f3e1dc7a4f
nghttpx: Structured TLS related configurations
2016-01-18 14:21:09 +09:00
3d5f5b6a28
nghttpx: Fix compiler warning
2016-01-17 18:27:25 +09:00
4f07db8bcb
src: Rename our new string classes
2016-01-17 11:33:45 +09:00
2c7ed01f0c
nghttpx: Use std::string for Downstream::backend_tls_sni_name
2016-01-17 01:00:15 +09:00
34d5382d66
nghttpx: Use VString for DownstreamAddr::host and hostport to remember size
2016-01-17 00:52:41 +09:00
dbbf3a4a10
nghttpx: Refactor TLS hostname match
2016-01-16 23:54:21 +09:00
248a64f0b2
Compile with OpenSSL 1.1.0-pre1
2015-12-14 21:12:25 +09:00
d867fe64e3
src: Rename endsWith as ends_with
2015-11-28 00:42:51 +09:00
de247f7d33
src: Rename startsWith as starts_with
2015-11-28 00:42:51 +09:00
c6ef1c02b9
Switch to clang-format-3.6
2015-11-13 00:53:29 +09:00
9b18e47671
nghttpx: Use --backend-tls-sni-field to verify certificate hostname
2015-11-08 00:22:44 +09:00
f0d2c9f94b
Compile with BoringSSL
...
Compile with BoringSSL except for neverbleed and libnghttp2_asio. The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL. The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
566b0476d7
nghttpx: Enable neverbleed for client private key; don't run nb without TLS
2015-09-26 21:28:46 +09:00
044385ab6e
Add neverbleed support
...
neverbleed is disabled by default. To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
c44587a70c
nghttpx: Use _Exit when exiting from child process
2015-09-24 23:57:24 +09:00
84f96a2fd5
Do not try to set TCP_NODELAY when frontend is an UNIX socket
...
This silences warning log that otherwise spams logs on every accepted
connection.
2015-09-23 12:22:34 +02:00
36d562927f
nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS connection
2015-08-23 23:03:29 +09:00
1c12606e70
nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection
2015-08-19 23:42:43 +09:00
b8f05c89bd
nghttpx: App data in SSL is Connection, not ClientHandler
2015-08-13 00:42:59 +09:00
ff44e211ed
nghttpx: Fix tls handshake bug
...
This fixes 2 things:
1. potential busy loop
2. disabling ticket is not working after resumption
2015-08-09 18:33:49 +09:00
d0a37d59a5
nghttpx: Disable TLS session ticket if ticket key is not available
2015-07-29 20:38:49 +09:00
a1288a5826
nghttpx: Rename --tls-ticket-cipher as --tls-ticket-key-cipher
2015-07-28 23:49:37 +09:00
a4a9cfd650
nghttpx: Change session cache key prefix
2015-07-27 21:18:12 +09:00
bb228c27de
Merge branch 'master' into memcached
...
Conflicts:
src/shrpx_ssl.cc
2015-07-27 21:16:02 +09:00
7152e0f6b8
nghttpx: Fix bug that decrypt only key is not considered
2015-07-27 21:13:02 +09:00
e3cdfd12ea
nghttpx: Use std::array for TicketKey
2015-07-27 02:12:07 +09:00
cd25c6846e
nghttpx: Create struct Address which holds struct sockaddr_union and length
2015-07-27 01:41:10 +09:00
90b4b48c7e
nghttpx: Add shared session cache using memcached
2015-07-26 23:33:06 +09:00
adec2c06bf
nghttpx: Set SSL/TLS session timeout to 12 hours
2015-07-24 23:59:19 +09:00
04bd25d468
nghttpx: Simplify ticket handling between workers just using mutex
2015-07-23 23:13:29 +09:00
a8574fdef2
nghttpx: Use Use std::string instead of std::unique_ptr<char[]> for tls config
2015-07-20 23:15:01 +09:00
dd8ce1e9d2
nghttpx: Use std::unique_ptr<char[]> instead of raw char pointer
2015-07-20 21:37:23 +09:00
e8167ceea7
nghttpx: Add AES-256-CBC encryption for TLS session ticket
2015-07-18 02:02:33 +09:00
6307f96fb3
nghttpx: Enable host-path backend routing in HTTP/2 backend
...
To achieve host-path backend routing, we changed behaviour of
--backend-http2-connections-per-worker. It now sets the number of
HTTP/2 physical connections per pattern group if pattern is used in -b
option.
Fixes GH-292
2015-07-12 23:02:30 +09:00
3119fc259c
Select backend based on request host and path by extending -b option
...
-b option syntax is now <HOST>,<PORT>[;<PATTERN>[:...]]. The optional
<PATTERN>s specify the request host and path it is used for. The
<PATTERN> can contain path, host + path or host. The matching rule is
closely designed to ServeMux in Go programming language.
2015-07-11 00:15:52 +09:00
301df2a856
src: Disable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
2015-06-22 23:26:45 +09:00
532bffdb01
nghttpx: Minimize critical section for shared ocsp response
2015-06-12 21:27:12 +09:00
34efc6b7a4
More constexpr
2015-05-29 22:36:05 +09:00
0479f833fc
Revert "nghttpx: Remove last write/read fields for TLS"
...
This reverts commit 585af93828
2015-05-15 22:20:15 +09:00
38cfc5c47c
Check more headers and funcs
2015-05-13 23:29:20 +09:00
d247470da2
nghttpx: Rewrite ocsp without thread
...
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
2015-04-09 01:03:28 +09:00
4bc9afe20a
nghttpx: Add OCSP stapling feature
2015-03-30 23:58:28 +09:00
585af93828
nghttpx: Remove last write/read fields for TLS
...
It seems that we don't care about this since we don't change buffer
pointer between would-block write/read and next write/read. Somehow
we decided we need these fields. As a precaution, we set
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER in SSL_set_mode() for both server
and client contexts.
2015-03-10 00:11:11 +09:00
ae0100a9ab
nghttpx: Refactor worker interface
2015-02-11 22:49:03 +09:00
b4b2ddad3b
src: Rewrite defer function template
2015-02-06 23:27:15 +09:00
6ff67ae869
src: Move array_size to nghttp2 namespace
2015-02-06 22:44:09 +09:00
b165775811
nghttpx: Refactor CertLookupTree
2015-02-06 21:25:43 +09:00
b2fb888363
Share I/O code with all upstreams/downstream objects
2015-02-05 03:05:34 +09:00
4b58b25c19
nghttpx: Refactor code to build cert_tree, add SNI test
2015-01-25 15:36:14 +09:00
0f4b0966ef
nghttpx: Merge all options settings in one SSL_CTX_set_options
2015-01-23 23:32:01 +09:00
Tatsuhiro Tsujikawa
Janusz Dziemidowicz