Mercurial > hg > nginx

view auto/cc/bcc @ 4245:8d39230df833 stable-1.0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merging r4034, r4186, r4187, r4229, r4235, r4237: SSL related fixes: *) Better handling of various per-server ssl options with SNI. SSL_set_SSL_CTX() doesn't touch values cached within ssl connection structure, it only changes certificates (at least as of now, OpenSSL 1.0.0d and earlier). As a result settings like ssl_verify_client, ssl_verify_depth, ssl_prefer_server_ciphers are only configurable on per-socket basis while with SNI it should be possible to specify them different for two servers listening on the same socket. Workaround is to explicitly re-apply settings we care about from context to ssl connection in servername callback. Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+. I.e. with older versions it is not possible to clear ssl_prefer_server_ciphers option if it's set in default server for a socket. *) Disabling SSL compression. This saves about 300K per SSL connection. The SSL_OP_NO_COMPRESSION option is available since OpenSSL 1.0.0. *) Releasing memory of idle SSL connection. This saves about 34K per SSL connection. The SSL_MODE_RELEASE_BUFFERS option is available since OpenSSL 1.0.0d. *) Decrease of log level of some SSL handshake errors. *) Fixed segfault on configuration testing with ssl (ticket #37). The following config caused segmentation fault due to conf->file not being properly set if "ssl on" was inherited from the http level: http { ssl on; server { } } *) Silently ignoring a stale global SSL error left after disabled renegotiation.
author Igor Sysoev <igor@sysoev.ru>
date Tue, 01 Nov 2011 13:00:30 +0000
parents d43d73277c5c
children d620f497c50f
line wrap: on
line source


# Copyright (C) Igor Sysoev


# Borland C++ 5.5

# optimizations

# maximize speed
CFLAGS="$CFLAGS -O2"

case $CPU in
    pentium)
        # optimize for Pentium and Athlon
        CPU_OPT="-5"
    ;;

    pentiumpro)
        # optimize for Pentium Pro, Pentium II and Pentium III
        CPU_OPT="-6"
    ;;
esac

# __stdcall
#CPU_OPT="$CPU_OPT -ps"
# __fastcall
#CPU_OPT="$CPU_OPT -pr"

CFLAGS="$CFLAGS $CPU_OPT"

# multithreaded
CFLAGS="$CFLAGS -tWM"

# stop on warning
CFLAGS="$CFLAGS -w!"

# disable logo
CFLAGS="$CFLAGS -q"


# precompiled headers
CORE_DEPS="$CORE_DEPS $NGX_OBJS/ngx_config.csm"
NGX_PCH="$NGX_OBJS/ngx_config.csm"
NGX_BUILD_PCH="-H=$NGX_OBJS/ngx_config.csm"
NGX_USE_PCH="-Hu -H=$NGX_OBJS/ngx_config.csm"


# Win32 GUI mode application
#LINK="\$(CC) -laa"


# the resource file
NGX_RES="$NGX_OBJS/nginx.res"
NGX_RCC="brcc32 -fo$NGX_OBJS/nginx.res \$(CORE_INCS) $NGX_WIN32_RC"
# the pragma allows to link the resource file using bcc32 and
# to avoid the direct ilink32 calling and the c0w32.obj's WinMain/main problem
NGX_PRAGMA="#pragma resource \"$NGX_OBJS/nginx.res\""


ngx_include_opt="-I"
ngx_objout="-o"
ngx_binout="-e"
ngx_objext="obj"
ngx_binext=".exe"

ngx_long_start='@&&|
	'
ngx_long_end='|'

ngx_regex_dirsep='\\'
ngx_dirsep="\\"