Tatsuhiro Tsujikawa
59c78d5809
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-13 23:00:26 +09:00
Tatsuhiro Tsujikawa
be164fc8f9
nghttpx: Set default minimum TLS version to TLSv1.2
...
Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers. To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.
2017-06-12 23:54:12 +09:00
Tatsuhiro Tsujikawa
5833ef1efc
Merge pull request #938 from benjaminp/fix-clean
...
fix cleaning in out-of-tree builds
2017-06-12 00:21:10 +09:00
Benjamin Peterson
28f88d46f3
fix cleaning in out-of-tree builds
...
The altered previously failed if the rst sources hadn't been copied over.
2017-06-11 00:03:36 -07:00
Tatsuhiro Tsujikawa
6ec7683991
nghttpx: Use nocopy version to send trailer headers to backend
...
It looks like we can use nocopy version here. We use nocopy version
in frontend in day 1.
2017-06-02 22:38:39 +09:00
Tatsuhiro Tsujikawa
fb2d8f79d6
Update doc
2017-06-02 22:22:44 +09:00
Tatsuhiro Tsujikawa
8f7fa1b1bf
nghttpx: Fix crash in OCSP response verification
2017-05-30 23:52:38 +09:00
Tatsuhiro Tsujikawa
e5889ce622
Bump up version number to 1.24.0-DEV
2017-05-26 23:07:50 +09:00
Tatsuhiro Tsujikawa
3a6f83394c
Update bash_completion
2017-05-26 22:17:10 +09:00
Tatsuhiro Tsujikawa
acf36f3d1a
Update manual pages
2017-05-26 22:16:51 +09:00
Tatsuhiro Tsujikawa
63e6a8bab2
Bump up version number to 1.23.0, LT revision to 27:3:13
2017-05-26 21:37:28 +09:00
Tatsuhiro Tsujikawa
5361cc6bd1
Update authors
2017-05-26 21:34:43 +09:00
Tatsuhiro Tsujikawa
cabac55394
Merge pull request #925 from sohamm17/patch-1
...
spelling mistake in arguments to build nghttp apps
2017-05-25 23:38:54 +09:00
Tatsuhiro Tsujikawa
db7483ef10
Merge branch 'nghttpx-verify-ocsp'
2017-05-25 23:37:34 +09:00
Tatsuhiro Tsujikawa
4b51ccbefe
examples: Attempt to fix OpenSSL link error
2017-05-25 23:24:44 +09:00
Tatsuhiro Tsujikawa
74c2f1257a
nghttpx: Add --no-verify-ocsp to disable OCSP response verification
2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa
1428a5e3ae
nghttpx: Verify OCSP response
...
At least we should make sure that the OCSP response is targeted to the
expected certificate. This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ. Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
Tatsuhiro Tsujikawa
fe021c1524
Merge branch 'memchunk-no-unique-ptr'
2017-05-25 00:53:13 +09:00
Tatsuhiro Tsujikawa
c57bf21306
src: memchunks: Don't use std::unique_ptr to avoid potential SO
2017-05-25 00:23:51 +09:00
Soham Sinha
1743b7d92d
spelling mistake in arguments to build nghttp apps
2017-05-22 17:20:30 -04:00
Tatsuhiro Tsujikawa
7f31278c4c
Update doc
2017-05-22 22:53:49 +09:00
Tatsuhiro Tsujikawa
8401e16a15
nghttpx: Fix compile error with gcc
2017-05-22 22:10:55 +09:00
Tatsuhiro Tsujikawa
07fb5854f3
nghttpx: Compile with openssl 1.0.2
2017-05-22 22:09:34 +09:00
Tatsuhiro Tsujikawa
b56a99bfba
Update bash_completion
2017-05-21 11:43:00 +09:00
Tatsuhiro Tsujikawa
b91e4e4df1
Update manual pages
2017-05-21 11:42:46 +09:00
Tatsuhiro Tsujikawa
52a4d6ac31
Merge branch 'nghttpx-fix-cert-selection'
2017-05-21 11:26:12 +09:00
Tatsuhiro Tsujikawa
796ab87b14
nghttpx: Fix certificate selection based on pub key algorithm
2017-05-21 11:12:47 +09:00
Tatsuhiro Tsujikawa
ed1fad3bd4
nghttpx: Call ERR_clear_error()
...
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
Tatsuhiro Tsujikawa
9c1876f542
nghttpx: Fix certificate indexing bug
2017-05-21 00:19:33 +09:00
Tatsuhiro Tsujikawa
7d111d9963
Merge pull request #923 from nghttp2/compile-with-disable-assert
...
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
Tatsuhiro Tsujikawa
8c2ce0cf3f
Merge pull request #922 from nghttp2/nghttpx-ocsp-startup
...
nghttpx: Run OCSP at startup
2017-05-18 23:49:23 +09:00
Tatsuhiro Tsujikawa
1b442cb16f
Compile with --disable-assert
2017-05-18 23:10:44 +09:00
Tatsuhiro Tsujikawa
2bf3680d87
Merge pull request #919 from projectgus/fix_ndebug_compile
...
nghttp2_session: Allow for compiling library with -DNDEBUG set
2017-05-18 22:37:51 +09:00
Tatsuhiro Tsujikawa
0d4f0f0db5
nghttpx: Run OCSP at startup
...
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish. It does not matter
some of the attempts fail. This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Angus Gratton
e17ff8fd32
nghttp2_session: Allow for compiling library with -DNDEBUG set
2017-05-17 14:43:06 +10:00
Tatsuhiro Tsujikawa
14edd12304
nghttpx: Refactor the code for the anti-replay
2017-05-14 17:45:35 +09:00
Tatsuhiro Tsujikawa
e6ffdb23a4
nghttpx: Share session_cache_ssl_ctx across threads
2017-05-14 17:43:11 +09:00
Tatsuhiro Tsujikawa
98fdedac06
Merge pull request #917 from Tapanito/patch-1
...
Update docs
2017-05-13 10:27:22 +09:00
Tapanito
255037264a
updated docs
2017-05-12 16:35:44 +01:00
Tatsuhiro Tsujikawa
d3fcbe9a02
Merge branch 'invalid-header-field-error'
2017-05-12 21:37:20 +09:00
Tatsuhiro Tsujikawa
bcdd588c6e
Merge branch 'nghttpx-wildcard-path-match'
2017-05-11 23:50:56 +09:00
Tatsuhiro Tsujikawa
b5007d45f7
nghttpx: Wildcard path matching
...
This commit adds wildcard path matching. If path pattern given in
backend option ends with "*", it is considered as wildcard path. "*"
must match at least one character. All paths which include wildcard
path without last "*" as prefix, and are strictly longer than wildcard
path without last "*" are matched.
2017-05-11 22:15:28 +09:00
Tatsuhiro Tsujikawa
a584cf5a4f
Use clang-format-4.0
2017-04-30 15:45:53 +09:00
Tatsuhiro Tsujikawa
77f7a2fa7f
Update doc
2017-04-29 22:21:21 +09:00
Tatsuhiro Tsujikawa
f2c539dc70
Clarify the effect of nghttp2_option_set_no_http_messaging
2017-04-29 21:00:20 +09:00
Tatsuhiro Tsujikawa
78d7160a99
Treat incoming invalid regular header field as stream error
...
Previously, the incoming invalid regular header field was ignored by
default. With this commit, they are now treated as stream error, and
the stream is reset by default. The error code used is now
PROTOCOL_ERROR, instead of INTERNAL_ERROR.
2017-04-28 23:46:06 +09:00
Tatsuhiro Tsujikawa
196673bbce
nghttp: Remove unused short option 'g'
2017-04-28 22:39:12 +09:00
Tatsuhiro Tsujikawa
794d13082c
Merge branch 'nghttp-no-verify-peer'
2017-04-28 22:36:23 +09:00
Tatsuhiro Tsujikawa
5f5cf4107e
nghttpx: Reseve rcbufs_
2017-04-28 22:31:09 +09:00
Tatsuhiro Tsujikawa
6f3ec54b9f
nghttp: Add -y, --no-verify-peer option to suppress peer verify warn
2017-04-28 09:53:37 +09:00