summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2021-07-01Fixing multiple TLS-enabled listeners initialization.Max Romanov3-6/+25
Because of the incorrect 'last' field assignment, multiple listeners with a TLS certificate did not initialize properly, which caused a router crash while establishing a connection. Test with multiple TLS listeners added. The issue was introduced in the c548e46fe516 commit. This closes #561 issue on GitHub.
2021-05-24Router: split nxt_http_return_conf_t from nxt_http_action_t.Zhidao HONG3-101/+132
No functional changes.
2021-06-28Tests: renamed share to static.Andrei Zeliankou8-62/+57
Also minor style changes.
2021-06-24Tests: chroot test with permissions skipped under root.Andrei Zeliankou1-1/+4
2021-06-15Node.js: improving and test packaging.Max Romanov2-24/+5
The patch removes the "files" section from package.json to avoid future issues with missing files. For package testing purposes, 'npm pack' is used instead of plain 'tar' to simulate packaging more accurately.
2021-06-02Node.js: packaging new loader.js and loader.mjs.Max Romanov1-0/+2
The files loader.js and loader.mjs (introduced in f85b85094541 and 3c551b9721df) were added to the packaged files list.
2021-05-28Version bump.Valentin Bartenev2-2/+31
2021-05-27Unit 1.24.0 release.Valentin Bartenev1-0/+1
2021-05-27Generated Dockerfiles for Unit 1.24.0.1.24.0Valentin Bartenev8-8/+8
2021-05-27Added version 1.24.0 CHANGES.Valentin Bartenev2-4/+32
2021-05-27Reordered changes for 1.24.0 by significance (subjective).Valentin Bartenev1-6/+6
2021-05-27Grammar fixes and improvements in changes.xml.Artem Konev1-5/+6
2021-05-27Tests: added tests for TLS "conf_commands" option.Andrei Zeliankou1-0/+112
2021-05-27Packages: added Ubuntu 21.04 "hirsute" support.Andrei Belov10-3/+279
2021-05-26Tests: added TLS test without close notify.Andrei Zeliankou1-0/+23
2021-05-26Enabling SSL_CTX configuration by using SSL_CONF_cmd().Andrey Suvorov6-61/+215
To perform various configuration operations on SSL_CTX, OpenSSL provides SSL_CONF_cmd(). Specifically, to configure ciphers for a listener, "CipherString" and "Ciphersuites" file commands are used: https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html This feature can be configured in the "tls/conf_commands" section.
2021-05-26Fixing crash during TLS connection shutdown.Andrey Suvorov5-6/+35
A crash was caused by an incorrect timer handler nxt_h1p_idle_timeout() if SSL_shutdown() returned SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. The flag SSL_RECEIVED_SHUTDOWN is used to avoid getting SSL_ERROR_WANT_READ, so the server won't wait for a close notification from a client. For SSL_ERROR_WANT_WRITE, a correct timer handler is set up.
2021-05-26Static: handled unknown MIME types when MIME-filtering active.Oisin Canty3-20/+16
2021-05-26MIME: added PHP.Oisin Canty2-0/+8
2021-05-25Fixing racing condition on listen socket close in router (v2).Max Romanov1-5/+5
This patch fixes a possible race between the nxt_router_conf_wait() and nxt_router_listen_socket_release() function calls and improves the 7f1b2eaa2d58 commit fix.
2021-05-25Go: fixing tests for Go 1.16.Max Romanov3-1/+3
In Go 1.16, the module-aware mode is enabled by default; to fall back to previous behavior, the GO111MODULE environment variable should be set to 'auto'. Details: https://golang.org/doc/go1.16
2021-05-25Configuration: generalized application "targets" validation.Oisin Canty1-110/+68
2021-05-24Tests: added additional check in tests with timeouts.Andrei Zeliankou1-76/+119
2021-05-24Tests: test_settings_send_timeout improved.Andrei Zeliankou3-8/+34
Data length adjusts depending on socket buffer size when it's possible.
2021-05-24Node.js: renamed "require_shim" to "loader".Oisin Canty15-16/+16
2021-05-24Tests: minor fixes.Andrei Zeliankou2-77/+25
2021-05-21PHP: adopted "file_handle" to Zend API changes in 8.1.0-dev.Valentin Bartenev1-0/+10
This fixes building module with the development version of PHP after the change: https://github.com/php/php-src/commit/c732ab400af92c54eee47c487a56009f1d79dd5d
2021-05-20Tests: Python targets.Oisin Canty7-32/+295
2021-05-20Python: support for multiple targets.Oisin Canty10-79/+386
2021-05-18Tests: added test to check port release.Andrei Zeliankou1-0/+28
2021-05-18Ruby: changing deprecated rb_cData to rb_cObject.Oisin Canty2-2/+12
Ruby 3.0 deprecated rb_cData with the intention to remove it in release 3.1. This commit changes references of rb_cData to rb_cObject. This was done so we can support distributions that package Ruby 3.0, such as Fedora 34. We also need to call rb_undef_alloc_func because we're no longer deriving from rb_cData. This prevents unnecessary allocations. See: https://docs.ruby-lang.org/en/3.0.0/doc/extension_rdoc.html "It is recommended that klass derives from a special class called Data (rb_cData) but not from Object or other ordinal classes. If it doesn't, you have to call rb_undef_alloc_func(klass)."
2021-05-17Fixing a crash after applying the wrong TLS configuration.Andrey Suvorov2-3/+22
When an invalid TLS configuration is applied (such as the conf_commands feature), nxt_cert_store_get() creates a buffer to send a certificate request to the main process and adds its default completion handler to an asynchronous queue to free the allocated buffer. However, if configuration fails, nxt_router_conf_error() removes the memory pool used to allocate the buffer, causing a crash when the completion handler is dispatched. Assertion "src/nxt_buf.c:208 assertion failed: data == b->parent" is triggered when is NXT_DEBUG enabled in the configure script. This patch uses a reference counter to retain the memory pool and redefines the completion handler to free the buffer before releasing the memory pool.
2021-05-17Tests: fixed incorrect "--restart" mode performing.Andrei Zeliankou1-4/+6
2021-05-17Fixing racing condition on listen socket close in router.Max Romanov2-10/+16
Listen socket is actually closed in the instant timer handler. This patch moves the "configuration has been applied" notification to the timer handler to avoid a situation when the user gets the response from the controller, but the listen socket is still open in the router.
2021-05-12Tests: added test for TLS with IP in SAN.Andrei Zeliankou2-2/+30
2021-05-12Node.js: a shim for overriding "http" and "websocket" modules.Oisin Canty44-78/+288
Also added stubs for Server.address() This was done to prevent crashes in some popular frameworks like express Supports both CommonJS and the new ES Modules system syntax e.g: app.js: const http = require('http') app.mjs: import http from "http" Usage on Node 14.16.x and higher: { "type": "external", "processes": {"spare": 0}, "working_directory": '/project', "executable": "/usr/bin/env", "arguments": [ "node", "--loader", "unit-http/require_shim.mjs" "--require", "unit-http/require_shim", "app.js" ] } Usage on Node 14.15.x and lower: { "type": "external", "processes": {"spare": 0}, "working_directory": '/project', "executable": "/usr/bin/env", "arguments": [ "node", "--require", "unit-http/require_shim", "app.js" ] }
2021-05-11Tests: temporary dir removed after tests execution.Andrei Zeliankou1-0/+6
2021-05-07Tests: added test for TLS with empty Subject field.Andrei Zeliankou1-109/+130
2021-05-07Tests: PHP test with getting variable before the script is loaded.Andrei Zeliankou3-2/+18
2021-05-07PHP: forced initialization of $_SERVER in fastcgi_finish_request().Valentin Bartenev2-1/+33
The "auto_globals_jit" PHP option postponed the initialization of the $_SERVER global variable until the script using it had been loaded (e. g. via the "include" expression). As a result, nxt_php_register_variables() could be called after fastcgi_finish_request() had finished the request and nulled ctx->req, which thus caused a segmentation fault.
2021-05-06Tests: MIME filteringOisin Canty1-0/+170
2021-05-06Static: implemented MIME filteringOisin Canty5-17/+79
2021-05-05Tests: added tests for openat2() features.Andrei Zeliankou6-8/+380
2021-05-05Fixed format and arguments mismatches in error log messages.Zhidao HONG2-3/+3
2021-05-05Fixed building without openat2().Zhidao HONG1-1/+3
2021-04-29Static: support for openat2() features.Zhidao HONG10-27/+313
Support for chrooting, rejecting symlinks, and rejecting crossing mounting points on a per-request basis during static file serving.
2021-04-22Router: grouped app and share fields in nxt_http_action_t.Zhidao HONG5-31/+45
This is a prerequisite for further introduction of openat2() features. No functional changes.
2021-04-21Packages: switched to common address for package maintainers.Andrei Belov7-7/+15
2021-04-14Tests: fixed "skip" descriptors check flag for controller.Andrei Zeliankou1-1/+1
2021-04-12Packages: fixed Amazon Linux 2 module packages to use openssl 1.1Konstantin Pavlov1-0/+4