nginx

mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00

Go to file

Maxim Dounin fbc51e4c44 Better handling of various per-server ssl options with SNI.

SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).

As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.

Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.

Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.

2011-08-23 14:36:31 +00:00

auto

Move SO_ACCEPTFILTER and TCP_DEFER_ACCEPT checks into configure.

2011-08-21 11:37:37 +00:00

conf

use !aNULL to disable all anonymous cipher suites

2011-06-27 15:47:51 +00:00

contrib

nginx-0.3.55-RELEASE import

2006-07-28 15:16:17 +00:00

docs

Restore the lost negation.

2011-08-23 13:39:22 +00:00

misc

Removing incomplete draft documentation from release tarball and zip.

2011-08-23 13:35:02 +00:00

src

Better handling of various per-server ssl options with SNI.

2011-08-23 14:36:31 +00:00

.hgtags

release-1.1.1 tag

2011-08-22 13:56:14 +00:00

Description

An official read-only mirror of http://hg.nginx.org/nginx/ which is updated hourly. Pull requests on GitHub cannot be accepted and will be automatically closed. The proper way to submit changes to nginx is via the nginx development mailing list, see http://nginx.org/en/docs/contributing_changes.html

78 MiB