Commit Graph

718 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 65e965791f shrpx: Replace strncpy + putting null with memcpy in ssl_pem_passwd_cb 2012-12-07 23:42:58 +09:00
Tatsuhiro Tsujikawa 06220f7fdf shrpx: Make is_secure() static 2012-12-07 23:14:20 +09:00
Raul Gutierrez Segales cbf8ccf7d1 [shrpx] read private key's passwd from a file
This avoids the need to provide the password for your
private key interactively.

It can be used via --private-key-passwd-file or private-key-passwd-file
in the given config file. The first line in the file
(without \n) will be treated as the passwd. There isn't
any validation and all lines after the first one (if any)
are ignored.

The security model behind this is a bit simplistic so I
am open to better ideas. Basically your password file
should be root:root (700) and you *should* drop root
and run as an unprivileged user.

If the file exists and a line can be read then a callback
will be set for the SSL ctxt and it'll feed the passwd
when the private key is read (if password is needed).

If the file exists with the wrong permisions it'll be
logged and ignored.
2012-12-03 21:55:32 -08:00
Tatsuhiro Tsujikawa f97110f092 spdycat, spdyd: Support SPDY without SSL/TLS
Use --no-tls option to disable SSL/TLS and specify SPDY protocol
version using -2 or -3.
2012-11-25 21:58:44 +09:00
Tatsuhiro Tsujikawa 58b1da39e3 Update REAME.rst 2012-11-24 20:28:07 +09:00
Tatsuhiro Tsujikawa 50211bc1ad shrpx: Replace "https" with "http" in log message in shrpx_https_upstream.cc 2012-11-23 21:30:57 +09:00
Tatsuhiro Tsujikawa 282b8b567a shrpx: Log upstream https request headers 2012-11-23 21:30:17 +09:00
Tatsuhiro Tsujikawa 8f62441112 src: Rewrite util::stripIter 2012-11-23 21:14:39 +09:00
Tatsuhiro Tsujikawa baf2dc3ddf shrpx: Add --backend-ipv4 and --backend-ipv6 options. 2012-11-23 21:11:01 +09:00
Tatsuhiro Tsujikawa df7023bd92 Update README.rst 2012-11-23 00:26:48 +09:00
Tatsuhiro Tsujikawa 7a21905312 shrpx: Remove Config ctor and fill all initial values in fill_default_config() 2012-11-22 23:35:10 +09:00
Tatsuhiro Tsujikawa c1332a35a5 shrpx: Add -v, --version option 2012-11-22 23:08:36 +09:00
Tatsuhiro Tsujikawa 774e64d2b4 shrpx: Group up options in -h output 2012-11-22 23:04:27 +09:00
Tatsuhiro Tsujikawa 9c70c1b867 shrpx: Code cleanup 2012-11-22 22:05:52 +09:00
Tatsuhiro Tsujikawa 4349d42988 shrpx: Add usage for <PRIVATE_KEY> <CERT> 2012-11-22 22:00:38 +09:00
Tatsuhiro Tsujikawa 9aa7af2c7f shrpx: Use SNI TLS extension in client mode 2012-11-22 21:51:11 +09:00
Tatsuhiro Tsujikawa d589f4c74c shrpx: Verify backend server's certificate in client mode
The -k, --insecure option is added to skip this verification.  The
system wide trusted CA certificates will be loaded at startup. The
--cacert option is added to specify the trusted CA certificate file.
2012-11-22 21:46:15 +09:00
Tatsuhiro Tsujikawa 8a5db1751e shrpx: Check the length of output buffer in write callback
Possibly because of deferred callback, we may get this callback when
the output buffer is not empty.
2012-11-22 03:13:30 +09:00
Tatsuhiro Tsujikawa 81adb6bc7f shrpx: Implement downstream SPDY flow control 2012-11-21 23:47:48 +09:00
Tatsuhiro Tsujikawa 0bf15a7694 Rename --client-mode as --client and add --client-proxy
With --client-proxy option, shrpx makes sure that the request path is
an absolute URI, otherwise it will return 400 status code.
2012-11-21 22:10:35 +09:00
Tatsuhiro Tsujikawa fa552c6788 shrpx: Share SPDY session among multiple frontend connections per thread
In client mode, now SPDY connection to the backend server is
established per thread.  The frontend connections which belong to the
same thread share the SPDY connection.
2012-11-21 01:29:39 +09:00
Tatsuhiro Tsujikawa ae30e7f71b shrpx: Split request path into SPDY specific headers 2012-11-19 21:40:59 +09:00
Tatsuhiro Tsujikawa bebea5e16a Update http-parser 2012-11-19 02:16:42 +09:00
Tatsuhiro Tsujikawa 542fd6420b Fix recursive HttpsUpstream::on_read() call
Don't call HttpsUpstream::resume_read() from the call tree of
on_read().  Avoid parsing next http data after parse error.
2012-11-19 02:11:46 +09:00
Tatsuhiro Tsujikawa 077275e783 Fix typo SPDY/3 2012-11-19 02:10:58 +09:00
Tatsuhiro Tsujikawa aa07076f29 shrpx: Don't propagate expect: 100-continue to backend 2012-11-18 23:49:41 +09:00
Tatsuhiro Tsujikawa 52c4d26927 shrpx: Deadlock with upload data in clinet mode 2012-11-18 23:48:55 +09:00
Tatsuhiro Tsujikawa 19bf97b3e5 Support x-forwarded-proto and x-forwarded-for in SpdyDownstreamConnection 2012-11-18 23:04:14 +09:00
Tatsuhiro Tsujikawa d29d033830 Update README.rst 2012-11-18 22:08:49 +09:00
Tatsuhiro Tsujikawa b2d530783e Update README.rst 2012-11-18 21:57:04 +09:00
Tatsuhiro Tsujikawa 026f4ca3a2 Add --client-mode option
With --client-mode option, shrpx now accepts unencrypted HTTP
connections and communicates with backend server in SPDY.  In short,
this is the "reversed" operation mode against normal mode.  This may
be useful for testing purpose because it can sit between HTTP client
and shrpx "normal" mode.
2012-11-18 21:46:07 +09:00
Tatsuhiro Tsujikawa aa64a7f7f5 Don't send response-body for 304 response 2012-11-18 21:22:08 +09:00
Tatsuhiro Tsujikawa d81827c073 Update GOAWAY INTERNAL_ERROR value according to SPDY/3 spec change 2012-11-14 21:17:04 +09:00
Tatsuhiro Tsujikawa 4748443899 shrpx: Log detailed error description in SSL code 2012-11-14 21:14:11 +09:00
Tatsuhiro Tsujikawa 8a2020362d tests: Use traditional C-style comments 2012-11-14 21:00:36 +09:00
Raul Gutierrez Segales 6f6f6ffc41 [shrpx] fix password handling for certs keys
We should only call daemon() after ListenHandler is
instantiated, where  SSL_CTX_use_PrivateKey_file is called,
otherwise we have no stdin/stdout to get the password for
keyfile.
2012-10-27 22:29:27 -07:00
Raul Gutierrez Segales 45f302f363 fedora: add spec file
We should probably make this spec file a template and integrate
it with our build process (make package?). Will follow-up with
that eventually.
2012-10-27 14:54:06 -07:00
Tatsuhiro Tsujikawa fdc19550fc spdyd: Open file with O_BINARY flag 2012-10-16 22:57:26 +09:00
Tatsuhiro Tsujikawa 22840dbfaf spdycat: Handle timeout in connect and SSL/TLS handshake 2012-10-14 23:39:41 +09:00
Tatsuhiro Tsujikawa a28e1c6e7d Add src/.gitignore and edit examples/.gitignore 2012-10-06 00:01:13 +09:00
Tatsuhiro Tsujikawa 2ea0c1c1b0 Add missing url_parser.c 2012-10-05 23:56:26 +09:00
Tatsuhiro Tsujikawa 46e7da2166 Get rid of flags member in spdylay_map 2012-10-05 23:41:49 +09:00
Tatsuhiro Tsujikawa 24e932dfa2 Iterative treap implementation
This change implements spdylay_map functions in iterative approach
instead of original recursive approach. The iterative version is
overall faster than recursive one. The traversal function
(spdylay_map_each) is slightly slower but it is not noticeable.
2012-10-05 00:46:03 +09:00
Tatsuhiro Tsujikawa 9378b74fc3 spdycat: Rewritten time_delta 2012-10-04 23:54:39 +09:00
Tatsuhiro Tsujikawa 53b7b0eda9 Bump up version number to 0.3.7-DEV 2012-10-02 23:04:41 +09:00
Tatsuhiro Tsujikawa 38cc7f06e6 Updated NEWS 2012-10-02 21:45:52 +09:00
Tatsuhiro Tsujikawa 6336524b6f Updated NEWS for 0.3.6 release 2012-10-01 23:07:19 +09:00
Tatsuhiro Tsujikawa 4db9dca183 Bump up version number to 0.3.6. Bump up LT version to 4:0:3 2012-10-01 23:01:56 +09:00
Tatsuhiro Tsujikawa c0577602d1 shrpx: Made SPDY/3 default protocol in SPDY proxy mode
The reason why we choose SPDY/2 as default for SPDY prxy was due to
Chrome's window update bug. Now its fix is available in Chrome stable,
we make SPDY/3 as default.
2012-10-01 23:01:44 +09:00
Tatsuhiro Tsujikawa e69947a054 Removed trailing spaces 2012-10-01 21:51:24 +09:00