Commit Graph

2517 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 9c7e54d9b5 nghttpx: Add client-ciphers option
Previously, ciphers option sets cipher list for both frontend and
backend TLS connections.  With this commit, ciphers option only sets
cipher list for frontend connections.  The new client-ciphers option
sets cipher list for backend connection.
2017-01-08 22:40:58 +09:00
Tatsuhiro Tsujikawa 3c03024881 nghttpx: Add client-no-http2-cipher-black-list option
This commit adds client-no-http2-cipher-black-list option to disable
enforcement of HTTP/2 cipher black list on backend HTTP/2 connection.
Previously, existing no-http2-cipher-black-list option disables it for
both frontend and backend connections.  Now no-http2-cipher-black-list
option only disables it for frontend connection.
2017-01-08 22:33:19 +09:00
Tatsuhiro Tsujikawa 36dfc0a56a nghttpx: Reorganize client side TLS configuration 2017-01-08 22:25:30 +09:00
Tatsuhiro Tsujikawa 55bf6cdb15 Merge branch 'nghttpx-psk' 2017-01-08 21:10:07 +09:00
Tatsuhiro Tsujikawa 0abc220013 nghttpx: Fix the bug that no-http2-cipher-black-list does not work
Because of the redundant check in backend HTTP/2 session,
no-http2-cipher-black-list does not work on backend HTTP/2 connection.
This commit fixes it.
2017-01-08 19:43:24 +09:00
Tatsuhiro Tsujikawa c28900990a h2load: Show custom server temp key such as X25519 2017-01-08 17:58:19 +09:00
Tatsuhiro Tsujikawa 5108193d7b h2load: Fix incorrect return value from spdylay_send_callback 2017-01-08 17:32:35 +09:00
Tatsuhiro Tsujikawa 79a24f5dd9 nghttpx: Add --client-psk-secret option to enable PSK in backend 2017-01-08 00:35:55 +09:00
Tatsuhiro Tsujikawa 83c759572c nghttpx: Add --psk-secret option to enable PSK in frontend connection 2017-01-08 00:35:54 +09:00
Tatsuhiro Tsujikawa 1a07fb000b nghttpx: Enable SCT with OpenSSL 1.1.0 2017-01-06 21:29:04 +09:00
Tatsuhiro Tsujikawa b064d8a9ff Merge branch 'nghttpx-fronend-proxyproto' 2017-01-03 17:28:20 +09:00
Tatsuhiro Tsujikawa c6827a7dac nghttpx: Fix assertion error in libev ev_io_start 2017-01-03 16:43:49 +09:00
Tatsuhiro Tsujikawa 55ecb082ee nghttpx: Handle c-ares success without result 2017-01-03 14:35:05 +09:00
Tatsuhiro Tsujikawa b313386988 nghttpx: Add proxyproto to frontend option to accept PROXY protocol
Previously, global accept-proxy-protocol option enables PROXY protocol
support for all frontend listeners, but this was inflexible.  To fix
this issue, accept-proxy-protocol option is now deprecated, and
instead proxyproto parameter in frontend option enables PROXY protocol
support per frontend.
2017-01-03 12:47:03 +09:00
Tatsuhiro Tsujikawa 3933280d29 src: Fix assertion error with boringssl
boringssl says:

/* It is an error to clear any bits that have already been set. (We can't try
 * to get a second close_notify or send two.) */
assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl));
2017-01-02 11:48:38 +09:00
Tatsuhiro Tsujikawa d1ba43a69f nghttpx: Fix bug that DNS timeout was erroneously disabled 2016-12-30 11:09:02 +09:00
Tatsuhiro Tsujikawa a0779edec4 nghttpx: Fix bug that DNS timeout was ignored 2016-12-30 11:08:26 +09:00
Tatsuhiro Tsujikawa 25df164219 nghttpx: Don't write again after failure
Plain write(2) is OK, but SSL_write requires same arguments on retry.
It would be better to avoid calling them again.
2016-12-26 00:35:38 +09:00
Tatsuhiro Tsujikawa bcfa333322 nghttpx: Refactor h1 backend retry code 2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa c4aeadd57d nghttpx: Retry h1 backend request if first write fails 2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa e6b4454e48 Merge branch 'nghttpx-better-early-final-response-handling' 2016-12-24 23:02:52 +09:00
Tatsuhiro Tsujikawa 3226d21609 Merge pull request #755 from nghttp2/nghttpx-h1-frontend-keep-alive-timeout
nghttpx: Add frontend-keep-alive-timeout option
2016-12-24 23:01:17 +09:00
Tatsuhiro Tsujikawa 3d20c2dce6 nghttpx: Feed read event rather than calling on_read
on_read may fail, but we failed to check its return value most of the
places.  This is because failure means deletion of ClientHandler, but
because of architecture, we cannot delete it.  Feeding read event is
better since we can move call on_read from libev callback.  We can
delete ClientHandler form there.
2016-12-24 22:57:59 +09:00
Tatsuhiro Tsujikawa cd83d70e7b nghttpx: Don't reset stream if we have already received response 2016-12-24 22:54:22 +09:00
Tatsuhiro Tsujikawa a0ce5ea9ab nghttpx: Keep reading after backend write failed
Because of bidirectional nature of TCP, we may fail write(2), but have
still pending read in TCP buffer, which may contain response body.  To
forward them, we should keep reading until get EOF from backend.

To avoid stalling HTTP/1 upload when request buffer is full, and we
have received complete response from backend, drop connection in that
case.
2016-12-24 22:50:02 +09:00
Tatsuhiro Tsujikawa 3c600c103f nghttpx: Add frontend-keep-alive-timeout option 2016-12-23 11:01:29 +09:00
Tatsuhiro Tsujikawa 841ac75c3e nghttpx: Clarify that backend-keep-alive-timeout applies to h1 only 2016-12-23 10:49:39 +09:00
Tatsuhiro Tsujikawa 359730af54 Fix regression in ff64f64e1d 2016-12-21 23:19:10 +09:00
Tatsuhiro Tsujikawa 049e064e28 nghttpx: New error log format
To debug multi threaded configuration easier, we added current PID and
thread ID to error log.  Previously, we didn't add date and time if
log level is NOTICE.  In this change, we always write date and time
regardless of log level.
2016-12-20 23:13:19 +09:00
Tatsuhiro Tsujikawa 0463928a1e nghttpx: Fix uninitialized errors found by coverity scan 2016-12-18 22:16:52 +09:00
Tatsuhiro Tsujikawa 02d34c8c4c nghttpx: Fix dead code found by coverity scan 2016-12-18 22:14:26 +09:00
Tatsuhiro Tsujikawa cab0a76795 Use pkg-config to detect libxml2 2016-12-18 00:20:30 +09:00
Tatsuhiro Tsujikawa 22bd9fb530 nghttpx: Set DNS cache expire date for error and ok statuses only 2016-12-11 11:49:24 +09:00
Tatsuhiro Tsujikawa c487cd888f nghttpx: Periodically remove expired DNS cache entries 2016-12-11 10:42:54 +09:00
Tatsuhiro Tsujikawa fd403a85c8 nghttpx: Just return DNS_STATUS_ERROR
At the moment, we use both resolvers, and if either one is not
DNS_STATUS_IDLE, the other one is also not DNS_STATUS_IDLE.  This may
change if we are going to configure DNS so that either A or AAAA
lookup is done.  In that case, it is better to just return
DNS_STATUS_ERROR in the diff.  This is because the calling side does
not expect DNS_STATUS_IDLE in that case.
2016-12-11 10:39:19 +09:00
Tatsuhiro Tsujikawa a06a8c36a4 nghttpx: Add --dns-lookup-timeout and --dns-max-try options 2016-12-11 00:50:16 +09:00
Tatsuhiro Tsujikawa 0967ee9cb9 nghttpx: Better logging for DNS resolver 2016-12-10 23:10:18 +09:00
Tatsuhiro Tsujikawa d66d34f9b9 Add libc-ares detection to cmake 2016-12-10 22:40:18 +09:00
Tatsuhiro Tsujikawa 264a98d106 nghttpx: Call c-ares initialization/cleanup functions 2016-12-10 21:41:03 +09:00
Tatsuhiro Tsujikawa d66377d4b6 nghttpx: Add dns-cache-timeout option
This option controls how long cached DNS entries remain valid.
2016-12-10 21:09:51 +09:00
Tatsuhiro Tsujikawa 38b5cad4e3 nghttpx: Lookup backend host name dynamically
We have added "dns" parameter to backend option.  If specified, name
lookup is done dynamically.  If not, name lookup is done at start up,
or configuration reloading.  nghttpx caches DNS result including error
case in 30 seconds in this commit.  Later commit makes this
configurable.

DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
Tatsuhiro Tsujikawa b6a9cf9ffa nghttpx: Accept and ignore content-length: 0 in 204 response for now 2016-12-03 14:57:48 +09:00
Tatsuhiro Tsujikawa 85ba33c08f nghttpx: Wait for child process to exit
Normally, we don't have wait for child process to exit, since init can
take care of them.  But in containerized environment, pid 0 init might
not be available, and defunct processes can be piled up.  This commit
ensures that OCSP and neverbleed processes are waited for before
worker process exits.
2016-11-30 22:59:02 +09:00
Tatsuhiro Tsujikawa ff64f64e1d nghttpx: Faster HTTP/1 frontend 2016-11-29 20:42:27 +09:00
Tatsuhiro Tsujikawa 2ff31bdd2b nghttpx: Remove redundant check 2016-11-26 22:34:24 +09:00
Tatsuhiro Tsujikawa 2fa3d34af1 nghttpx: Use Connection::again_rt() in MemcachedConnection 2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa fa3452ec68 nghttpx: Use Connection::again_rt() in LiveCheck 2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa 7451f2f212 nghttpx: Fix frequent crash with --backend-http-proxy-uri 2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa e9ab75a386 nghttpx: Robust backend read timeout 2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa d83949bc88 asio: server: Call on_close callback on connection close 2016-11-21 22:43:23 +09:00
Tatsuhiro Tsujikawa 50f42a80c9 nghttpx: Fix bug that mishandles response header from h1 backend 2016-11-18 22:33:29 +09:00
Tatsuhiro Tsujikawa 2b75aff32e nghttpx: Fix bug that zero-length POST is not forwarded 2016-11-11 00:48:32 +09:00
Tatsuhiro Tsujikawa f4474d57ec nghttpx: Fix compile error with gcc 2016-11-07 23:11:52 +09:00
Tatsuhiro Tsujikawa 8471c9e92e nghttpx: Parse te header field a bit more properly 2016-11-07 22:47:48 +09:00
Tatsuhiro Tsujikawa f5a4c9d971 nghttpx: Don't copy non-final nva since they are backed by Downstream 2016-11-04 22:06:01 +09:00
Tatsuhiro Tsujikawa a0dd8918eb nghttpx: Don't mutate *_key_prev_ in add_header 2016-11-04 22:04:42 +09:00
Tatsuhiro Tsujikawa baa9b1cac0 nghttpx: Remove optional reason-phrase from SPDY :status 2016-11-04 21:16:45 +09:00
Tatsuhiro Tsujikawa 38443d2195 nghttpx: Small optimization 2016-11-04 21:13:22 +09:00
Tatsuhiro Tsujikawa 208d71561a src: Add missing mandatory SP after status code 2016-11-04 02:19:37 +09:00
Tatsuhiro Tsujikawa 25fbc7b435 nghttpx: Reset flags as well 2016-11-04 02:00:50 +09:00
Tatsuhiro Tsujikawa 6bd95d885d Merge pull request #723 from nghttp2/strict-http-framing
Strict http framing
2016-11-03 23:30:38 +09:00
Tatsuhiro Tsujikawa 6bcdb178a5 nghttpx: Header key and value must be string in mruby script 2016-11-03 22:58:45 +09:00
Tatsuhiro Tsujikawa 5e10cc4cad nghttpx: Use gc save/restore around downcase method 2016-11-03 22:47:52 +09:00
Tatsuhiro Tsujikawa 95e6c875f0 nghttpx: Use mrb_ary_ref instead of mrb_ary_entry 2016-11-03 22:44:42 +09:00
Tatsuhiro Tsujikawa 6eb2829ee8 nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby 2016-11-03 22:25:15 +09:00
Tatsuhiro Tsujikawa e082b7be72 nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1
We now treat Content-Length or Transfer-Encoding as error if they come
with 204 or 1xx status code, or 200 to a CONNECT request in HTTP/1
response.
2016-11-03 17:00:05 +09:00
Tatsuhiro Tsujikawa da01d8dedb nghttpx: Delete outdated comment 2016-11-03 16:48:24 +09:00
dalf d448eb54f9 Fix compilation with BoringSSL 2016-10-27 10:00:52 +00:00
Tatsuhiro Tsujikawa 46d1e6bb55 nghttpx: Increase block size of connection wide allocator to 512 2016-10-24 21:06:37 +09:00
Tatsuhiro Tsujikawa 3a831fa95c nghttpx: Fix file descriptor leak in read_tls_sct_from_dir 2016-10-24 20:30:30 +09:00
Tatsuhiro Tsujikawa 5b9cacc2d7 nghttpx: Discard iaddrs early 2016-10-23 19:55:58 +09:00
Tatsuhiro Tsujikawa 10a84f3e3d nghttpx: Rename errbuf for neverbleed as nb_errbuf for clarification 2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa c42715ed6a nghttpx: Fix compile error with --disable-threads 2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa 177d51ddab nghttpx: Use thread_local if it is available 2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa 6c882e1ece asio: Avoid repeated call of io_service::post 2016-10-20 22:12:31 +09:00
Tatsuhiro Tsujikawa f09c5c4bf9 xsi_strerror: Use stddef.h so that we can use size_t 2016-10-19 23:50:28 +09:00
Tatsuhiro Tsujikawa 08a9a2eca9 asio: Fix bug when end() is called outside nghttp2 callback 2016-10-19 23:17:43 +09:00
Tatsuhiro Tsujikawa 19f1785cde nghttpx: Avoid extra allocation on look up host key 2016-10-18 22:19:53 +09:00
Tatsuhiro Tsujikawa 8b64e7b4e1 src: Add XSI-compliant version strerror_r 2016-10-16 22:47:56 +09:00
Tatsuhiro Tsujikawa 3de2654223 src: Add noexcept to move constructor and assignment operator 2016-10-15 18:51:22 +09:00
Tatsuhiro Tsujikawa 0cf6848646 clang-format-3.9 2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa 1a37044d3c nghttpx: Use pre-allocated buffer for timestamp string 2016-10-11 22:32:26 +09:00
Tatsuhiro Tsujikawa 00a8c378d4 nghttpx: Add --backend-connect-timeout option 2016-10-10 22:50:41 +09:00
Tatsuhiro Tsujikawa 7549341081 Fix typo 2016-10-10 15:35:12 +09:00
Tatsuhiro Tsujikawa 5db8473f12 Fix build error with OpenSSL < 1.0.2 (again) 2016-10-09 19:34:32 +09:00
Tatsuhiro Tsujikawa 00b89f10bd Fix build error with OpenSSL < 1.0.2 2016-10-09 18:54:18 +09:00
Tatsuhiro Tsujikawa 412c8f9e67 nghttpx: Add TLS signed_certificate_timestamp extension support 2016-10-09 18:43:36 +09:00
Tatsuhiro Tsujikawa 2795da840c nghttpx: Apply timeout for incoming header block 2016-10-09 17:18:43 +09:00
Tatsuhiro Tsujikawa 175c7886ea nghttpx: Update doc 2016-10-09 17:18:29 +09:00
Tatsuhiro Tsujikawa 4a4b2cf538 nghttpx: Embed Process into OCSPUpdateContext 2016-10-08 15:26:13 +09:00
Tatsuhiro Tsujikawa 2c2188c09d nghttpx: Refactor ocsp command execution
We have now generic read-only command execution in shrpx_exec.{h,cc}.
2016-10-08 15:22:11 +09:00
Tatsuhiro Tsujikawa cdb1d6b462 nghttpx: Add P-384 and P-521 to the default of --ecdh-curves option 2016-10-08 11:44:03 +09:00
Tatsuhiro Tsujikawa 1b4ccd0d51 nghttpx: Don't call get_config() repeatedly 2016-10-08 11:37:18 +09:00
Tatsuhiro Tsujikawa 8babaac8c3 nghttpx: Add --ecdh-curves option to specify list of named curves
This option requires OpenSSL >= 1.0.2.  With OpenSSL 1.0.2, the
default value is "P-256".  With OpenSSL 1.1.0 or later, the default
value is "X25519:P-256".
2016-10-08 10:50:56 +09:00
Tatsuhiro Tsujikawa d1624d6929 h2load: Format default value of header table size with unit 2016-10-06 23:16:30 +09:00
Tatsuhiro Tsujikawa e4472b5aec h2load: Add --header-table-size and --encoder-header-table-size options 2016-10-06 22:26:31 +09:00
Tatsuhiro Tsujikawa 9439ba75d3 nghttpx: Fix heap-use-after-free when executing new binary 2016-10-04 00:32:02 +09:00
Tatsuhiro Tsujikawa 9254c563ca Fix compile error with gcc 2016-10-03 22:52:14 +09:00
Tatsuhiro Tsujikawa 96ff3be5e6 nghttpx: Use allocator of new config since this may happen multiple times 2016-10-03 22:09:46 +09:00
Tatsuhiro Tsujikawa 3d5d76ba74 nghttpx: Update doc 2016-10-03 22:09:46 +09:00