History log of /unit/src/nxt_cert.c (Results 1 – 9 of 9)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 2069:a74adcc53b78 14-Feb-2022 Zhidao HONG

Certificates: fixed crash when reallocating chain.


Revision tags: 1.26.1-1, 1.26.1, 1.26.0-1, 1.26.0
# 1996:35873fa78fed 09-Nov-2021 Tiago Natel de Moura

Introduced SCM_CREDENTIALS / SCM_CREDS in the socket control msgs.


Revision tags: 1.25.0-1, 1.25.0, 1.24.0-1, 1.24.0
# 1869:03648307ff8c 17-May-2021 Andrey Suvorov

Fixing a crash after applying the wrong TLS configuration.

When an invalid TLS configuration is applied (such as the conf_commands
feature), nxt_cert_store_get() creates a buffer to send a certifica

Fixing a crash after applying the wrong TLS configuration.

When an invalid TLS configuration is applied (such as the conf_commands
feature), nxt_cert_store_get() creates a buffer to send a certificate request
to the main process and adds its default completion handler to an asynchronous
queue to free the allocated buffer. However, if configuration fails,
nxt_router_conf_error() removes the memory pool used to allocate the buffer,
causing a crash when the completion handler is dispatched.


Assertion "src/nxt_buf.c:208 assertion failed: data == b->parent" is triggered
when is NXT_DEBUG enabled in the configure script.


This patch uses a reference counter to retain the memory pool and redefines the
completion handler to free the buffer before releasing the memory pool.

show more ...


Revision tags: 1.23.0-1, 1.23.0
# 1822:7b103bd6308e 24-Mar-2021 Valentin Bartenev

Certificates: fixed in name attributes processing.

The idea is to put SAN after CN, but the previous version of the code
incorrectly assumed that CN was always present, which caused writes
outside t

Certificates: fixed in name attributes processing.

The idea is to put SAN after CN, but the previous version of the code
incorrectly assumed that CN was always present, which caused writes
outside the allocated object if there were no standard name attributes.

show more ...


# 1821:e1b1c9b16820 24-Mar-2021 Valentin Bartenev

Certificates: moved SAN processing to a separate function.

No functional changes.


# 1820:e969cea13cc3 24-Mar-2021 Valentin Bartenev

Certficates: fixed counting DNS SAN entries.

Previously, entries of any type were counted during object allocation
but only DNS type entries were actually processed. As a result,
if some certificat

Certficates: fixed counting DNS SAN entries.

Previously, entries of any type were counted during object allocation
but only DNS type entries were actually processed. As a result,
if some certificate entries had another type, returning information
about the certificate caused uninitialized memory access.

show more ...


# 1813:10aaca1e582e 15-Mar-2021 Valentin Bartenev

Fixed certificates loading on startup with some filesystems.

It appears that readdir() on Linux detects file types unreliably, always setting
the "d_type" field to DT_UNKNOWN for some less common fi

Fixed certificates loading on startup with some filesystems.

It appears that readdir() on Linux detects file types unreliably, always setting
the "d_type" field to DT_UNKNOWN for some less common filesystems. As a result,
all files were skipped and no certificate bundles were found when the state
directory was located on such filesystems.

Skipping "." and ".." instead of any non-regular files should be enough, as no
other non-regular files normally appear in this directory.

This closes #368 issue on GitHub.

show more ...


Revision tags: 1.22.0-1, 1.22.0, 1.21.0-1, 1.21.0, 1.20.0-1, 1.20.0, 1.19.0-1, 1.19.0, 1.18.0-1, 1.18.0
# 1488:6976d36be926 09-Mar-2020 Tiago Natel de Moura

Refactor of process management.

The process abstraction has changed to:

setup(task, process)
start(task, process_data)
prefork(task, process, mp)

The prefork() occurs in the main process rig

Refactor of process management.

The process abstraction has changed to:

setup(task, process)
start(task, process_data)
prefork(task, process, mp)

The prefork() occurs in the main process right before fork.

The file src/nxt_main_process.c is completely free of process
specific logic.

The creation of a process now supports a PROCESS_CREATED state. The
The setup() function of each process can set its state to either
created or ready. If created, a MSG_PROCESS_CREATED is sent to main
process, where external setup can be done (required for rootfs under
container).

The core processes (discovery, controller and router) doesn't need
external setup, then they all proceeds to their start() function
straight away.

In the case of applications, the load of the module happens at the
process setup() time and The module's init() function has changed
to be the start() of the process.

The module API has changed to:

setup(task, process, conf)
start(task, data)

As a direct benefit of the PROCESS_CREATED message, the clone(2) of
processes using pid namespaces now doesn't need to create a pipe
to make the child block until parent setup uid/gid mappings nor it
needs to receive the child pid.

show more ...


Revision tags: 1.17.0-1, 1.17.0, 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0, 1.13.0-1, 1.13.0, 1.12.0-1, 1.12.0, 1.11.0-2, 1.11.0-1, 1.11.0, 1.10.0-2, 1.10.0-1, 1.10.0, 1.9.0-1, 1.9.0, 1.8.0-1, 1.8.0, 1.7.1-1, 1.7.1, 1.7-1, 1.7, 1.6-1, 1.6, 1.5-1, 1.5, 1.4-2, 1.4
# 774:b21709350c49 20-Sep-2018 Valentin Bartenev

Controller: certificates storage interface.