HPKP directives for SSL module

Been working for a couple hours on an addition to the SSL module that would help users implement HPKP ( https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning). The idea is to add a directive that would be easily configurable to have nginx present the appropriate PKP header on HTTP r

Re: [PATCH] ignore ipv6=off resolver option when no ipv6 support

Hello! On Fri, Dec 16, 2016 at 11:35:44AM -0800, Thibault Charbonnier wrote: [...] > Say we wish to disable IPv6 resolution regardless of whether nginx was > built with our without support for it: > > resolver 8.8.8.8 8.8.4.4 ipv6=off; > > Now the issue is that ipv6=off raises this - cry

Re: [PATCH] ignore ipv6=off resolver option when no ipv6 support

On 12/16/16 7:07 AM, Maxim Dounin wrote: Hello! Hi, Builds without IPv6 support is something we are phasing out. Starting with nginx 1.11.5 IPv6 support is automatically configured as long as supported by OS: Changes with nginx 1.11.5, 11 Oct 2016: *) Change: the --with-ipv6 configure op

[nginx] Configure: detect nginx version for nginx.pm at make time.

details: http://hg.nginx.org/nginx/rev/53ea5694d1cc branches: changeset: 6848:53ea5694d1cc user: Ruslan Ermilov date: Fri Dec 16 19:54:37 2016 +0300 description: Configure: detect nginx version for nginx.pm at make time. diffstat: auto/lib/perl/make | 9 + 1 files changed

[njs] Math.pow() method fix.

details: http://hg.nginx.org/njs/rev/631a3be91d22 branches: changeset: 286:631a3be91d22 user: Valentin Bartenev date: Fri Dec 16 17:52:15 2016 +0300 description: Math.pow() method fix. diffstat: njs/njs_math.c | 7 --- njs/test/njs_unit_test.c | 6 ++ 2 files c

[nginx] Resolver: fixed a race between parallel name and addr resolves.

details: http://hg.nginx.org/nginx/rev/c3a895b94d3f branches: changeset: 6846:c3a895b94d3f user: Dmitry Volyntsev date: Fri Dec 16 18:21:55 2016 +0300 description: Resolver: fixed a race between parallel name and addr resolves. Previously, ngx_resolve_name() and ngx_resolve_addr() m

[nginx] Resolver: fixed handling of partially resolved SRV.

details: http://hg.nginx.org/nginx/rev/d72b38376092 branches: changeset: 6847:d72b38376092 user: Dmitry Volyntsev date: Fri Dec 16 18:21:55 2016 +0300 description: Resolver: fixed handling of partially resolved SRV. The resolver handles SRV requests in two stages. In the first stag

[nginx] Resolver: fixed possible premature stop of the resend timer.

details: http://hg.nginx.org/nginx/rev/9abba5b70ea0 branches: changeset: 6845:9abba5b70ea0 user: Dmitry Volyntsev date: Fri Dec 16 18:21:42 2016 +0300 description: Resolver: fixed possible premature stop of the resend timer. Previously, ngx_resolve_name_done() and ngx_resolve_addr_d

[nginx] Resolver: fixed possible use-after-free in worker on fast shutdown.

details: http://hg.nginx.org/nginx/rev/259e2a76e8fb branches: changeset: 6844:259e2a76e8fb user: Ruslan Ermilov date: Fri Dec 16 14:53:28 2016 +0300 description: Resolver: fixed possible use-after-free in worker on fast shutdown. The fix in a3dc657f4e95 was incomplete. diffstat:

Re: [PATCH] ignore ipv6=off resolver option when no ipv6 support

Hello! On Thu, Dec 15, 2016 at 05:17:30PM -0800, Thibault Charbonnier wrote: > Please let me know how you feel about this relatively simple patch which > aims at making the "resolver" directive more robust with regards to the > "ipv6=" option when Nginx is built without IPv6 support. Builds with