summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2021-03-25Fixed wording in docs/changes.xml for the 1.23.0 release.Artem Konev1-7/+9
2021-03-25Fixing shm buffer leakage when sending over the port queue.Max Romanov2-13/+91
When the shm buffer is sent over the port queue, it needs to be completed because it's sent over the port socket.
2021-03-25Node.js: used distinct placeholder for version in "package.json".Valentin Bartenev2-2/+2
This makes the "sed" instruction simpler and more portable, as the previous variant didn't work well on BSD systems due to the "\s" metacharacter. Thanks to Sergey A. Osokin <osa@FreeBSD.org.ru> for spotting this issue. Also, this should prevent accidentally creating a version 1.0.0 package.
2021-03-25Node.js: fixing module global installation.Max Romanov1-12/+26
Globally installed modules require a globally installed libunit. The "binding_pub.gyp" file is the correct version, otherwise linked module may have unresolved symbols because libunit is not linked.
2021-03-25Releasing shm buffers for large body requests.Max Romanov2-12/+4
This fixes memory and shm file descriptor leakage that occurred when a large request body was passed via shared memory. The leakage was caught with the "test_settings_body_buffer_size" test. The main condition is the "body_buffer_size" value exceeding 10 Mb (a shm segment). Thus, the router was forced to split the body into several shm segments, but these buffers were not freed because of dummy completion handlers.
2021-03-24Added ability to configure multiple certificates on a listener.Andrey Suvorov5-68/+524
The certificate is selected by matching the arriving SNI to the common name and the alternatives names. If no certificate matches the name, the first bundle in the array is chosen.
2021-03-24Packages: added man page on rpm-based systems.Konstantin Pavlov2-2/+3
2021-03-24Packages: added man page on debian-based systems.Konstantin Pavlov2-2/+4
2021-03-24Added build system support for a man page.Konstantin Pavlov6-6/+42
2021-03-24Added a missing .El directive in man page source.Artem Konev1-0/+1
2021-03-24Added a man page.Artem Konev1-0/+79
Reviewed at https://rb.nginx.com/r/165/
2021-03-24Certificates: fixed in name attributes processing.Valentin Bartenev2-25/+23
The idea is to put SAN after CN, but the previous version of the code incorrectly assumed that CN was always present, which caused writes outside the allocated object if there were no standard name attributes.
2021-03-24Certificates: moved SAN processing to a separate function.Valentin Bartenev1-36/+56
No functional changes.
2021-03-24Certficates: fixed counting DNS SAN entries.Valentin Bartenev2-2/+12
Previously, entries of any type were counted during object allocation but only DNS type entries were actually processed. As a result, if some certificate entries had another type, returning information about the certificate caused uninitialized memory access.
2021-03-24Tests: fixed racing condition in websocket test 5_15.Max Romanov3-9/+33
Test case: "send a text message split into two fragments, then a continuation frame with FIN = false where there is nothing to continue, then an unfragmented text message, all sent in one chop". The test case investigates immediate connection closing since there is no message to continue. The mirror server may send a response for the first frame before the test сontinuation frame is received by the router. In this case, the test will receive a text frame before the close frame.
2021-03-24Workaround for an OpenSSL bug about not closing /dev/*random.Max Romanov1-0/+11
This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and /dev/urandom files remain open after all listening sockets were removed: - https://github.com/openssl/openssl/issues/7419
2021-03-24Disabled logging alerts to syslog.Valentin Bartenev2-2/+16
It feels to be causing more harm than good, because syslog() can be blocking, which is even more critical under resource exhaustion conditions when some alerts are expected.
2021-03-22Java: upgrading third-party components.Sergey A. Osokin3-19/+19
2021-03-15Fixed building the PHP 5 module with ZTS, broken by dab8544b5440.Valentin Bartenev2-0/+11
This closes #525 issue on GitHub.
2021-03-15Ruby: fixed encodings initialization.Valentin Bartenev2-0/+10
The Ruby interpreter expects an explicit setlocale() call before initialization to pick up character encodings in the "Encoding" class from the environment. This closes #531 issue on GitHub.
2021-03-15Fixed certificates loading on startup with some filesystems.Valentin Bartenev2-4/+13
It appears that readdir() on Linux detects file types unreliably, always setting the "d_type" field to DT_UNKNOWN for some less common filesystems. As a result, all files were skipped and no certificate bundles were found when the state directory was located on such filesystems. Skipping "." and ".." instead of any non-regular files should be enough, as no other non-regular files normally appear in this directory. This closes #368 issue on GitHub.
2021-03-15Fixed TLS connection shutdown on errors.Valentin Bartenev2-4/+14
An immediate return statement on connection errors was mistakenly added to the beginning of nxt_openssl_conn_io_shutdown() in ecd3c5bbf7d8, breaking the TLS connection finalization procedure. As a result, a TLS connection was left unfinalized if it had been closed prematurely or a fatal protocol error had occurred, which caused memory and socket descriptor leakage. Moreover, in some cases (notably, on handshake errors in tests with kqueue on macOS) the read event was triggered later and nxt_h1p_conn_error() was called the second time; after the change in af93c866b4f0, the latter call crashed the router process in an attempt to remove a connection from the idle queue twice.
2021-03-02Closing app outgoing shared memory file descriptor.Max Romanov2-0/+11
This fixes file descriptor leakage in router. Shared memory file used to send data from router to application. These files are shared among all processes of same application and router keeps the opened file descriptor since 06017e6e3a5f commit.
2021-03-02Fixing warnings on Solaris.Max Romanov2-2/+2
pthread_t on Solaris is an integer type with size not equal to pointer size. To avoid warnings, type casts to and from pointer needs to be done via uintptr_t type. This change originally proposed by Juraj Lutter <juraj@lutter.sk>.
2021-03-02Fixing NetBSD compatibility.Max Romanov2-2/+10
Instead of PTHREAD_STACK_MIN define, NetBSD requires to get minimum stack size using sysctl(_SC_THREAD_STACK_MIN). This change originally proposed by Juraj Lutter <juraj@lutter.sk>.
2021-02-23Tests: fixed tests to work without openssl support.Andrei Zeliankou1-0/+3
2021-02-18Tests: added regex check.Andrei Zeliankou3-0/+27
2021-02-16Version bump.Valentin Bartenev2-2/+10
2021-02-15Tests: clear certificates after each test.Andrei Zeliankou1-8/+29
2021-02-10Tests: increased timeout in wait_for_record().Andrei Zeliankou3-4/+4
2021-02-08Tests: added "--restart" option.Andrei Zeliankou5-22/+103
Now Unit do not restart after each test by default.
2021-02-05Regenerated Dockerfiles.Konstantin Pavlov8-8/+8
2021-02-05Docker: added curl run-time dependency.Konstantin Pavlov1-1/+1
It is needed for docker-entrypoint scripts to work.
2021-02-04Added changelog for Python 3.9 module appeared for Fedora 33.Andrei Belov1-0/+13
2021-02-04Added tag 1.22.0 for changeset 331bdadeca30Valentin Bartenev1-0/+1
2021-02-04Generated Dockerfiles for Unit 1.22.0.1.22.0Valentin Bartenev8-8/+8
2021-02-04Added version 1.22.0 CHANGES.Valentin Bartenev2-2/+41
2021-02-04Reordered changes for 1.22.0 by significance (subjective).Valentin Bartenev1-17/+17
2021-02-04Tests: added tests for "path" option in Python application.Andrei Zeliankou2-0/+45
2021-02-04Updated phrasing and corrected errors in docs/changes.xml.Artem Konev1-15/+16
2021-02-03Fixing shared app queue unmap size.Max Romanov2-1/+14
Shared app queue takes more memory than port memory. To unmap all memory pages correct size need to be specified for munmap() call. Otherwise 4 Mb memory leaked on each configured application removal. The issue was introduced in 1d84b9e4b459.
2021-02-03Fixing possible NULL dereference.Max Romanov1-11/+12
For listen socket request reply port can be NULL if Router crashes immediately after issuing the request. Found by Coverity (CID 366310).
2021-02-03Using shared memory to pass configuration to main process.Max Romanov2-22/+84
This patch is required to remove fragmented messages functionality.
2021-02-02Docker: reverted 44154b830401.Konstantin Pavlov1-2/+0
Automatic synchronisation is now set up, so manual pushes to AWS ECR are discouraged.
2021-02-01Fixed building by GCC 10 with -flto and -O2.Valentin Bartenev1-0/+6
This closes #467 issue on GitHub.
2021-02-01Regenerated Dockerfiles.Konstantin Pavlov15-833/+566
2021-01-13Docker: based docker images off official languages ones.Konstantin Pavlov3-141/+151
Language versions are bumped to: - python 3.9 - ruby 2.7 - go 1.15 - node 15 - perl 5.32 Removed images: - python 2.7 due to EOL - full/latest due to incompatibility with the new scheme
2021-01-28Fixed changelog style.Valentin Bartenev1-1/+1
2021-01-28Removing unused mutex from nxt_process_t.Max Romanov2-4/+0
2021-01-28Router: fixing crash after WebSocket processing.Max Romanov3-1/+35
After WebSocket processing, the application port was released with incorrect reason ("got request"), unnecessarily decrementing the active request counter. The assertion was triggered only on application removal; a test was added for this case.