I'm trying to implement some kind of streaming module.
I've opened udp socket at worker process start and reading from it
infinitely to a ring buffer.
Now I would like to install location handler and stream the buffer contents
I'm unable to comprehend how to return back to the handler routine after
sending and flushing a chain with a first buffer (ngx_http_output_filter).
Would you please briefly explain how to process a request in this way or
provide an example/piece of code that implements similar functionality.
while OpenSSL-1.0.1f isn't released just yet, the change that
removes SSL_OP_MSIE_SSLV2_RSA_PADDING is already backported to
OpenSSL_1_0_1-stable branch and I believe that it's better to
proactively guard against this than to wait for people to
complain that nginx doesn't compile with new OpenSSL.
# HG changeset patch
# User Piotr Sikora <piotr(a)cloudflare.com>
# Date 1379366678 25200
# Mon Sep 16 14:24:38 2013 -0700
# Node ID a73678f5f96ffead0b616b2c03dfcfd5445d443b
# Parent cec155f07c84953138455b65dfe678bb514e33ca
SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.
This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.
Signed-off-by: Piotr Sikora <piotr(a)cloudflare.com>
diff -r cec155f07c84 -r a73678f5f96f src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Mon Sep 16 18:49:23 2013 +0400
+++ b/src/event/ngx_event_openssl.c Mon Sep 16 14:24:38 2013 -0700
@@ -185,8 +185,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_
/* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
Hi Maxim, thanks for the prompt reply!
> While the patch may work, it looks bad from architectural point of
> view. It essentially makes upstream keepalive module an integral
> part of the upstream module, which isn't a good thing (and also
> will break --without-http_upstream_
> keepalive_module). The
> upstream module should provide an interface to do things instead.
You're definitely right about this, I haven't thought about that configure
option. How do you suggest to decouple the code? Perhaps add some kind of
callback to the proxy configuration and expose a setter interface?
> Also, it looks like the patch adds lots of code duplication.
> The code to check peer address and lookup a connection in the
> cache is already present in the upstream keepalive module, and it
> should be used instead of adding another structures/code to do the
> same task.
When you're saying "is already present", are you referring to the code in
"ngx_http_upstream_get_keepalive_peer", where "item->sockaddr" is being
compared, as the key to the connection cache?
If so, I'll try to see if it works in the described case. Perhaps a
hostname should be added as another "uniqueness" identifier to this cache
in addition to "sockaddr"? Then a single
"ngx_http_upstream_keepalive_srv_conf_t" can be used for many hosts?
If you believe that this should work, I agree that this is a better way to
do the patch.