372123c178
nghttpx: Remove strieq(const char*, cosnt char*) overload, and fix unittests
2016-03-24 23:34:56 +09:00
eec0b04a33
nghttpx: Enable/disable TLS per frontend address
...
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option. We removed --frontend-no-tls in
favor of this new feature.
2016-03-23 23:56:09 +09:00
58b06f32a2
nghttpx: Configure TLS per backend routing pattern
...
We added "tls" parameter to --backend option to enable TLS on that
backend connection. --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
478fde5fef
nghttpx: Fix compile error
2016-02-29 01:16:45 +09:00
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
f2a7275700
nghttpx: Cache TLS session inside DownstreamAddr object
2016-02-21 16:35:43 +09:00
67804cfc8c
nghttpx: Use ImmutableString for ciphers
2016-02-14 22:17:10 +09:00
2344932b45
nghttpx: Use ImmutableString for dh_param_file
2016-02-14 22:17:10 +09:00
35ebdd35bc
nghttpx: Use ImmutableString for private_key_file
2016-02-14 22:17:10 +09:00
ac81003669
nghttpx: Use ImmutableString for cert_file
2016-02-14 22:17:10 +09:00
c999987baf
nghttpx: Use ImmutableString for private_key_file
2016-02-14 22:17:10 +09:00
529a59d309
nghttpx: Use ImmutableString for tls.client_verify.cacert
2016-02-14 22:17:10 +09:00
52f6417813
nghttpx: Use ImmutableString for tls.cacert
2016-02-14 22:17:00 +09:00
bfc26e8299
nghttpx: Use ImmutableString to store memcached server host
2016-02-14 20:59:10 +09:00
3297a303bf
nghttpx: Add client auth options for session cache memcached TLS connection
2016-02-13 18:46:07 +09:00
f1580f95d4
nghttpx: Add TLS support for session cache memcached connection
2016-02-13 18:46:07 +09:00
82f942c3a3
nghttpx: Parameterize configuration values for client side TLS context
2016-02-11 18:34:31 +09:00
6d49110a33
Rename FrontendAddr as UpstreamAddr
2016-02-07 17:51:53 +09:00
2e38208d74
nghttpx: Fixups for HTTP/1 backend TLS support
2016-02-07 17:43:30 +09:00
bb4e2f6a24
nghttpx: Add TLS support for HTTP/1 backend
2016-02-07 17:43:30 +09:00
5e9bcbec9a
nghttpx: Fix bug that IPv6 address in Forwarded "for" is not quoted-string
2016-02-01 23:29:17 +09:00
aa07fe7fa6
nghttpx: Support multiple frontend addresses
...
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
9ac3e643d8
Revert "nghttpx: Add --curves option to specify supported elliptic curves"
...
This reverts commit e278893b64
2016-01-21 19:50:38 +09:00
e278893b64
nghttpx: Add --curves option to specify supported elliptic curves
2016-01-21 18:23:13 +09:00
db8de490a0
nghttpx: Omit Forwarded for and by parameter if UNIX domain socket is used
2016-01-19 23:26:04 +09:00
0402481be4
nghttpx: Organize connection related configuration into struct
2016-01-19 16:56:12 +09:00
f3e1dc7a4f
nghttpx: Structured TLS related configurations
2016-01-18 14:21:09 +09:00
3d5f5b6a28
nghttpx: Fix compiler warning
2016-01-17 18:27:25 +09:00
4f07db8bcb
src: Rename our new string classes
2016-01-17 11:33:45 +09:00
2c7ed01f0c
nghttpx: Use std::string for Downstream::backend_tls_sni_name
2016-01-17 01:00:15 +09:00
34d5382d66
nghttpx: Use VString for DownstreamAddr::host and hostport to remember size
2016-01-17 00:52:41 +09:00
dbbf3a4a10
nghttpx: Refactor TLS hostname match
2016-01-16 23:54:21 +09:00
248a64f0b2
Compile with OpenSSL 1.1.0-pre1
2015-12-14 21:12:25 +09:00
d867fe64e3
src: Rename endsWith as ends_with
2015-11-28 00:42:51 +09:00
de247f7d33
src: Rename startsWith as starts_with
2015-11-28 00:42:51 +09:00
c6ef1c02b9
Switch to clang-format-3.6
2015-11-13 00:53:29 +09:00
9b18e47671
nghttpx: Use --backend-tls-sni-field to verify certificate hostname
2015-11-08 00:22:44 +09:00
f0d2c9f94b
Compile with BoringSSL
...
Compile with BoringSSL except for neverbleed and libnghttp2_asio. The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL. The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
566b0476d7
nghttpx: Enable neverbleed for client private key; don't run nb without TLS
2015-09-26 21:28:46 +09:00
044385ab6e
Add neverbleed support
...
neverbleed is disabled by default. To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
c44587a70c
nghttpx: Use _Exit when exiting from child process
2015-09-24 23:57:24 +09:00
84f96a2fd5
Do not try to set TCP_NODELAY when frontend is an UNIX socket
...
This silences warning log that otherwise spams logs on every accepted
connection.
2015-09-23 12:22:34 +02:00
36d562927f
nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS connection
2015-08-23 23:03:29 +09:00
1c12606e70
nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection
2015-08-19 23:42:43 +09:00
b8f05c89bd
nghttpx: App data in SSL is Connection, not ClientHandler
2015-08-13 00:42:59 +09:00
ff44e211ed
nghttpx: Fix tls handshake bug
...
This fixes 2 things:
1. potential busy loop
2. disabling ticket is not working after resumption
2015-08-09 18:33:49 +09:00
d0a37d59a5
nghttpx: Disable TLS session ticket if ticket key is not available
2015-07-29 20:38:49 +09:00
a1288a5826
nghttpx: Rename --tls-ticket-cipher as --tls-ticket-key-cipher
2015-07-28 23:49:37 +09:00
a4a9cfd650
nghttpx: Change session cache key prefix
2015-07-27 21:18:12 +09:00
bb228c27de
Merge branch 'master' into memcached
...
Conflicts:
src/shrpx_ssl.cc
2015-07-27 21:16:02 +09:00
Tatsuhiro Tsujikawa
Janusz Dziemidowicz