Hello community,
here is the log from the commit of package nginx for openSUSE:Factory checked
in at 2017-01-31 12:48:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nginx (Old)
and /work/SRC/openSUSE:Factory/.nginx.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx"
Changes:
--------
--- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2017-01-10
10:49:45.670265104 +0100
+++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2017-02-03
17:51:12.798085634 +0100
@@ -1,0 +2,24 @@
+Mon Jan 30 14:07:32 UTC 2017 - mrueck...@suse.de
+
+- update to 1.11.9
+ - Bugfix: nginx might hog CPU when using the stream module; the
+ bug had appeared in 1.11.5.
+ - Bugfix: EXTERNAL authentication mechanism in mail proxy was
+ accepted even if it was not enabled in the configuration.
+ - Bugfix: a segmentation fault might occur in a worker process if
+ the "ssl_verify_client" directive of the stream module was
+ used.
+ - Bugfix: the "ssl_verify_client" directive of the stream module
+ might not work.
+ - Bugfix: closing keepalive connections due to no free worker
+ connections might be too aggressive. Thanks to Joel
+ Cunningham.
+ - Bugfix: an incorrect response might be returned when using the
+ "sendfile" directive on FreeBSD and macOS; the bug had appeared
+ in 1.7.8.
+ - Bugfix: a truncated response might be stored in cache when
+ using the "aio_write" directive.
+ - Bugfix: a socket leak might occur when using the "aio_write"
+ directive.
+
+-------------------------------------------------------------------
Old:
----
nginx-1.11.8.tar.gz
New:
----
nginx-1.11.9.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nginx.spec ++++++
--- /var/tmp/diff_new_pack.uXYgrL/_old 2017-02-03 17:51:13.769948609 +0100
+++ /var/tmp/diff_new_pack.uXYgrL/_new 2017-02-03 17:51:13.773948045 +0100
@@ -64,7 +64,7 @@
%define ngx_doc_dir %{_datadir}/doc/packages/%{name}
#
Name: nginx
-Version: 1.11.8
+Version: 1.11.9
Release: 0
%define ngx_fancyindex_version 0.4.1
%define ngx_fancyindex_module_path ngx-fancyindex-%{ngx_fancyindex_version}
@@ -171,7 +171,6 @@
sed -i "s/\/var\/run/\/run/" conf/nginx.conf
%endif
-
%build
./configure \
--prefix=%{ngx_prefix}/ \
++++++ nginx-1.11.8.tar.gz -> nginx-1.11.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/CHANGES new/nginx-1.11.9/CHANGES
--- old/nginx-1.11.8/CHANGES 2016-12-27 15:23:14.000000000 +0100
+++ new/nginx-1.11.9/CHANGES 2017-01-24 15:02:25.000000000 +0100
@@ -1,4 +1,33 @@
+Changes with nginx 1.11.9 24 Jan 2017
+
+ *) Bugfix: nginx might hog CPU when using the stream module; the bug had
+ appeared in 1.11.5.
+
+ *) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
+ even if it was not enabled in the configuration.
+
+ *) Bugfix: a segmentation fault might occur in a worker process if the
+ "ssl_verify_client" directive of the stream module was used.
+
+ *) Bugfix: the "ssl_verify_client" directive of the stream module might
+ not work.
+
+ *) Bugfix: closing keepalive connections due to no free worker
+ connections might be too aggressive.
+ Thanks to Joel Cunningham.
+
+ *) Bugfix: an incorrect response might be returned when using the
+ "sendfile" directive on FreeBSD and macOS; the bug had appeared in
+ 1.7.8.
+
+ *) Bugfix: a truncated response might be stored in cache when using the
+ "aio_write" directive.
+
+ *) Bugfix: a socket leak might occur when using the "aio_write"
+ directive.
+
+
Changes with nginx 1.11.8 27 Dec 2016
*) Feature: the "absolute_redirect" directive.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/CHANGES.ru new/nginx-1.11.9/CHANGES.ru
--- old/nginx-1.11.8/CHANGES.ru 2016-12-27 15:23:12.000000000 +0100
+++ new/nginx-1.11.9/CHANGES.ru 2017-01-24 15:02:23.000000000 +0100
@@ -1,4 +1,32 @@
+Изменения в nginx 1.11.9 24.01.2017
+
+ *) Исправление: при использовании модуля stream nginx мог нагружать
+ процессор; ошибка появилась в 1.11.5.
+
+ *) Исправление: метод аутентификации EXTERNAL в почтовом прокси-сервере
+ можно было использовать, даже если он не был разрешён в конфигурации.
+
+ *) Исправление: при использовании директивы ssl_verify_client модуля
+ stream в рабочем процессе мог произойти segmentation fault.
+
+ *) Исправление: директива ssl_verify_client модуля stream могла не
+ работать.
+
+ *) Исправление: при исчерпании рабочим процессом свободных соединений
+ keepalive-соединения могли закрываться излишне агрессивно.
+ Спасибо Joel Cunningham.
+
+ *) Исправление: при использовании директивы sendfile на FreeBSD и macOS
+ мог возвращаться некорректный ответ; ошибка появилась в 1.7.8.
+
+ *) Исправление: при использовании директивы aio_write ответ мог
+ сохраняться в кэш не полностью.
+
+ *) Исправление: при использовании директивы aio_write могла происходить
+ утечка сокетов.
+
+
Изменения в nginx 1.11.8 27.12.2016
*) Добавление: директива absolute_redirect.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/LICENSE new/nginx-1.11.9/LICENSE
--- old/nginx-1.11.8/LICENSE 2016-12-27 15:23:08.000000000 +0100
+++ new/nginx-1.11.9/LICENSE 2017-01-24 15:02:19.000000000 +0100
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2002-2016 Igor Sysoev
- * Copyright (C) 2011-2016 Nginx, Inc.
+ * Copyright (C) 2002-2017 Igor Sysoev
+ * Copyright (C) 2011-2017 Nginx, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/core/nginx.h
new/nginx-1.11.9/src/core/nginx.h
--- old/nginx-1.11.8/src/core/nginx.h 2016-12-27 15:23:08.000000000 +0100
+++ new/nginx-1.11.9/src/core/nginx.h 2017-01-24 15:02:19.000000000 +0100
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1011008
-#define NGINX_VERSION "1.11.8"
+#define nginx_version 1011009
+#define NGINX_VERSION "1.11.9"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/core/ngx_buf.c
new/nginx-1.11.9/src/core/ngx_buf.c
--- old/nginx-1.11.8/src/core/ngx_buf.c 2016-12-27 15:23:08.000000000 +0100
+++ new/nginx-1.11.9/src/core/ngx_buf.c 2017-01-24 15:02:19.000000000 +0100
@@ -246,6 +246,9 @@
if (aligned <= cl->buf->file_last) {
size = aligned - cl->buf->file_pos;
}
+
+ total += size;
+ break;
}
total += size;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/core/ngx_connection.c
new/nginx-1.11.9/src/core/ngx_connection.c
--- old/nginx-1.11.8/src/core/ngx_connection.c 2016-12-27 15:23:08.000000000
+0100
+++ new/nginx-1.11.9/src/core/ngx_connection.c 2017-01-24 15:02:19.000000000
+0100
@@ -13,7 +13,7 @@
ngx_os_io_t ngx_io;
-static void ngx_drain_connections(void);
+static void ngx_drain_connections(ngx_cycle_t *cycle);
ngx_listening_t *
@@ -1046,7 +1046,7 @@
c = ngx_cycle->free_connections;
if (c == NULL) {
- ngx_drain_connections();
+ ngx_drain_connections((ngx_cycle_t *) ngx_cycle);
c = ngx_cycle->free_connections;
}
@@ -1204,6 +1204,7 @@
if (c->reusable) {
ngx_queue_remove(&c->queue);
+ ngx_cycle->reusable_connections_n--;
#if (NGX_STAT_STUB)
(void) ngx_atomic_fetch_add(ngx_stat_waiting, -1);
@@ -1217,6 +1218,7 @@
ngx_queue_insert_head(
(ngx_queue_t *) &ngx_cycle->reusable_connections_queue, &c->queue);
+ ngx_cycle->reusable_connections_n++;
#if (NGX_STAT_STUB)
(void) ngx_atomic_fetch_add(ngx_stat_waiting, 1);
@@ -1226,18 +1228,20 @@
static void
-ngx_drain_connections(void)
+ngx_drain_connections(ngx_cycle_t *cycle)
{
- ngx_int_t i;
+ ngx_uint_t i, n;
ngx_queue_t *q;
ngx_connection_t *c;
- for (i = 0; i < 32; i++) {
- if (ngx_queue_empty(&ngx_cycle->reusable_connections_queue)) {
+ n = ngx_max(ngx_min(32, cycle->reusable_connections_n / 8), 1);
+
+ for (i = 0; i < n; i++) {
+ if (ngx_queue_empty(&cycle->reusable_connections_queue)) {
break;
}
- q = ngx_queue_last(&ngx_cycle->reusable_connections_queue);
+ q = ngx_queue_last(&cycle->reusable_connections_queue);
c = ngx_queue_data(q, ngx_connection_t, queue);
ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/core/ngx_cycle.h
new/nginx-1.11.9/src/core/ngx_cycle.h
--- old/nginx-1.11.8/src/core/ngx_cycle.h 2016-12-27 15:23:08.000000000
+0100
+++ new/nginx-1.11.9/src/core/ngx_cycle.h 2017-01-24 15:02:19.000000000
+0100
@@ -53,6 +53,7 @@
ngx_uint_t modules_used; /* unsigned modules_used:1; */
ngx_queue_t reusable_connections_queue;
+ ngx_uint_t reusable_connections_n;
ngx_array_t listening;
ngx_array_t paths;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/event/ngx_event_pipe.c
new/nginx-1.11.9/src/event/ngx_event_pipe.c
--- old/nginx-1.11.8/src/event/ngx_event_pipe.c 2016-12-27 15:23:09.000000000
+0100
+++ new/nginx-1.11.9/src/event/ngx_event_pipe.c 2017-01-24 15:02:19.000000000
+0100
@@ -113,11 +113,24 @@
}
#if (NGX_THREADS)
+
if (p->aio) {
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0,
"pipe read upstream: aio");
return NGX_AGAIN;
}
+
+ if (p->writing) {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0,
+ "pipe read upstream: writing");
+
+ rc = ngx_event_pipe_write_chain_to_temp_file(p);
+
+ if (rc != NGX_OK) {
+ return rc;
+ }
+ }
+
#endif
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, p->log, 0,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/http/ngx_http_upstream.c
new/nginx-1.11.9/src/http/ngx_http_upstream.c
--- old/nginx-1.11.8/src/http/ngx_http_upstream.c 2016-12-27
15:23:09.000000000 +0100
+++ new/nginx-1.11.9/src/http/ngx_http_upstream.c 2017-01-24
15:02:19.000000000 +0100
@@ -3848,9 +3848,24 @@
p = u->pipe;
#if (NGX_THREADS)
+
+ if (p->writing && !p->aio) {
+
+ /*
+ * make sure to call ngx_event_pipe()
+ * if there is an incomplete aio write
+ */
+
+ if (ngx_event_pipe(p, 1) == NGX_ABORT) {
+ ngx_http_upstream_finalize_request(r, u, NGX_ERROR);
+ return;
+ }
+ }
+
if (p->writing) {
return;
}
+
#endif
if (u->peer.connection) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/mail/ngx_mail_imap_handler.c
new/nginx-1.11.9/src/mail/ngx_mail_imap_handler.c
--- old/nginx-1.11.8/src/mail/ngx_mail_imap_handler.c 2016-12-27
15:23:09.000000000 +0100
+++ new/nginx-1.11.9/src/mail/ngx_mail_imap_handler.c 2017-01-24
15:02:19.000000000 +0100
@@ -356,6 +356,8 @@
}
#endif
+ iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
+
rc = ngx_mail_auth_parse(s, c);
switch (rc) {
@@ -383,8 +385,6 @@
case NGX_MAIL_AUTH_CRAM_MD5:
- iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
-
if (!(iscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
@@ -406,6 +406,10 @@
case NGX_MAIL_AUTH_EXTERNAL:
+ if (!(iscf->auth_methods & NGX_MAIL_AUTH_EXTERNAL_ENABLED)) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
ngx_str_set(&s->out, imap_username);
s->mail_state = ngx_imap_auth_external;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/mail/ngx_mail_pop3_handler.c
new/nginx-1.11.9/src/mail/ngx_mail_pop3_handler.c
--- old/nginx-1.11.8/src/mail/ngx_mail_pop3_handler.c 2016-12-27
15:23:09.000000000 +0100
+++ new/nginx-1.11.9/src/mail/ngx_mail_pop3_handler.c 2017-01-24
15:02:19.000000000 +0100
@@ -501,6 +501,10 @@
case NGX_MAIL_AUTH_EXTERNAL:
+ if (!(pscf->auth_methods & NGX_MAIL_AUTH_EXTERNAL_ENABLED)) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
ngx_str_set(&s->out, pop3_username);
s->mail_state = ngx_pop3_auth_external;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/mail/ngx_mail_smtp_handler.c
new/nginx-1.11.9/src/mail/ngx_mail_smtp_handler.c
--- old/nginx-1.11.8/src/mail/ngx_mail_smtp_handler.c 2016-12-27
15:23:09.000000000 +0100
+++ new/nginx-1.11.9/src/mail/ngx_mail_smtp_handler.c 2017-01-24
15:02:19.000000000 +0100
@@ -609,6 +609,8 @@
return NGX_OK;
}
+ sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
+
rc = ngx_mail_auth_parse(s, c);
switch (rc) {
@@ -636,8 +638,6 @@
case NGX_MAIL_AUTH_CRAM_MD5:
- sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
-
if (!(sscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
@@ -659,6 +659,10 @@
case NGX_MAIL_AUTH_EXTERNAL:
+ if (!(sscf->auth_methods & NGX_MAIL_AUTH_EXTERNAL_ENABLED)) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
ngx_str_set(&s->out, smtp_username);
s->mail_state = ngx_smtp_auth_external;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/os/unix/ngx_darwin_sendfile_chain.c
new/nginx-1.11.9/src/os/unix/ngx_darwin_sendfile_chain.c
--- old/nginx-1.11.8/src/os/unix/ngx_darwin_sendfile_chain.c 2016-12-27
15:23:09.000000000 +0100
+++ new/nginx-1.11.9/src/os/unix/ngx_darwin_sendfile_chain.c 2017-01-24
15:02:19.000000000 +0100
@@ -98,7 +98,7 @@
send += file_size;
- if (header.count == 0) {
+ if (header.count == 0 && send < limit) {
/*
* create the trailer iovec and coalesce the neighbouring bufs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nginx-1.11.8/src/os/unix/ngx_freebsd_sendfile_chain.c
new/nginx-1.11.9/src/os/unix/ngx_freebsd_sendfile_chain.c
--- old/nginx-1.11.8/src/os/unix/ngx_freebsd_sendfile_chain.c 2016-12-27
15:23:09.000000000 +0100
+++ new/nginx-1.11.9/src/os/unix/ngx_freebsd_sendfile_chain.c 2017-01-24
15:02:19.000000000 +0100
@@ -114,15 +114,23 @@
send += file_size;
- /* create the trailer iovec and coalesce the neighbouring bufs */
+ if (send < limit) {
- cl = ngx_output_chain_to_iovec(&trailer, cl, limit - send, c->log);
+ /*
+ * create the trailer iovec and coalesce the neighbouring bufs
+ */
+
+ cl = ngx_output_chain_to_iovec(&trailer, cl, limit - send,
+ c->log);
+ if (cl == NGX_CHAIN_ERROR) {
+ return NGX_CHAIN_ERROR;
+ }
- if (cl == NGX_CHAIN_ERROR) {
- return NGX_CHAIN_ERROR;
- }
+ send += trailer.size;
- send += trailer.size;
+ } else {
+ trailer.count = 0;
+ }
if (ngx_freebsd_use_tcp_nopush
&& c->tcp_nopush == NGX_TCP_NOPUSH_UNSET)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/os/unix/ngx_thread_cond.c
new/nginx-1.11.9/src/os/unix/ngx_thread_cond.c
--- old/nginx-1.11.8/src/os/unix/ngx_thread_cond.c 2016-12-27
15:23:09.000000000 +0100
+++ new/nginx-1.11.9/src/os/unix/ngx_thread_cond.c 2017-01-24
15:02:19.000000000 +0100
@@ -16,8 +16,6 @@
err = pthread_cond_init(cond, NULL);
if (err == 0) {
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_cond_init(%p)", cond);
return NGX_OK;
}
@@ -33,8 +31,6 @@
err = pthread_cond_destroy(cond);
if (err == 0) {
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_cond_destroy(%p)", cond);
return NGX_OK;
}
@@ -50,8 +46,6 @@
err = pthread_cond_signal(cond);
if (err == 0) {
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_cond_signal(%p)", cond);
return NGX_OK;
}
@@ -66,9 +60,6 @@
{
ngx_err_t err;
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_cond_wait(%p) enter", cond);
-
err = pthread_cond_wait(cond, mtx);
#if 0
@@ -76,8 +67,6 @@
#endif
if (err == 0) {
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_cond_wait(%p) exit", cond);
return NGX_OK;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/os/unix/ngx_thread_mutex.c
new/nginx-1.11.9/src/os/unix/ngx_thread_mutex.c
--- old/nginx-1.11.8/src/os/unix/ngx_thread_mutex.c 2016-12-27
15:23:09.000000000 +0100
+++ new/nginx-1.11.9/src/os/unix/ngx_thread_mutex.c 2017-01-24
15:02:19.000000000 +0100
@@ -108,8 +108,6 @@
"pthread_mutexattr_destroy() failed");
}
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_mutex_init(%p)", mtx);
return NGX_OK;
}
@@ -126,8 +124,6 @@
return NGX_ERROR;
}
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_mutex_destroy(%p)", mtx);
return NGX_OK;
}
@@ -137,9 +133,6 @@
{
ngx_err_t err;
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_mutex_lock(%p) enter", mtx);
-
err = pthread_mutex_lock(mtx);
if (err == 0) {
return NGX_OK;
@@ -163,8 +156,6 @@
#endif
if (err == 0) {
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
- "pthread_mutex_unlock(%p) exit", mtx);
return NGX_OK;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/stream/ngx_stream_proxy_module.c
new/nginx-1.11.9/src/stream/ngx_stream_proxy_module.c
--- old/nginx-1.11.8/src/stream/ngx_stream_proxy_module.c 2016-12-27
15:23:10.000000000 +0100
+++ new/nginx-1.11.9/src/stream/ngx_stream_proxy_module.c 2017-01-24
15:02:20.000000000 +0100
@@ -1534,8 +1534,9 @@
size = b->end - b->last;
- if (size && src->read->ready && !src->read->delayed) {
-
+ if (size && src->read->ready && !src->read->delayed
+ && !src->read->error)
+ {
if (limit_rate) {
limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1)
- *received;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.11.8/src/stream/ngx_stream_ssl_module.c
new/nginx-1.11.9/src/stream/ngx_stream_ssl_module.c
--- old/nginx-1.11.8/src/stream/ngx_stream_ssl_module.c 2016-12-27
15:23:10.000000000 +0100
+++ new/nginx-1.11.9/src/stream/ngx_stream_ssl_module.c 2017-01-24
15:02:20.000000000 +0100
@@ -284,14 +284,19 @@
{
long rc;
X509 *cert;
+ ngx_int_t rv;
ngx_connection_t *c;
ngx_stream_ssl_conf_t *sslcf;
+ if (!s->ssl) {
+ return NGX_OK;
+ }
+
c = s->connection;
sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
- if (s->ssl && c->ssl == NULL) {
+ if (c->ssl == NULL) {
c->log->action = "SSL handshaking";
if (sslcf->ssl.ctx == NULL) {
@@ -301,7 +306,11 @@
return NGX_ERROR;
}
- return ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+ rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+
+ if (rv != NGX_OK) {
+ return rv;
+ }
}
if (sslcf->verify) {
