Hi,
I have a few questions about subrequests -
- When a subrequest is completed - where is the response body stored? Is
it entirely in the memory? How does the main request retrieve it?
- Can I invoke the main request from within the context of a body filter
of a subrequest? Can I re-invoke th
Hello!
I have encountered a potential bug in Nginx's upstream module -
When the upstream server is an SSL server, if an error occurs in
ngx_http_upstream_ssl_handshake() - the
function ngx_http_run_posted_requests() is never called.
This happens when initiating an SSL connection, the SSL module ha
wrote:
> Hello!
>
> On Mon, Aug 19, 2013 at 05:17:24PM +0300, Aviram Cohen wrote:
>
> > Hello!
> >
> > I have encountered a potential bug in Nginx's upstream module -
> > When the upstream server is an SSL server, if an error occurs in
> > ngx_h
Hello!
Nginx's reverse proxy doesn't verify the SSL certificate of the remote
server (see http://trac.nginx.org/nginx/ticket/13).
The following is a suggested patch for v1.4.1 that adds this feature. It is
partially inspired by the patch for v1.1.3 that has been suggested in this
list and in the
c/http/ngx_http_upstream.h
2013-08-21 14:18:58.521251394 +0300
@@ -191,6 +191,9 @@ typedef struct {
#if (NGX_HTTP_SSL)
ngx_ssl_t *ssl;
ngx_flag_t ssl_session_reuse;
+ngx_flag_t ssl_verify;
+ngx_uint_t ssl_verify_dept
Hello!
I have a couple of questions regarding the two last comments:
On Wed, Aug 21, 2013 at 5:30 PM, Maxim Dounin wrote:
> Hello!
>
[..]
>> @@ -3748,6 +3786,13 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n
>> != NGX_OK)
>> {
>> return NGX_ERROR;
>> +}
>> +
>> +if (n
ssl_session_reuse;
+ ngx_flag_t ssl_verify;
+ngx_uint_t ssl_verify_depth;
+ngx_str_tssl_certificate;
#endif
ngx_str_tmodule;
On Thu, Aug 22, 2013 at 5:00 PM, Aviram Cohen wro
Hello!
On Wed, Aug 28, 2013 at 3:41 AM, Maxim Dounin wrote:
> Hello!
>
[...]
>
> if (conf->upstream.ssl
> && ngx_ssl_trusted_certificate(cf, conf->upstream.ssl,
>&conf->upstream.ssl_certificate
>conf->upst
03 15:23:15.611874377 +0300
@@ -191,6 +191,7 @@ typedef struct {
#if (NGX_HTTP_SSL)
ngx_ssl_t *ssl;
ngx_flag_t ssl_session_reuse;
+ngx_flag_t ssl_verify;
#endif
ngx_str_tmodule;
On Mon, S
f all the proxied hosts. This also
means that it
is out of Nginx's scope to update this file. Apache does the same thing.
- The patch was made for v1.4.1.
The patch itself is in the end of this mail, and also in:
https://gist.github.com/aviramc/6903821
Best regards,
Aviram
# HG changeset
t when verifying SSL certificates.
The new version is here
https://gist.github.com/aviramc/7006607
and here:
# HG changeset patch
# User Aviram Cohen
# Date 1381924204 -7200
# Node ID eb4a27153a24e4477d9074bd51ba56ce58be4177
# Parent 70c5cd3a61cb476c2afb3a61826e59c7cda0b7a7
Added remote end SSL certificate
ss
doesn't get stuck and can still serve other requests).
This was reproduced in v1.4.3.
If anyone can verify the problem and suggest a patch to solve the issue,
that would be great.
Regards,
Aviram
--
Aviram Cohen, R&D
Adallom, 1 Ha'Barzel st., Tel-Aviv, Israel
Mobile: +9
Hello!
The Nginx configuration allows you to define different server blocks that have
different server names but listen on the same port in SSL. For an incoming
connection, Nginx uses SNI in order to know under which server block the
connection should be handled.
However, the 'ssl_protocols' di
Hello!
A couple of years ago, I've reported the following bug:
http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004442.html
Responses with empty bodies with the header "Content-Encoding: gzip" used to
cause requests to hang.
There has been a fix, but now it seems that the requests sim
lient.
Regards
-Original Message-
From: nginx-devel [mailto:nginx-devel-boun...@nginx.org] On Behalf Of Valentin
V. Bartenev
Sent: יום ב 30 נובמבר 2015 17:16
To: nginx-devel@nginx.org
Subject: Re: [BUG] Gunzip module may cause requests to fail
On Monday 30 November 2015 13:20:02 Aviram Cohen wrote:
Sent: יום ב 30 נובמבר 2015 19:37
To: nginx-devel@nginx.org
Subject: Re: [BUG] Gunzip module may cause requests to fail
Hello!
On Mon, Nov 30, 2015 at 04:29:09PM +0000, Aviram Cohen wrote:
> You are right, response bodies that are empty but still "encoded as
> gzip" are a
[BUG] Gunzip module may cause requests to fail
Hello!
On Tue, Dec 01, 2015 at 07:55:22AM +, Aviram Cohen wrote:
> Maxim, great hearing from you.
> I have said that the response is a bit malformed, which means
> for me that even though it looks weird, it can be handled.
> You
ngx_http_next_header_filter(r);
-Original Message-
From: nginx-devel [mailto:nginx-devel-boun...@nginx.org] On Behalf Of Maxim
Dounin
Sent: יום ד 02 דצמבר 2015 20:26
To: nginx-devel@nginx.org
Subject: Re: [BUG] Gunzip module may cause requests to fail
Hello!
On Wed, Dec 02, 2015 at 07:39:
18 matches
Mail list logo
