)]}'
{
  "commit": "fbc51e4c445bf25854dea3baac4572b21325d38c",
  "tree": "2fdc152e7340e90cd7629aceb42855fa3e7b698c",
  "parents": [
    "631fa929d39bb377f89b13bcdaa467e9deefe333"
  ],
  "author": {
    "name": "Maxim Dounin",
    "email": "mdounin@mdounin.ru",
    "time": "Tue Aug 23 14:36:31 2011 +0000"
  },
  "committer": {
    "name": "Maxim Dounin",
    "email": "mdounin@mdounin.ru",
    "time": "Tue Aug 23 14:36:31 2011 +0000"
  },
  "message": "Better handling of various per-server ssl options with SNI.\n\nSSL_set_SSL_CTX() doesn\u0027t touch values cached within ssl connection\nstructure, it only changes certificates (at least as of now, OpenSSL\n1.0.0d and earlier).\n\nAs a result settings like ssl_verify_client, ssl_verify_depth,\nssl_prefer_server_ciphers are only configurable on per-socket basis while\nwith SNI it should be possible to specify them different for two servers\nlistening on the same socket.\n\nWorkaround is to explicitly re-apply settings we care about from context\nto ssl connection in servername callback.\n\nNote that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.\nwith older versions it is not possible to clear ssl_prefer_server_ciphers\noption if it\u0027s set in default server for a socket.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "5e0b8e8915e27349ceeb77af28c306f94e16dffa",
      "old_mode": 33188,
      "old_path": "src/http/ngx_http_request.c",
      "new_id": "ac54b1f5ad85e129bca87321bbcf93d7e285ae16",
      "new_mode": 33188,
      "new_path": "src/http/ngx_http_request.c"
    }
  ]
}