diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2005-11-09 17:25:55 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2005-11-09 17:25:55 +0000 |
| commit | 09c684b2d53b46b6ffb706c686ca4dbed62cf6da (patch) | |
| tree | 28d1d57070b5e8d95c8608d45678298d63f9621d /src/http/modules/ngx_http_ssl_module.c | |
| parent | 51425a465a22ad2e33e7048b880aa594c376f79c (diff) | |
| download | nginx-release-0.3.8.tar.gz nginx-release-0.3.8.zip | |
nginx-0.3.8-RELEASE importrelease-0.3.8
*) Security: nginx now checks URI got from a backend in
"X-Accel-Redirect" header line or in SSI file for the "/../" paths
and zeroes.
*) Change: nginx now does not treat the empty user name in the
"Authorization" header line as valid one.
*) Feature: the "ssl_session_timeout" directives of the
ngx_http_ssl_module and ngx_imap_ssl_module.
*) Feature: the "auth_http_header" directive of the
ngx_imap_auth_http_module.
*) Feature: the "add_header" directive.
*) Feature: the ngx_http_realip_module.
*) Feature: the new variables to use in the "log_format" directive:
$bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
$request_time, $request_length, $upstream_status,
$upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
$connection, $pipe, and $msec. The parameters in the "%name" form
will be canceled soon.
*) Change: now the false variable values in the "if" directive are the
empty string "" and string starting with "0".
*) Bugfix: while using proxied or FastCGI-server nginx may leave
connections and temporary files with client requests in open state.
*) Bugfix: the worker processes did not flush the buffered logs on
graceful exit.
*) Bugfix: if the request URI was changes by the "rewrite" directive
and the request was proxied in location given by regular expression,
then the incorrect request was transferred to backend; the bug had
appeared in 0.2.6.
*) Bugfix: the "expires" directive did not remove the previous
"Expires" header.
*) Bugfix: nginx may stop to accept requests if the "rtsig" method and
several worker processes were used.
*) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
SSI commands.
*) Bugfix: if the response was ended just after the SSI command and
gzipping was used, then the response did not transferred complete or
did not transferred at all.
Diffstat (limited to 'src/http/modules/ngx_http_ssl_module.c')
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 09bf63dcf..d75b9e60d 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -8,6 +8,7 @@ #include <ngx_core.h> #include <ngx_http.h> + #define NGX_DEFLAUT_CERTIFICATE "cert.pem" #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" @@ -84,6 +85,13 @@ static ngx_command_t ngx_http_ssl_commands[] = { ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 }, #endif + { ngx_string("ssl_session_timeout"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_sec_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_ssl_srv_conf_t, session_timeout), + NULL }, + ngx_null_command }; @@ -146,6 +154,7 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) */ scf->enable = NGX_CONF_UNSET; + scf->session_timeout = NGX_CONF_UNSET; scf->prefer_server_ciphers = NGX_CONF_UNSET; return scf; @@ -166,6 +175,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) return NGX_CONF_OK; } + ngx_conf_merge_value(conf->session_timeout, + prev->session_timeout, 300); + ngx_conf_merge_value(conf->prefer_server_ciphers, prev->prefer_server_ciphers, 0); @@ -229,6 +241,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, sizeof(ngx_http_session_id_ctx) - 1); + SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout); + return NGX_CONF_OK; } |