Fri, 21 Sep 2018 20:31:32 +0300 |
Maxim Dounin |
SSL: disabled renegotiation checks with SSL_OP_NO_RENEGOTIATION.
|
Mon, 10 Sep 2018 18:57:39 +0300 |
Maxim Dounin |
SSL: restore handlers after blocking.
|
Mon, 10 Sep 2018 18:57:19 +0300 |
Maxim Dounin |
SSL: corrected SSL_ERROR_WANT_WRITE / SSL_ERROR_WANT_READ logging.
|
Tue, 07 Aug 2018 02:16:07 +0300 |
Maxim Dounin |
SSL: support for TLSv1.3 early data with BoringSSL.
|
Tue, 07 Aug 2018 02:15:28 +0300 |
Maxim Dounin |
SSL: enabled TLSv1.3 with BoringSSL.
|
Tue, 17 Jul 2018 12:53:23 +0300 |
Sergey Kandaurov |
SSL: save sessions for upstream peers using a callback function.
|
Mon, 16 Jul 2018 17:47:48 +0300 |
Maxim Dounin |
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
|
Mon, 16 Jul 2018 17:47:20 +0300 |
Maxim Dounin |
SSL: fixed SSL_clear_options() usage with OpenSSL 1.1.0+.
|
Mon, 16 Jul 2018 17:47:18 +0300 |
Maxim Dounin |
SSL: logging levels of "unsupported protocol", "version too low".
|
Thu, 05 Jul 2018 20:45:29 +0300 |
Maxim Dounin |
SSL: logging level of "https proxy request" errors.
|
Wed, 06 Jun 2018 13:31:05 +0300 |
Sergey Kandaurov |
SSL: removed extra prototype.
|
Tue, 22 Aug 2017 17:36:12 +0300 |
Maxim Dounin |
SSL: fixed possible use-after-free in $ssl_server_name.
|
Tue, 22 Aug 2017 15:18:10 +0300 |
Maxim Dounin |
SSL: the $ssl_client_escaped_cert variable (ticket #857).
|
Wed, 09 Aug 2017 15:03:27 +0300 |
Sergey Kandaurov |
Fixed calls to ngx_open_file() in certain places.
|
Wed, 09 Aug 2017 14:59:46 +0300 |
Sergey Kandaurov |
Style.
|
Tue, 25 Jul 2017 17:21:59 +0300 |
Sergey Kandaurov |
SSL: fixed typo in the error message.
|
Wed, 03 May 2017 15:15:56 +0300 |
Sergey Kandaurov |
SSL: allowed renegotiation in client mode with OpenSSL < 1.1.0.
|
Tue, 18 Apr 2017 16:08:46 +0300 |
Sergey Kandaurov |
SSL: compatibility with OpenSSL master branch.
|
Tue, 18 Apr 2017 16:08:44 +0300 |
Sergey Kandaurov |
SSL: disabled renegotiation detection in client mode.
|
Tue, 18 Apr 2017 15:12:38 +0300 |
Sergey Kandaurov |
SSL: added support for TLSv1.3 in ssl_protocols directive.
|
Mon, 06 Feb 2017 18:38:06 +0300 |
Sergey Kandaurov |
SSL: clear error queue after OPENSSL_init_ssl().
|
Fri, 23 Dec 2016 17:28:20 +0300 |
Maxim Dounin |
SSL: support AES256 encryption of tickets.
|
Thu, 15 Dec 2016 19:00:23 +0300 |
Maxim Dounin |
SSL: backed out changeset e7cb5deb951d, reimplemented properly.
|
Tue, 13 Dec 2016 14:19:30 -0800 |
Piotr Sikora |
SSL: fix call to BIO_get_mem_data().
|
Mon, 05 Dec 2016 22:23:23 +0300 |
Maxim Dounin |
SSL: $ssl_curves (ticket #1088).
|
Mon, 05 Dec 2016 22:23:23 +0300 |
Maxim Dounin |
SSL: $ssl_ciphers (ticket #870).
|
Mon, 05 Dec 2016 22:23:23 +0300 |
Maxim Dounin |
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
|
Mon, 05 Dec 2016 22:23:22 +0300 |
Maxim Dounin |
SSL: $ssl_client_verify extended with a failure reason.
|
Mon, 05 Dec 2016 22:23:22 +0300 |
Maxim Dounin |
OCSP stapling: added certificate name to warnings.
|
Fri, 21 Oct 2016 16:28:39 +0300 |
Dmitry Volyntsev |
SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
|
Tue, 18 Oct 2016 20:46:06 +0300 |
Valentin Bartenev |
SSL: overcame possible buffer over-read in ngx_ssl_error().
|
Tue, 18 Oct 2016 17:25:38 +0300 |
Maxim Dounin |
SSL: default DH parameters compatible with OpenSSL 1.1.0.
stable-1.10
|
Mon, 22 Aug 2016 18:53:21 +0300 |
Sergey Kandaurov |
SSL: adopted session ticket handling for OpenSSL 1.1.0.
stable-1.10
|
Mon, 08 Aug 2016 13:44:49 +0300 |
Sergey Kandaurov |
SSL: guarded SSL_R_NO_CIPHERS_PASSED not present in OpenSSL 1.1.0.
stable-1.10
|
Tue, 04 Oct 2016 17:26:45 +0300 |
Maxim Dounin |
SSL: use X509_check_host() with LibreSSL.
|
Tue, 20 Sep 2016 15:07:16 +0300 |
Valentin Bartenev |
Fixed log levels of configuration parsing errors.
|
Mon, 12 Sep 2016 18:57:42 +0300 |
Sergey Kandaurov |
SSL: improved session ticket callback error handling.
|
Mon, 12 Sep 2016 18:57:42 +0300 |
Sergey Kandaurov |
SSL: factored out digest and cipher in session ticket callback.
|
Mon, 22 Aug 2016 18:53:21 +0300 |
Sergey Kandaurov |
SSL: adopted session ticket handling for OpenSSL 1.1.0.
|
Thu, 18 Aug 2016 14:49:48 -0700 |
Piotr Sikora |
SSL: remove no longer needed workaround for BoringSSL.
|
Mon, 08 Aug 2016 13:44:49 +0300 |
Sergey Kandaurov |
SSL: guarded SSL_R_NO_CIPHERS_PASSED not present in OpenSSL 1.1.0.
|
Wed, 15 Jun 2016 21:05:30 +0100 |
Tim Taubert |
SSL: ngx_ssl_ciphers() to set list of ciphers.
|
Thu, 19 May 2016 14:46:32 +0300 |
Maxim Dounin |
SSL: removed default DH parameters.
|
Thu, 19 May 2016 14:46:32 +0300 |
Maxim Dounin |
SSL: support for multiple curves (ticket #885).
|
Thu, 19 May 2016 14:46:32 +0300 |
Maxim Dounin |
SSL: style.
|
Thu, 19 May 2016 14:46:32 +0300 |
Maxim Dounin |
SSL: error messages style.
|
Thu, 19 May 2016 14:46:32 +0300 |
Maxim Dounin |
SSL: support for multiple certificates (ticket #814).
|
Thu, 19 May 2016 14:46:32 +0300 |
Maxim Dounin |
SSL: support for per-certificate chains.
|
Thu, 19 May 2016 14:46:32 +0300 |
Maxim Dounin |
SSL: made it possible to iterate though all certificates.
|
Thu, 19 May 2016 14:46:32 +0300 |
Maxim Dounin |
OCSP stapling: staple now stored in certificate, not SSL context.
|
Thu, 31 Mar 2016 23:38:36 +0300 |
Sergey Kandaurov |
SSL: EVP_MD_CTX was made opaque in OpenSSL 1.1.0.
|
Thu, 31 Mar 2016 23:38:34 +0300 |
Maxim Dounin |
SSL: RSA_generate_key() is deprecated in OpenSSL 1.1.0.
|
Thu, 31 Mar 2016 23:38:33 +0300 |
Maxim Dounin |
SSL: initialization changes for OpenSSL 1.1.0.
|
Thu, 31 Mar 2016 23:38:32 +0300 |
Maxim Dounin |
SSL: get_session callback changed in OpenSSL 1.1.0.
|
Thu, 31 Mar 2016 23:38:31 +0300 |
Maxim Dounin |
SSL: guarded error codes not present in OpenSSL 1.1.0.
|
Thu, 31 Mar 2016 23:38:29 +0300 |
Maxim Dounin |
SSL: reasonable version for LibreSSL.
|
Thu, 31 Mar 2016 02:33:57 +0300 |
Sergey Kandaurov |
Fixed logging.
|
Wed, 30 Mar 2016 11:52:16 +0300 |
Ruslan Ermilov |
Style.
|
Fri, 19 Feb 2016 17:27:30 +0300 |
Maxim Dounin |
SSL: avoid calling SSL_shutdown() during handshake (ticket #901).
|
Fri, 19 Feb 2016 17:27:23 +0300 |
Maxim Dounin |
SSL: fixed SSL_shutdown() comment.
|
Mon, 19 Oct 2015 21:22:38 +0300 |
Maxim Dounin |
SSL: preserve default server context in connection (ticket #235).
stable-1.8
|
Mon, 19 Oct 2015 21:22:38 +0300 |
Maxim Dounin |
SSL: preserve default server context in connection (ticket #235).
|
Wed, 07 Oct 2015 22:19:42 +0300 |
Vladimir Homutov |
SSL: handled long string truncation in ngx_ssl_error().
|
Thu, 24 Sep 2015 17:19:08 +0300 |
Maxim Dounin |
SSL: compatibility with OpenSSL master branch.
|
Mon, 17 Nov 2014 16:38:48 +0300 |
Maxim Dounin |
SSL: logging level of "inappropriate fallback" (ticket #662).
stable-1.6
|
Mon, 23 Mar 2015 02:42:35 +0300 |
Maxim Dounin |
SSL: use of SSL_MODE_NO_AUTO_CHAIN.
|
Mon, 23 Mar 2015 02:42:32 +0300 |
Maxim Dounin |
SSL: clear protocol options.
|
Tue, 24 Feb 2015 23:52:47 +0300 |
Ruslan Ermilov |
SSL: account sent bytes in ngx_ssl_write().
|
Wed, 17 Dec 2014 15:12:50 +0100 |
Lukas Tribus |
SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
|
Mon, 04 Aug 2014 11:03:20 +0400 |
Dmitrii Pichulin |
SSL: loading certificate keys via ENGINE_load_private_key().
|
Mon, 17 Nov 2014 16:38:48 +0300 |
Maxim Dounin |
SSL: logging level of "inappropriate fallback" (ticket #662).
|
Fri, 24 Oct 2014 04:28:00 -0700 |
Sergey Kandaurov |
SSL: simplified ssl_password_file error handling.
|
Tue, 28 Oct 2014 12:29:58 +0300 |
Roman Arutyunyan |
Core: added limit to recv_chain().
|
Mon, 15 Sep 2014 17:59:47 +0400 |
Maxim Dounin |
SSL: session id context now includes certificate hash.
stable-1.6
|
Mon, 15 Sep 2014 17:59:47 +0400 |
Maxim Dounin |
SSL: session id context now includes certificate hash.
|
Wed, 03 Sep 2014 14:49:55 -0700 |
Piotr Sikora |
SSL: guard use of all SSL options for bug workarounds.
|
Wed, 30 Jul 2014 04:32:16 -0700 |
Piotr Sikora |
SSL: let it build against LibreSSL.
|
Wed, 30 Jul 2014 04:32:15 -0700 |
Piotr Sikora |
SSL: let it build against BoringSSL.
|
Mon, 28 Jul 2014 12:27:57 -0700 |
Piotr Sikora |
SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
|
Mon, 28 Jul 2014 18:30:18 +0400 |
Maxim Dounin |
SSL: misplaced space in debug message.
|
Wed, 09 Jul 2014 12:27:15 -0700 |
Piotr Sikora |
SSL: fix build with recent OpenSSL.
|
Tue, 08 Jul 2014 03:03:14 -0700 |
Piotr Sikora |
Style: use ngx_memcpy() instead of memcpy().
|
Sun, 06 Jul 2014 16:41:14 -0700 |
Piotr Sikora |
SSL: stop accessing SSL_SESSION's fields directly.
|
Wed, 09 Jul 2014 04:08:13 +0400 |
Maxim Dounin |
SSL: fixed build with OPENSSL_NO_DEPRECATED defined.
|
Sun, 06 Jul 2014 16:41:13 -0700 |
Piotr Sikora |
SSL: return temporary RSA key only when the key length matches.
|
Fri, 04 Jul 2014 22:14:36 +0400 |
Maxim Dounin |
SSL: logging level of "peer closed connection in SSL handshake".
|
Mon, 16 Jun 2014 19:43:25 +0400 |
Valentin Bartenev |
SSL: the "ssl_password_file" directive.
|
Tue, 20 May 2014 14:03:03 +0400 |
Sergey Budnevitch |
SSL: $ssl_client_fingerprint variable.
|
Wed, 23 Apr 2014 20:31:31 +0400 |
Maxim Dounin |
SSL: explicit handling of empty names.
|
Tue, 22 Apr 2014 14:02:45 +0400 |
Maxim Dounin |
SSL: added explicit check for ngx_strlchr() result.
|
Fri, 18 Apr 2014 20:13:30 +0400 |
Maxim Dounin |
Upstream: proxy_ssl_verify and friends.
|
Fri, 18 Apr 2014 20:13:21 +0400 |
Maxim Dounin |
SSL: $ssl_server_name variable.
|
Fri, 18 Apr 2014 20:13:14 +0400 |
Maxim Dounin |
SSL: fixed misuse of NGX_LOG_DEBUG_HTTP.
|
Mon, 07 Apr 2014 18:55:57 +0400 |
Maxim Dounin |
Win32: fixed shared ssl_session_cache (ticket #528).
|
Mon, 31 Mar 2014 21:38:30 +0400 |
Maxim Dounin |
Core: slab log_nomem flag.
|
Tue, 11 Feb 2014 19:20:25 +0400 |
Maxim Dounin |
SSL: the $ssl_session_reused variable.
|
Thu, 23 Jan 2014 18:32:26 +0400 |
Maxim Dounin |
SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.
stable-1.4
|
Wed, 22 Jan 2014 16:05:06 +0400 |
Maxim Dounin |
SSL: fixed $ssl_session_id variable.
stable-1.4
|
Fri, 29 Nov 2013 17:16:06 +0400 |
Maxim Dounin |
SSL: fixed c->read->ready handling in ngx_ssl_recv().
stable-1.4
|
Thu, 23 Jan 2014 18:32:26 +0400 |
Maxim Dounin |
SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.
|
Wed, 22 Jan 2014 16:05:06 +0400 |
Maxim Dounin |
SSL: fixed $ssl_session_id variable.
|
Fri, 20 Dec 2013 16:18:25 +0400 |
Maxim Dounin |
SSL: ssl_buffer_size directive.
|
Fri, 29 Nov 2013 17:16:06 +0400 |
Maxim Dounin |
SSL: fixed c->read->ready handling in ngx_ssl_recv().
|
Fri, 11 Oct 2013 16:05:24 -0700 |
Piotr Sikora |
SSL: added ability to set keys used for Session Tickets (RFC5077).
|
Mon, 14 Oct 2013 13:59:35 +0400 |
Maxim Dounin |
SSL: SSL_CTX_set_timeout() now always called.
|
Mon, 14 Oct 2013 13:44:09 +0400 |
Maxim Dounin |
SSL: fixed build with OpenSSL 0.9.7.
|
Fri, 27 Sep 2013 19:39:33 +0400 |
Maxim Dounin |
SSL: adjust buffer used by OpenSSL during handshake (ticket #413).
|
Wed, 18 Sep 2013 16:51:30 -0700 |
Piotr Sikora |
SSL: fixed possible memory and file descriptor leak on HUP signal.
|
Mon, 16 Sep 2013 14:24:38 -0700 |
Piotr Sikora |
SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.
|
Wed, 04 Sep 2013 21:17:02 +0400 |
Maxim Dounin |
SSL: clear error queue after SSL_CTX_load_verify_locations().
|
Tue, 20 Aug 2013 21:11:19 +0400 |
Maxim Dounin |
Backed out f1a91825730a and 7094bd12c1ff.
|
Tue, 06 Aug 2013 19:58:40 +0400 |
Valentin Bartenev |
Replaced ngx_conf_full_name() with ngx_get_full_name().
|
Tue, 21 May 2013 18:45:07 -0700 |
Piotr Sikora |
Style: replace SSL *ssl with ngx_ssl_conn_t *ssl_conn.
|
Tue, 21 May 2013 18:43:43 -0700 |
Piotr Sikora |
Style: remove unnecessary references to HTTP from non-HTTP modules.
|
Fri, 29 Mar 2013 17:17:45 +0000 |
Maxim Dounin |
Merge of r5082: SSL: retry "sess_id" and "id" allocations.
stable-1.2
|
Sat, 23 Feb 2013 11:54:25 +0000 |
Maxim Dounin |
SSL: retry "sess_id" and "id" allocations.
|
Mon, 11 Feb 2013 15:12:06 +0000 |
Maxim Dounin |
Merge of r5004, r5019-r5025: ssl fixes.
stable-1.2
|
Fri, 01 Feb 2013 14:37:43 +0000 |
Maxim Dounin |
SSL: fixed ngx_ssl_handshake() with level-triggered event methods.
|
Mon, 28 Jan 2013 15:41:12 +0000 |
Valentin Bartenev |
SSL: take into account data in the buffer while limiting output.
|
Mon, 28 Jan 2013 15:40:25 +0000 |
Valentin Bartenev |
SSL: avoid calling SSL_write() with zero data size.
|