]> git.kaiwu.me - nginx.git/log
nginx.git
5 years agoQUIC: caching c->quic in the ngx_quic_handle_ack_frame() function.
Vladimir Homutov [Mon, 13 Jul 2020 07:07:20 +0000 (10:07 +0300)]
QUIC: caching c->quic in the ngx_quic_handle_ack_frame() function.

To minimize difference with the following changes.

5 years agoQUIC: delay field of an ACK frame is now calculated.
Vladimir Homutov [Fri, 10 Jul 2020 12:33:51 +0000 (15:33 +0300)]
QUIC: delay field of an ACK frame is now calculated.

5 years agoQUIC: added rtt estimation.
Vladimir Homutov [Thu, 16 Jul 2020 12:44:06 +0000 (15:44 +0300)]
QUIC: added rtt estimation.

According to the quic-recovery 29, Section 5: Estimating the Round-Trip Time.

Currently, integer arithmetics is used, which loses sub-millisecond accuracy.

5 years agoMerged with the default branch.
Sergey Kandaurov [Mon, 13 Jul 2020 12:34:22 +0000 (15:34 +0300)]
Merged with the default branch.

5 years agoSlice filter: clear original Accept-Ranges.
Roman Arutyunyan [Thu, 9 Jul 2020 13:21:37 +0000 (16:21 +0300)]
Slice filter: clear original Accept-Ranges.

The slice filter allows ranges for the response by setting the r->allow_ranges
flag, which enables the range filter.  If the range was not requested, the
range filter adds an Accept-Ranges header to the response to signal the
support for ranges.

Previously, if an Accept-Ranges header was already present in the first slice
response, client received two copies of this header.  Now, the slice filter
removes the Accept-Ranges header from the response prior to setting the
r->allow_ranges flag.

5 years agoVersion bump.
Roman Arutyunyan [Thu, 9 Jul 2020 14:33:22 +0000 (17:33 +0300)]
Version bump.

5 years agorelease-1.19.1 tag
Maxim Dounin [Tue, 7 Jul 2020 15:56:06 +0000 (18:56 +0300)]
release-1.19.1 tag

5 years agonginx-1.19.1-RELEASE release-1.19.1
Maxim Dounin [Tue, 7 Jul 2020 15:56:05 +0000 (18:56 +0300)]
nginx-1.19.1-RELEASE

5 years agogRPC: generate error when response size is wrong.
Maxim Dounin [Mon, 6 Jul 2020 15:36:25 +0000 (18:36 +0300)]
gRPC: generate error when response size is wrong.

As long as the "Content-Length" header is given, we now make sure
it exactly matches the size of the response.  If it doesn't,
the response is considered malformed and must not be forwarded
(https://tools.ietf.org/html/rfc7540#section-8.1.2.6).  While it
is not really possible to "not forward" the response which is already
being forwarded, we generate an error instead, which is the closest
equivalent.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Also this
directly contradicts HTTP/2 specification requirements.

Note that the new behaviour for the gRPC proxy is more strict than that
applied in other variants of proxying.  This is intentional, as HTTP/2
specification requires us to do so, while in other types of proxying
malformed responses from backends are well known and historically
tolerated.

5 years agoFastCGI: protection from responses with wrong length.
Maxim Dounin [Mon, 6 Jul 2020 15:36:23 +0000 (18:36 +0300)]
FastCGI: protection from responses with wrong length.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Fix is to
drop extra data instead, as it naturally happens in most clients.

Additionally, we now also issue a warning if the response is too
short, and make sure the fact it is truncated is propagated to the
client.  The u->error flag is introduced to make it possible to
propagate the error to the client in case of unbuffered proxying.

For responses to HEAD requests there is an exception: we do allow
both responses without body and responses with body matching the
Content-Length header.

5 years agoUpstream: drop extra data sent by upstream.
Maxim Dounin [Mon, 6 Jul 2020 15:36:22 +0000 (18:36 +0300)]
Upstream: drop extra data sent by upstream.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Fix is to
drop extra data instead, as it naturally happens in most clients.

This change covers generic buffered and unbuffered filters as used
in the scgi and uwsgi modules.  Appropriate input filter init
handlers are provided by the scgi and uwsgi modules to set corresponding
lengths.

Note that for responses to HEAD requests there is an exception:
we do allow any response length.  This is because responses to HEAD
requests might be actual full responses, and it is up to nginx
to remove the response body.  If caching is enabled, only full
responses matching the Content-Length header will be cached
(see b779728b180c).

5 years agoProxy: style.
Maxim Dounin [Mon, 6 Jul 2020 15:36:21 +0000 (18:36 +0300)]
Proxy: style.

5 years agoProxy: detection of data after final chunk.
Maxim Dounin [Mon, 6 Jul 2020 15:36:20 +0000 (18:36 +0300)]
Proxy: detection of data after final chunk.

Previously, additional data after final chunk was either ignored
(in the same buffer, or during unbuffered proxying) or sent to the
client (in the next buffer already if it was already read from the
socket).  Now additional data are properly detected and ignored
in all cases.  Additionally, a warning is now logged and keepalive
is disabled in the connection.

5 years agoProxy: drop extra data sent by upstream.
Maxim Dounin [Mon, 6 Jul 2020 15:36:19 +0000 (18:36 +0300)]
Proxy: drop extra data sent by upstream.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Fix is to
drop extra data instead, as it naturally happens in most clients.

5 years agoMemcached: protect from too long responses.
Maxim Dounin [Mon, 6 Jul 2020 15:36:17 +0000 (18:36 +0300)]
Memcached: protect from too long responses.

If a memcached response was followed by a correct trailer, and then
the NUL character followed by some extra data - this was accepted by
the trailer checking code.  This in turn resulted in ctx->rest underflow
and caused negative size buffer on the next reading from the upstream,
followed by the "negative size buf in writer" alert.

Fix is to always check for too long responses, so a correct trailer cannot
be followed by extra data.

6 years agoHTTP/2: lingering close after GOAWAY.
Ruslan Ermilov [Fri, 3 Jul 2020 13:16:47 +0000 (16:16 +0300)]
HTTP/2: lingering close after GOAWAY.

After sending the GOAWAY frame, a connection is now closed using
the lingering close mechanism.

This allows for the reliable delivery of the GOAWAY frames, while
also fixing connection resets observed when http2_max_requests is
reached (ticket #1250), or with graceful shutdown (ticket #1544),
when some additional data from the client is received on a fully
closed connection.

For HTTP/2, the settings lingering_close, lingering_timeout, and
lingering_time are taken from the "server" level.

6 years agoHTTP/3: simplified handling return codes from parse functions.
Roman Arutyunyan [Thu, 2 Jul 2020 17:07:24 +0000 (20:07 +0300)]
HTTP/3: simplified handling return codes from parse functions.

6 years agoHTTP/3: put ngx_http_v3_parse_varlen_int() return code in variable.
Roman Arutyunyan [Fri, 3 Jul 2020 09:07:43 +0000 (12:07 +0300)]
HTTP/3: put ngx_http_v3_parse_varlen_int() return code in variable.

This makes calling this function similar to other parse functions.

6 years agoHTTP/3: simplifed handling ngx_http_v3_parse_literal() return code.
Roman Arutyunyan [Fri, 3 Jul 2020 09:05:05 +0000 (12:05 +0300)]
HTTP/3: simplifed handling ngx_http_v3_parse_literal() return code.

6 years agoHTTP/3: limited prefixed integer size by 62 bits.
Roman Arutyunyan [Fri, 3 Jul 2020 06:26:12 +0000 (09:26 +0300)]
HTTP/3: limited prefixed integer size by 62 bits.

6 years agoHTTP/3: fixed overflow in prefixed integer parser.
Roman Arutyunyan [Fri, 3 Jul 2020 13:41:31 +0000 (16:41 +0300)]
HTTP/3: fixed overflow in prefixed integer parser.

Previously, the expression (ch & 0x7f) was promoted to a signed integer.
Depending on the platform, the size of this integer could be less than 8 bytes,
leading to overflow when handling the higher bits of the result.  Also, sign
bit of this integer could be replicated when adding to the 64-bit st->value.

6 years agoHTTP/3: fixed prefix in decoding Section Acknowledgement.
Sergey Kandaurov [Thu, 2 Jul 2020 14:35:57 +0000 (17:35 +0300)]
HTTP/3: fixed prefix in decoding Section Acknowledgement.

6 years agoHTTP/3: set r->headers_in.chunked flag after parsing headers.
Roman Arutyunyan [Tue, 30 Jun 2020 12:32:09 +0000 (15:32 +0300)]
HTTP/3: set r->headers_in.chunked flag after parsing headers.

Previously it was set when creating the request object.  The side-effect was
trying to discard the request body in case of header parse error.

6 years agoHTTP/3: close QUIC connection with HTTP/QPACK errors when needed.
Roman Arutyunyan [Thu, 2 Jul 2020 13:47:51 +0000 (16:47 +0300)]
HTTP/3: close QUIC connection with HTTP/QPACK errors when needed.

Previously errors led only to closing streams.

To simplify closing QUIC connection from a QUIC stream context, new macro
ngx_http_v3_finalize_connection() is introduced.  It calls
ngx_quic_finalize_connection() for the parent connection.

6 years agoHTTP/3: error code definitions for HTTP/3 and QPACK.
Roman Arutyunyan [Tue, 30 Jun 2020 09:30:57 +0000 (12:30 +0300)]
HTTP/3: error code definitions for HTTP/3 and QPACK.

6 years agoQUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan [Thu, 2 Jul 2020 13:33:59 +0000 (16:33 +0300)]
QUIC: Introduced ngx_quic_finalize_connection().

The function finalizes QUIC connection with an application protocol error
code and sends a CONNECTION_CLOSE frame with type=0x1d.

Also, renamed NGX_QUIC_FT_CONNECTION_CLOSE2 to NGX_QUIC_FT_CONNECTION_CLOSE_APP.

6 years agoHTTP/3: downgraded literal size error level to NGX_LOG_INFO.
Roman Arutyunyan [Thu, 2 Jul 2020 13:33:36 +0000 (16:33 +0300)]
HTTP/3: downgraded literal size error level to NGX_LOG_INFO.

Now it's similar to HTTP/2.

6 years agoHTTP/3: refactored dynamic table implementation.
Roman Arutyunyan [Thu, 2 Jul 2020 12:34:05 +0000 (15:34 +0300)]
HTTP/3: refactored dynamic table implementation.

Previously dynamic table was not functional because of zero limit on its size
set by default.  Now the following changes enable it:

- new directives to set SETTINGS_QPACK_MAX_TABLE_CAPACITY and
  SETTINGS_QPACK_BLOCKED_STREAMS
- send settings with SETTINGS_QPACK_MAX_TABLE_CAPACITY and
  SETTINGS_QPACK_BLOCKED_STREAMS to the client
- send Insert Count Increment to the client
- send Header Acknowledgement to the client
- evict old dynamic table entries on overflow
- decode Required Insert Count from client
- block stream if Required Insert Count is not reached

6 years agoHTTP/3: fixed prefixed integer encoding and decoding.
Roman Arutyunyan [Thu, 2 Jul 2020 12:15:55 +0000 (15:15 +0300)]
HTTP/3: fixed prefixed integer encoding and decoding.

Previously bytes were ordered from MSB to LSB, but the right order is the
reverse.

6 years agoSSL: fixed unexpected certificate requests (ticket #2008).
Maxim Dounin [Mon, 29 Jun 2020 14:15:51 +0000 (17:15 +0300)]
SSL: fixed unexpected certificate requests (ticket #2008).

Using SSL_CTX_set_verify(SSL_VERIFY_PEER) implies that OpenSSL will
send a certificate request during an SSL handshake, leading to unexpected
certificate requests from browsers as long as there are any client
certificates installed.  Given that ngx_ssl_trusted_certificate()
is called unconditionally by the ngx_http_ssl_module, this affected
all HTTPS servers.  Broken by 699f6e55bbb4 (not released yet).

Fix is to set verify callback in the ngx_ssl_trusted_certificate() function
without changing the verify mode.

6 years agoHTTP/3: http3_max_field_size directive to limit string size.
Roman Arutyunyan [Mon, 29 Jun 2020 12:56:14 +0000 (15:56 +0300)]
HTTP/3: http3_max_field_size directive to limit string size.

Client streams may send literal strings which are now limited in size by the
new directive.  The default value is 4096.

The directive is similar to HTTP/2 directive http2_max_field_size.

6 years agoHTTP/3: introduced ngx_http_v3_get_module_srv_conf() macro.
Roman Arutyunyan [Fri, 26 Jun 2020 08:58:00 +0000 (11:58 +0300)]
HTTP/3: introduced ngx_http_v3_get_module_srv_conf() macro.

The macro helps to access a module's server configuration from a QUIC
stream context.

6 years agoHTTP/3: fixed dropping first non-pseudo header.
Roman Arutyunyan [Fri, 26 Jun 2020 07:05:28 +0000 (10:05 +0300)]
HTTP/3: fixed dropping first non-pseudo header.

6 years agoHTTP/3: do not emit a DATA frame header for header_only responses.
Sergey Kandaurov [Thu, 25 Jun 2020 17:31:13 +0000 (20:31 +0300)]
HTTP/3: do not emit a DATA frame header for header_only responses.

This resulted in the frame error due to the invalid DATA frame length.

6 years agoStyle.
Vladimir Homutov [Fri, 19 Jun 2020 08:29:30 +0000 (11:29 +0300)]
Style.

6 years agoREADME: documented draft-28, draft-29 support.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
README: documented draft-28, draft-29 support.

6 years agoUpdate Initial salt and Retry secret from quic-tls-29.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Update Initial salt and Retry secret from quic-tls-29.

See sections 5.2 and 5.8 for the current values.

6 years agoGet rid of hardcoded numbers used for quic handshake errors.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Get rid of hardcoded numbers used for quic handshake errors.

6 years agoDiscard short packets which could not be decrypted.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Discard short packets which could not be decrypted.

So that connections are protected from failing from on-path attacks.
Decryption failure of long packets used during handshake still leads
to connection close since it barely makes sense to handle them there.

6 years agoClose connection with PROTOCOL_VIOLATION on decryption failure.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Close connection with PROTOCOL_VIOLATION on decryption failure.

A previously used undefined error code is now replaced with the generic one.

Note that quic-transport prescribes keeping connection intact, discarding such
QUIC packets individually, in the sense that coalesced packets could be there.
This is selectively handled in the next change.

6 years agoDefine KEY_UPDATE_ERROR from quic-tls-24.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Define KEY_UPDATE_ERROR from quic-tls-24.

6 years agoReject new QUIC connection with CONNECTION_REFUSED on shutdown.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Reject new QUIC connection with CONNECTION_REFUSED on shutdown.

6 years agoClose QUIC connection with NO_ERROR on c->close.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Close QUIC connection with NO_ERROR on c->close.

That way it makes more sense.  Previously it was closed with INTERNAL_ERROR.

6 years agoDo not close QUIC sockets in ngx_close_listening_sockets().
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Do not close QUIC sockets in ngx_close_listening_sockets().

This breaks graceful shutdown of QUIC connections in terms of quic-transport.

6 years agoQUIC error SERVER_BUSY renamed to CONNECTION_REFUSED in draft-29.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
QUIC error SERVER_BUSY renamed to CONNECTION_REFUSED in draft-29.

6 years agoQUIC: cleaned up quic encryption state tracking.
Vladimir Homutov [Thu, 18 Jun 2020 11:29:24 +0000 (14:29 +0300)]
QUIC: cleaned up quic encryption state tracking.

The patch removes remnants of the old state tracking mechanism, which did
not take into account assimetry of read/write states and was not very
useful.

The encryption state now is entirely tracked using SSL_quic_read/write_level().

6 years agoQUIC: added ALPN checks.
Vladimir Homutov [Thu, 18 Jun 2020 10:58:46 +0000 (13:58 +0300)]
QUIC: added ALPN checks.

quic-transport draft 29:

    section 7:

    *  authenticated negotiation of an application protocol (TLS uses
       ALPN [RFC7301] for this purpose)

    ...

    Endpoints MUST explicitly negotiate an application protocol.  This
    avoids situations where there is a disagreement about the protocol
    that is in use.

    section 8.1:

    When using ALPN, endpoints MUST immediately close a connection (see
    Section 10.3 of [QUIC-TRANSPORT]) with a no_application_protocol TLS
    alert (QUIC error code 0x178; see Section 4.10) if an application
    protocol is not negotiated.

Changes in ngx_quic_close_quic() function are required to avoid attempts
to generated and send packets without proper keys, what happens in case
of failed ALPN check.

6 years agoQUIC: fixed off-by-one in frame range handler.
Vladimir Homutov [Thu, 18 Jun 2020 08:16:35 +0000 (11:16 +0300)]
QUIC: fixed off-by-one in frame range handler.

The ctx->pnum is incremented after the packet is sent, thus pointing to the
next packet number, which should not be used in comparison.

6 years agoQUIC: further limiting maximum QUIC packet size.
Vladimir Homutov [Tue, 16 Jun 2020 08:54:05 +0000 (11:54 +0300)]
QUIC: further limiting maximum QUIC packet size.

quic-transport draft 29, section 14:

    QUIC depends upon a minimum IP packet size of at least 1280 bytes.
    This is the IPv6 minimum size [RFC8200] and is also supported by most
    modern IPv4 networks.  Assuming the minimum IP header size, this
    results in a QUIC maximum packet size of 1232 bytes for IPv6 and 1252
    bytes for IPv4.

Since the packet size can change during connection lifetime, the
ngx_quic_max_udp_payload() function is introduced that currently
returns minimal allowed size, depending on address family.

6 years agoQUIC: raise error on missing transport parameters.
Vladimir Homutov [Mon, 15 Jun 2020 14:06:40 +0000 (17:06 +0300)]
QUIC: raise error on missing transport parameters.

quic-tls, 8.2:

    The quic_transport_parameters extension is carried in the ClientHello
    and the EncryptedExtensions messages during the handshake.  Endpoints
    MUST send the quic_transport_parameters extension; endpoints that
    receive ClientHello or EncryptedExtensions messages without the
    quic_transport_parameters extension MUST close the connection with an
    error of type 0x16d (equivalent to a fatal TLS missing_extension
    alert, see Section 4.10).

6 years agoQUIC: Fixed connection cleanup.
Vladimir Homutov [Mon, 15 Jun 2020 13:59:53 +0000 (16:59 +0300)]
QUIC: Fixed connection cleanup.

A posted event need to be deleted during the connection close.

6 years agoFixed potential leak of temp pool.
Eran Kornblau [Mon, 15 Jun 2020 07:58:31 +0000 (03:58 -0400)]
Fixed potential leak of temp pool.

In case ngx_hash_add_key() fails, need to goto failed instead of returning,
so that temp_pool will be destoryed.

6 years agoCache: introduced min_free cache clearing.
Maxim Dounin [Mon, 22 Jun 2020 15:03:00 +0000 (18:03 +0300)]
Cache: introduced min_free cache clearing.

Clearing cache based on free space left on a file system is
expected to allow better disk utilization in some cases, notably
when disk space might be also used for something other than nginx
cache (including nginx own temporary files) and while loading
cache (when cache size might be inaccurate for a while, effectively
disabling max_size cache clearing).

Based on a patch by Adam Bambuch.

6 years agoToo large st_blocks values are now ignored (ticket #157).
Maxim Dounin [Mon, 22 Jun 2020 15:02:59 +0000 (18:02 +0300)]
Too large st_blocks values are now ignored (ticket #157).

With XFS, using "allocsize=64m" mount option results in large preallocation
being reported in the st_blocks as returned by fstat() till the file is
closed.  This in turn results in incorrect cache size calculations and
wrong clearing based on max_size.

To avoid too aggressive cache clearing on such volumes, st_blocks values
which result in sizes larger than st_size and eight blocks (an arbitrary
limit) are no longer trusted, and we use st_size instead.

The ngx_de_fs_size() counterpart is intentionally not modified, as
it is used on closed files and hence not affected by this problem.

6 years agoLarge block sizes on Linux are now ignored (ticket #1168).
Maxim Dounin [Mon, 22 Jun 2020 15:02:58 +0000 (18:02 +0300)]
Large block sizes on Linux are now ignored (ticket #1168).

NFS on Linux is known to report wsize as a block size (in both f_bsize
and f_frsize, both in statfs() and statvfs()).  On the other hand,
typical file system block sizes on Linux (ext2/ext3/ext4, XFS) are limited
to pagesize.  (With FAT, block sizes can be at least up to 512k in
extreme cases, but this doesn't really matter, see below.)
To avoid too aggressive cache clearing on NFS volumes on Linux, block
sizes larger than pagesize are now ignored.

Note that it is safe to ignore large block sizes.  Since 3899:e7cd13b7f759
(1.0.1) cache size is calculated based on fstat() st_blocks, and rounding
to file system block size is preserved mostly for Windows.

Note well that on other OSes valid block sizes seen are at least up
to 65536.  In particular, UFS on FreeBSD is known to work well with block
and fragment sizes set to 65536.

6 years agoOCSP: fixed use-after-free on error.
Roman Arutyunyan [Mon, 15 Jun 2020 17:17:16 +0000 (20:17 +0300)]
OCSP: fixed use-after-free on error.

When validating second and further certificates, ssl callback could be called
twice to report the error.  After the first call client connection is
terminated and its memory is released.  Prior to the second call and in it
released connection memory is accessed.

Errors triggering this behavior:
- failure to create the request
- failure to start resolving OCSP responder name
- failure to start connecting to the OCSP responder

The fix is to rearrange the code to eliminate the second call.

6 years agoCorrectly flush request body to uwsgi with SSL.
Quantum [Mon, 15 Jun 2020 21:35:26 +0000 (17:35 -0400)]
Correctly flush request body to uwsgi with SSL.

The flush flag was not set when forwarding the request body to the uwsgi
server. When using uwsgi_pass suwsgi://..., this causes the uwsgi server
to wait indefinitely for the request body and eventually time out due to
SSL buffering.

This is essentially the same change as 4009:3183165283cc, which was made
to ngx_http_proxy_module.c.

This will fix the uwsgi bug https://github.com/unbit/uwsgi/issues/1490.

6 years agoStyle.
Vladimir Homutov [Wed, 10 Jun 2020 18:37:48 +0000 (21:37 +0300)]
Style.

6 years agoLimited max udp payload size for outgoing packets.
Vladimir Homutov [Wed, 10 Jun 2020 18:37:08 +0000 (21:37 +0300)]
Limited max udp payload size for outgoing packets.

This allows to avoid problems with packet fragmentation in real networks.
This is a temporary workaround.

6 years agoIncreased default initial retransmit timeout.
Vladimir Homutov [Wed, 10 Jun 2020 18:33:20 +0000 (21:33 +0300)]
Increased default initial retransmit timeout.

This is a temporary workaround, proper retransmission mechanism based on
quic-recovery rfc draft is yet to be implemented.

Currently hardcoded value is too small for real networks.  The patch
sets static PTO, considering rtt of ~333ms, what gives about 1s.

6 years agoFixed usage of own/client transport parameters.
Vladimir Homutov [Wed, 10 Jun 2020 18:23:10 +0000 (21:23 +0300)]
Fixed usage of own/client transport parameters.

6 years agoStream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov [Mon, 8 Jun 2020 08:40:34 +0000 (11:40 +0300)]
Stream: fixed processing of zero length UDP packets (ticket #1982).

6 years agoStream ID handling in MAX_STREAM_DATA and STREAM_DATA_BLOCKED.
Sergey Kandaurov [Fri, 5 Jun 2020 17:59:27 +0000 (20:59 +0300)]
Stream ID handling in MAX_STREAM_DATA and STREAM_DATA_BLOCKED.

6 years agoStream ID handling in RESET_STREAM and STOP_SENDING frames.
Sergey Kandaurov [Fri, 5 Jun 2020 17:59:27 +0000 (20:59 +0300)]
Stream ID handling in RESET_STREAM and STOP_SENDING frames.

6 years agoReject invalid STREAM ID with STREAM_STATE_ERROR connection error.
Sergey Kandaurov [Fri, 5 Jun 2020 17:59:26 +0000 (20:59 +0300)]
Reject invalid STREAM ID with STREAM_STATE_ERROR connection error.

6 years agoIntroduced connection error APPLICATION_ERROR from draft-28.
Sergey Kandaurov [Fri, 5 Jun 2020 10:20:03 +0000 (13:20 +0300)]
Introduced connection error APPLICATION_ERROR from draft-28.

6 years agoReceipt of CONNECTION_CLOSE in 0-RTT is permitted in draft-28.
Sergey Kandaurov [Fri, 5 Jun 2020 10:20:02 +0000 (13:20 +0300)]
Receipt of CONNECTION_CLOSE in 0-RTT is permitted in draft-28.

6 years agoTreat receipt of NEW_TOKEN as connection error PROTOCOL_VIOLATION.
Sergey Kandaurov [Fri, 5 Jun 2020 10:20:02 +0000 (13:20 +0300)]
Treat receipt of NEW_TOKEN as connection error PROTOCOL_VIOLATION.

6 years agoSSL: added verify callback to ngx_ssl_trusted_certificate().
Maxim Dounin [Wed, 3 Jun 2020 16:11:32 +0000 (19:11 +0300)]
SSL: added verify callback to ngx_ssl_trusted_certificate().

This ensures that certificate verification is properly logged to debug
log during upstream server certificate verification.  This should help
with debugging various certificate issues.

6 years agoDecoupled validation of Host and :authority for HTTP/2 and HTTP/3.
Roman Arutyunyan [Tue, 2 Jun 2020 12:59:14 +0000 (15:59 +0300)]
Decoupled validation of Host and :authority for HTTP/2 and HTTP/3.

Previously an error was triggered for HTTP/2 when host with port was passed
by client.

6 years agoFixed SIGQUIT not removing listening UNIX sockets (closes #753).
Ruslan Ermilov [Mon, 1 Jun 2020 19:31:23 +0000 (22:31 +0300)]
Fixed SIGQUIT not removing listening UNIX sockets (closes #753).

Listening UNIX sockets were not removed on graceful shutdown, preventing
the next runs.  The fix is to replace the custom socket closing code in
ngx_master_process_cycle() by the ngx_close_listening_sockets() call.

6 years agoFixed removing of listening UNIX sockets when "changing binary".
Ruslan Ermilov [Mon, 1 Jun 2020 17:19:27 +0000 (20:19 +0300)]
Fixed removing of listening UNIX sockets when "changing binary".

When changing binary, sending a SIGTERM to the new binary's master process
should not remove inherited UNIX sockets unless the old binary's master
process has exited.

6 years agoCompatibility with BoringSSL master branch.
Sergey Kandaurov [Mon, 1 Jun 2020 16:53:13 +0000 (19:53 +0300)]
Compatibility with BoringSSL master branch.

Recently BoringSSL introduced SSL_set_quic_early_data_context()
that serves as an additional constrain to enable 0-RTT in QUIC.

Relevant changes:
 * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/
 * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/

6 years agoFixed transport parameters on a new connection with a valid token.
Sergey Kandaurov [Mon, 1 Jun 2020 16:16:44 +0000 (19:16 +0300)]
Fixed transport parameters on a new connection with a valid token.

Previously, the retry transport parameter was sent regardless.

6 years agoRequire ":authority" or "Host" in HTTP/3 and HTTP/2 requests.
Roman Arutyunyan [Fri, 29 May 2020 09:42:23 +0000 (12:42 +0300)]
Require ":authority" or "Host" in HTTP/3 and HTTP/2 requests.

Also, if both are present, require that they have the same value.  These
requirements are specified in HTTP/3 draft 28.

Current implementation of HTTP/2 treats ":authority" and "Host"
interchangeably.  New checks only make sure at least one of these values is
present in the request.  A similar check existed earlier and was limited only
to HTTP/1.1 in 38c0898b6df7.

6 years agoAdded propagation of the "wildcard" flag to c->listening.
Vladimir Homutov [Fri, 29 May 2020 10:29:24 +0000 (13:29 +0300)]
Added propagation of the "wildcard" flag to c->listening.

The flags was originally added by 8f038068f4bc, and is propagated correctly
in the stream module.  With QUIC introduction, http module now uses datagram
sockets as well, thus the fix.

6 years agoMade NGX_QUIC_DRAFT_VERSION tunable from configure parameters.
Sergey Kandaurov [Fri, 29 May 2020 12:07:46 +0000 (15:07 +0300)]
Made NGX_QUIC_DRAFT_VERSION tunable from configure parameters.

Now it can be switched using --with-cc-opt='-DNGX_QUIC_DRAFT_VERSION=28'.

6 years agoQUIC draft-28 transport parameters support.
Sergey Kandaurov [Fri, 29 May 2020 12:06:33 +0000 (15:06 +0300)]
QUIC draft-28 transport parameters support.

Draft-27 and draft-28 support can now be enabled interchangeably,
it's based on the compile-time macro NGX_QUIC_DRAFT_VERSION.

6 years agoIntroduced macros for building length-value transport parameters.
Sergey Kandaurov [Fri, 29 May 2020 10:05:57 +0000 (13:05 +0300)]
Introduced macros for building length-value transport parameters.

6 years agoRenamed max_packet_size to max_udp_payload_size, from draft-28.
Sergey Kandaurov [Fri, 29 May 2020 09:56:08 +0000 (12:56 +0300)]
Renamed max_packet_size to max_udp_payload_size, from draft-28.

No functional changes.

6 years agoRejected forbidden transport parameters with TRANSPORT_PARAMETER_ERROR.
Sergey Kandaurov [Fri, 29 May 2020 09:55:39 +0000 (12:55 +0300)]
Rejected forbidden transport parameters with TRANSPORT_PARAMETER_ERROR.

6 years agoFixed return codes in ngx_quic_add_handshake_data() callback.
Sergey Kandaurov [Fri, 29 May 2020 09:50:20 +0000 (12:50 +0300)]
Fixed return codes in ngx_quic_add_handshake_data() callback.

6 years agoREADME: update after merging 1.19.0.
Sergey Kandaurov [Tue, 26 May 2020 17:41:43 +0000 (20:41 +0300)]
README: update after merging 1.19.0.

6 years agoMerged with the default branch.
Sergey Kandaurov [Tue, 26 May 2020 17:26:44 +0000 (20:26 +0300)]
Merged with the default branch.

6 years agoContrib: vim syntax, update core and 3rd party module directives.
Gena Makhomed [Tue, 26 May 2020 16:17:11 +0000 (19:17 +0300)]
Contrib: vim syntax, update core and 3rd party module directives.

6 years agoVersion bump.
Maxim Dounin [Tue, 26 May 2020 19:03:00 +0000 (22:03 +0300)]
Version bump.

6 years agorelease-1.19.0 tag
Maxim Dounin [Tue, 26 May 2020 15:00:20 +0000 (18:00 +0300)]
release-1.19.0 tag

6 years agonginx-1.19.0-RELEASE release-1.19.0
Maxim Dounin [Tue, 26 May 2020 15:00:20 +0000 (18:00 +0300)]
nginx-1.19.0-RELEASE

6 years agoUpdated OpenSSL used for win32 builds.
Maxim Dounin [Mon, 25 May 2020 19:10:37 +0000 (22:10 +0300)]
Updated OpenSSL used for win32 builds.

6 years agoUpdated README with "Contributing" section and draft details.
Vladimir Homutov [Mon, 25 May 2020 15:37:43 +0000 (18:37 +0300)]
Updated README with "Contributing" section and draft details.

6 years agoHTTP/2: invalid connection preface logging (ticket #1981).
Maxim Dounin [Mon, 25 May 2020 15:33:42 +0000 (18:33 +0300)]
HTTP/2: invalid connection preface logging (ticket #1981).

Previously, invalid connection preface errors were only logged at debug
level, providing no visible feedback, in particular, when a plain text
HTTP/2 listening socket is erroneously used for HTTP/1.x connections.
Now these are explicitly logged at the info level, much like other
client-related errors.

6 years agoFixed format specifiers.
Sergey Kandaurov [Sat, 23 May 2020 12:53:08 +0000 (15:53 +0300)]
Fixed format specifiers.

6 years agoOCSP: certificate status cache.
Roman Arutyunyan [Fri, 22 May 2020 14:25:27 +0000 (17:25 +0300)]
OCSP: certificate status cache.

When enabled, certificate status is stored in cache and is used to validate
the certificate in future requests.

New directive ssl_ocsp_cache is added to configure the cache.

6 years agoSSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan [Fri, 22 May 2020 14:30:12 +0000 (17:30 +0300)]
SSL: client certificate validation with OCSP (ticket #1534).

OCSP validation for client certificates is enabled by the "ssl_ocsp" directive.
OCSP responder can be optionally specified by "ssl_ocsp_responder".

When session is reused, peer chain is not available for validation.
If the verified chain contains certificates from the peer chain not available
at the server, validation will fail.

6 years agoOCSP stapling: iterate over all responder addresses.
Roman Arutyunyan [Fri, 22 May 2020 17:35:05 +0000 (20:35 +0300)]
OCSP stapling: iterate over all responder addresses.

Previously only the first responder address was used per each stapling update.
Now, in case of a network or parsing error, next address is used.

This also fixes the issue with unsupported responder address families
(ticket #1330).

6 years agoOCSP stapling: keep extra chain in the staple object.
Roman Arutyunyan [Sun, 17 May 2020 11:24:35 +0000 (14:24 +0300)]
OCSP stapling: keep extra chain in the staple object.

6 years agoHTTP/3: reallocate strings inserted into the dynamic table.
Roman Arutyunyan [Thu, 14 May 2020 13:02:32 +0000 (16:02 +0300)]
HTTP/3: reallocate strings inserted into the dynamic table.

They should always be allocated from the main QUIC connection pool.

6 years agoFixed client buffer reallocation for HTTP/3.
Roman Arutyunyan [Tue, 19 May 2020 13:20:33 +0000 (16:20 +0300)]
Fixed client buffer reallocation for HTTP/3.

Preserving pointers within the client buffer is not needed for HTTP/3 because
all data is either allocated from pool or static.  Unlike with HTTP/1, data
typically cannot be referenced directly within the client buffer.  Trying to
preserve NULLs or external pointers lead to broken pointers.

Also, reverted changes in ngx_http_alloc_large_header_buffer() not relevant
for HTTP/3 to minimize diff to mainstream.

6 years agoFixed $request_length for HTTP/3.
Roman Arutyunyan [Tue, 19 May 2020 12:47:37 +0000 (15:47 +0300)]
Fixed $request_length for HTTP/3.

New field r->parse_start is introduced to substitute r->request_start and
r->header_name_start for request length accounting.  These fields only work for
this purpose in HTTP/1 because HTTP/1 request line and header line start with
these values.

Also, error logging is now fixed to output the right part of the request.

6 years agoHTTP/3: restricted symbols in header names.
Roman Arutyunyan [Tue, 19 May 2020 12:34:00 +0000 (15:34 +0300)]
HTTP/3: restricted symbols in header names.

As per HTTP/3 draft 27, a request or response containing uppercase header
field names MUST be treated as malformed.  Also, existing rules applied
when parsing HTTP/1 header names are also applied to HTTP/3 header names:

- null character is not allowed
- underscore character may or may not be treated as invalid depending on the
  value of "underscores_in_headers"
- all non-alphanumeric characters with the exception of '-' are treated as
  invalid

Also, the r->locase_header field is now filled while parsing an HTTP/3
header.

Error logging for invalid headers is fixed as well.