Changes with nginx 1.3.8 30 Oct 2012v1.3.8

    *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
       directive.
       Thanks to Mike Kazantsev and Eric O'Connor.

    *) Feature: the $bytes_sent, $connection, and $connection_requests
       variables can now be used not only in the "log_format" directive.
       Thanks to Benjamin Grössing.

    *) Feature: the "auto" parameter of the "worker_processes" directive.

    *) Bugfix: "cache file ... has md5 collision" alert.

    *) Bugfix: in the ngx_http_gunzip_filter_module.

    *) Bugfix: in the "ssl_stapling" directive.

1 files changed, 17 insertions, 1 deletions

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index cb970c5c2..ef010ff57 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1642,7 +1642,9 @@ ngx_http_process_request(ngx_http_request_t *r)
         if (sscf->verify) {
             rc = SSL_get_verify_result(c->ssl->connection);
 
-            if (rc != X509_V_OK) {
+            if (rc != X509_V_OK
+                && (sscf->verify != 3 || !ngx_ssl_verify_error_optional(rc)))
+            {
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
                               "client SSL certificate verify error: (%l:%s)",
                               rc, X509_verify_cert_error_string(rc));
@@ -2751,6 +2753,20 @@ ngx_http_keepalive_handler(ngx_event_t *rev)
             ngx_http_close_connection(c);
         }
 
+        /*
+         * Like ngx_http_set_keepalive() we are trying to not hold
+         * c->buffer's memory for a keepalive connection.
+         */
+
+        if (ngx_pfree(c->pool, b->start) == NGX_OK) {
+
+            /*
+             * the special note that c->buffer's memory was freed
+             */
+
+            b->pos = NULL;
+        }
+
         return;
     }