diff options
author | nginx <nginx@nginx.org> | 2012-11-13 13:44:11 +0000 |
---|---|---|
committer | Jon Kolb <jon@b0g.us> | 2012-11-13 13:44:11 +0000 |
commit | fe2a293987af59f9e15c01182b28eb9630df6e25 (patch) | |
tree | 1504c0225dd2671dbf2077d0b01d2384779acde1 | |
parent | b4ac37202e59e26c43f188c484aaddc046c05f25 (diff) | |
download | nginx-1.2.5.tar.gz |
Changes with nginx 1.2.5 13 Nov 2012v1.2.5
*) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
directive.
Thanks to Mike Kazantsev and Eric O'Connor.
*) Feature: the $bytes_sent, $connection, and $connection_requests
variables can now be used not only in the "log_format" directive.
Thanks to Benjamin Grössing.
*) Feature: resolver now randomly rotates addresses returned from cache.
Thanks to Anton Jouline.
*) Feature: the "auto" parameter of the "worker_processes" directive.
*) Bugfix: "cache file ... has md5 collision" alert.
*) Bugfix: OpenSSL 0.9.7 compatibility.
-rw-r--r-- | CHANGES | 20 | ||||
-rw-r--r-- | CHANGES.ru | 21 | ||||
-rw-r--r-- | auto/lib/perl/conf | 10 | ||||
-rw-r--r-- | auto/make | 6 | ||||
-rw-r--r-- | auto/options | 4 | ||||
-rw-r--r-- | src/core/nginx.c | 35 | ||||
-rw-r--r-- | src/core/nginx.h | 4 | ||||
-rw-r--r-- | src/core/ngx_cycle.c | 18 | ||||
-rw-r--r-- | src/core/ngx_cycle.h | 2 | ||||
-rw-r--r-- | src/core/ngx_file.c | 12 | ||||
-rw-r--r-- | src/core/ngx_file.h | 2 | ||||
-rw-r--r-- | src/core/ngx_resolver.c | 31 | ||||
-rw-r--r-- | src/event/ngx_event_openssl.c | 8 | ||||
-rw-r--r-- | src/event/ngx_event_openssl.h | 7 | ||||
-rw-r--r-- | src/event/ngx_event_pipe.c | 11 | ||||
-rw-r--r-- | src/http/modules/ngx_http_log_module.c | 31 | ||||
-rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 3 | ||||
-rw-r--r-- | src/http/modules/perl/nginx.pm | 2 | ||||
-rw-r--r-- | src/http/ngx_http_request.c | 18 | ||||
-rw-r--r-- | src/http/ngx_http_upstream.c | 1 | ||||
-rw-r--r-- | src/http/ngx_http_variables.c | 79 | ||||
-rw-r--r-- | src/os/unix/ngx_process.c | 4 | ||||
-rw-r--r-- | src/os/unix/ngx_process_cycle.c | 14 |
23 files changed, 268 insertions, 75 deletions
@@ -1,4 +1,24 @@ +Changes with nginx 1.2.5 13 Nov 2012 + + *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client" + directive. + Thanks to Mike Kazantsev and Eric O'Connor. + + *) Feature: the $bytes_sent, $connection, and $connection_requests + variables can now be used not only in the "log_format" directive. + Thanks to Benjamin Grössing. + + *) Feature: resolver now randomly rotates addresses returned from cache. + Thanks to Anton Jouline. + + *) Feature: the "auto" parameter of the "worker_processes" directive. + + *) Bugfix: "cache file ... has md5 collision" alert. + + *) Bugfix: OpenSSL 0.9.7 compatibility. + + Changes with nginx 1.2.4 25 Sep 2012 *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14. diff --git a/CHANGES.ru b/CHANGES.ru index f04fc0c9b..cf17e673a 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,25 @@ +Изменения в nginx 1.2.5 13.11.2012 + + *) Добавление: параметр optional_no_ca директивы ssl_verify_client. + Спасибо Михаилу Казанцеву и Eric O'Connor. + + *) Добавление: переменные $bytes_sent, $connection и + $connection_requests теперь можно использовать не только в директиве + log_format. + Спасибо Benjamin Grössing. + + *) Добавление: теперь resolver случайным образом меняет порядок + возвращаемых закэшированных адресов. + Спасибо Антону Жулину. + + *) Добавление: параметр auto директивы worker_processes. + + *) Исправление: сообщения "cache file ... has md5 collision". + + *) Исправление: совместимость с OpenSSL 0.9.7. + + Изменения в nginx 1.2.4 25.09.2012 *) Исправление: в директиве "limit_req"; ошибка появилась в 1.1.14. diff --git a/auto/lib/perl/conf b/auto/lib/perl/conf index 52c7084e9..5ce6c91e6 100644 --- a/auto/lib/perl/conf +++ b/auto/lib/perl/conf @@ -12,7 +12,7 @@ NGX_PERL_VER=`$NGX_PERL -v 2>&1 | grep '^This is perl' 2>&1 \ if test -n "$NGX_PERL_VER"; then echo " + perl version: $NGX_PERL_VER" - if [ "`echo 'use 5.006001; print "OK"' | $NGX_PERL 2>&1`" != OK ]; then + if [ "`$NGX_PERL -e 'use 5.006001; print "OK"'`" != "OK" ]; then echo echo "$0: error: perl 5.6.1 or higher is required" echo @@ -20,6 +20,14 @@ if test -n "$NGX_PERL_VER"; then exit 1; fi + if [ "`$NGX_PERL -MExtUtils::Embed -e 'print "OK"'`" != "OK" ]; then + echo + echo "$0: error: perl module ExtUtils::Embed is required" + echo + + exit 1; + fi + NGX_PERL_CFLAGS="$CFLAGS `$NGX_PERL -MExtUtils::Embed -e ccopts`" NGX_PM_CFLAGS=`$NGX_PERL -MExtUtils::Embed -e ccopts` @@ -49,7 +49,7 @@ END ngx_all_srcs="$CORE_SRCS" -# the core dependences and include pathes +# the core dependences and include paths ngx_deps=`echo $CORE_DEPS $NGX_AUTO_CONFIG_H $NGX_PCH \ | sed -e "s/ *\([^ ][^ ]*\)/$ngx_regex_cont\1/g" \ @@ -69,7 +69,7 @@ CORE_INCS = $ngx_include_opt$ngx_incs END -# the http dependences and include pathes +# the http dependences and include paths if [ $HTTP = YES ]; then @@ -95,7 +95,7 @@ END fi -# the mail dependences and include pathes +# the mail dependences and include paths if [ $MAIL = YES ]; then diff --git a/auto/options b/auto/options index 11f23c6d6..6c3a4db97 100644 --- a/auto/options +++ b/auto/options @@ -385,6 +385,10 @@ cat << END --without-http_browser_module disable ngx_http_browser_module --without-http_upstream_ip_hash_module disable ngx_http_upstream_ip_hash_module + --without-http_upstream_least_conn_module + disable ngx_http_upstream_least_conn_module + --without-http_upstream_keepalive_module + disable ngx_http_upstream_keepalive_module --with-http_perl_module enable ngx_http_perl_module --with-perl_modules_path=PATH set Perl modules path diff --git a/src/core/nginx.c b/src/core/nginx.c index c7f84fd67..d02f9111d 100644 --- a/src/core/nginx.c +++ b/src/core/nginx.c @@ -21,6 +21,8 @@ static char *ngx_set_env(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static char *ngx_set_priority(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static char *ngx_set_cpu_affinity(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); +static char *ngx_set_worker_processes(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); static ngx_conf_enum_t ngx_debug_points[] = { @@ -69,9 +71,9 @@ static ngx_command_t ngx_core_commands[] = { { ngx_string("worker_processes"), NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, - ngx_conf_set_num_slot, + ngx_set_worker_processes, + 0, 0, - offsetof(ngx_core_conf_t, worker_processes), NULL }, { ngx_string("debug_points"), @@ -1329,3 +1331,32 @@ ngx_get_cpu_affinity(ngx_uint_t n) return ccf->cpu_affinity[ccf->cpu_affinity_n - 1]; } + + +static char * +ngx_set_worker_processes(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_str_t *value; + ngx_core_conf_t *ccf; + + ccf = (ngx_core_conf_t *) conf; + + if (ccf->worker_processes != NGX_CONF_UNSET) { + return "is duplicate"; + } + + value = (ngx_str_t *) cf->args->elts; + + if (ngx_strcmp(value[1].data, "auto") == 0) { + ccf->worker_processes = ngx_ncpu; + return NGX_CONF_OK; + } + + ccf->worker_processes = ngx_atoi(value[1].data, value[1].len); + + if (ccf->worker_processes == NGX_ERROR) { + return "invalid value"; + } + + return NGX_CONF_OK; +} diff --git a/src/core/nginx.h b/src/core/nginx.h index 88f5f2b84..bfb8078a1 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1002004 -#define NGINX_VERSION "1.2.4" +#define nginx_version 1002005 +#define NGINX_VERSION "1.2.5" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c index e5468ae9b..f15372990 100644 --- a/src/core/ngx_cycle.c +++ b/src/core/ngx_cycle.c @@ -118,18 +118,18 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) } - n = old_cycle->pathes.nelts ? old_cycle->pathes.nelts : 10; + n = old_cycle->paths.nelts ? old_cycle->paths.nelts : 10; - cycle->pathes.elts = ngx_pcalloc(pool, n * sizeof(ngx_path_t *)); - if (cycle->pathes.elts == NULL) { + cycle->paths.elts = ngx_pcalloc(pool, n * sizeof(ngx_path_t *)); + if (cycle->paths.elts == NULL) { ngx_destroy_pool(pool); return NULL; } - cycle->pathes.nelts = 0; - cycle->pathes.size = sizeof(ngx_path_t *); - cycle->pathes.nalloc = n; - cycle->pathes.pool = pool; + cycle->paths.nelts = 0; + cycle->paths.size = sizeof(ngx_path_t *); + cycle->paths.nalloc = n; + cycle->paths.pool = pool; if (old_cycle->open_files.part.nelts) { @@ -334,7 +334,7 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) } - if (ngx_create_pathes(cycle, ccf->user) != NGX_OK) { + if (ngx_create_paths(cycle, ccf->user) != NGX_OK) { goto failed; } @@ -1038,6 +1038,8 @@ ngx_signal_process(ngx_cycle_t *cycle, char *sig) ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module); + ngx_memzero(&file, sizeof(ngx_file_t)); + file.name = ccf->pid; file.log = cycle->log; diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h index 551b6288e..b55fee0f1 100644 --- a/src/core/ngx_cycle.h +++ b/src/core/ngx_cycle.h @@ -48,7 +48,7 @@ struct ngx_cycle_s { ngx_queue_t reusable_connections_queue; ngx_array_t listening; - ngx_array_t pathes; + ngx_array_t paths; ngx_list_t open_files; ngx_list_t shared_memory; diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c index d9b30f844..f13fb4952 100644 --- a/src/core/ngx_file.c +++ b/src/core/ngx_file.c @@ -412,8 +412,8 @@ ngx_add_path(ngx_conf_t *cf, ngx_path_t **slot) path = *slot; - p = cf->cycle->pathes.elts; - for (i = 0; i < cf->cycle->pathes.nelts; i++) { + p = cf->cycle->paths.elts; + for (i = 0; i < cf->cycle->paths.nelts; i++) { if (p[i]->name.len == path->name.len && ngx_strcmp(p[i]->name.data, path->name.data) == 0) { @@ -457,7 +457,7 @@ ngx_add_path(ngx_conf_t *cf, ngx_path_t **slot) } } - p = ngx_array_push(&cf->cycle->pathes); + p = ngx_array_push(&cf->cycle->paths); if (p == NULL) { return NGX_ERROR; } @@ -469,14 +469,14 @@ ngx_add_path(ngx_conf_t *cf, ngx_path_t **slot) ngx_int_t -ngx_create_pathes(ngx_cycle_t *cycle, ngx_uid_t user) +ngx_create_paths(ngx_cycle_t *cycle, ngx_uid_t user) { ngx_err_t err; ngx_uint_t i; ngx_path_t **path; - path = cycle->pathes.elts; - for (i = 0; i < cycle->pathes.nelts; i++) { + path = cycle->paths.elts; + for (i = 0; i < cycle->paths.nelts; i++) { if (ngx_create_dir(path[i]->name.data, 0700) == NGX_FILE_ERROR) { err = ngx_errno; diff --git a/src/core/ngx_file.h b/src/core/ngx_file.h index 7023e6778..18abf1423 100644 --- a/src/core/ngx_file.h +++ b/src/core/ngx_file.h @@ -130,7 +130,7 @@ void ngx_create_hashed_filename(ngx_path_t *path, u_char *file, size_t len); ngx_int_t ngx_create_path(ngx_file_t *file, ngx_path_t *path); ngx_err_t ngx_create_full_path(u_char *dir, ngx_uint_t access); ngx_int_t ngx_add_path(ngx_conf_t *cf, ngx_path_t **slot); -ngx_int_t ngx_create_pathes(ngx_cycle_t *cycle, ngx_uid_t user); +ngx_int_t ngx_create_paths(ngx_cycle_t *cycle, ngx_uid_t user); ngx_int_t ngx_ext_rename_file(ngx_str_t *src, ngx_str_t *to, ngx_ext_rename_file_t *ext); ngx_int_t ngx_copy_file(u_char *from, u_char *to, ngx_copy_file_t *cf); diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c index 178e0831d..d59d0c471 100644 --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -88,6 +88,8 @@ static void *ngx_resolver_calloc(ngx_resolver_t *r, size_t size); static void ngx_resolver_free(ngx_resolver_t *r, void *p); static void ngx_resolver_free_locked(ngx_resolver_t *r, void *p); static void *ngx_resolver_dup(ngx_resolver_t *r, void *src, size_t size); +static in_addr_t *ngx_resolver_rotate(ngx_resolver_t *r, in_addr_t *src, + ngx_uint_t n); static u_char *ngx_resolver_log_error(ngx_log_t *log, u_char *buf, size_t len); @@ -445,8 +447,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) if (naddrs != 1) { addr = 0; - addrs = ngx_resolver_dup(r, rn->u.addrs, - naddrs * sizeof(in_addr_t)); + addrs = ngx_resolver_rotate(r, rn->u.addrs, naddrs); if (addrs == NULL) { return NGX_ERROR; } @@ -2135,6 +2136,32 @@ ngx_resolver_dup(ngx_resolver_t *r, void *src, size_t size) } +static in_addr_t * +ngx_resolver_rotate(ngx_resolver_t *r, in_addr_t *src, ngx_uint_t n) +{ + void *dst, *p; + ngx_uint_t j; + + dst = ngx_resolver_alloc(r, n * sizeof(in_addr_t)); + + if (dst == NULL) { + return dst; + } + + j = ngx_random() % n; + + if (j == 0) { + ngx_memcpy(dst, src, n * sizeof(in_addr_t)); + return dst; + } + + p = ngx_cpymem(dst, &src[j], (n - j) * sizeof(in_addr_t)); + ngx_memcpy(p, src, j * sizeof(in_addr_t)); + + return dst; +} + + char * ngx_resolver_strerror(ngx_int_t err) { diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 4356a05ef..5e25b0156 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -94,23 +94,25 @@ ngx_ssl_init(ngx_log_t *log) OpenSSL_add_all_algorithms(); +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef SSL_OP_NO_COMPRESSION { /* * Disable gzip compression in OpenSSL prior to 1.0.0 version, * this saves about 522K per connection. */ - int i, n; + int n; STACK_OF(SSL_COMP) *ssl_comp_methods; ssl_comp_methods = SSL_COMP_get_compression_methods(); n = sk_SSL_COMP_num(ssl_comp_methods); - for (i = 0; i < n; i++) { - (void) sk_SSL_COMP_delete(ssl_comp_methods, i); + while (n--) { + (void) sk_SSL_COMP_pop(ssl_comp_methods); } } #endif +#endif ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index cd6d88518..b8061f0ce 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -120,6 +120,13 @@ ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session); #define ngx_ssl_get_server_conf(ssl_ctx) \ SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index) +#define ngx_ssl_verify_error_optional(n) \ + (n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT \ + || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN \ + || n == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY \ + || n == X509_V_ERR_CERT_UNTRUSTED \ + || n == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) + ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); diff --git a/src/event/ngx_event_pipe.c b/src/event/ngx_event_pipe.c index c2c79837f..476d56e30 100644 --- a/src/event/ngx_event_pipe.c +++ b/src/event/ngx_event_pipe.c @@ -946,8 +946,15 @@ ngx_event_pipe_add_free_buf(ngx_event_pipe_t *p, ngx_buf_t *b) return NGX_ERROR; } - b->pos = b->start; - b->last = b->start; + if (p->buf_to_file && b->start == p->buf_to_file->start) { + b->pos = p->buf_to_file->last; + b->last = p->buf_to_file->last; + + } else { + b->pos = b->start; + b->last = b->start; + } + b->shadow = NULL; cl->buf = b; diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c index 5b9c79986..0962c8475 100644 --- a/src/http/modules/ngx_http_log_module.c +++ b/src/http/modules/ngx_http_log_module.c @@ -78,10 +78,6 @@ static void ngx_http_log_write(ngx_http_request_t *r, ngx_http_log_t *log, static ssize_t ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script, u_char **name, u_char *buf, size_t len); -static u_char *ngx_http_log_connection(ngx_http_request_t *r, u_char *buf, - ngx_http_log_op_t *op); -static u_char *ngx_http_log_connection_requests(ngx_http_request_t *r, - u_char *buf, ngx_http_log_op_t *op); static u_char *ngx_http_log_pipe(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op); static u_char *ngx_http_log_time(ngx_http_request_t *r, u_char *buf, @@ -194,9 +190,6 @@ static ngx_str_t ngx_http_combined_fmt = static ngx_http_log_var_t ngx_http_log_vars[] = { - { ngx_string("connection"), NGX_ATOMIC_T_LEN, ngx_http_log_connection }, - { ngx_string("connection_requests"), NGX_INT_T_LEN, - ngx_http_log_connection_requests }, { ngx_string("pipe"), 1, ngx_http_log_pipe }, { ngx_string("time_local"), sizeof("28/Sep/1970:12:00:00 +0600") - 1, ngx_http_log_time }, @@ -209,8 +202,6 @@ static ngx_http_log_var_t ngx_http_log_vars[] = { { ngx_string("bytes_sent"), NGX_OFF_T_LEN, ngx_http_log_bytes_sent }, { ngx_string("body_bytes_sent"), NGX_OFF_T_LEN, ngx_http_log_body_bytes_sent }, - { ngx_string("apache_bytes_sent"), NGX_OFF_T_LEN, - ngx_http_log_body_bytes_sent }, { ngx_string("request_length"), NGX_SIZE_T_LEN, ngx_http_log_request_length }, @@ -502,22 +493,6 @@ ngx_http_log_copy_long(ngx_http_request_t *r, u_char *buf, static u_char * -ngx_http_log_connection(ngx_http_request_t *r, u_char *buf, - ngx_http_log_op_t *op) -{ - return ngx_sprintf(buf, "%uA", r->connection->number); -} - - -static u_char * -ngx_http_log_connection_requests(ngx_http_request_t *r, u_char *buf, - ngx_http_log_op_t *op) -{ - return ngx_sprintf(buf, "%ui", r->connection->requests); -} - - -static u_char * ngx_http_log_pipe(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op) { if (r->pipeline) { @@ -1143,12 +1118,6 @@ ngx_http_log_compile_format(ngx_conf_t *cf, ngx_array_t *flushes, goto invalid; } - if (ngx_strncmp(var.data, "apache_bytes_sent", 17) == 0) { - ngx_conf_log_error(NGX_LOG_WARN, cf, 0, - "use \"$body_bytes_sent\" instead of " - "\"$apache_bytes_sent\""); - } - for (v = ngx_http_log_vars; v->name.len; v++) { if (v->name.len == var.len diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index d759489a6..ea8a0da32 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -48,6 +48,7 @@ static ngx_conf_enum_t ngx_http_ssl_verify[] = { { ngx_string("off"), 0 }, { ngx_string("on"), 1 }, { ngx_string("optional"), 2 }, + { ngx_string("optional_no_ca"), 3 }, { ngx_null_string, 0 } }; @@ -466,7 +467,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) if (conf->verify) { - if (conf->client_certificate.len == 0) { + if (conf->client_certificate.len == 0 && conf->verify != 3) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "no ssl_client_certificate for ssl_client_verify"); return NGX_CONF_ERROR; diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm index dccbbd9c1..28de1d531 100644 --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -50,7 +50,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '1.2.4'; +our $VERSION = '1.2.5'; require XSLoader; XSLoader::load('nginx', $VERSION); diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index c104db1c0..ee00fd3af 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1634,7 +1634,9 @@ ngx_http_process_request(ngx_http_request_t *r) if (sscf->verify) { rc = SSL_get_verify_result(c->ssl->connection); - if (rc != X509_V_OK) { + if (rc != X509_V_OK + && (sscf->verify != 3 || !ngx_ssl_verify_error_optional(rc))) + { ngx_log_error(NGX_LOG_INFO, c->log, 0, "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); @@ -2743,6 +2745,20 @@ ngx_http_keepalive_handler(ngx_event_t *rev) ngx_http_close_connection(c); } + /* + * Like ngx_http_set_keepalive() we are trying to not hold + * c->buffer's memory for a keepalive connection. + */ + + if (ngx_pfree(c->pool, b->start) == NGX_OK) { + + /* + * the special note that c->buffer's memory was freed + */ + + b->pos = NULL; + } + return; } diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index 6c34f39d6..75ef64e55 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -2287,6 +2287,7 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u) return; } + p->buf_to_file->start = u->buffer.start; p->buf_to_file->pos = u->buffer.start; p->buf_to_file->last = u->buffer.pos; p->buf_to_file->temporary = 1; diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c index f34a6d9a3..b0949c7f1 100644 --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -69,6 +69,8 @@ static ngx_int_t ngx_http_variable_request_method(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_remote_user(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_bytes_sent(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_body_bytes_sent(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_request_completion(ngx_http_request_t *r, @@ -95,6 +97,11 @@ static ngx_int_t ngx_http_variable_sent_keep_alive(ngx_http_request_t *r, static ngx_int_t ngx_http_variable_sent_transfer_encoding(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_connection(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_connection_requests(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); + static ngx_int_t ngx_http_variable_nginx_version(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_hostname(ngx_http_request_t *r, @@ -212,6 +219,9 @@ static ngx_http_variable_t ngx_http_core_variables[] = { { ngx_string("remote_user"), NULL, ngx_http_variable_remote_user, 0, 0, 0 }, + { ngx_string("bytes_sent"), NULL, ngx_http_variable_bytes_sent, + 0, 0, 0 }, + { ngx_string("body_bytes_sent"), NULL, ngx_http_variable_body_bytes_sent, 0, 0, 0 }, @@ -260,6 +270,12 @@ static ngx_http_variable_t ngx_http_core_variables[] = { offsetof(ngx_http_request_t, limit_rate), NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, + { ngx_string("connection"), NULL, + ngx_http_variable_connection, 0, 0, 0 }, + + { ngx_string("connection_requests"), NULL, + ngx_http_variable_connection_requests, 0, 0, 0 }, + { ngx_string("nginx_version"), NULL, ngx_http_variable_nginx_version, 0, 0, 0 }, @@ -1434,6 +1450,27 @@ ngx_http_variable_remote_user(ngx_http_request_t *r, static ngx_int_t +ngx_http_variable_bytes_sent(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + u_char *p; + + p = ngx_pnalloc(r->pool, NGX_OFF_T_LEN); + if (p == NULL) { + return NGX_ERROR; + } + + v->len = ngx_sprintf(p, "%O", r->connection->sent) - p; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->data = p; + + return NGX_OK; +} + + +static ngx_int_t ngx_http_variable_body_bytes_sent(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { @@ -1788,6 +1825,48 @@ ngx_http_variable_request_body_file(ngx_http_request_t *r, static ngx_int_t +ngx_http_variable_connection(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + u_char *p; + + p = ngx_pnalloc(r->pool, NGX_ATOMIC_T_LEN); + if (p == NULL) { + return NGX_ERROR; + } + + v->len = ngx_sprintf(p, "%uA", r->connection->number) - p; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->data = p; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_variable_connection_requests(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + u_char *p; + + p = ngx_pnalloc(r->pool, NGX_INT_T_LEN); + if (p == NULL) { + return NGX_ERROR; + } + + v->len = ngx_sprintf(p, "%ui", r->connection->requests) - p; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->data = p; + + return NGX_OK; +} + + +static ngx_int_t ngx_http_variable_nginx_version(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c index 5713ca8e1..4ef3582e8 100644 --- a/src/os/unix/ngx_process.c +++ b/src/os/unix/ngx_process.c @@ -474,8 +474,6 @@ ngx_process_get_status(void) return; } -#if (NGX_SOLARIS || NGX_FREEBSD) - /* * Solaris always calls the signal handler for each exited process * despite waitpid() may be already called for this process. @@ -491,8 +489,6 @@ ngx_process_get_status(void) return; } -#endif - ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, err, "waitpid() failed"); return; diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c index 0474a26ca..73fb44c8d 100644 --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -371,6 +371,8 @@ ngx_start_worker_processes(ngx_cycle_t *cycle, ngx_int_t n, ngx_int_t type) ngx_pass_open_channel(cycle, &ch); } + + cpu_affinity = 0; } @@ -384,8 +386,8 @@ ngx_start_cache_manager_processes(ngx_cycle_t *cycle, ngx_uint_t respawn) manager = 0; loader = 0; - path = ngx_cycle->pathes.elts; - for (i = 0; i < ngx_cycle->pathes.nelts; i++) { + path = ngx_cycle->paths.elts; + for (i = 0; i < ngx_cycle->paths.nelts; i++) { if (path[i]->manager) { manager = 1; @@ -1339,8 +1341,8 @@ ngx_cache_manager_process_handler(ngx_event_t *ev) next = 60 * 60; - path = ngx_cycle->pathes.elts; - for (i = 0; i < ngx_cycle->pathes.nelts; i++) { + path = ngx_cycle->paths.elts; + for (i = 0; i < ngx_cycle->paths.nelts; i++) { if (path[i]->manager) { n = path[i]->manager(path[i]->data); @@ -1368,8 +1370,8 @@ ngx_cache_loader_process_handler(ngx_event_t *ev) cycle = (ngx_cycle_t *) ngx_cycle; - path = cycle->pathes.elts; - for (i = 0; i < cycle->pathes.nelts; i++) { + path = cycle->paths.elts; + for (i = 0; i < cycle->paths.nelts; i++) { if (ngx_terminate || ngx_quit) { break; |