Commit Graph

5953 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 59c78d5809 nghttpx: Verify OCSP response using trusted CA certificates 2017-06-13 23:00:26 +09:00
Tatsuhiro Tsujikawa be164fc8f9 nghttpx: Set default minimum TLS version to TLSv1.2
Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers.  To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.
2017-06-12 23:54:12 +09:00
Tatsuhiro Tsujikawa 5833ef1efc Merge pull request #938 from benjaminp/fix-clean
fix cleaning in out-of-tree builds
2017-06-12 00:21:10 +09:00
Benjamin Peterson 28f88d46f3 fix cleaning in out-of-tree builds
The altered previously failed if the rst sources hadn't been copied over.
2017-06-11 00:03:36 -07:00
Tatsuhiro Tsujikawa 6ec7683991 nghttpx: Use nocopy version to send trailer headers to backend
It looks like we can use nocopy version here.  We use nocopy version
in frontend in day 1.
2017-06-02 22:38:39 +09:00
Tatsuhiro Tsujikawa fb2d8f79d6 Update doc 2017-06-02 22:22:44 +09:00
Tatsuhiro Tsujikawa 8f7fa1b1bf nghttpx: Fix crash in OCSP response verification 2017-05-30 23:52:38 +09:00
Tatsuhiro Tsujikawa e5889ce622 Bump up version number to 1.24.0-DEV 2017-05-26 23:07:50 +09:00
Tatsuhiro Tsujikawa 3a6f83394c Update bash_completion 2017-05-26 22:17:10 +09:00
Tatsuhiro Tsujikawa acf36f3d1a Update manual pages 2017-05-26 22:16:51 +09:00
Tatsuhiro Tsujikawa 63e6a8bab2 Bump up version number to 1.23.0, LT revision to 27:3:13 2017-05-26 21:37:28 +09:00
Tatsuhiro Tsujikawa 5361cc6bd1 Update authors 2017-05-26 21:34:43 +09:00
Tatsuhiro Tsujikawa cabac55394 Merge pull request #925 from sohamm17/patch-1
spelling mistake in arguments to build nghttp apps
2017-05-25 23:38:54 +09:00
Tatsuhiro Tsujikawa db7483ef10 Merge branch 'nghttpx-verify-ocsp' 2017-05-25 23:37:34 +09:00
Tatsuhiro Tsujikawa 4b51ccbefe examples: Attempt to fix OpenSSL link error 2017-05-25 23:24:44 +09:00
Tatsuhiro Tsujikawa 74c2f1257a nghttpx: Add --no-verify-ocsp to disable OCSP response verification 2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa 1428a5e3ae nghttpx: Verify OCSP response
At least we should make sure that the OCSP response is targeted to the
expected certificate.  This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ.  Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
Tatsuhiro Tsujikawa fe021c1524 Merge branch 'memchunk-no-unique-ptr' 2017-05-25 00:53:13 +09:00
Tatsuhiro Tsujikawa c57bf21306 src: memchunks: Don't use std::unique_ptr to avoid potential SO 2017-05-25 00:23:51 +09:00
Soham Sinha 1743b7d92d spelling mistake in arguments to build nghttp apps 2017-05-22 17:20:30 -04:00
Tatsuhiro Tsujikawa 7f31278c4c Update doc 2017-05-22 22:53:49 +09:00
Tatsuhiro Tsujikawa 8401e16a15 nghttpx: Fix compile error with gcc 2017-05-22 22:10:55 +09:00
Tatsuhiro Tsujikawa 07fb5854f3 nghttpx: Compile with openssl 1.0.2 2017-05-22 22:09:34 +09:00
Tatsuhiro Tsujikawa b56a99bfba Update bash_completion 2017-05-21 11:43:00 +09:00
Tatsuhiro Tsujikawa b91e4e4df1 Update manual pages 2017-05-21 11:42:46 +09:00
Tatsuhiro Tsujikawa 52a4d6ac31 Merge branch 'nghttpx-fix-cert-selection' 2017-05-21 11:26:12 +09:00
Tatsuhiro Tsujikawa 796ab87b14 nghttpx: Fix certificate selection based on pub key algorithm 2017-05-21 11:12:47 +09:00
Tatsuhiro Tsujikawa ed1fad3bd4 nghttpx: Call ERR_clear_error()
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
Tatsuhiro Tsujikawa 9c1876f542 nghttpx: Fix certificate indexing bug 2017-05-21 00:19:33 +09:00
Tatsuhiro Tsujikawa 7d111d9963 Merge pull request #923 from nghttp2/compile-with-disable-assert
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
Tatsuhiro Tsujikawa 8c2ce0cf3f Merge pull request #922 from nghttp2/nghttpx-ocsp-startup
nghttpx: Run OCSP at startup
2017-05-18 23:49:23 +09:00
Tatsuhiro Tsujikawa 1b442cb16f Compile with --disable-assert 2017-05-18 23:10:44 +09:00
Tatsuhiro Tsujikawa 2bf3680d87 Merge pull request #919 from projectgus/fix_ndebug_compile
nghttp2_session: Allow for compiling library with -DNDEBUG set
2017-05-18 22:37:51 +09:00
Tatsuhiro Tsujikawa 0d4f0f0db5 nghttpx: Run OCSP at startup
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish.  It does not matter
some of the attempts fail.  This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Angus Gratton e17ff8fd32 nghttp2_session: Allow for compiling library with -DNDEBUG set 2017-05-17 14:43:06 +10:00
Tatsuhiro Tsujikawa 14edd12304 nghttpx: Refactor the code for the anti-replay 2017-05-14 17:45:35 +09:00
Tatsuhiro Tsujikawa e6ffdb23a4 nghttpx: Share session_cache_ssl_ctx across threads 2017-05-14 17:43:11 +09:00
Tatsuhiro Tsujikawa 98fdedac06 Merge pull request #917 from Tapanito/patch-1
Update docs
2017-05-13 10:27:22 +09:00
Tapanito 255037264a updated docs 2017-05-12 16:35:44 +01:00
Tatsuhiro Tsujikawa d3fcbe9a02 Merge branch 'invalid-header-field-error' 2017-05-12 21:37:20 +09:00
Tatsuhiro Tsujikawa bcdd588c6e Merge branch 'nghttpx-wildcard-path-match' 2017-05-11 23:50:56 +09:00
Tatsuhiro Tsujikawa b5007d45f7 nghttpx: Wildcard path matching
This commit adds wildcard path matching.  If path pattern given in
backend option ends with "*", it is considered as wildcard path.  "*"
must match at least one character.  All paths which include wildcard
path without last "*" as prefix, and are strictly longer than wildcard
path without last "*" are matched.
2017-05-11 22:15:28 +09:00
Tatsuhiro Tsujikawa a584cf5a4f Use clang-format-4.0 2017-04-30 15:45:53 +09:00
Tatsuhiro Tsujikawa 77f7a2fa7f Update doc 2017-04-29 22:21:21 +09:00
Tatsuhiro Tsujikawa f2c539dc70 Clarify the effect of nghttp2_option_set_no_http_messaging 2017-04-29 21:00:20 +09:00
Tatsuhiro Tsujikawa 78d7160a99 Treat incoming invalid regular header field as stream error
Previously, the incoming invalid regular header field was ignored by
default.  With this commit, they are now treated as stream error, and
the stream is reset by default.  The error code used is now
PROTOCOL_ERROR, instead of INTERNAL_ERROR.
2017-04-28 23:46:06 +09:00
Tatsuhiro Tsujikawa 196673bbce nghttp: Remove unused short option 'g' 2017-04-28 22:39:12 +09:00
Tatsuhiro Tsujikawa 794d13082c Merge branch 'nghttp-no-verify-peer' 2017-04-28 22:36:23 +09:00
Tatsuhiro Tsujikawa 5f5cf4107e nghttpx: Reseve rcbufs_ 2017-04-28 22:31:09 +09:00
Tatsuhiro Tsujikawa 6f3ec54b9f nghttp: Add -y, --no-verify-peer option to suppress peer verify warn 2017-04-28 09:53:37 +09:00