Mercurial > hg > nginx
view auto/cc/bcc @ 4245:8d39230df833 stable-1.0
Merging r4034, r4186, r4187, r4229, r4235, r4237:
SSL related fixes:
*) Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).
As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.
Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.
Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+. I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
*) Disabling SSL compression. This saves about 300K per SSL connection.
The SSL_OP_NO_COMPRESSION option is available since OpenSSL 1.0.0.
*) Releasing memory of idle SSL connection. This saves about 34K per SSL
connection. The SSL_MODE_RELEASE_BUFFERS option is available since
OpenSSL 1.0.0d.
*) Decrease of log level of some SSL handshake errors.
*) Fixed segfault on configuration testing with ssl (ticket #37).
The following config caused segmentation fault due to conf->file not
being properly set if "ssl on" was inherited from the http level:
http {
ssl on;
server {
}
}
*) Silently ignoring a stale global SSL error left after disabled renegotiation.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Tue, 01 Nov 2011 13:00:30 +0000 |
parents | d43d73277c5c |
children | d620f497c50f |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Borland C++ 5.5 # optimizations # maximize speed CFLAGS="$CFLAGS -O2" case $CPU in pentium) # optimize for Pentium and Athlon CPU_OPT="-5" ;; pentiumpro) # optimize for Pentium Pro, Pentium II and Pentium III CPU_OPT="-6" ;; esac # __stdcall #CPU_OPT="$CPU_OPT -ps" # __fastcall #CPU_OPT="$CPU_OPT -pr" CFLAGS="$CFLAGS $CPU_OPT" # multithreaded CFLAGS="$CFLAGS -tWM" # stop on warning CFLAGS="$CFLAGS -w!" # disable logo CFLAGS="$CFLAGS -q" # precompiled headers CORE_DEPS="$CORE_DEPS $NGX_OBJS/ngx_config.csm" NGX_PCH="$NGX_OBJS/ngx_config.csm" NGX_BUILD_PCH="-H=$NGX_OBJS/ngx_config.csm" NGX_USE_PCH="-Hu -H=$NGX_OBJS/ngx_config.csm" # Win32 GUI mode application #LINK="\$(CC) -laa" # the resource file NGX_RES="$NGX_OBJS/nginx.res" NGX_RCC="brcc32 -fo$NGX_OBJS/nginx.res \$(CORE_INCS) $NGX_WIN32_RC" # the pragma allows to link the resource file using bcc32 and # to avoid the direct ilink32 calling and the c0w32.obj's WinMain/main problem NGX_PRAGMA="#pragma resource \"$NGX_OBJS/nginx.res\"" ngx_include_opt="-I" ngx_objout="-o" ngx_binout="-e" ngx_objext="obj" ngx_binext=".exe" ngx_long_start='@&&| ' ngx_long_end='|' ngx_regex_dirsep='\\' ngx_dirsep="\\"