Revision tags: 1.32.1-1, 1.32.0-1, 1.32.0, 1.31.1-1, 1.31.1, 1.31.0-1, 1.31.0, 1.30.0-1, 1.30.0, 1.29.1-1, 1.29.1, 1.29.0-1, 1.29.0, 1.28.0-1, 1.28.0, 1.27.0-1, 1.27.0 |
|
#
2069:a74adcc53b78 |
| 14-Feb-2022 |
Zhidao HONG |
Certificates: fixed crash when reallocating chain.
|
Revision tags: 1.26.1-1, 1.26.1, 1.26.0-1, 1.26.0 |
|
#
1996:35873fa78fed |
| 09-Nov-2021 |
Tiago Natel de Moura |
Introduced SCM_CREDENTIALS / SCM_CREDS in the socket control msgs.
|
Revision tags: 1.25.0-1, 1.25.0, 1.24.0-1, 1.24.0 |
|
#
1869:03648307ff8c |
| 17-May-2021 |
Andrey Suvorov |
Fixing a crash after applying the wrong TLS configuration.
When an invalid TLS configuration is applied (such as the conf_commands feature), nxt_cert_store_get() creates a buffer to send a certifica
Fixing a crash after applying the wrong TLS configuration.
When an invalid TLS configuration is applied (such as the conf_commands feature), nxt_cert_store_get() creates a buffer to send a certificate request to the main process and adds its default completion handler to an asynchronous queue to free the allocated buffer. However, if configuration fails, nxt_router_conf_error() removes the memory pool used to allocate the buffer, causing a crash when the completion handler is dispatched.
Assertion "src/nxt_buf.c:208 assertion failed: data == b->parent" is triggered when is NXT_DEBUG enabled in the configure script.
This patch uses a reference counter to retain the memory pool and redefines the completion handler to free the buffer before releasing the memory pool.
show more ...
|
Revision tags: 1.23.0-1, 1.23.0 |
|
#
1822:7b103bd6308e |
| 24-Mar-2021 |
Valentin Bartenev |
Certificates: fixed in name attributes processing.
The idea is to put SAN after CN, but the previous version of the code incorrectly assumed that CN was always present, which caused writes outside t
Certificates: fixed in name attributes processing.
The idea is to put SAN after CN, but the previous version of the code incorrectly assumed that CN was always present, which caused writes outside the allocated object if there were no standard name attributes.
show more ...
|
#
1821:e1b1c9b16820 |
| 24-Mar-2021 |
Valentin Bartenev |
Certificates: moved SAN processing to a separate function.
No functional changes.
|
#
1820:e969cea13cc3 |
| 24-Mar-2021 |
Valentin Bartenev |
Certficates: fixed counting DNS SAN entries.
Previously, entries of any type were counted during object allocation but only DNS type entries were actually processed. As a result, if some certificat
Certficates: fixed counting DNS SAN entries.
Previously, entries of any type were counted during object allocation but only DNS type entries were actually processed. As a result, if some certificate entries had another type, returning information about the certificate caused uninitialized memory access.
show more ...
|
#
1813:10aaca1e582e |
| 15-Mar-2021 |
Valentin Bartenev |
Fixed certificates loading on startup with some filesystems.
It appears that readdir() on Linux detects file types unreliably, always setting the "d_type" field to DT_UNKNOWN for some less common fi
Fixed certificates loading on startup with some filesystems.
It appears that readdir() on Linux detects file types unreliably, always setting the "d_type" field to DT_UNKNOWN for some less common filesystems. As a result, all files were skipped and no certificate bundles were found when the state directory was located on such filesystems.
Skipping "." and ".." instead of any non-regular files should be enough, as no other non-regular files normally appear in this directory.
This closes #368 issue on GitHub.
show more ...
|
Revision tags: 1.22.0-1, 1.22.0, 1.21.0-1, 1.21.0, 1.20.0-1, 1.20.0, 1.19.0-1, 1.19.0, 1.18.0-1, 1.18.0 |
|
#
1488:6976d36be926 |
| 09-Mar-2020 |
Tiago Natel de Moura |
Refactor of process management.
The process abstraction has changed to:
setup(task, process) start(task, process_data) prefork(task, process, mp)
The prefork() occurs in the main process rig
Refactor of process management.
The process abstraction has changed to:
setup(task, process) start(task, process_data) prefork(task, process, mp)
The prefork() occurs in the main process right before fork.
The file src/nxt_main_process.c is completely free of process specific logic.
The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container).
The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away.
In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process.
The module API has changed to:
setup(task, process, conf) start(task, data)
As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
show more ...
|
Revision tags: 1.17.0-1, 1.17.0, 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0, 1.13.0-1, 1.13.0, 1.12.0-1, 1.12.0, 1.11.0-2, 1.11.0-1, 1.11.0, 1.10.0-2, 1.10.0-1, 1.10.0, 1.9.0-1, 1.9.0, 1.8.0-1, 1.8.0, 1.7.1-1, 1.7.1, 1.7-1, 1.7, 1.6-1, 1.6, 1.5-1, 1.5, 1.4-2, 1.4 |
|
#
774:b21709350c49 |
| 20-Sep-2018 |
Valentin Bartenev |
Controller: certificates storage interface.
|