Commit Graph

23 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa e5b84fad09 nghttpx: Fix bug that old config is used during reloading config 2017-02-16 22:46:22 +09:00
Tatsuhiro Tsujikawa 68a724cf7b nghttpx: Select certificate by client's supported signature algo
nghttpx supports multiple certificates using --subcert option.
Previously, SNI hostname is used to select certificate.  With this
commit, signature algorithm presented by client is also taken into
consideration.  nghttpx now accepts certificates which share the same
hostname (CN, SAN), but have different signature algorithm (e.g.,
ECDSA+SHA256, RSA+SHA256).

Currently, this feature requires OpenSSL >= 1.0.2.  BoringSSL, and
LibreSSL do not work since they lack required APIs.
2017-02-04 23:37:24 +09:00
Tatsuhiro Tsujikawa 0cf6848646 clang-format-3.9 2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa 65095c448d nghttpx: Fix compile error with gcc -Werror=comment 2016-06-25 23:57:40 +09:00
Tatsuhiro Tsujikawa 76e188e368 nghttpx: Fix compile error with gcc 2016-06-25 23:57:26 +09:00
Tatsuhiro Tsujikawa 3e14f0d8a5 nghttpx: Fix compile error with openssl 1.0.1
openssl lacks SSL_CTX_get0_certificates().
2016-06-25 23:35:37 +09:00
Tatsuhiro Tsujikawa f7c0d48152 nghttpx: Rewrite CertLookupTree using Router 2016-06-25 22:52:01 +09:00
Tatsuhiro Tsujikawa 9272e80fa6 nghttpx: Fix compile error on travis 2016-03-25 02:28:10 +09:00
Tatsuhiro Tsujikawa 4dfae3484f nghttpx: Refactor CertLookupTree interface 2016-03-24 23:35:15 +09:00
Tatsuhiro Tsujikawa 372123c178 nghttpx: Remove strieq(const char*, cosnt char*) overload, and fix unittests 2016-03-24 23:34:56 +09:00
Tatsuhiro Tsujikawa dbbf3a4a10 nghttpx: Refactor TLS hostname match 2016-01-16 23:54:21 +09:00
Tatsuhiro Tsujikawa c6ef1c02b9 Switch to clang-format-3.6 2015-11-13 00:53:29 +09:00
Tatsuhiro Tsujikawa 6ff67ae869 src: Move array_size to nghttp2 namespace 2015-02-06 22:44:09 +09:00
Tatsuhiro Tsujikawa b165775811 nghttpx: Refactor CertLookupTree 2015-02-06 21:25:43 +09:00
Tatsuhiro Tsujikawa b1f807abd1 Reformat lines with clang-format-3.5 2014-11-27 23:56:30 +09:00
Tatsuhiro Tsujikawa 8890e593e6 src: Add util::array_size 2014-08-28 00:45:12 +09:00
Tatsuhiro Tsujikawa ab2dc5967d Replace HTTP/2.0 with HTTP/2 2014-03-30 19:26:37 +09:00
Tatsuhiro Tsujikawa c531e691fc src: Use SSLv23_method for tests 2014-01-06 16:07:18 +09:00
Tatsuhiro Tsujikawa 0edce70343 Rebranding nghttp2 2013-07-13 00:43:06 +09:00
Tatsuhiro Tsujikawa 64fcac48b7 shrpx: Fix bug in building certificate lookup tree 2013-02-16 17:51:38 +09:00
Tatsuhiro Tsujikawa c8167234fa shrpx: Fix bug in certificate lookup 2013-02-16 02:33:16 +09:00
Tatsuhiro Tsujikawa 291cbc639b shrpx: Use patricia trie for cert lookup 2013-02-14 00:28:55 +09:00
Tatsuhiro Tsujikawa b18af854af shrpx: Add --subcert option to add additional certificate/private key
This option specifies additional certificate and private key
file. Shrpx will choose certificates based on the hostname indicated
by client using TLS SNI extension. This option can be used multiple
times.
2013-02-06 23:41:28 +09:00