Commit Graph

204 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 9c7e54d9b5 nghttpx: Add client-ciphers option
Previously, ciphers option sets cipher list for both frontend and
backend TLS connections.  With this commit, ciphers option only sets
cipher list for frontend connections.  The new client-ciphers option
sets cipher list for backend connection.
2017-01-08 22:40:58 +09:00
Tatsuhiro Tsujikawa 36dfc0a56a nghttpx: Reorganize client side TLS configuration 2017-01-08 22:25:30 +09:00
Tatsuhiro Tsujikawa 79a24f5dd9 nghttpx: Add --client-psk-secret option to enable PSK in backend 2017-01-08 00:35:55 +09:00
Tatsuhiro Tsujikawa 83c759572c nghttpx: Add --psk-secret option to enable PSK in frontend connection 2017-01-08 00:35:54 +09:00
Tatsuhiro Tsujikawa 1a07fb000b nghttpx: Enable SCT with OpenSSL 1.1.0 2017-01-06 21:29:04 +09:00
Tatsuhiro Tsujikawa 38b5cad4e3 nghttpx: Lookup backend host name dynamically
We have added "dns" parameter to backend option.  If specified, name
lookup is done dynamically.  If not, name lookup is done at start up,
or configuration reloading.  nghttpx caches DNS result including error
case in 30 seconds in this commit.  Later commit makes this
configurable.

DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
dalf d448eb54f9 Fix compilation with BoringSSL 2016-10-27 10:00:52 +00:00
Tatsuhiro Tsujikawa 0cf6848646 clang-format-3.9 2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa 5db8473f12 Fix build error with OpenSSL < 1.0.2 (again) 2016-10-09 19:34:32 +09:00
Tatsuhiro Tsujikawa 00b89f10bd Fix build error with OpenSSL < 1.0.2 2016-10-09 18:54:18 +09:00
Tatsuhiro Tsujikawa 412c8f9e67 nghttpx: Add TLS signed_certificate_timestamp extension support 2016-10-09 18:43:36 +09:00
Tatsuhiro Tsujikawa 1b4ccd0d51 nghttpx: Don't call get_config() repeatedly 2016-10-08 11:37:18 +09:00
Tatsuhiro Tsujikawa 8babaac8c3 nghttpx: Add --ecdh-curves option to specify list of named curves
This option requires OpenSSL >= 1.0.2.  With OpenSSL 1.0.2, the
default value is "P-256".  With OpenSSL 1.1.0 or later, the default
value is "X25519:P-256".
2016-10-08 10:50:56 +09:00
Tatsuhiro Tsujikawa 97843e3874 nghttpx: Use StringRef for tls_proto_list 2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa 5dd2704051 nghttpx: Use StringRef for tls.npn_list 2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa 99a91e3172 nghttpx: Add BlockAllocator to Config object 2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa e1a865c406 nghttpx: Add BlockAllocator version of util::formax_hex 2016-10-02 22:28:42 +09:00
Tatsuhiro Tsujikawa 8a9810ed32 nghttpx: Add BlockAllocator to ClientHandler 2016-10-01 22:54:17 +09:00
Tatsuhiro Tsujikawa e1dfff8929 Use std::atomic_* overloads for std::shared_ptr if available 2016-09-20 22:39:01 +09:00
Tatsuhiro Tsujikawa a3a6b91c5f src: Rename OPENSSL_101_API macro as OPENSSL_1_1_API 2016-09-11 00:38:20 +09:00
Tatsuhiro Tsujikawa bc31146c1f nghttpx: Add tls_sni to mruby Nghttpx::Env class
tls_sni returns TLS SNI value which client sent in this TLS
connection.
2016-09-10 22:08:34 +09:00
Tatsuhiro Tsujikawa 6ba1abac6c src: Only consider openssl 1.1.0 final 2016-08-27 00:45:16 +09:00
Tatsuhiro Tsujikawa 0110d2f9f8 Fix compile error with openssl 1.1.0 2016-08-27 00:02:03 +09:00
Tatsuhiro Tsujikawa e2906025c8 nghttpx: Don't exit from save_pid and set_alpn_prefs 2016-07-31 20:35:10 +09:00
Tatsuhiro Tsujikawa 903e0077aa nghttpx: Fix build error with libressl 2016-06-27 22:29:07 +09:00
Tatsuhiro Tsujikawa aced5b3b6c nghttpx: Fix memory leak from CertLookupTree 2016-06-25 23:47:22 +09:00
Tatsuhiro Tsujikawa 97d8bb16e6 nghttpx: Update doc 2016-06-25 23:37:29 +09:00
Tatsuhiro Tsujikawa 3e14f0d8a5 nghttpx: Fix compile error with openssl 1.0.1
openssl lacks SSL_CTX_get0_certificates().
2016-06-25 23:35:37 +09:00
Tatsuhiro Tsujikawa f7c0d48152 nghttpx: Rewrite CertLookupTree using Router 2016-06-25 22:52:01 +09:00
Tatsuhiro Tsujikawa 845aa7a710 nghttpx: Share downstream config object
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
Tatsuhiro Tsujikawa 2a4bf9f615 nghttpx: Allow mixed protocol and TLS settings among backends under same pattern 2016-05-24 23:36:43 +09:00
Tatsuhiro Tsujikawa 6d22898936 src: Compile with OpenSSL 1.1.0-pre5
* don't use CRYPTO_LOCK stuff (they are sorted out by openssl, and no
  application intervention is required, just like boringSSL)
* don't use OPENSSL_config
* use provided API to access BIO member
2016-05-07 16:18:58 +09:00
Tatsuhiro Tsujikawa fd801864e3 nghttpx: Add sni keyword to --backend option
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option.  But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
Tatsuhiro Tsujikawa 4aa4fe56e1 nghttpx: Destroy SSL object, and always lookup TLS session cache 2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa b39ad3135d nghttpx: Don't use CN if we have dNSName or iPAddress field 2016-04-26 22:32:55 +09:00
Tatsuhiro Tsujikawa bc2b941866 nghttpx: Wildcard match for CN 2016-04-21 22:53:07 +09:00
Tatsuhiro Tsujikawa 9b81eec944 nghttpx: Remove trailing "." from SAN DNS name and CN 2016-04-21 22:44:26 +09:00
Tatsuhiro Tsujikawa 3e6c38e3be src: Made strieq(T, S) template 2016-03-25 22:45:33 +09:00
Tatsuhiro Tsujikawa a46c815e4e src: StringRef-fy 2016-03-25 01:41:06 +09:00
Tatsuhiro Tsujikawa 186d440168 nghttpx: More StringRef-fy 2016-03-25 01:19:42 +09:00
Tatsuhiro Tsujikawa 0875e66aab src: Remove streq(const char *) overload 2016-03-25 00:02:07 +09:00
Tatsuhiro Tsujikawa 4dfae3484f nghttpx: Refactor CertLookupTree interface 2016-03-24 23:35:15 +09:00
Tatsuhiro Tsujikawa 372123c178 nghttpx: Remove strieq(const char*, cosnt char*) overload, and fix unittests 2016-03-24 23:34:56 +09:00
Tatsuhiro Tsujikawa eec0b04a33 nghttpx: Enable/disable TLS per frontend address
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option.  We removed --frontend-no-tls in
favor of this new feature.
2016-03-23 23:56:09 +09:00
Tatsuhiro Tsujikawa 58b06f32a2 nghttpx: Configure TLS per backend routing pattern
We added "tls" parameter to --backend option to enable TLS on that
backend connection.  --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
Tatsuhiro Tsujikawa 478fde5fef nghttpx: Fix compile error 2016-02-29 01:16:45 +09:00
Tatsuhiro Tsujikawa 1832f78684 nghttpx: Move downstream proto to DownstreamAddrGroup 2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa f2a7275700 nghttpx: Cache TLS session inside DownstreamAddr object 2016-02-21 16:35:43 +09:00
Tatsuhiro Tsujikawa 67804cfc8c nghttpx: Use ImmutableString for ciphers 2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa 2344932b45 nghttpx: Use ImmutableString for dh_param_file 2016-02-14 22:17:10 +09:00