Tatsuhiro Tsujikawa
9c7e54d9b5
nghttpx: Add client-ciphers option
...
Previously, ciphers option sets cipher list for both frontend and
backend TLS connections. With this commit, ciphers option only sets
cipher list for frontend connections. The new client-ciphers option
sets cipher list for backend connection.
2017-01-08 22:40:58 +09:00
Tatsuhiro Tsujikawa
3c03024881
nghttpx: Add client-no-http2-cipher-black-list option
...
This commit adds client-no-http2-cipher-black-list option to disable
enforcement of HTTP/2 cipher black list on backend HTTP/2 connection.
Previously, existing no-http2-cipher-black-list option disables it for
both frontend and backend connections. Now no-http2-cipher-black-list
option only disables it for frontend connection.
2017-01-08 22:33:19 +09:00
Tatsuhiro Tsujikawa
36dfc0a56a
nghttpx: Reorganize client side TLS configuration
2017-01-08 22:25:30 +09:00
Tatsuhiro Tsujikawa
55bf6cdb15
Merge branch 'nghttpx-psk'
2017-01-08 21:10:07 +09:00
Tatsuhiro Tsujikawa
0abc220013
nghttpx: Fix the bug that no-http2-cipher-black-list does not work
...
Because of the redundant check in backend HTTP/2 session,
no-http2-cipher-black-list does not work on backend HTTP/2 connection.
This commit fixes it.
2017-01-08 19:43:24 +09:00
Tatsuhiro Tsujikawa
c28900990a
h2load: Show custom server temp key such as X25519
2017-01-08 17:58:19 +09:00
Tatsuhiro Tsujikawa
5108193d7b
h2load: Fix incorrect return value from spdylay_send_callback
2017-01-08 17:32:35 +09:00
Tatsuhiro Tsujikawa
79a24f5dd9
nghttpx: Add --client-psk-secret option to enable PSK in backend
2017-01-08 00:35:55 +09:00
Tatsuhiro Tsujikawa
83c759572c
nghttpx: Add --psk-secret option to enable PSK in frontend connection
2017-01-08 00:35:54 +09:00
Tatsuhiro Tsujikawa
1a07fb000b
nghttpx: Enable SCT with OpenSSL 1.1.0
2017-01-06 21:29:04 +09:00
Tatsuhiro Tsujikawa
b064d8a9ff
Merge branch 'nghttpx-fronend-proxyproto'
2017-01-03 17:28:20 +09:00
Tatsuhiro Tsujikawa
c6827a7dac
nghttpx: Fix assertion error in libev ev_io_start
2017-01-03 16:43:49 +09:00
Tatsuhiro Tsujikawa
55ecb082ee
nghttpx: Handle c-ares success without result
2017-01-03 14:35:05 +09:00
Tatsuhiro Tsujikawa
b313386988
nghttpx: Add proxyproto to frontend option to accept PROXY protocol
...
Previously, global accept-proxy-protocol option enables PROXY protocol
support for all frontend listeners, but this was inflexible. To fix
this issue, accept-proxy-protocol option is now deprecated, and
instead proxyproto parameter in frontend option enables PROXY protocol
support per frontend.
2017-01-03 12:47:03 +09:00
Tatsuhiro Tsujikawa
3933280d29
src: Fix assertion error with boringssl
...
boringssl says:
/* It is an error to clear any bits that have already been set. (We can't try
* to get a second close_notify or send two.) */
assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl));
2017-01-02 11:48:38 +09:00
Tatsuhiro Tsujikawa
d1ba43a69f
nghttpx: Fix bug that DNS timeout was erroneously disabled
2016-12-30 11:09:02 +09:00
Tatsuhiro Tsujikawa
a0779edec4
nghttpx: Fix bug that DNS timeout was ignored
2016-12-30 11:08:26 +09:00
Tatsuhiro Tsujikawa
25df164219
nghttpx: Don't write again after failure
...
Plain write(2) is OK, but SSL_write requires same arguments on retry.
It would be better to avoid calling them again.
2016-12-26 00:35:38 +09:00
Tatsuhiro Tsujikawa
bcfa333322
nghttpx: Refactor h1 backend retry code
2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa
c4aeadd57d
nghttpx: Retry h1 backend request if first write fails
2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa
e6b4454e48
Merge branch 'nghttpx-better-early-final-response-handling'
2016-12-24 23:02:52 +09:00
Tatsuhiro Tsujikawa
3226d21609
Merge pull request #755 from nghttp2/nghttpx-h1-frontend-keep-alive-timeout
...
nghttpx: Add frontend-keep-alive-timeout option
2016-12-24 23:01:17 +09:00
Tatsuhiro Tsujikawa
3d20c2dce6
nghttpx: Feed read event rather than calling on_read
...
on_read may fail, but we failed to check its return value most of the
places. This is because failure means deletion of ClientHandler, but
because of architecture, we cannot delete it. Feeding read event is
better since we can move call on_read from libev callback. We can
delete ClientHandler form there.
2016-12-24 22:57:59 +09:00
Tatsuhiro Tsujikawa
cd83d70e7b
nghttpx: Don't reset stream if we have already received response
2016-12-24 22:54:22 +09:00
Tatsuhiro Tsujikawa
a0ce5ea9ab
nghttpx: Keep reading after backend write failed
...
Because of bidirectional nature of TCP, we may fail write(2), but have
still pending read in TCP buffer, which may contain response body. To
forward them, we should keep reading until get EOF from backend.
To avoid stalling HTTP/1 upload when request buffer is full, and we
have received complete response from backend, drop connection in that
case.
2016-12-24 22:50:02 +09:00
Tatsuhiro Tsujikawa
3c600c103f
nghttpx: Add frontend-keep-alive-timeout option
2016-12-23 11:01:29 +09:00
Tatsuhiro Tsujikawa
841ac75c3e
nghttpx: Clarify that backend-keep-alive-timeout applies to h1 only
2016-12-23 10:49:39 +09:00
Tatsuhiro Tsujikawa
359730af54
Fix regression in ff64f64e1d
2016-12-21 23:19:10 +09:00
Tatsuhiro Tsujikawa
049e064e28
nghttpx: New error log format
...
To debug multi threaded configuration easier, we added current PID and
thread ID to error log. Previously, we didn't add date and time if
log level is NOTICE. In this change, we always write date and time
regardless of log level.
2016-12-20 23:13:19 +09:00
Tatsuhiro Tsujikawa
0463928a1e
nghttpx: Fix uninitialized errors found by coverity scan
2016-12-18 22:16:52 +09:00
Tatsuhiro Tsujikawa
02d34c8c4c
nghttpx: Fix dead code found by coverity scan
2016-12-18 22:14:26 +09:00
Tatsuhiro Tsujikawa
cab0a76795
Use pkg-config to detect libxml2
2016-12-18 00:20:30 +09:00
Tatsuhiro Tsujikawa
22bd9fb530
nghttpx: Set DNS cache expire date for error and ok statuses only
2016-12-11 11:49:24 +09:00
Tatsuhiro Tsujikawa
c487cd888f
nghttpx: Periodically remove expired DNS cache entries
2016-12-11 10:42:54 +09:00
Tatsuhiro Tsujikawa
fd403a85c8
nghttpx: Just return DNS_STATUS_ERROR
...
At the moment, we use both resolvers, and if either one is not
DNS_STATUS_IDLE, the other one is also not DNS_STATUS_IDLE. This may
change if we are going to configure DNS so that either A or AAAA
lookup is done. In that case, it is better to just return
DNS_STATUS_ERROR in the diff. This is because the calling side does
not expect DNS_STATUS_IDLE in that case.
2016-12-11 10:39:19 +09:00
Tatsuhiro Tsujikawa
a06a8c36a4
nghttpx: Add --dns-lookup-timeout and --dns-max-try options
2016-12-11 00:50:16 +09:00
Tatsuhiro Tsujikawa
0967ee9cb9
nghttpx: Better logging for DNS resolver
2016-12-10 23:10:18 +09:00
Tatsuhiro Tsujikawa
d66d34f9b9
Add libc-ares detection to cmake
2016-12-10 22:40:18 +09:00
Tatsuhiro Tsujikawa
264a98d106
nghttpx: Call c-ares initialization/cleanup functions
2016-12-10 21:41:03 +09:00
Tatsuhiro Tsujikawa
d66377d4b6
nghttpx: Add dns-cache-timeout option
...
This option controls how long cached DNS entries remain valid.
2016-12-10 21:09:51 +09:00
Tatsuhiro Tsujikawa
38b5cad4e3
nghttpx: Lookup backend host name dynamically
...
We have added "dns" parameter to backend option. If specified, name
lookup is done dynamically. If not, name lookup is done at start up,
or configuration reloading. nghttpx caches DNS result including error
case in 30 seconds in this commit. Later commit makes this
configurable.
DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
Tatsuhiro Tsujikawa
b6a9cf9ffa
nghttpx: Accept and ignore content-length: 0 in 204 response for now
2016-12-03 14:57:48 +09:00
Tatsuhiro Tsujikawa
85ba33c08f
nghttpx: Wait for child process to exit
...
Normally, we don't have wait for child process to exit, since init can
take care of them. But in containerized environment, pid 0 init might
not be available, and defunct processes can be piled up. This commit
ensures that OCSP and neverbleed processes are waited for before
worker process exits.
2016-11-30 22:59:02 +09:00
Tatsuhiro Tsujikawa
ff64f64e1d
nghttpx: Faster HTTP/1 frontend
2016-11-29 20:42:27 +09:00
Tatsuhiro Tsujikawa
2ff31bdd2b
nghttpx: Remove redundant check
2016-11-26 22:34:24 +09:00
Tatsuhiro Tsujikawa
2fa3d34af1
nghttpx: Use Connection::again_rt() in MemcachedConnection
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
fa3452ec68
nghttpx: Use Connection::again_rt() in LiveCheck
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
7451f2f212
nghttpx: Fix frequent crash with --backend-http-proxy-uri
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
e9ab75a386
nghttpx: Robust backend read timeout
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
d83949bc88
asio: server: Call on_close callback on connection close
2016-11-21 22:43:23 +09:00
Tatsuhiro Tsujikawa
50f42a80c9
nghttpx: Fix bug that mishandles response header from h1 backend
2016-11-18 22:33:29 +09:00
Tatsuhiro Tsujikawa
2b75aff32e
nghttpx: Fix bug that zero-length POST is not forwarded
2016-11-11 00:48:32 +09:00
Tatsuhiro Tsujikawa
f4474d57ec
nghttpx: Fix compile error with gcc
2016-11-07 23:11:52 +09:00
Tatsuhiro Tsujikawa
8471c9e92e
nghttpx: Parse te header field a bit more properly
2016-11-07 22:47:48 +09:00
Tatsuhiro Tsujikawa
f5a4c9d971
nghttpx: Don't copy non-final nva since they are backed by Downstream
2016-11-04 22:06:01 +09:00
Tatsuhiro Tsujikawa
a0dd8918eb
nghttpx: Don't mutate *_key_prev_ in add_header
2016-11-04 22:04:42 +09:00
Tatsuhiro Tsujikawa
baa9b1cac0
nghttpx: Remove optional reason-phrase from SPDY :status
2016-11-04 21:16:45 +09:00
Tatsuhiro Tsujikawa
38443d2195
nghttpx: Small optimization
2016-11-04 21:13:22 +09:00
Tatsuhiro Tsujikawa
208d71561a
src: Add missing mandatory SP after status code
2016-11-04 02:19:37 +09:00
Tatsuhiro Tsujikawa
25fbc7b435
nghttpx: Reset flags as well
2016-11-04 02:00:50 +09:00
Tatsuhiro Tsujikawa
6bd95d885d
Merge pull request #723 from nghttp2/strict-http-framing
...
Strict http framing
2016-11-03 23:30:38 +09:00
Tatsuhiro Tsujikawa
6bcdb178a5
nghttpx: Header key and value must be string in mruby script
2016-11-03 22:58:45 +09:00
Tatsuhiro Tsujikawa
5e10cc4cad
nghttpx: Use gc save/restore around downcase method
2016-11-03 22:47:52 +09:00
Tatsuhiro Tsujikawa
95e6c875f0
nghttpx: Use mrb_ary_ref instead of mrb_ary_entry
2016-11-03 22:44:42 +09:00
Tatsuhiro Tsujikawa
6eb2829ee8
nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby
2016-11-03 22:25:15 +09:00
Tatsuhiro Tsujikawa
e082b7be72
nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1
...
We now treat Content-Length or Transfer-Encoding as error if they come
with 204 or 1xx status code, or 200 to a CONNECT request in HTTP/1
response.
2016-11-03 17:00:05 +09:00
Tatsuhiro Tsujikawa
da01d8dedb
nghttpx: Delete outdated comment
2016-11-03 16:48:24 +09:00
dalf
d448eb54f9
Fix compilation with BoringSSL
2016-10-27 10:00:52 +00:00
Tatsuhiro Tsujikawa
46d1e6bb55
nghttpx: Increase block size of connection wide allocator to 512
2016-10-24 21:06:37 +09:00
Tatsuhiro Tsujikawa
3a831fa95c
nghttpx: Fix file descriptor leak in read_tls_sct_from_dir
2016-10-24 20:30:30 +09:00
Tatsuhiro Tsujikawa
5b9cacc2d7
nghttpx: Discard iaddrs early
2016-10-23 19:55:58 +09:00
Tatsuhiro Tsujikawa
10a84f3e3d
nghttpx: Rename errbuf for neverbleed as nb_errbuf for clarification
2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa
c42715ed6a
nghttpx: Fix compile error with --disable-threads
2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa
177d51ddab
nghttpx: Use thread_local if it is available
2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa
6c882e1ece
asio: Avoid repeated call of io_service::post
2016-10-20 22:12:31 +09:00
Tatsuhiro Tsujikawa
f09c5c4bf9
xsi_strerror: Use stddef.h so that we can use size_t
2016-10-19 23:50:28 +09:00
Tatsuhiro Tsujikawa
08a9a2eca9
asio: Fix bug when end() is called outside nghttp2 callback
2016-10-19 23:17:43 +09:00
Tatsuhiro Tsujikawa
19f1785cde
nghttpx: Avoid extra allocation on look up host key
2016-10-18 22:19:53 +09:00
Tatsuhiro Tsujikawa
8b64e7b4e1
src: Add XSI-compliant version strerror_r
2016-10-16 22:47:56 +09:00
Tatsuhiro Tsujikawa
3de2654223
src: Add noexcept to move constructor and assignment operator
2016-10-15 18:51:22 +09:00
Tatsuhiro Tsujikawa
0cf6848646
clang-format-3.9
2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa
1a37044d3c
nghttpx: Use pre-allocated buffer for timestamp string
2016-10-11 22:32:26 +09:00
Tatsuhiro Tsujikawa
00a8c378d4
nghttpx: Add --backend-connect-timeout option
2016-10-10 22:50:41 +09:00
Tatsuhiro Tsujikawa
7549341081
Fix typo
2016-10-10 15:35:12 +09:00
Tatsuhiro Tsujikawa
5db8473f12
Fix build error with OpenSSL < 1.0.2 (again)
2016-10-09 19:34:32 +09:00
Tatsuhiro Tsujikawa
00b89f10bd
Fix build error with OpenSSL < 1.0.2
2016-10-09 18:54:18 +09:00
Tatsuhiro Tsujikawa
412c8f9e67
nghttpx: Add TLS signed_certificate_timestamp extension support
2016-10-09 18:43:36 +09:00
Tatsuhiro Tsujikawa
2795da840c
nghttpx: Apply timeout for incoming header block
2016-10-09 17:18:43 +09:00
Tatsuhiro Tsujikawa
175c7886ea
nghttpx: Update doc
2016-10-09 17:18:29 +09:00
Tatsuhiro Tsujikawa
4a4b2cf538
nghttpx: Embed Process into OCSPUpdateContext
2016-10-08 15:26:13 +09:00
Tatsuhiro Tsujikawa
2c2188c09d
nghttpx: Refactor ocsp command execution
...
We have now generic read-only command execution in shrpx_exec.{h,cc}.
2016-10-08 15:22:11 +09:00
Tatsuhiro Tsujikawa
cdb1d6b462
nghttpx: Add P-384 and P-521 to the default of --ecdh-curves option
2016-10-08 11:44:03 +09:00
Tatsuhiro Tsujikawa
1b4ccd0d51
nghttpx: Don't call get_config() repeatedly
2016-10-08 11:37:18 +09:00
Tatsuhiro Tsujikawa
8babaac8c3
nghttpx: Add --ecdh-curves option to specify list of named curves
...
This option requires OpenSSL >= 1.0.2. With OpenSSL 1.0.2, the
default value is "P-256". With OpenSSL 1.1.0 or later, the default
value is "X25519:P-256".
2016-10-08 10:50:56 +09:00
Tatsuhiro Tsujikawa
d1624d6929
h2load: Format default value of header table size with unit
2016-10-06 23:16:30 +09:00
Tatsuhiro Tsujikawa
e4472b5aec
h2load: Add --header-table-size and --encoder-header-table-size options
2016-10-06 22:26:31 +09:00
Tatsuhiro Tsujikawa
9439ba75d3
nghttpx: Fix heap-use-after-free when executing new binary
2016-10-04 00:32:02 +09:00
Tatsuhiro Tsujikawa
9254c563ca
Fix compile error with gcc
2016-10-03 22:52:14 +09:00
Tatsuhiro Tsujikawa
96ff3be5e6
nghttpx: Use allocator of new config since this may happen multiple times
2016-10-03 22:09:46 +09:00
Tatsuhiro Tsujikawa
3d5d76ba74
nghttpx: Update doc
2016-10-03 22:09:46 +09:00