[nginx] Stream: connection limiting module.
details: http://hg.nginx.org/nginx/rev/0dcef374b8bb
branches:
changeset: 6197:0dcef374b8bb
user: Vladimir Homutov v...@nginx.com
date: Thu Jun 18 14:17:30 2015 +0300
description:
Stream: connection limiting module.
stream {
limit_conn_zone $binary_remote_addr zone=perip:1m;
limit_conn_log_level error;
server {
...
limit_conn perip 1;
}
}
diffstat:
auto/modules |5 +
auto/options |4 +
auto/sources |3 +
src/stream/ngx_stream.h |1 +
src/stream/ngx_stream_handler.c |9 +
src/stream/ngx_stream_limit_conn_module.c | 632 ++
6 files changed, 654 insertions(+), 0 deletions(-)
diffs (truncated from 722 to 300 lines):
diff -r c3ec43580a48 -r 0dcef374b8bb auto/modules
--- a/auto/modules Wed Jun 17 17:57:34 2015 +0300
+++ b/auto/modules Thu Jun 18 14:17:30 2015 +0300
@@ -514,6 +514,11 @@ if [ $STREAM = YES ]; then
STREAM_SRCS=$STREAM_SRCS $STREAM_SSL_SRCS
fi
+if [ $STREAM_LIMIT_CONN = YES ]; then
+modules=$modules $STREAM_LIMIT_CONN_MODULE
+STREAM_SRCS=$STREAM_SRCS $STREAM_LIMIT_CONN_SRCS
+fi
+
if [ $STREAM_ACCESS = YES ]; then
modules=$modules $STREAM_ACCESS_MODULE
STREAM_SRCS=$STREAM_SRCS $STREAM_ACCESS_SRCS
diff -r c3ec43580a48 -r 0dcef374b8bb auto/options
--- a/auto/options Wed Jun 17 17:57:34 2015 +0300
+++ b/auto/options Thu Jun 18 14:17:30 2015 +0300
@@ -113,6 +113,7 @@ MAIL_SMTP=YES
STREAM=NO
STREAM_SSL=NO
+STREAM_LIMIT_CONN=YES
STREAM_ACCESS=YES
STREAM_UPSTREAM_HASH=YES
STREAM_UPSTREAM_LEAST_CONN=YES
@@ -283,6 +284,8 @@ use the \--with-mail_ssl_module\ optio
--with-stream) STREAM=YES ;;
--with-stream_ssl_module)STREAM_SSL=YES ;;
+--without-stream_limit_conn_module)
+ STREAM_LIMIT_CONN=NO ;;
--without-stream_access_module) STREAM_ACCESS=NO ;;
--without-stream_upstream_hash_module)
STREAM_UPSTREAM_HASH=NO;;
@@ -452,6 +455,7 @@ cat END
--with-stream enable TCP proxy module
--with-stream_ssl_module enable ngx_stream_ssl_module
+ --without-stream_limit_conn_module disable ngx_stream_limit_conn_module
--without-stream_access_module disable ngx_stream_access_module
--without-stream_upstream_hash_module
disable ngx_stream_upstream_hash_module
diff -r c3ec43580a48 -r 0dcef374b8bb auto/sources
--- a/auto/sources Wed Jun 17 17:57:34 2015 +0300
+++ b/auto/sources Thu Jun 18 14:17:30 2015 +0300
@@ -568,6 +568,9 @@ STREAM_SSL_MODULE=ngx_stream_ssl_module
STREAM_SSL_DEPS=src/stream/ngx_stream_ssl_module.h
STREAM_SSL_SRCS=src/stream/ngx_stream_ssl_module.c
+STREAM_LIMIT_CONN_MODULE=ngx_stream_limit_conn_module
+STREAM_LIMIT_CONN_SRCS=src/stream/ngx_stream_limit_conn_module.c
+
STREAM_ACCESS_MODULE=ngx_stream_access_module
STREAM_ACCESS_SRCS=src/stream/ngx_stream_access_module.c
diff -r c3ec43580a48 -r 0dcef374b8bb src/stream/ngx_stream.h
--- a/src/stream/ngx_stream.h Wed Jun 17 17:57:34 2015 +0300
+++ b/src/stream/ngx_stream.h Thu Jun 18 14:17:30 2015 +0300
@@ -118,6 +118,7 @@ typedef ngx_int_t (*ngx_stream_access_pt
typedef struct {
ngx_array_t servers; /* ngx_stream_core_srv_conf_t */
ngx_array_t listen; /* ngx_stream_listen_t */
+ngx_stream_access_ptlimit_conn_handler;
ngx_stream_access_ptaccess_handler;
} ngx_stream_core_main_conf_t;
diff -r c3ec43580a48 -r 0dcef374b8bb src/stream/ngx_stream_handler.c
--- a/src/stream/ngx_stream_handler.c Wed Jun 17 17:57:34 2015 +0300
+++ b/src/stream/ngx_stream_handler.c Thu Jun 18 14:17:30 2015 +0300
@@ -147,6 +147,15 @@ ngx_stream_init_connection(ngx_connectio
cmcf = ngx_stream_get_module_main_conf(s, ngx_stream_core_module);
+if (cmcf-limit_conn_handler) {
+rc = cmcf-limit_conn_handler(s);
+
+if (rc != NGX_DECLINED) {
+ngx_stream_close_connection(c);
+return;
+}
+}
+
if (cmcf-access_handler) {
rc = cmcf-access_handler(s);
diff -r c3ec43580a48 -r 0dcef374b8bb src/stream/ngx_stream_limit_conn_module.c
--- /dev/null Thu Jan 01 00:00:00 1970 +
+++ b/src/stream/ngx_stream_limit_conn_module.c Thu Jun 18 14:17:30 2015 +0300
@@ -0,0 +1,632 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include ngx_config.h
+#include ngx_core.h
+#include ngx_stream.h
+
+
+typedef struct {
+u_char color;
+u_char len;
+u_shortconn;
+u_char data[1];
+} ngx_stream_limit_conn_node_t;
+
+
+typedef struct {
+
Re: Breaking content generation phase into multiple phases or adding custom events in content phase
ngx_pagespeed does this by giving nginx a pipe to watch, setting up a handler for that pipe, calling an async api that uses threads, then the from the callback writing a byte to the pipe. Now when the async code finishes we're back on the nginx event loop in the pipe's handler. On Wed, Jun 17, 2015 at 11:27 PM, Yichun Zhang (agentzh) agen...@gmail.com wrote: Hello! On Thu, Jun 18, 2015 at 2:17 AM, Kaustubh Deorukhkar wrote: I am working on a custom module where I need to use a third party library and make sync/async calls to APIs. I do not have control over what the library does internally but any async API call on library would call a callback which indicates that content generation phase continue with forming response and sending it back to client. If you MUST use this 3rd-party library, then you can check out our ngx_drizzle [1] (for nonblocking MySQL communication via libdrizzle) and ngx_postgres [2] (for nonblocking PostgreSQL communication via libpq) for such 3rd-party library integration examples (both of them are production ready for years. But in retrospect, it took a *lot* of developer efforts to get them exactly right due to the inherent limitations in nginx's upstream mechanism and you MAY run into bugs in 3rd-party libraries when using edge-triggered (ET) events (well, we had to work around such issues in libpq, at least). The recommended way is to re-implement the wire protocol for I/O directly in Lua atop the cosocket API [3] provided by the ngx_lua module (or better, use the openresty bundle directly), in the same spirit of the existing lua-resty-mysql [4] and lua-resty-redis [5] libraries out there. We want to avoid upstream server model if this is already possible with nginx. Both ngx_postgres an ngx_drizzle on based on a good part of the stock nginx's upstream mechanism. It's easier to reuse it than coding everything from scratch if you stick with that road. It's worth mentioning that the cosocket mechanism in ngx_lua is a *parallel* implementation to the official upstream thing and overcomes all those limitations in upstream and makes things much cleaner and nicer at least on the Lua land. Still, we inherit most (if not all) of the good stuff from the upstream facility. You can check out the picture below for some ideas: http://agentzh.org/misc/slides/nginx-conf-2014/images/cosocket.png Best regards, -agentzh [1] https://github.com/openresty/drizzle-nginx-module [2] https://github.com/FRiCKLE/ngx_postgres [3] https://github.com/openresty/lua-nginx-module#ngxsockettcp [4] https://github.com/openresty/lua-resty-mysql [5] https://github.com/openresty/lua-resty-redis ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Upstream: fixed shared upstreams on win32.
details: http://hg.nginx.org/nginx/rev/311d232ad803
branches:
changeset: 6198:311d232ad803
user: Ruslan Ermilov r...@nginx.com
date: Tue Jun 16 00:43:00 2015 +0300
description:
Upstream: fixed shared upstreams on win32.
diffstat:
src/http/modules/ngx_http_upstream_zone_module.c | 43 +--
src/http/ngx_http_upstream_round_robin.h | 1 +
src/stream/ngx_stream_upstream_round_robin.h | 1 +
src/stream/ngx_stream_upstream_zone_module.c | 43 +--
4 files changed, 64 insertions(+), 24 deletions(-)
diffs (264 lines):
diff -r 0dcef374b8bb -r 311d232ad803
src/http/modules/ngx_http_upstream_zone_module.c
--- a/src/http/modules/ngx_http_upstream_zone_module.c Thu Jun 18 14:17:30
2015 +0300
+++ b/src/http/modules/ngx_http_upstream_zone_module.c Tue Jun 16 00:43:00
2015 +0300
@@ -14,8 +14,8 @@ static char *ngx_http_upstream_zone(ngx_
void *conf);
static ngx_int_t ngx_http_upstream_init_zone(ngx_shm_zone_t *shm_zone,
void *data);
-static ngx_int_t ngx_http_upstream_zone_copy_peers(ngx_slab_pool_t *shpool,
-ngx_http_upstream_srv_conf_t *uscf);
+static ngx_http_upstream_rr_peers_t *ngx_http_upstream_zone_copy_peers(
+ngx_slab_pool_t *shpool, ngx_http_upstream_srv_conf_t *uscf);
static ngx_command_t ngx_http_upstream_zone_commands[] = {
@@ -121,13 +121,29 @@ ngx_http_upstream_init_zone(ngx_shm_zone
size_t len;
ngx_uint_t i;
ngx_slab_pool_t*shpool;
+ngx_http_upstream_rr_peers_t *peers, **peersp;
ngx_http_upstream_srv_conf_t *uscf, **uscfp;
ngx_http_upstream_main_conf_t *umcf;
shpool = (ngx_slab_pool_t *) shm_zone-shm.addr;
+umcf = shm_zone-data;
+uscfp = umcf-upstreams.elts;
if (shm_zone-shm.exists) {
-return NGX_ERROR;
+peers = shpool-data;
+
+for (i = 0; i umcf-upstreams.nelts; i++) {
+uscf = uscfp[i];
+
+if (uscf-shm_zone != shm_zone) {
+continue;
+}
+
+uscf-peer.data = peers;
+peers = peers-zone_next;
+}
+
+return NGX_OK;
}
len = sizeof( in upstream zone \\) + shm_zone-shm.name.len;
@@ -143,8 +159,7 @@ ngx_http_upstream_init_zone(ngx_shm_zone
/* copy peers to shared memory */
-umcf = shm_zone-data;
-uscfp = umcf-upstreams.elts;
+peersp = (ngx_http_upstream_rr_peers_t **) shpool-data;
for (i = 0; i umcf-upstreams.nelts; i++) {
uscf = uscfp[i];
@@ -153,16 +168,20 @@ ngx_http_upstream_init_zone(ngx_shm_zone
continue;
}
-if (ngx_http_upstream_zone_copy_peers(shpool, uscf) != NGX_OK) {
+peers = ngx_http_upstream_zone_copy_peers(shpool, uscf);
+if (peers == NULL) {
return NGX_ERROR;
}
+
+*peersp = peers;
+peersp = peers-zone_next;
}
return NGX_OK;
}
-static ngx_int_t
+static ngx_http_upstream_rr_peers_t *
ngx_http_upstream_zone_copy_peers(ngx_slab_pool_t *shpool,
ngx_http_upstream_srv_conf_t *uscf)
{
@@ -171,7 +190,7 @@ ngx_http_upstream_zone_copy_peers(ngx_sl
peers = ngx_slab_alloc(shpool, sizeof(ngx_http_upstream_rr_peers_t));
if (peers == NULL) {
-return NGX_ERROR;
+return NULL;
}
ngx_memcpy(peers, uscf-peer.data, sizeof(ngx_http_upstream_rr_peers_t));
@@ -183,7 +202,7 @@ ngx_http_upstream_zone_copy_peers(ngx_sl
peer = ngx_slab_calloc_locked(shpool,
sizeof(ngx_http_upstream_rr_peer_t));
if (peer == NULL) {
-return NGX_ERROR;
+return NULL;
}
ngx_memcpy(peer, *peerp, sizeof(ngx_http_upstream_rr_peer_t));
@@ -197,7 +216,7 @@ ngx_http_upstream_zone_copy_peers(ngx_sl
backup = ngx_slab_alloc(shpool, sizeof(ngx_http_upstream_rr_peers_t));
if (backup == NULL) {
-return NGX_ERROR;
+return NULL;
}
ngx_memcpy(backup, peers-next, sizeof(ngx_http_upstream_rr_peers_t));
@@ -209,7 +228,7 @@ ngx_http_upstream_zone_copy_peers(ngx_sl
peer = ngx_slab_calloc_locked(shpool,
sizeof(ngx_http_upstream_rr_peer_t));
if (peer == NULL) {
-return NGX_ERROR;
+return NULL;
}
ngx_memcpy(peer, *peerp, sizeof(ngx_http_upstream_rr_peer_t));
@@ -223,5 +242,5 @@ done:
uscf-peer.data = peers;
-return NGX_OK;
+return peers;
}
diff -r 0dcef374b8bb -r 311d232ad803 src/http/ngx_http_upstream_round_robin.h
--- a/src/http/ngx_http_upstream_round_robin.h Thu Jun 18 14:17:30 2015 +0300
+++ b/src/http/ngx_http_upstream_round_robin.h Tue Jun 16 00:43:00 2015 +0300
@@ -58,6 +58,7 @@ struct ngx_http_upstream_rr_peers_s {
#if (NGX_HTTP_UPSTREAM_ZONE)
ngx_slab_pool_t*shpool;
ngx_atomic_trwlock;
+ngx_http_upstream_rr_peers_t
Re: Breaking content generation phase into multiple phases or adding custom events in content phase
Hello! On Thu, Jun 18, 2015 at 7:06 PM, Jeff Kaufman wrote: ngx_pagespeed does this by giving nginx a pipe to watch, setting up a handler for that pipe, calling an async api that uses threads, then the from the callback writing a byte to the pipe. Now when the async code finishes we're back on the nginx event loop in the pipe's handler. Extra OS threads add their own complexity and overhead (killing C10K, for example), which I think we should avoid wherever we can (well, disk I/O cannot be nonblocking and we should only use thread pools for that). Well, just my 2 cents. Regards, -agentzh ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: Fix windows issue with multiple workers
So, in VM it work for me also. I'm assuming that something on my windows work-pc has prevented to inherit listener in this way (driver, LSPs installed (Layered Service Providers), antivirus or something else)... But, why don't you want to use a suggested solution of me? If I will realize the way with easy inheritance (with bInheritHandle through CreateProcess), it will be not really easier, because: - we have several listener to share, so we should tell all this handles to child process; - bInheritHandle=True in CreateProcess can be a potential risk by not closed handles, if process crashed, and that are not only sockets - thus will arise so-called zombi-handles as half-open (dropped) or half-closed. But for sockets are listening it is extrem. Here is an example when this situation is encountered (* - listener, which process does not exist): netstat /ano | grep 0.0:80 * TCP0.0.0.0:80 0.0.0.0:0 LISTENING 3824 TCP0.0.0.0:80 0.0.0.0:0 LISTENING 4378 taskkill /F /PID 3824 ERROR: The process 3824 not found. Unfortunately, it is not guaranteed that new process 4378 accepts connections (because zombi listener of 3824 can block it). But also not so good are another zombies, like not closed temp-files, lock-files, pipes etc. You can talk long about that would be windows bugs, but that are facts. And thus it is instable. Apart from, does not work at all on some mashines (like my work-pc). And the way with WSADuplicateSocket self Microsoft recommends in various articles. If you still want to use the solution with bInheritHandle, I suggest a compromise: I will make it with selectable option (resp. defines like NGX_WIN32_DUPLICATE_LISTEN and NGX_WIN32_INHERIT_LISTEN). Please tell me your decision. Regards, sebres. Am 17.06.2015 16:52, schrieb Maxim Dounin: Hello! On Wed, Jun 17, 2015 at 04:01:17PM +0200, Sergey Brester wrote: Hmm, strange - almost same code, but it does not work... only first child can accept connections. Have you tried exactly the code I provided? Almost the same is a usual difference between working and non-working code. Which version of windows are you using for test? Works fine at least in Windows 7 and Windows 8.1 VMs here, both 32-bit. I have no 64-bit Windows on hand to test, but if it doesn't work for you specifically on 64-bit Windows, this may be some minor bug in the test code related to type casting. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] SSL: mark connections as non-reusable before SSL handshake
# HG changeset patch
# User Piotr Sikora pi...@cloudflare.com
# Date 1434623800 25200
# Thu Jun 18 03:36:40 2015 -0700
# Node ID cda1075a9536257e510b452df084e4cc396ab25d
# Parent c3ec43580a48114dfd28186f43e773fcfe211337
SSL: mark connections as non-reusable before SSL handshake.
Previously, connections were marked as non-reusable after SSL handshake
returned NGX_AGAIN. This meant that SSL callbacks that were using nginx
connections could drain the connection on which SSL handshake was being
performed on.
Signed-off-by: Piotr Sikora pi...@cloudflare.com
diff -r c3ec43580a48 -r cda1075a9536 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Wed Jun 17 17:57:34 2015 +0300
+++ b/src/http/ngx_http_request.c Thu Jun 18 03:36:40 2015 -0700
@@ -715,6 +715,8 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
return;
}
+ngx_reusable_connection(c, 0);
+
rc = ngx_ssl_handshake(c);
if (rc == NGX_AGAIN) {
@@ -723,8 +725,6 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
ngx_add_timer(rev, c-listening-post_accept_timeout);
}
-ngx_reusable_connection(c, 0);
-
c-ssl-handler = ngx_http_ssl_handshake_handler;
return;
}
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] SSL: avoid SSL_CTX_set_tmp_rsa_callback() call with LibreSSL
# HG changeset patch
# User Piotr Sikora pi...@cloudflare.com
# Date 1434623801 25200
# Thu Jun 18 03:36:41 2015 -0700
# Node ID e0d2520ed65517b581f2565160a89ba93f4f3630
# Parent c3ec43580a48114dfd28186f43e773fcfe211337
SSL: avoid SSL_CTX_set_tmp_rsa_callback() call with LibreSSL.
Signed-off-by: Piotr Sikora pi...@cloudflare.com
diff -r c3ec43580a48 -r e0d2520ed655 src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.cWed Jun 17 17:57:34 2015 +0300
+++ b/src/stream/ngx_stream_ssl_module.cThu Jun 18 03:36:41 2015 -0700
@@ -276,7 +276,9 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf
SSL_CTX_set_options(conf-ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
}
+#ifndef LIBRESSL_VERSION_NUMBER
SSL_CTX_set_tmp_rsa_callback(conf-ssl.ctx, ngx_ssl_rsa512_key_callback);
+#endif
if (ngx_ssl_dhparam(cf, conf-ssl, conf-dhparam) != NGX_OK) {
return NGX_CONF_ERROR;
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] SSL: guard use of SSL_R_BLOCK_CIPHER_PAD_IS_WRONG
# HG changeset patch # User Piotr Sikora pi...@cloudflare.com # Date 1434623802 25200 # Thu Jun 18 03:36:42 2015 -0700 # Node ID 2cf1105061a2e952865f81ffad560c5e9b0843fa # Parent c3ec43580a48114dfd28186f43e773fcfe211337 SSL: guard use of SSL_R_BLOCK_CIPHER_PAD_IS_WRONG. It has been removed from BoringSSL. Signed-off-by: Piotr Sikora pi...@cloudflare.com diff -r c3ec43580a48 -r 2cf1105061a2 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Wed Jun 17 17:57:34 2015 +0300 +++ b/src/event/ngx_event_openssl.c Thu Jun 18 03:36:42 2015 -0700 @@ -1905,7 +1905,9 @@ ngx_ssl_connection_error(ngx_connection_ /* handshake failures */ if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC/* 103 */ +#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */ +#endif || n == SSL_R_DIGEST_CHECK_FAILED/* 149 */ || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */ || n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] SSL: cast hostname in SSL_set_tlsext_host_name()
# HG changeset patch
# User Piotr Sikora pi...@cloudflare.com
# Date 1434623803 25200
# Thu Jun 18 03:36:43 2015 -0700
# Node ID 175c159113f26dac29f246b01a9195d90551ee3c
# Parent c3ec43580a48114dfd28186f43e773fcfe211337
SSL: cast hostname in SSL_set_tlsext_host_name().
Both OpenSSL and LibreSSL use macros and type casts to implement
SSL_{CTX_}set_* functions, but BoringSSL promoted them to proper
functions, so they require parameters with correct types now.
Signed-off-by: Piotr Sikora pi...@cloudflare.com
diff -r c3ec43580a48 -r 175c159113f2 src/http/ngx_http_upstream.c
--- a/src/http/ngx_http_upstream.c Wed Jun 17 17:57:34 2015 +0300
+++ b/src/http/ngx_http_upstream.c Thu Jun 18 03:36:43 2015 -0700
@@ -1657,7 +1657,9 @@ ngx_http_upstream_ssl_name(ngx_http_requ
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r-connection-log, 0,
upstream SSL server name: \%s\, name.data);
-if (SSL_set_tlsext_host_name(c-ssl-connection, name.data) == 0) {
+if (SSL_set_tlsext_host_name(c-ssl-connection, (const char *) name.data)
+== 0)
+{
ngx_ssl_error(NGX_LOG_ERR, r-connection-log, 0,
SSL_set_tlsext_host_name(\%s\) failed, name.data);
return NGX_ERROR;
diff -r c3ec43580a48 -r 175c159113f2 src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c Wed Jun 17 17:57:34 2015 +0300
+++ b/src/stream/ngx_stream_proxy_module.c Thu Jun 18 03:36:43 2015 -0700
@@ -792,7 +792,8 @@ ngx_stream_proxy_ssl_name(ngx_stream_ses
ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s-connection-log, 0,
upstream SSL server name: \%s\, name.data);
-if (SSL_set_tlsext_host_name(u-peer.connection-ssl-connection,
name.data)
+if (SSL_set_tlsext_host_name(u-peer.connection-ssl-connection,
+ (const char *) name.data)
== 0)
{
ngx_ssl_error(NGX_LOG_ERR, s-connection-log, 0,
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] SSL: guard use of SSLEAY_VERSION_NUMBER
# HG changeset patch
# User Piotr Sikora pi...@cloudflare.com
# Date 1434623802 25200
# Thu Jun 18 03:36:42 2015 -0700
# Node ID 4e0b02f89144cd774e213458c1d8f71b59ace1f9
# Parent c3ec43580a48114dfd28186f43e773fcfe211337
SSL: guard use of SSLEAY_VERSION_NUMBER.
It has been removed from BoringSSL, which isn't versioned anyway.
OPENSSL_VERSION_TEXT can be used to print built with BoringSSL.
Signed-off-by: Piotr Sikora pi...@cloudflare.com
diff -r c3ec43580a48 -r 4e0b02f89144 src/core/nginx.c
--- a/src/core/nginx.c Wed Jun 17 17:57:34 2015 +0300
+++ b/src/core/nginx.c Thu Jun 18 03:36:42 2015 -0700
@@ -233,16 +233,22 @@ main(int argc, char *const *argv)
#endif
#if (NGX_SSL)
-if (SSLeay() == SSLEAY_VERSION_NUMBER) {
-ngx_write_stderr(built with OPENSSL_VERSION_TEXT
- NGX_LINEFEED);
-} else {
+
+#ifdef SSLEAY_VERSION_NUMBER
+if (SSLeay() != SSLEAY_VERSION_NUMBER) {
ngx_write_stderr(built with OPENSSL_VERSION_TEXT
(running with );
ngx_write_stderr((char *) (uintptr_t)
SSLeay_version(SSLEAY_VERSION));
ngx_write_stderr() NGX_LINEFEED);
+
+} else
+#endif
+{
+ngx_write_stderr(built with OPENSSL_VERSION_TEXT
+ NGX_LINEFEED);
}
+
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
ngx_write_stderr(TLS SNI support enabled NGX_LINEFEED);
#else
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
