History log of /unit/ (Results 201 – 225 of 1953)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
1829:8fb5cbfe761a25-Mar-2021 Max Romanov

Releasing shm buffers for large body requests.

This fixes memory and shm file descriptor leakage that occurred when a large
request body was passed via shared memory. The leakage was caught with th

Releasing shm buffers for large body requests.

This fixes memory and shm file descriptor leakage that occurred when a large
request body was passed via shared memory. The leakage was caught with the
"test_settings_body_buffer_size" test. The main condition is the
"body_buffer_size" value exceeding 10 Mb (a shm segment). Thus, the router was
forced to split the body into several shm segments, but these buffers were not
freed because of dummy completion handlers.

show more ...

1828:c548e46fe51624-Mar-2021 Andrey Suvorov

Added ability to configure multiple certificates on a listener.

The certificate is selected by matching the arriving SNI to the common name and
the alternatives names. If no certificate matches the

Added ability to configure multiple certificates on a listener.

The certificate is selected by matching the arriving SNI to the common name and
the alternatives names. If no certificate matches the name, the first bundle in
the array is chosen.

show more ...

1827:9b3971b8b4e024-Mar-2021 Konstantin Pavlov

Packages: added man page on rpm-based systems.

1826:d0d76464f1a524-Mar-2021 Konstantin Pavlov

Packages: added man page on debian-based systems.

1825:8d0b26746b0224-Mar-2021 Konstantin Pavlov

Added build system support for a man page.

1824:e4a48cdb5d0724-Mar-2021 Artem Konev

Added a missing .El directive in man page source.

1823:4425e79082a624-Mar-2021 Artem Konev

Added a man page.

Reviewed at https://rb.nginx.com/r/165/

1822:7b103bd6308e24-Mar-2021 Valentin Bartenev

Certificates: fixed in name attributes processing.

The idea is to put SAN after CN, but the previous version of the code
incorrectly assumed that CN was always present, which caused writes
outside t

Certificates: fixed in name attributes processing.

The idea is to put SAN after CN, but the previous version of the code
incorrectly assumed that CN was always present, which caused writes
outside the allocated object if there were no standard name attributes.

show more ...

1821:e1b1c9b1682024-Mar-2021 Valentin Bartenev

Certificates: moved SAN processing to a separate function.

No functional changes.

1820:e969cea13cc324-Mar-2021 Valentin Bartenev

Certficates: fixed counting DNS SAN entries.

Previously, entries of any type were counted during object allocation
but only DNS type entries were actually processed. As a result,
if some certificat

Certficates: fixed counting DNS SAN entries.

Previously, entries of any type were counted during object allocation
but only DNS type entries were actually processed. As a result,
if some certificate entries had another type, returning information
about the certificate caused uninitialized memory access.

show more ...

1819:9344a39fb02e24-Mar-2021 Max Romanov

Tests: fixed racing condition in websocket test 5_15.

Test case: "send a text message split into two fragments, then a continuation
frame with FIN = false where there is nothing to continue, then an

Tests: fixed racing condition in websocket test 5_15.

Test case: "send a text message split into two fragments, then a continuation
frame with FIN = false where there is nothing to continue, then an unfragmented
text message, all sent in one chop".

The test case investigates immediate connection closing since there is no
message to continue.

The mirror server may send a response for the first frame before the test
сontinuation frame is received by the router. In this case, the test will
receive a text frame before the close frame.

show more ...

1818:fa6569d00fe424-Mar-2021 Max Romanov

Workaround for an OpenSSL bug about not closing /dev/*random.

This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and
/dev/urandom files remain open after all listening sockets

Workaround for an OpenSSL bug about not closing /dev/*random.

This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and
/dev/urandom files remain open after all listening sockets were removed:

- https://github.com/openssl/openssl/issues/7419

show more ...

1817:5bf7ec778c8624-Mar-2021 Valentin Bartenev

Disabled logging alerts to syslog.

It feels to be causing more harm than good, because syslog() can be blocking,
which is even more critical under resource exhaustion conditions when some
alerts are

Disabled logging alerts to syslog.

It feels to be causing more harm than good, because syslog() can be blocking,
which is even more critical under resource exhaustion conditions when some
alerts are expected.

show more ...

1816:91b04f5068f522-Mar-2021 "Sergey A. Osokin"

Java: upgrading third-party components.

1815:d0ee0d19a7a615-Mar-2021 Valentin Bartenev

Fixed building the PHP 5 module with ZTS, broken by dab8544b5440.

This closes #525 issue on GitHub.

1814:05a8e3eb624415-Mar-2021 Valentin Bartenev

Ruby: fixed encodings initialization.

The Ruby interpreter expects an explicit setlocale() call before initialization
to pick up character encodings in the "Encoding" class from the environment.

Th

Ruby: fixed encodings initialization.

The Ruby interpreter expects an explicit setlocale() call before initialization
to pick up character encodings in the "Encoding" class from the environment.

This closes #531 issue on GitHub.

show more ...

1813:10aaca1e582e15-Mar-2021 Valentin Bartenev

Fixed certificates loading on startup with some filesystems.

It appears that readdir() on Linux detects file types unreliably, always setting
the "d_type" field to DT_UNKNOWN for some less common fi

Fixed certificates loading on startup with some filesystems.

It appears that readdir() on Linux detects file types unreliably, always setting
the "d_type" field to DT_UNKNOWN for some less common filesystems. As a result,
all files were skipped and no certificate bundles were found when the state
directory was located on such filesystems.

Skipping "." and ".." instead of any non-regular files should be enough, as no
other non-regular files normally appear in this directory.

This closes #368 issue on GitHub.

show more ...

1812:71adb995a9af15-Mar-2021 Valentin Bartenev

Fixed TLS connection shutdown on errors.

An immediate return statement on connection errors was mistakenly added to the
beginning of nxt_openssl_conn_io_shutdown() in ecd3c5bbf7d8, breaking the TLS

Fixed TLS connection shutdown on errors.

An immediate return statement on connection errors was mistakenly added to the
beginning of nxt_openssl_conn_io_shutdown() in ecd3c5bbf7d8, breaking the TLS
connection finalization procedure. As a result, a TLS connection was left
unfinalized if it had been closed prematurely or a fatal protocol error had
occurred, which caused memory and socket descriptor leakage.

Moreover, in some cases (notably, on handshake errors in tests with kqueue on
macOS) the read event was triggered later and nxt_h1p_conn_error() was called
the second time; after the change in af93c866b4f0, the latter call crashed the
router process in an attempt to remove a connection from the idle queue twice.

show more ...

1811:cac57293c5c502-Mar-2021 Max Romanov

Closing app outgoing shared memory file descriptor.

This fixes file descriptor leakage in router. Shared memory file used to
send data from router to application. These files are shared among all

Closing app outgoing shared memory file descriptor.

This fixes file descriptor leakage in router. Shared memory file used to
send data from router to application. These files are shared among all
processes of same application and router keeps the opened file descriptor since
06017e6e3a5f commit.

show more ...

1810:9fcc8edf220102-Mar-2021 Max Romanov

Fixing warnings on Solaris.

pthread_t on Solaris is an integer type with size not equal to pointer size.
To avoid warnings, type casts to and from pointer needs to be done via
uintptr_t type.

This

Fixing warnings on Solaris.

pthread_t on Solaris is an integer type with size not equal to pointer size.
To avoid warnings, type casts to and from pointer needs to be done via
uintptr_t type.

This change originally proposed by Juraj Lutter <juraj@lutter.sk>.

show more ...

1809:17b6c23d23b802-Mar-2021 Max Romanov

Fixing NetBSD compatibility.

Instead of PTHREAD_STACK_MIN define, NetBSD requires to get minimum stack
size using sysctl(_SC_THREAD_STACK_MIN).

This change originally proposed by Juraj Lutter <jura

Fixing NetBSD compatibility.

Instead of PTHREAD_STACK_MIN define, NetBSD requires to get minimum stack
size using sysctl(_SC_THREAD_STACK_MIN).

This change originally proposed by Juraj Lutter <juraj@lutter.sk>.

show more ...

1808:d760b25a47d323-Feb-2021 Andrei Zeliankou

Tests: fixed tests to work without openssl support.

1807:858dbd8c089418-Feb-2021 Andrei Zeliankou

Tests: added regex check.

1806:e26d14bc48da16-Feb-2021 Valentin Bartenev

Version bump.

1805:55de51d00bca15-Feb-2021 Andrei Zeliankou

Tests: clear certificates after each test.

12345678910>>...79