Google Git
Sign in
nginx/nginx/09c684b2d53b46b6ffb706c686ca4dbed62cf6da^!/./src/imap/ngx_imap_ssl_module.c
commit
09c684b2d53b46b6ffb706c686ca4dbed62cf6da
[log] [tgz]
author
Igor Sysoev <igor@sysoev.ru>
Wed Nov 09 17:25:55 2005 +0000
committer
Igor Sysoev <igor@sysoev.ru>
Wed Nov 09 17:25:55 2005 +0000
tree
28d1d57070b5e8d95c8608d45678298d63f9621d
parent
51425a465a22ad2e33e7048b880aa594c376f79c [diff] [blame]
nginx-0.3.8-RELEASE import

    *) Security: nginx now checks URI got from a backend in
       "X-Accel-Redirect" header line or in SSI file for the "/../" paths
       and zeroes.

    *) Change: nginx now does not treat the empty user name in the
       "Authorization" header line as valid one.

    *) Feature: the "ssl_session_timeout" directives of the
       ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Feature: the "auth_http_header" directive of the
       ngx_imap_auth_http_module.

    *) Feature: the "add_header" directive.

    *) Feature: the ngx_http_realip_module.

    *) Feature: the new variables to use in the "log_format" directive:
       $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
       $request_time, $request_length, $upstream_status,
       $upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
       $connection, $pipe, and $msec. The parameters in the "%name" form
       will be canceled soon.

    *) Change: now the false variable values in the "if" directive are the
       empty string "" and string starting with "0".

    *) Bugfix: while using proxied or FastCGI-server nginx may leave
       connections and temporary files with client requests in open state.

    *) Bugfix: the worker processes did not flush the buffered logs on
       graceful exit.

    *) Bugfix: if the request URI was changes by the "rewrite" directive
       and the request was proxied in location given by regular expression,
       then the incorrect request was transferred to backend; the bug had
       appeared in 0.2.6.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" header.

    *) Bugfix: nginx may stop to accept requests if the "rtsig" method and
       several worker processes were used.

    *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
       SSI commands.

    *) Bugfix: if the response was ended just after the SSI command and
       gzipping was used, then the response did not transferred complete or
       did not transferred at all.

diff --git a/src/imap/ngx_imap_ssl_module.c b/src/imap/ngx_imap_ssl_module.c
index d663e88..f92dba6 100644
--- a/src/imap/ngx_imap_ssl_module.c
+++ b/src/imap/ngx_imap_ssl_module.c

@@ -83,6 +83,12 @@
       ngx_imap_ssl_nosupported, 0, 0, ngx_imap_ssl_openssl097 },
 #endif
 
+    { ngx_string("ssl_session_timeout"),
+      NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_sec_slot,
+      NGX_IMAP_SRV_CONF_OFFSET,
+      offsetof(ngx_imap_ssl_conf_t, session_timeout),
+      NULL },
 
       ngx_null_command
 };
@@ -140,6 +146,7 @@
      */
 
     scf->enable = NGX_CONF_UNSET;
+    scf->session_timeout = NGX_CONF_UNSET;
     scf->prefer_server_ciphers = NGX_CONF_UNSET;
 
     return scf;
@@ -160,6 +167,9 @@
         return NGX_CONF_OK;
     }
 
+    ngx_conf_merge_value(conf->session_timeout,
+                         prev->session_timeout, 300);
+
     ngx_conf_merge_value(conf->prefer_server_ciphers,
                          prev->prefer_server_ciphers, 0);
 
@@ -225,6 +235,8 @@
     SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_imap_session_id_ctx,
                                    sizeof(ngx_imap_session_id_ctx) - 1);
 
+    SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout);
+
     return NGX_CONF_OK;
 }