Tatsuhiro Tsujikawa
9c7e54d9b5
nghttpx: Add client-ciphers option
...
Previously, ciphers option sets cipher list for both frontend and
backend TLS connections. With this commit, ciphers option only sets
cipher list for frontend connections. The new client-ciphers option
sets cipher list for backend connection.
2017-01-08 22:40:58 +09:00
Tatsuhiro Tsujikawa
36dfc0a56a
nghttpx: Reorganize client side TLS configuration
2017-01-08 22:25:30 +09:00
Tatsuhiro Tsujikawa
79a24f5dd9
nghttpx: Add --client-psk-secret option to enable PSK in backend
2017-01-08 00:35:55 +09:00
Tatsuhiro Tsujikawa
83c759572c
nghttpx: Add --psk-secret option to enable PSK in frontend connection
2017-01-08 00:35:54 +09:00
Tatsuhiro Tsujikawa
1a07fb000b
nghttpx: Enable SCT with OpenSSL 1.1.0
2017-01-06 21:29:04 +09:00
Tatsuhiro Tsujikawa
38b5cad4e3
nghttpx: Lookup backend host name dynamically
...
We have added "dns" parameter to backend option. If specified, name
lookup is done dynamically. If not, name lookup is done at start up,
or configuration reloading. nghttpx caches DNS result including error
case in 30 seconds in this commit. Later commit makes this
configurable.
DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
dalf
d448eb54f9
Fix compilation with BoringSSL
2016-10-27 10:00:52 +00:00
Tatsuhiro Tsujikawa
0cf6848646
clang-format-3.9
2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa
5db8473f12
Fix build error with OpenSSL < 1.0.2 (again)
2016-10-09 19:34:32 +09:00
Tatsuhiro Tsujikawa
00b89f10bd
Fix build error with OpenSSL < 1.0.2
2016-10-09 18:54:18 +09:00
Tatsuhiro Tsujikawa
412c8f9e67
nghttpx: Add TLS signed_certificate_timestamp extension support
2016-10-09 18:43:36 +09:00
Tatsuhiro Tsujikawa
1b4ccd0d51
nghttpx: Don't call get_config() repeatedly
2016-10-08 11:37:18 +09:00
Tatsuhiro Tsujikawa
8babaac8c3
nghttpx: Add --ecdh-curves option to specify list of named curves
...
This option requires OpenSSL >= 1.0.2. With OpenSSL 1.0.2, the
default value is "P-256". With OpenSSL 1.1.0 or later, the default
value is "X25519:P-256".
2016-10-08 10:50:56 +09:00
Tatsuhiro Tsujikawa
97843e3874
nghttpx: Use StringRef for tls_proto_list
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
5dd2704051
nghttpx: Use StringRef for tls.npn_list
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
99a91e3172
nghttpx: Add BlockAllocator to Config object
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
e1a865c406
nghttpx: Add BlockAllocator version of util::formax_hex
2016-10-02 22:28:42 +09:00
Tatsuhiro Tsujikawa
8a9810ed32
nghttpx: Add BlockAllocator to ClientHandler
2016-10-01 22:54:17 +09:00
Tatsuhiro Tsujikawa
e1dfff8929
Use std::atomic_* overloads for std::shared_ptr if available
2016-09-20 22:39:01 +09:00
Tatsuhiro Tsujikawa
a3a6b91c5f
src: Rename OPENSSL_101_API macro as OPENSSL_1_1_API
2016-09-11 00:38:20 +09:00
Tatsuhiro Tsujikawa
bc31146c1f
nghttpx: Add tls_sni to mruby Nghttpx::Env class
...
tls_sni returns TLS SNI value which client sent in this TLS
connection.
2016-09-10 22:08:34 +09:00
Tatsuhiro Tsujikawa
6ba1abac6c
src: Only consider openssl 1.1.0 final
2016-08-27 00:45:16 +09:00
Tatsuhiro Tsujikawa
0110d2f9f8
Fix compile error with openssl 1.1.0
2016-08-27 00:02:03 +09:00
Tatsuhiro Tsujikawa
e2906025c8
nghttpx: Don't exit from save_pid and set_alpn_prefs
2016-07-31 20:35:10 +09:00
Tatsuhiro Tsujikawa
903e0077aa
nghttpx: Fix build error with libressl
2016-06-27 22:29:07 +09:00
Tatsuhiro Tsujikawa
aced5b3b6c
nghttpx: Fix memory leak from CertLookupTree
2016-06-25 23:47:22 +09:00
Tatsuhiro Tsujikawa
97d8bb16e6
nghttpx: Update doc
2016-06-25 23:37:29 +09:00
Tatsuhiro Tsujikawa
3e14f0d8a5
nghttpx: Fix compile error with openssl 1.0.1
...
openssl lacks SSL_CTX_get0_certificates().
2016-06-25 23:35:37 +09:00
Tatsuhiro Tsujikawa
f7c0d48152
nghttpx: Rewrite CertLookupTree using Router
2016-06-25 22:52:01 +09:00
Tatsuhiro Tsujikawa
845aa7a710
nghttpx: Share downstream config object
...
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
Tatsuhiro Tsujikawa
2a4bf9f615
nghttpx: Allow mixed protocol and TLS settings among backends under same pattern
2016-05-24 23:36:43 +09:00
Tatsuhiro Tsujikawa
6d22898936
src: Compile with OpenSSL 1.1.0-pre5
...
* don't use CRYPTO_LOCK stuff (they are sorted out by openssl, and no
application intervention is required, just like boringSSL)
* don't use OPENSSL_config
* use provided API to access BIO member
2016-05-07 16:18:58 +09:00
Tatsuhiro Tsujikawa
fd801864e3
nghttpx: Add sni keyword to --backend option
...
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option. But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
Tatsuhiro Tsujikawa
4aa4fe56e1
nghttpx: Destroy SSL object, and always lookup TLS session cache
2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa
b39ad3135d
nghttpx: Don't use CN if we have dNSName or iPAddress field
2016-04-26 22:32:55 +09:00
Tatsuhiro Tsujikawa
bc2b941866
nghttpx: Wildcard match for CN
2016-04-21 22:53:07 +09:00
Tatsuhiro Tsujikawa
9b81eec944
nghttpx: Remove trailing "." from SAN DNS name and CN
2016-04-21 22:44:26 +09:00
Tatsuhiro Tsujikawa
3e6c38e3be
src: Made strieq(T, S) template
2016-03-25 22:45:33 +09:00
Tatsuhiro Tsujikawa
a46c815e4e
src: StringRef-fy
2016-03-25 01:41:06 +09:00
Tatsuhiro Tsujikawa
186d440168
nghttpx: More StringRef-fy
2016-03-25 01:19:42 +09:00
Tatsuhiro Tsujikawa
0875e66aab
src: Remove streq(const char *) overload
2016-03-25 00:02:07 +09:00
Tatsuhiro Tsujikawa
4dfae3484f
nghttpx: Refactor CertLookupTree interface
2016-03-24 23:35:15 +09:00
Tatsuhiro Tsujikawa
372123c178
nghttpx: Remove strieq(const char*, cosnt char*) overload, and fix unittests
2016-03-24 23:34:56 +09:00
Tatsuhiro Tsujikawa
eec0b04a33
nghttpx: Enable/disable TLS per frontend address
...
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option. We removed --frontend-no-tls in
favor of this new feature.
2016-03-23 23:56:09 +09:00
Tatsuhiro Tsujikawa
58b06f32a2
nghttpx: Configure TLS per backend routing pattern
...
We added "tls" parameter to --backend option to enable TLS on that
backend connection. --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
Tatsuhiro Tsujikawa
478fde5fef
nghttpx: Fix compile error
2016-02-29 01:16:45 +09:00
Tatsuhiro Tsujikawa
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa
f2a7275700
nghttpx: Cache TLS session inside DownstreamAddr object
2016-02-21 16:35:43 +09:00
Tatsuhiro Tsujikawa
67804cfc8c
nghttpx: Use ImmutableString for ciphers
2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa
2344932b45
nghttpx: Use ImmutableString for dh_param_file
2016-02-14 22:17:10 +09:00