free(x509);
BIO_free(bio);
return NGX_ERROR;
}
@@ -519,6 +521,7 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
static void
ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
{
BIO *rbio, *wbio;
ngx_connection_t *c;
if (where & SSL_CB_HANDSHAKE_START) {
@@ -529,6 +532,31 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation");
}
}
if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
if (!c->ssl->handshake_buffer_set) {
/*
* By default OpenSSL uses 4k buffer during a handshake,
* which is too low for long certificate chains and might
* result in extra round-trips.
*
* To adjust a buffer size we detect that buffering was added
* to write side of the connection by comparing rbio and wbio.
* If they are different, we assume that it's due to buffering
* added to wbio, and set buffer size.
*/
rbio = SSL_get_rbio(ssl_conn);
wbio = SSL_get_wbio(ssl_conn);
if (rbio != wbio) {
(void) BIO_set_write_buffer_size(wbio, NGX_SSL_BUFSIZE);
c->ssl->handshake_buffer_set = 1;
}
}
}
}
@@ -48,6 +48,7 @@ typedef struct {
unsigned buffer:1;
unsigned no_wait_shutdown:1;
unsigned no_send_shutdown:1;
unsigned handshake_buffer_set:1;
} ngx_ssl_connection_t;
Oops, something went wrong.

0 comments on commit e52bdda

Please sign in to comment.