09344eb1ad
nghttp, nghttpd, nghttpx: Add ktls support
2022-05-07 18:53:59 +09:00
ad0c9eebf7
Fix typos
2022-01-16 21:53:44 +09:00
c790ee64a4
src: Prefer #ifdef for a single condition
2021-10-15 22:50:26 +09:00
9fb05d5ea2
Fix compile error under mac os
2021-10-15 19:54:08 +09:00
d8282de229
nghttpx: Respect !tls-no-postpone-early-data with boringssl
2021-10-15 00:13:49 +09:00
3a721a9dd5
nghttpx: Send session ticket after handshake with boringssl
2021-10-15 00:13:49 +09:00
0b6092446b
src: Compile with boringssl for non-http3 build
2021-10-14 23:44:27 +09:00
e70f0db83c
nghttpx: QUIC handshake now works
2021-08-21 18:34:07 +09:00
940fdd5573
nghttpx: Read quic packet
2021-08-21 18:34:04 +09:00
cef458c31c
Replace black-list with block-list
...
nghttpx --no-http2-cipher-black-list and
--client-no-http2-cipher-black-list are deprecated and replaced with
--no-http2-cipher-block-list and --client-no-http2-cipher-block-list
respectively.
2021-04-02 22:35:37 +09:00
6f967c6ef3
Fix errors reported by coverity scan
2019-09-21 13:45:20 +09:00
1abfa3ca5f
nghttpx: Make TLS handshake state enum class
2018-10-17 08:52:27 +09:00
20ea964f2f
nghttpx: Convert shrpx_proto to enum class
2018-10-16 22:59:34 +09:00
a42faf1cc2
nghttpx: Write TLS alert during handshake
2018-09-23 18:01:38 +09:00
9b03c64f68
nghttpx: Should postpone early data by default
2018-09-08 19:22:30 +09:00
47f6012407
nghttpx: Add an option to postpone early data processing
2018-09-08 17:57:21 +09:00
2ab319c137
Don't hide error code from openssl
2018-09-08 17:54:35 +09:00
3992302432
Remove SSL_ERROR_WANT_WRITE handling
2018-09-08 17:54:35 +09:00
b30f312a70
Honor SSL_read semantics
2018-09-08 17:54:35 +09:00
c5cdb78a95
nghttpx: Add TLSv1.3 0-RTT early data support
2018-09-08 17:54:35 +09:00
880f948684
Enable IndentPPDirectives
2018-06-09 16:21:30 +09:00
5db17d0af9
Compile with libressl 2.7.2
2018-04-14 18:09:47 +09:00
e65e7711ca
Add comment on #endif
2018-04-03 21:39:44 +09:00
400934e5a3
[PATCH] Allow building without NPN
...
NPN has been superseeded by ALPN. OpenSSL provides a configure
option to disable npn (no-npn) which results in an OpenSSL
installation that defines OPENSSL_NO_NEXTPROTONEG in opensslconf.h
The #ifdef's look safe here (as the next_proto is initialized as
nullptr). Alteratively, macros could be defined for the used npn
methods that return a 0 for next_proto.
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2018-03-25 18:27:23 +02:00
ed1fad3bd4
nghttpx: Call ERR_clear_error()
...
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
58043a6b04
nghttpx: Guard the presence of TLS1_3_VERSION
2017-04-27 23:13:15 +09:00
d7581525ac
nghttpx: Update TLSv1.3 TLS record overhead
2017-04-27 22:57:06 +09:00
2d9fd87029
nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3
2017-04-09 14:11:49 +09:00
058122b804
nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
...
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
69f63c529d
src: Rename ssl.{h,cc} as tls.{h,cc}
...
nghttp2::ssl namespace was also renamed as nghttp2::tls.
2017-04-01 15:12:28 +09:00
26900262f3
Revert "nghttpx: Attempt to avoid TCP RST on socket closure on Linux"
...
This reverts commit f69b52b1aa
2017-03-18 22:43:30 +09:00
9b5ce36368
nghttpx: Reset write timer on write
2017-03-18 21:33:00 +09:00
f69b52b1aa
nghttpx: Attempt to avoid TCP RST on socket closure on Linux
2017-03-18 00:59:26 +09:00
feabd6f739
nghttpx: Delete unused delete_bio_method
2017-03-15 23:37:39 +09:00
1ea590c364
nghttpx: Return new BIO_METHOD object with OpenSSL < 1.1.0
2017-03-15 23:36:38 +09:00
9cc223d419
nghttpx: Use constexpr
2017-03-15 23:12:50 +09:00
3e0e3f5459
src: Fix typo
2017-03-10 23:10:13 +09:00
e5b84fad09
nghttpx: Fix bug that old config is used during reloading config
2017-02-16 22:46:22 +09:00
6a8749873f
nghttpx: Add detailed TLS connection logging
2017-01-09 23:32:35 +09:00
3c03024881
nghttpx: Add client-no-http2-cipher-black-list option
...
This commit adds client-no-http2-cipher-black-list option to disable
enforcement of HTTP/2 cipher black list on backend HTTP/2 connection.
Previously, existing no-http2-cipher-black-list option disables it for
both frontend and backend connections. Now no-http2-cipher-black-list
option only disables it for frontend connection.
2017-01-08 22:33:19 +09:00
3933280d29
src: Fix assertion error with boringssl
...
boringssl says:
/* It is an error to clear any bits that have already been set. (We can't try
* to get a second close_notify or send two.) */
assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl));
2017-01-02 11:48:38 +09:00
e9ab75a386
nghttpx: Robust backend read timeout
2016-11-26 19:45:23 +09:00
0cf6848646
clang-format-3.9
2016-10-15 18:36:04 +09:00
a3a6b91c5f
src: Rename OPENSSL_101_API macro as OPENSSL_1_1_API
2016-09-11 00:38:20 +09:00
9aa26970be
nghttpx: Comment out TCP logging since it is too verbose
2016-09-10 16:49:15 +09:00
27b250ac8e
nghttpx: Add experimental TCP optimization for h2 frontend
2016-09-10 16:27:48 +09:00
ded576f423
nghttpx: Fix bug that bytes are doubly counted for TLS connections
2016-09-04 17:28:50 +09:00
f68dc02d6b
nghttpx: Remove unused private field from Connection object
2016-05-28 22:46:56 +09:00
6d22898936
src: Compile with OpenSSL 1.1.0-pre5
...
* don't use CRYPTO_LOCK stuff (they are sorted out by openssl, and no
application intervention is required, just like boringSSL)
* don't use OPENSSL_config
* use provided API to access BIO member
2016-05-07 16:18:58 +09:00
4aa4fe56e1
nghttpx: Destroy SSL object, and always lookup TLS session cache
2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa
Dimitris Apostolou
Bernard Spil