nginx-0.3.3-RELEASE import
*) Change: the "bl" and "af" parameters of the "listen" directive was
renamed to the "backlog" and "accept_filter".
*) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directive.
*) Change: the "$msec" log parameter does not require now the
additional the gettimeofday() system call.
*) Feature: the -t switch now tests the "listen" directives.
*) Bugfix: if the invalid address was specified in the "listen"
directive, then after the -HUP signal nginx left an open socket in
the CLOSED state.
*) Bugfix: the mime type may be incorrectly set to default value for
index file with variable in the name; the bug had appeared in 0.3.0.
*) Feature: the "timer_resolution" directive.
*) Feature: the millisecond "$upstream_response_time" log parameter.
*) Bugfix: a temporary file with client request body now is removed
just after the response header was transferred to a client.
*) Bugfix: OpenSSL 0.9.6 compatibility.
*) Bugfix: the SSL certificate and key file paths could not be relative.
*) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
the ngx_imap_ssl_module.
*) Bugfix: the "ssl_protocols" directive allowed to specify the single
protocol only.
diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c
index 70f7974..3623e2a 100644
--- a/src/http/modules/ngx_http_autoindex_module.c
+++ b/src/http/modules/ngx_http_autoindex_module.c
@@ -144,6 +144,7 @@
ngx_dir_t dir;
ngx_uint_t i, level;
ngx_pool_t *pool;
+ ngx_time_t *tp;
ngx_chain_t out;
ngx_array_t entries;
ngx_http_autoindex_entry_t *entry;
@@ -372,6 +373,8 @@
b->last = ngx_cpymem(b->last, "<hr><pre><a href=\"../\">../</a>" CRLF,
sizeof("<hr><pre><a href=\"../\">../</a>" CRLF) - 1);
+ tp = ngx_timeofday();
+
for (i = 0; i < entries.nelts; i++) {
b->last = ngx_cpymem(b->last, "<a href=\"", sizeof("<a href=\"") - 1);
@@ -428,7 +431,7 @@
*b->last++ = ' ';
- ngx_gmtime(entry[i].mtime + ngx_gmtoff * 60 * alcf->localtime, &tm);
+ ngx_gmtime(entry[i].mtime + tp->gmtoff * 60 * alcf->localtime, &tm);
b->last = ngx_sprintf(b->last, "%02d-%s-%d %02d:%02d ",
tm.ngx_tm_mday,
diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c
index eedc1f7..6d94a06 100644
--- a/src/http/modules/ngx_http_geo_module.c
+++ b/src/http/modules/ngx_http_geo_module.c
@@ -123,6 +123,7 @@
}
tree = ngx_radix_tree_create(cf->pool, -1);
+
if (tree == NULL) {
return NGX_CONF_ERROR;
}
diff --git a/src/http/modules/ngx_http_index_module.c b/src/http/modules/ngx_http_index_module.c
index 01b6d0c..b7daa6d 100644
--- a/src/http/modules/ngx_http_index_module.c
+++ b/src/http/modules/ngx_http_index_module.c
@@ -126,7 +126,8 @@
ngx_uint_t i;
ngx_http_index_t *index;
ngx_http_index_ctx_t *ctx;
- ngx_pool_cleanup_file_t *cln;
+ ngx_pool_cleanup_t *cln;
+ ngx_pool_cleanup_file_t *clnf;
ngx_http_script_code_pt code;
ngx_http_script_engine_t e;
ngx_http_core_loc_conf_t *clcf;
@@ -180,9 +181,9 @@
e.ip = index[i].lengths->elts;
e.request = r;
- /* 1 byte for terminating '\0' and 4 bytes is preallocation */
+ /* 1 byte for terminating '\0' */
- len = 1 + 4;
+ len = 1;
while (*(uintptr_t *) e.ip) {
lcode = *(ngx_http_script_len_code_pt *) e.ip;
@@ -190,6 +191,10 @@
}
ctx->index.len = len;
+
+ /* 16 bytes are preallocation */
+
+ len += 16;
}
if (len > ctx->path.len) {
@@ -228,6 +233,11 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0,
"open index \"%s\"", ctx->path.data);
+ cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_pool_cleanup_file_t));
+ if (cln == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
fd = ngx_open_file(ctx->path.data, NGX_FILE_RDONLY, NGX_FILE_OPEN);
if (fd == (ngx_fd_t) NGX_AGAIN) {
@@ -268,19 +278,12 @@
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
+ cln->handler = ngx_pool_cleanup_file;
+ clnf = cln->data;
- cln = ngx_palloc(r->pool, sizeof(ngx_pool_cleanup_file_t));
- if (cln == NULL) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
- }
-
- cln->fd = fd;
- cln->name = ctx->path.data;
- cln->log = r->pool->log;
-
- if (ngx_pool_cleanup_add(r->pool, ngx_pool_cleanup_file, cln) == NULL) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
- }
+ clnf->fd = fd;
+ clnf->name = ctx->path.data;
+ clnf->log = r->pool->log;
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c
index 5f9ee3a..af82b0e 100644
--- a/src/http/modules/ngx_http_ssi_filter_module.c
+++ b/src/http/modules/ngx_http_ssi_filter_module.c
@@ -1968,6 +1968,7 @@
{
ngx_http_ssi_ctx_t *ctx;
ngx_http_variable_value_t *vv;
+ ngx_time_t *tp;
struct tm tm;
char buf[NGX_HTTP_SSI_DATE_LEN];
@@ -1976,12 +1977,14 @@
return NULL;
}
+ tp = ngx_timeofday();
+
ctx = ngx_http_get_module_ctx(r, ngx_http_ssi_filter_module);
if (ctx->timefmt.len == sizeof("%s") - 1
&& ctx->timefmt.data[0] == '%' && ctx->timefmt.data[1] == 's')
{
- vv->value = ngx_time() + (gmt ? 0 : ngx_gmtoff);
+ vv->value = tp->sec + (gmt ? 0 : tp->gmtoff);
vv->text.data = ngx_palloc(r->pool, NGX_TIME_T_LEN);
if (vv->text.data == NULL) {
@@ -1994,12 +1997,12 @@
}
if (gmt) {
- ngx_libc_gmtime(&tm);
+ ngx_libc_gmtime(tp->sec, &tm);
} else {
- ngx_libc_localtime(&tm);
+ ngx_libc_localtime(tp->sec, &tm);
}
- vv->value = ngx_time() + (gmt ? 0 : ngx_gmtoff);
+ vv->value = tp->sec + (gmt ? 0 : tp->gmtoff);
vv->text.len = strftime(buf, NGX_HTTP_SSI_DATE_LEN,
(char *) ctx->timefmt.data, &tm);
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index bb9a55f..09bf63d 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -17,6 +17,15 @@
static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
void *parent, void *child);
+#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
+
+static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+
+static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
+
+#endif
+
static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 },
@@ -26,6 +35,7 @@
};
+
static ngx_command_t ngx_http_ssl_commands[] = {
{ ngx_string("ssl"),
@@ -50,14 +60,14 @@
NULL },
{ ngx_string("ssl_protocols"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, protocols),
&ngx_http_ssl_protocols },
{ ngx_string("ssl_ciphers"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, ciphers),
@@ -65,10 +75,14 @@
{ ngx_string("ssl_prefer_server_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
ngx_conf_set_flag_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
NULL },
+#else
+ ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
+#endif
ngx_null_command
};
@@ -144,6 +158,8 @@
ngx_http_ssl_srv_conf_t *prev = parent;
ngx_http_ssl_srv_conf_t *conf = child;
+ ngx_pool_cleanup_t *cln;
+
ngx_conf_merge_value(conf->enable, prev->enable, 0);
if (conf->enable == 0) {
@@ -172,29 +188,37 @@
return NGX_CONF_ERROR;
}
- if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, &conf->ssl) == NULL)
- {
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
return NGX_CONF_ERROR;
}
- if (ngx_ssl_certificate(&conf->ssl, conf->certificate.data,
- conf->certificate_key.data) != NGX_OK)
+ cln->handler = ngx_ssl_cleanup_ctx;
+ cln->data = &conf->ssl;
+
+ if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
+ &conf->certificate_key) != NGX_OK)
{
return NGX_CONF_ERROR;
}
if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
- (const char *) conf->ciphers.data) == 0)
+ (const char *) conf->ciphers.data)
+ == 0)
{
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"SSL_CTX_set_cipher_list(\"%V\") failed",
&conf->ciphers);
}
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+
if (conf->prefer_server_ciphers) {
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
}
+#endif
+
/* a temporary 512-bit RSA key is required for export versions of MSIE */
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
return NGX_CONF_ERROR;
@@ -207,3 +231,18 @@
return NGX_CONF_OK;
}
+
+
+#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
+
+static char *
+ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "\"%V\" directive is available only in %s,",
+ &cmd->name, cmd->post);
+
+ return NGX_CONF_ERROR;
+}
+
+#endif
diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c
index c5d5af8..0e995f5 100644
--- a/src/http/modules/ngx_http_static_module.c
+++ b/src/http/modules/ngx_http_static_module.c
@@ -82,7 +82,8 @@
ngx_buf_t *b;
ngx_chain_t out;
ngx_file_info_t fi;
- ngx_pool_cleanup_file_t *cln;
+ ngx_pool_cleanup_t *cln;
+ ngx_pool_cleanup_file_t *clnf;
ngx_http_core_loc_conf_t *clcf;
if (r->uri.data[r->uri.len - 1] == '/') {
@@ -119,6 +120,11 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0,
"http filename: \"%s\"", path.data);
+ cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_pool_cleanup_file_t));
+ if (cln == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
fd = ngx_open_file(path.data, NGX_FILE_RDONLY, NGX_FILE_OPEN);
if (fd == NGX_INVALID_FILE) {
@@ -223,18 +229,12 @@
log->action = "sending response to client";
- cln = ngx_palloc(r->pool, sizeof(ngx_pool_cleanup_file_t));
- if (cln == NULL) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
- }
+ cln->handler = ngx_pool_cleanup_file;
+ clnf = cln->data;
- cln->fd = fd;
- cln->name = path.data;
- cln->log = r->pool->log;
-
- if (ngx_pool_cleanup_add(r->pool, ngx_pool_cleanup_file, cln) == NULL) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
- }
+ clnf->fd = fd;
+ clnf->name = path.data;
+ clnf->log = r->pool->log;
r->headers_out.status = NGX_HTTP_OK;
r->headers_out.content_length_n = ngx_file_size(&fi);
