59e4ef5c23
bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2019-9511 CVE-2019-9513 CVE-2019-9516).
2019-08-14 11:39:47 -07:00
80ba3892c6
bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16843 CVE-2018-16844).
2019-08-14 11:39:47 -07:00
d5f48a8b75
bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16845).
...
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
2019-08-13 11:56:19 -07:00
cf7516fcbc
optimize: added an NGINX core patch to ensure unused listening fds are closed when 'reuseport' is used.
...
When `reuseport` is enabled in the `listen` directive, Nginx will create
a listening fd for each worker process in the master process.
These fds will be inherited by the worker processes, but most of them
are unused. For example, considering we have 32 listening ip:port
configurations and 64 worker processes, each worker process will inherit
2048 (32 * 64) listening fds, but only 32 fds are used. By closing the
unused fds, this change could save up to 2016 (32 * 63) fds in a worker
process.
It doesn't affect the listening socket, since there is only one used fd
which associates to the socket with or without this change.
Co-authored-by: Thibault Charbonnier <thibaultcha@me.com>
2019-08-05 18:54:51 -07:00
46237a9c22
travis: added OpenSSL 1.1.1c to the tests matrix.
2019-07-17 16:25:50 -07:00
34918a30c3
bugfix: support yielding in 'certificate_by_lua_*' when 'ssl_early_data' is on.
...
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
2019-07-17 16:25:50 -07:00
2e480157a3
feature: supported OpenSSL 1.1.1 by upgrading the OpenSSL patch.
...
Previously, we used the OpenSSL 1.1.1 ClientHello callback to do ssl
session fetching non-blockingly. However, this way cannot handle an edge
case: the ssl session resumption via session ticket might fail, and the
client fallbacks to session ID resumption. The ClientHello callback is
run too early to know if the client will fallback to use session ID
resumption.
Therefore, we have to take back the OpenSSL sess_set_get_cb_yield patch
and upgrade it to adapt OpenSSL 1.1.1.
Thanks Yongjian Xu and crasyangel for their help.
See 08e9e50
2019-07-17 11:03:34 -07:00
a51fa56086
change: renamed the 'ssl_pending_session' patch to 'ssl_sess_cb_yield' for NGINX cores 1.17.1 and above.
...
Its naming is now aligned with the `ssl_cert_cb_yield` patch.
See 08e9e50
2019-07-11 11:38:57 -07:00
cef09e553f
upgraded the nginx core to 1.17.1.
2019-07-11 11:29:40 -07:00
08e9e50782
Revert "feature: updated the NGINX patches for async SSL session fetching to support OpenSSL 1.1.1."
...
This reverts commit 9e834398de
2019-07-02 11:55:50 -07:00
b04577cd47
feature: Makefile: added a 'clean' target to remove build artifacts.
2019-07-01 16:48:28 -07:00
836c8792d2
tests: sanity.t: fixed test cases failing due to the last few commits.
2019-06-27 16:51:51 -07:00
3b6d9a5318
upgraded LuaJIT to 2.1-20190626.
2019-06-26 14:19:28 -07:00
e6188369cd
upgraded lua-resty-string to 0.12rc1.
2019-06-24 15:10:09 -07:00
fdf142aabe
upgraded resty-cli to 0.25rc2.
2019-06-19 14:22:02 -07:00
9e834398de
feature: updated the NGINX patches for async SSL session fetching to support OpenSSL 1.1.1.
...
The patch was also renamed from `ssl_pending_session.patch` to
`ssl_sess_cb_yield.patch` (similarly to the existing
`ssl_cert_cb_yield.patch` one).
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
2019-06-04 16:40:22 -07:00
547fdd5fb2
bugfix: Config.pm: fixed an issue when generating t/sanity.t_.
2019-05-30 14:52:10 -07:00
1f3cf84a8a
tests: sanity.t: fixed test cases failing due to the last few commits and renamed another test case.
2019-05-30 14:51:46 -07:00
bbef48d25b
upgraded LuaJIT to 2.1-20190530.
2019-05-30 09:56:53 -07:00
45997fc5fe
upgraded resty-cli to 0.25rc1.
2019-05-30 09:54:32 -07:00
cc9787a290
feature: ./configure: added new option --with-luajit-ldflags=OPTS for specifying custom luajit linker flags.
2019-05-20 13:14:56 -07:00
2b40d7b8ee
bumped version to 1.15.8.1.
2019-05-16 14:25:44 -07:00
bf2e5697e1
bugfix: win32/win64: the error log buffer size was merely 2048 bytes (now updated to 4096 bytes).
...
applied the win32_max_err_str patch for the nginx core.
2019-05-08 14:46:56 -07:00
540567e42c
bumped version to 1.15.8.1 RC2.
2019-05-08 13:27:51 -07:00
a32ca0dbbe
upgraded LuaJIT to 2.1-20190507.
2019-05-07 18:28:30 -07:00
62d31e53de
bumped ngx_http_lua to 0.10.15, ngx_stream_lua to 0.0.7, and lua-resty-core to 0.1.17.
2019-05-02 14:14:00 -07:00
023b9d4f88
tests: updated sanity test suite to reflect recent changes in bumped components.
2019-04-11 14:33:16 -04:00
8954793847
bumped resty-cli to v0.24rc1.
2019-04-11 14:19:45 -04:00
0b5ebedd47
bumped ngx_http_lua to 0.10.15rc1, ngx_stream_lua to 0.0.7rc1, and lua-resty-core to 0.1.17rc1.
2019-04-09 14:15:23 -07:00
7e897a8b2b
upgraded LuaJIT to 2.1-20190329.
2019-03-29 15:23:37 -07:00
99d72856a7
upgraded LuaJIT to 2.1-20190302.
2019-03-02 17:42:36 -08:00
ed32897702
bugfix: added an openssl patch to fix the parallel build regression in openssl 1.1.0j.
2019-03-02 01:41:24 -08:00
083403fb43
win32: upgraded openssl to 1.1.0j.
2019-03-02 00:41:06 -08:00
eff3e0d7db
bumped version to 1.15.8.1 RC1.
2019-03-01 23:44:49 -08:00
88e214aad2
bumped LuaJIT to 2.1-20190228.
2019-02-28 11:59:57 -08:00
ec8f1b0753
bumped lua-resty-upstream-healthcheck to 0.06.
2019-02-28 10:44:31 -08:00
191ca1fdec
bumped resty-cli to 0.23.
2019-02-25 08:37:10 -08:00
e2ca65128f
tests: updated tests to reflect recent changes.
2019-02-24 23:50:15 -08:00
76cd3954e3
upgraded resty-cli to 0.23rc2.
2019-02-24 23:23:13 -08:00
f238a7542a
bumped ngx_lua, ngx_stream_lua, and lua-resty-core to formal releases.
2019-02-23 21:57:57 -08:00
95cfc25189
bumped resty-cli, lua-cjson, lua-resty-redis, lua-resty-limit-traffic, lua-resty-websocket, lua-resty-lock, and lua-resty-lrucache to formal release tags.
2019-02-23 21:44:17 -08:00
0b956ca748
upgraded ngx_stream_lua to v0.0.6rc6.
2019-02-23 00:10:13 -08:00
7630d23428
bumped ngx_lua to 0.10.14rc7 and lua-resty-shell to 0.02.
2019-02-22 18:27:35 -08:00
60589ee251
upgraded LuaJIT to 2.1-20190221.
2019-02-22 18:17:59 -08:00
94d0e8ed52
tests: bumped ngx_lua and removed lua-resty-shell/lua-resty-signal from windows builds to reflect recent changes.
2019-02-04 22:58:26 -08:00
892a001f4a
upgraded ngx_lua to 0.10.14rc6.
2019-02-04 20:08:43 -08:00
4cb86c999c
bugfix: lua-resty-signal and lua-resty-shell should not be enabled on windows.
2019-02-04 20:08:28 -08:00
b84a47de27
travis: added travis-ci support.
2019-02-04 16:52:05 -08:00
73c881bddf
tests: added support for `--- out_like` blocks.
2019-02-04 16:52:05 -08:00
72962e0125
bugfix: we now build lua-resty-signal's shared lib component.
2019-02-04 14:45:44 -08:00
Thibault Charbonnier
Datong Sun
spacewander
Thibault Charbonnier
Yichun Zhang (agentzh)