shrpx:
* Added an option to set the TLS SNI extension between shrpx and the
origin on the command line
spdycat:
* If the user set an explicit host header ( using --headers ) use that
name for the TLS SNI extension.
* Added the handshake completion time to the verbose output
* The gettimeofday call in get_time was using the incorrect structure
( I believe )
* In update_html_parser it was submitting the request regardless of
the return value of add_request.
Patch from Stephen Ludin
This change fixes upstream RST_STREAM is blocked until
SpdyUpstream::send() is called. Now downstream REFUSED_STREAM is
propagated to upstream client so that client can reset request. The
RST_STREAM error code when downstream went wrong is changed from
CANCEL to INTERNAL_ERROR.
Now we set Downstream::set_response_connection_close(true) for
tunneled connections. Also call
Upstream::on_downstream_body_complete() callback when setting
MSG_COMPLETE in SpdySession when RST_STREAM is caught. Clean up EOF
handling in https_downstream_readcb.
Specify proxy URI in the form http://[USER:PASS]PROXY:PORT. USER and
PASS are optional and if they exist they must be properly
percent-encoded. This proxy is used when the backend connection is
SPDY. First, make a CONNECT request to the proxy and it connects to
the backend on behalf of shrpx. This forms tunnel. After that, shrpx
performs SSL/TLS handshake with the downstream through the tunnel. The
timeouts when connecting and making CONNECT request can be specified
by --backend-read-timeout and --backend-write-timeout options.
With --spdy-bridge option, it listens SPDY/HTTPS connections from
front end and forwards them to the backend in SPDY. The usage will be
written later. This change fixes the crash when more than 2
outstanding SpdyDownstreamConnection objects are added to SpdySession
and establishing connection to SPDY backend is failed.
INFO log and its surrounding code are now guarded by
LOG_ENABLED(SEVERITY) macro so that they don't run if log level
threshold is higher. This increases performance because log formatting
is somewhat expensive.
Added macros which log messages from the following components are
prefixed with their component name + object pointer address:
ListenHandler: LISTEN
ThreadEventReceiver: THREAD_RECV
Upstream: UPSTREAM
Downstream: DOWNSTREAM
DownstreamConnection: DCONN
SpdySession: DSPDY
The -k, --insecure option is added to skip this verification. The
system wide trusted CA certificates will be loaded at startup. The
--cacert option is added to specify the trusted CA certificate file.
In client mode, now SPDY connection to the backend server is
established per thread. The frontend connections which belong to the
same thread share the SPDY connection.