Commit Graph

3238 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 3dbe3b3e7f Follow ngtcp2 API changes and use libngtcp2_crypto_openssl 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 7aa4bff97b quic: Support TLS_AES_128_CCM_SHA256 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 6002fac9f1 h2load: Add --tls13-ciphers option 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa c3eb7e1634 Handle preferred address 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 05a6ee2b49 Show ngtcp2 debug log with --verbose 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 94d76c042d h2load: Add --groups option 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 23ccaa6191 Always call write_quic when timer expires 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 476e9d0a48 h3-22 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 7cd5ed6fc6 Handle Retry 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 750c23f319 quic: Configure settings with options 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa bb36df8b2e h2load: Fix possible deadlock 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 9c748d20d5 [WIP] Add QUIC to h2load 2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa 80c9c705b8
Merge pull request #1607 from nghttp2/dnf
Add "dnf" (= "do not forward") parameter to backend option
2021-08-14 17:35:20 +09:00
Tatsuhiro Tsujikawa 138419d232 Add "dnf" (= "do not forward") parameter to backend option 2021-08-14 17:16:21 +09:00
lhuang04 c2d4a53b67 Fix prototype mismatch for function 'file_read_callback'
Summary:
The [data_flags](https://github.com/lhuang04/nghttp2/blob/master/src/HttpServer.cc#L1078) is defined as `uint32_t*` in definition, but delared as [int*](https://github.com/lhuang04/nghttp2/blob/master/src/HttpServer.h#L245) in the prototype.

```
stderr: error: no previous prototype for function 'file_read_callback' [-Werror,-Wmissing-prototypes]
ssize_t file_read_callback(nghttp2_session *session, int32_t stream_id,
        ^
```

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
2021-08-07 07:24:21 -07:00
Tatsuhiro Tsujikawa 29cbf8b83f clang-format-12 2021-08-04 15:04:58 +09:00
Tatsuhiro Tsujikawa fa16e66a6d nghttpx: Fix max distance in weight group/address cycle comparison 2021-07-14 23:26:33 +09:00
Tatsuhiro Tsujikawa 40af31da4c nghttpx: Set connect_blocker and live_check after shuffling addresses 2021-07-14 23:09:28 +09:00
Tatsuhiro Tsujikawa 43a47aa08b Do not return HPE_USER from where it is prohibited 2021-05-13 13:59:44 +09:00
Tatsuhiro Tsujikawa cef458c31c Replace black-list with block-list
nghttpx --no-http2-cipher-black-list and
--client-no-http2-cipher-black-list are deprecated and replaced with
--no-http2-cipher-block-list and --client-no-http2-cipher-block-list
respectively.
2021-04-02 22:35:37 +09:00
Tatsuhiro Tsujikawa 617a5766a2 Replace master with main 2021-04-02 22:08:19 +09:00
Tatsuhiro Tsujikawa f1d6733554 Initialize Config rps field 2021-03-10 13:45:20 +09:00
Tatsuhiro Tsujikawa 5f3bcb1f58 Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS 2021-03-06 22:32:17 +09:00
Tatsuhiro Tsujikawa e406a2c15e Update doc 2021-02-23 17:41:27 +09:00
Tatsuhiro Tsujikawa 6cdc13d6c6 h2load: Add --rps option 2021-02-23 16:40:17 +09:00
Tatsuhiro Tsujikawa 92944f7847 h2load: Allow unit in -D option 2021-02-23 15:31:54 +09:00
Tatsuhiro Tsujikawa 276792a812 Remove unnecessary function
on_stream_close is called after on_frame_not_send_callback with
success=false without this function.
2021-02-23 14:32:43 +09:00
Tatsuhiro Tsujikawa 2f2b211766 Add LIBTOOL_LDFLAGS configure variable 2021-02-21 21:32:48 +09:00
Tatsuhiro Tsujikawa 40679cf638
Merge pull request #1553 from nghttp2/nghttpx-fix-accesslog-method
nghttpx: Remove trailing white space after $method log variable
2021-02-08 23:02:19 +09:00
Tatsuhiro Tsujikawa 50a1121d81 nghttpx: Remove trailing white space after $method log variable 2021-02-08 22:22:05 +09:00
Jan Kundrát 5b9892a902 docs: asio: fix some typos
Really just a s/pusedo/pseudo/g and s/exluced/excluded/g.
2021-01-15 00:39:39 +01:00
Tatsuhiro Tsujikawa d32e20bcaa nghttpx: Make sure that Pool gets cleared when all buffers are returned 2020-12-16 23:27:58 +09:00
Tatsuhiro Tsujikawa 81fb015391 nghttpx: Choose ECDSA cert if compatible signature algorithm available 2020-12-13 23:40:43 +09:00
Tatsuhiro Tsujikawa 6787423edc nghttpx: Add workaround to include ':' in backend pattern 2020-11-27 22:15:46 +09:00
Tatsuhiro Tsujikawa da7959c2e8 nghttpx: Deal with the case when h2 backend is retired before it is initialized 2020-11-15 11:19:07 +09:00
Tatsuhiro Tsujikawa 4e3c61ef4d nghttpx: Add accesslog variables to record request path without query
This commit the following variables to construct request line without
including query component:

* $method
* $path
* $path_without_query
* $protocol_version
2020-09-19 23:58:37 +09:00
Tatsuhiro Tsujikawa 7b4de401d2 nghttpx: Check worker wide blocker before creating new downstream connection 2020-09-19 23:22:14 +09:00
Tatsuhiro Tsujikawa 7df73a5d90 nghttpx: mrb_run was removed 2020-09-02 22:12:45 +09:00
Tatsuhiro Tsujikawa d5550e946d Amend f1d8547b29
Better handling of tls and early data buffer
2020-07-14 19:47:08 +09:00
Tatsuhiro Tsujikawa 62411f5a6e nghttpx: Set client_handler to special frontend objects 2020-07-14 01:13:29 +09:00
Tatsuhiro Tsujikawa e9465f0ee5 Revert "nghttpx: Fix ubsan error"
This reverts commit 14dfeee4ed.
2020-07-14 01:13:29 +09:00
Tatsuhiro Tsujikawa 14dfeee4ed nghttpx: Fix ubsan error 2020-07-14 00:12:07 +09:00
Tatsuhiro Tsujikawa f1d8547b29 nghttpx: Fix stall when TLS follows after proxy protocol
This fixes that nghttpx stalls when TLS handshake and data follow
after proxy protocol header and no extra read notification is
triggered (e.g., just small 1 HTTP request).
2020-07-13 23:39:17 +09:00
Tatsuhiro Tsujikawa abe80e371e nghttpx: Fix logging integer 2020-06-10 20:56:33 +09:00
Tatsuhiro Tsujikawa 854e9fe395 nghttpx: Always call init_forwarded_for
Always call init_forwarded_for to get the default when source address
in PROXY protocol is ignored.  This ensures that forwarded header
field has the same value as x-forwarded-for.
2020-04-18 17:16:45 +09:00
Tatsuhiro Tsujikawa 49cd8e6e73 nghttpx: Add PROXY-protocol v2 support 2020-04-18 17:16:30 +09:00
Jacky Tian 4922bb41d6 static_cast size parameter in StringRef constructor to size_t 2020-03-31 00:54:08 -07:00
Jacky Tian aad8697575 Fix get_x509_serial for long serial numbers 2020-03-31 00:19:06 -07:00
Tatsuhiro Tsujikawa 5e13274b7c Fix typo 2019-12-21 11:39:05 +09:00
Tatsuhiro Tsujikawa e0d7f7de5e h2load: Allow port in --connect-to 2019-12-21 11:39:05 +09:00
lucas df575f968f h2load: add --connect-to option 2019-12-21 11:39:05 +09:00
Richard Wolfert 29042f1c95 priority_spec::valid(): remove const qualifier from return value
gcc generates warning:
* type qualifiers ignored on function return type [-Wignored-qualifiers]
2019-10-29 11:28:26 +01:00
Tatsuhiro Tsujikawa 6f967c6ef3 Fix errors reported by coverity scan 2019-09-21 13:45:20 +09:00
Tatsuhiro Tsujikawa fe8946ddc7 nghttpx: Fix bug that mruby is incorrectly shared between backends
Previously, mruby context is wrongly shared by multiple patterns if
the underlying SharedDownstreamAddr is shared by multiple
DownstreamAddrGroups.  This commit fixes it.
2019-09-16 22:25:06 +09:00
Tatsuhiro Tsujikawa f8933fe504 nghttpx: Reconnect h1 backend if it lost connection before sending headers
This is the second attempt.  The first attempt was
8a59ce6d37 and it failed.
2019-09-07 18:20:24 +09:00
Tatsuhiro Tsujikawa 5080db84e2 Revert "nghttpx: Reconnect h1 backend if it lost connection before sending headers"
This reverts commit 8a59ce6d37.
2019-09-06 22:01:03 +09:00
Tatsuhiro Tsujikawa 053c7ac588 nghttpx: Returns 408 if backend timed out before sending headers 2019-09-03 00:29:01 +09:00
Tatsuhiro Tsujikawa 8a59ce6d37 nghttpx: Reconnect h1 backend if it lost connection before sending headers 2019-09-03 00:28:21 +09:00
Tatsuhiro Tsujikawa f2fde180cd Remove redundant null check before delete
Reported in https://github.com/nghttp2/nghttp2/issues/1384
2019-08-19 22:27:32 +09:00
Tatsuhiro Tsujikawa 95efb3e19d Don't read too greedily 2019-08-14 11:44:28 +09:00
Tatsuhiro Tsujikawa 319d5ab1c6 nghttpx: Fix request stall
Fix request stall if backend connection is reused and buffer is full.
2019-08-06 20:50:29 +09:00
Andrew Penkrat 4f7aedc9d2 cmake: Support building nghttpx with systemd 2019-07-29 13:55:05 +03:00
Tatsuhiro Tsujikawa 7a5908933e Fix clang-8 warning 2019-06-22 17:44:16 +09:00
Tatsuhiro Tsujikawa ee44313445 Fix FPE with default backend 2019-06-11 23:15:01 +09:00
Tatsuhiro Tsujikawa abef9b90ef Fix log-level is not set with cmd-line or configuration file 2019-06-11 23:13:43 +09:00
Tatsuhiro Tsujikawa b7220f075c cmake: Remove SPDY related files 2019-06-08 00:23:17 +09:00
Tatsuhiro Tsujikawa 77f1c872b1 nghttpx: Fix unchanged log level on configuration reload
Previously, if log-level is not mentioned in configuration file and
reload happens, the log level was not set to the default value NOTICE.
Instead, the log level stayed the same.  This commit fixes this bug.
2019-06-05 21:17:23 +09:00
Tatsuhiro Tsujikawa b0f5e5cc79 Implement daemon() using fork() for OSX 2019-05-30 23:22:44 +09:00
Tatsuhiro Tsujikawa 2e1975ddf6 clang-format-8 2019-05-18 10:28:35 +09:00
Tatsuhiro Tsujikawa 4fca2502d8 nghttpx: Ignore Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT
A well known server sends content-length: 0 in 101 response.  RFC 7230
says Content-Length or Transfer-Encoding in 200 response to CONNECT
request: https://tools.ietf.org/html/rfc7230#section-3.3.3
2019-05-17 22:58:26 +09:00
Tatsuhiro Tsujikawa 0288093caf Fix llhttp_get_error_pos usage
It returns NULL if return value is HPE_OK.
2019-04-21 00:07:11 +09:00
Tatsuhiro Tsujikawa c64d2573dc Replace http-parser with llhttp
llhttp does not include URL parser.  We extracted URL parser code from
http-parser and put it under third-party/url-parser.

llhttp bd3d224eb8cdc92c6fc8f508d7bbe0ba266e8e92
2019-04-20 18:42:30 +09:00
Tatsuhiro Tsujikawa f028cc4392 clang-format 2019-04-18 23:37:48 +09:00
Adam Gołębiowski cbba1ebf8f asio: support boost-1.70
In boost 1.70, deprecated get_io_context() has finally been removed.
Introduce GET_IO_SERVICE macro that based on boost version uses
old get_io_service() interface (boost < 1.70), or get_executor().context()
for boost 1.70+.

Commit based idea seen in monero-project/monero@17769db946
2019-04-18 12:35:54 +02:00
Tatsuhiro Tsujikawa a35059e3f1 nghttpx: Fix bug that altered authority and path affect backend selection
Fix bug that altered authority and path by per-pattern mruby script
affect backend selection on retry.
2019-04-16 22:18:30 +09:00
Tatsuhiro Tsujikawa 5a30fafdda Merge branch 'nghttpx-fix-chunked-request-stall' 2019-04-16 00:26:18 +09:00
Tatsuhiro Tsujikawa 2cff8b43cf nghttpx: Fix bug that chunked request stalls 2019-04-15 23:58:30 +09:00
Tatsuhiro Tsujikawa be96654d56 nghttpx: Don't log authorization request header field value with -LINFO 2019-04-15 22:59:26 +09:00
Tatsuhiro Tsujikawa ec519f22dc
Merge pull request #1270 from baitisj/master
Fix for compilation against modern LibreSSL
2019-03-13 20:52:50 +09:00
Tatsuhiro Tsujikawa 371bc3a8f7 clang-format 2019-03-08 00:19:34 +09:00
Tatsuhiro Tsujikawa f5feb16ef4
Merge pull request #1295 from bratkartoffel/fix-compile-boringssl
Fix compilation with boringssl
2019-02-20 00:13:00 +09:00
Don 2591960e2f Explicitly set install location when building shared libs 2019-02-06 10:26:30 -08:00
Tatsuhiro Tsujikawa d93842db3e nghttpx: Fix backend stall if header and request body are sent in 2 packets 2019-01-23 17:57:12 +09:00
Tatsuhiro Tsujikawa 8dc2b263ba nghttpx: Use std::priority_queue 2019-01-22 00:01:17 +09:00
Tatsuhiro Tsujikawa 1ff9de4c87 nghttpx: Backend address selection with weight 2019-01-21 22:23:19 +09:00
Simon Frankenberger 34482ed4df Fix compilation with boringssl 2019-01-18 20:12:57 +01:00
Tatsuhiro Tsujikawa ab2aa5672b Fix test failure
Now http_parser_parse_url returns nonzero if empty URI is given.
2019-01-17 23:16:49 +09:00
Tatsuhiro Tsujikawa e9c9838cdc nghttpx: Pool h1 backend connection per address
Pool HTTP/1.1 backend connection per address and reuse it only when
the next round robin index refers to this address.  Previously if
there is a pooled connection, there is no round robin selection.
2019-01-14 22:20:58 +09:00
Tatsuhiro Tsujikawa 803d4ba948 Merge branch 'nghttpx-randomize-roundrobin-order' 2019-01-14 22:17:12 +09:00
Tatsuhiro Tsujikawa 732245e562 make clang-format 2019-01-12 00:11:31 +09:00
Tatsuhiro Tsujikawa fdcdb21c38 nghttpx: Randomize backend address round robin order per thread 2019-01-11 22:36:45 +09:00
Tatsuhiro Tsujikawa 11d0533cfc nghttpx: Ensure that cert serial does not exceed 20 bytes 2019-01-05 10:03:44 +09:00
Josh Braegger 5b2efc0a12 Fix getting long serial numbers for openssl < 1.1
From https://www.ietf.org/rfc/rfc5280.txt

> As noted in Section 4.1.2.2, serial numbers can be expected to
> contain long integers.  Certificate users MUST be able to handle
> serialNumber values up to 20 octets in length.  Conforming CAs MUST
> NOT use serialNumber values longer than 20 octets.

Without this, nghttpx will fatal.

    jbraeg$ openssl x509 -in ~/test_certs/client.crt -serial -noout
    serial=E0CFDFC7CEA10DF8AAF715C37FAEB410

    jbraeg$ curl -k --key ~/test_certs/client.key --cert ~/test_certs/client.crt https://192.168.98.100:3000/; echo
    curl: (56) Unexpected EOF

    ...
    Assertion failed: n == b.size() (shrpx_tls.cc: get_x509_serial: 2051)
    2019-01-03T20:25:21.289Z 1 1 f84316ae NOTICE (shrpx_log.cc:895) Worker process: [9] exited abnormally with status 0x06; exit status 0; signal Aborted(6)
    2019-01-03T20:25:21.290Z 1 1 f84316ae NOTICE (shrpx.cc:4311) Shutdown momentarily
2019-01-03 13:20:29 -08:00
Tatsuhiro Tsujikawa 124c7848c0 nghttpx: Add missing return 2018-12-11 22:52:34 +09:00
Tatsuhiro Tsujikawa f3f40840b3 nghttpx: Fix broken trailing slash handling
nghttpx allows a pattern with trailing slash to match a request path
without it.  Previously, under certain pattern registration, this does
not work.
2018-12-09 17:07:28 +09:00
Jeff 'Raid' Baitis 2c1570595e Fix for compilation against modern LibreSSL 2018-12-02 13:30:42 -08:00
Tatsuhiro Tsujikawa 302abf1b46 h2load: Fix compile error with gcc 2018-11-23 14:39:51 +09:00
Tatsuhiro Tsujikawa 089a03be42 h2load: Write log file with write(2) 2018-11-23 13:08:38 +09:00
dawg d1b3a83f59 h2load: add an option to write per-request logs 2018-11-23 12:11:00 +09:00
Pedro Santos 6800d317e7 added access to the number of the current server port 2018-11-23 10:56:21 +09:00
Tatsuhiro Tsujikawa f51e696e4a asio: Add stop() to listen_and_serve doc 2018-11-18 17:30:35 +09:00
Tatsuhiro Tsujikawa a433b132fc
Merge pull request #1260 from nghttp2/h2load-non-final-response
h2load: Handle HTTP/1 non-final response
2018-11-15 17:32:15 +09:00
Tatsuhiro Tsujikawa 6cad1b243b nghttpx: Write mruby send_info early 2018-11-15 10:17:47 +09:00
Tatsuhiro Tsujikawa 3c393dca58 nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend 2018-11-15 10:17:41 +09:00
Tatsuhiro Tsujikawa 172924457f h2load: Handle HTTP/1 non-final response 2018-11-15 10:13:19 +09:00
Tatsuhiro Tsujikawa dcbe0c690f nghttpx: Simplify move ctor and operator 2018-11-02 15:40:53 +09:00
Tatsuhiro Tsujikawa 2996c28456 nghttpx: Cleanup 2018-11-02 15:16:36 +09:00
Tatsuhiro Tsujikawa 42e8ceb656 nghttpx: Convert API status code to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa 1daf9ce8b7 nghttpx: Convert WorkerEventType to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa d68edf56c0 nghttpx: Convert MemcachedStatusCode to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa 0c4e9fef29 nghttpx: Convert memcached op to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa 571404c6e8 nghttpx: Convert MemcachedParseState to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa 4d562b773b nghttpx: Convert LogFragmentType to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa e62258713e nghttpx: Convert connection check status to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa 4bd075defd nghttpx: Convert Http2Session state to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa b46a324943 nghttpx: Convert FreelistZone to enum class 2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa 4bd44b9cdf nghttpx: Convert dispatch state to enum class 2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa 1b42110d4f nghttpx: Make Downstream state enum class 2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa 0735ec55f3 nghttpx: Convert shrpx_connect_proto to enum class 2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa 00554779e1 nghttpx: Convert DNSResolverStatus to enum class 2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa 0963f38935 nghttpx: Convert SerialEventType to enum class 2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa 1abfa3ca5f nghttpx: Make TLS handshake state enum class 2018-10-17 08:52:27 +09:00
Tatsuhiro Tsujikawa f2159bc2c1 nghttpx: Convert UpstreamAltMode to enum class 2018-10-17 08:38:55 +09:00
Tatsuhiro Tsujikawa b0eb68ee9e nghttpx: Convert shrpx_forwarded_node_type to enum class 2018-10-16 23:10:17 +09:00
Tatsuhiro Tsujikawa e7b7b037f6 nghttpx: Convert shrpx_cookie_secure to enum class 2018-10-16 23:06:59 +09:00
Tatsuhiro Tsujikawa 5e4f434fd8 nghttpx: Convert shrpx_session_affinity to enum class 2018-10-16 23:03:17 +09:00
Tatsuhiro Tsujikawa 20ea964f2f nghttpx: Convert shrpx_proto to enum class 2018-10-16 22:59:34 +09:00
Tatsuhiro Tsujikawa d105619bc3 src: Remove extra braces if possible 2018-10-15 23:46:33 +09:00
Tatsuhiro Tsujikawa ec5729b1fa Use std::make_unique 2018-10-15 23:02:44 +09:00
Tatsuhiro Tsujikawa 46576178a3 Don't send Transfer-Encoding to pre-HTTP/1.1 clients 2018-10-14 22:57:54 +09:00
Tatsuhiro Tsujikawa 5e925f873e Update doc 2018-10-14 22:57:11 +09:00
Tatsuhiro Tsujikawa 153531d4d0 nghttpx: Use the same type as standard stream operator<< 2018-10-07 22:19:00 +09:00
Tatsuhiro Tsujikawa 7c8cb3a0ce nghttpx: Improve CONNECT response status handling 2018-10-04 12:04:15 +09:00
Tatsuhiro Tsujikawa aeb92bbbe2 nghttpx: Add read/write-timeout parameters to backend option 2018-09-30 12:32:43 +09:00
Tatsuhiro Tsujikawa fc7489e044 nghttpx: Fix mruby parameter validation 2018-09-30 12:30:19 +09:00
Tatsuhiro Tsujikawa 87ac872fdc nghttpx: Update doc 2018-09-30 12:28:43 +09:00
Tatsuhiro Tsujikawa c278adde7a nghttpx: Log error when mruby file cannot be opened 2018-09-30 12:23:01 +09:00
Tatsuhiro Tsujikawa f94d720909
Merge pull request #1234 from nghttp2/nghttpx-rfc8441
nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
2018-09-29 11:54:47 +09:00
Tatsuhiro Tsujikawa 02566ee383 nghttpx: Update doc 2018-09-29 11:42:37 +09:00
Tatsuhiro Tsujikawa 3002f31b1f src: Add debug output for SETTINGS_ENABLE_CONNECT_PROTOCOL 2018-09-29 11:39:49 +09:00
Tatsuhiro Tsujikawa d2a594a753 nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2 2018-09-29 11:35:41 +09:00
Tatsuhiro Tsujikawa a42faf1cc2 nghttpx: Write TLS alert during handshake 2018-09-23 18:01:38 +09:00
Tatsuhiro Tsujikawa 88ff8c69a0 Update mruby 1.4.1 2018-09-16 22:54:09 +09:00
Tatsuhiro Tsujikawa a63558a1eb nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful 2018-09-16 22:19:27 +09:00
Tatsuhiro Tsujikawa 3575a1325e nghttpx: Fix crash with plain text HTTP 2018-09-15 12:16:23 +09:00
Tatsuhiro Tsujikawa 9c824b87fe nghttpx: Get rid of std::stringstream from Log 2018-09-14 22:58:48 +09:00
Tatsuhiro Tsujikawa ed7c9db2a6 nghttpx: Add mruby env.tls_handshake_finished 2018-09-09 22:59:35 +09:00
Tatsuhiro Tsujikawa 5b42815afb nghttpx: Strip incoming Early-Data header field by default 2018-09-09 22:37:22 +09:00
Tatsuhiro Tsujikawa cfe7fa9a75 nghttpx: Add --tls13-ciphers and --tls-client-ciphers options 2018-09-09 16:35:47 +09:00
Tatsuhiro Tsujikawa cb8a9d58fd src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST
TLSv1.3 ciphers are treated differently from the ciphers for TLSv1.2
or earlier.
2018-09-09 15:53:04 +09:00
Tatsuhiro Tsujikawa 9b03c64f68 nghttpx: Should postpone early data by default 2018-09-08 19:22:30 +09:00
Tatsuhiro Tsujikawa b8eccec62d nghttpx: Disable OpenSSL anti-replay 2018-09-08 19:10:59 +09:00
Tatsuhiro Tsujikawa 9f21258720 Specify SSL_CTX_set_max_early_data and add an option to change max value 2018-09-08 17:59:28 +09:00
Tatsuhiro Tsujikawa 47f6012407 nghttpx: Add an option to postpone early data processing 2018-09-08 17:57:21 +09:00
Tatsuhiro Tsujikawa 770e44de4d Implement draft-ietf-httpbis-replay-02
nghttpx sends early-data header field when forwarding requests which
are received in TLSv1.3 early data, and the TLS handshake is still in
progress.
2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa 2ab319c137 Don't hide error code from openssl 2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa 3992302432 Remove SSL_ERROR_WANT_WRITE handling 2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa b30f312a70 Honor SSL_read semantics 2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa c5cdb78a95 nghttpx: Add TLSv1.3 0-RTT early data support 2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa e959e7338e src: Refactor utos 2018-09-01 22:29:11 +09:00
Tatsuhiro Tsujikawa fb9a204de2 nghttpx: Fix compile error without mruby 2018-08-31 21:58:35 +09:00
Tatsuhiro Tsujikawa 7417fd71a4 nghttpx: Per-pattern not per-backend 2018-08-28 17:50:01 +09:00
Tatsuhiro Tsujikawa 45acc922eb clang-format 2018-08-27 21:34:18 +09:00
Tatsuhiro Tsujikawa 214d089910 Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master 2018-08-27 21:30:36 +09:00
Tatsuhiro Tsujikawa 31fd707d0c nghttpx: Fix broken healthmon frontend 2018-08-27 21:21:55 +09:00
Alexandros Konstantinakis-Karmis 9a2e38e058 fix code for reuse addr on asio client 2018-08-27 10:53:14 +03:00
Tatsuhiro Tsujikawa 6195d747ce nghttpx: Share mruby context if it is compiled from same file 2018-08-24 23:11:21 +09:00
Tatsuhiro Tsujikawa fb97f596e1 nghttpx: Allocate mruby file because fopen requires NULL terminated string 2018-08-24 23:08:15 +09:00
Tatsuhiro Tsujikawa 0ccc7a770d nghttpx: Move blocked request data to request buffer for API request 2018-08-24 23:07:43 +09:00
Tatsuhiro Tsujikawa 32826466f5 nghttpx: Fix crash with API request 2018-08-24 23:07:16 +09:00
Tatsuhiro Tsujikawa 0422f8a844 nghttpx: Fix worker process crash with neverbleed write error 2018-08-24 22:22:53 +09:00
Tatsuhiro Tsujikawa e329479a99
Merge pull request #1215 from nghttp2/mruby-per-backend
nghttpx: Support per-backend mruby script
2018-08-23 18:41:40 +09:00
Alexandros Konstantinakis-Karmis 866ac6ab27 add option reuse addr in local endpoint configuration of asio client 2018-08-23 18:19:10 +09:00
Tatsuhiro Tsujikawa b574ae6aa2 nghttpx: Support per-backend mruby script 2018-08-23 18:13:29 +09:00
Tatsuhiro Tsujikawa 32d7883c47 nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_ 2018-08-23 10:55:42 +09:00
Tatsuhiro Tsujikawa 9b24e19763 nghttpx: Choose h1 protocol if headers have been sent to backend on retry 2018-08-22 23:20:13 +09:00
Tatsuhiro Tsujikawa 9d5b781df6 Fix stream reset if data from client is arrived before dconn is attached 2018-08-22 22:32:25 +09:00
Alexandros Konstantinakis-Karmis c6d8c4013c support definition of local endpoint for cleartext client session 2018-08-02 16:18:23 +09:00
Tatsuhiro Tsujikawa 880f948684 Enable IndentPPDirectives 2018-06-09 16:21:30 +09:00
Tatsuhiro Tsujikawa fc94018b97 clang-format-6.0 2018-06-09 16:02:26 +09:00
Tatsuhiro Tsujikawa 388e785822 Fix typo 2018-06-03 13:10:32 +09:00
Tatsuhiro Tsujikawa 325612bcde nghttp: Receive ORIGIN frame 2018-05-12 12:35:08 +09:00
Tatsuhiro Tsujikawa 3e4f257b91 asio: Support client side SNI 2018-05-03 20:29:16 +09:00
Tatsuhiro Tsujikawa c65ca20a49 h2load: -r and --duration are mutually exclusive 2018-04-28 00:30:43 +09:00
Tatsuhiro Tsujikawa 009646421c Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER) 2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa 8d0b4544f8 libressl 2.7 has X509_VERIFY_PARAM_* 2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa d8a34131e1 libressl 2.7 has SSL_CTX_get0_certificate 2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa 5db17d0af9 Compile with libressl 2.7.2 2018-04-14 18:09:47 +09:00
Tatsuhiro Tsujikawa 1bf69b5662 Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API
LIBRESSL_LEGACY_API is drop-in replacement for LIBRESSL_IN_USE.  In
the upcoming commits, we will add changes to support libressl 2.7.
2018-04-14 18:09:47 +09:00
Tatsuhiro Tsujikawa e65e7711ca Add comment on #endif 2018-04-03 21:39:44 +09:00
Tatsuhiro Tsujikawa 636ef51b0f Fix compile error with -Wunused-function 2018-04-03 21:33:09 +09:00
Bernard Spil 400934e5a3 [PATCH] Allow building without NPN
NPN has been superseeded by ALPN. OpenSSL provides a configure
option to disable npn (no-npn) which results in an OpenSSL
installation that defines OPENSSL_NO_NEXTPROTONEG in opensslconf.h

The #ifdef's look safe here (as the next_proto is initialized as
nullptr). Alteratively, macros could be defined for the used npn
methods that return a 0 for next_proto.

Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2018-03-25 18:27:23 +02:00
Tatsuhiro Tsujikawa 45d76cf501 nghttpx: Close listening socket on graceful shutdown 2018-02-26 22:40:24 +09:00
Tatsuhiro Tsujikawa e70195ae91 nghttpx: Update doc 2018-02-22 16:12:38 +09:00
Tatsuhiro Tsujikawa eb951c2ce4 src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro 2018-02-12 16:22:47 +09:00
Tatsuhiro Tsujikawa 39f0ce7c25
Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
nghttpx: Add an option to accept expired client certificate
2018-02-10 16:00:43 +09:00
Tatsuhiro Tsujikawa e8af7afc65 nghttpx: Add an option to accept expired client certificate 2018-02-08 16:51:23 +09:00
Tatsuhiro Tsujikawa 38abfd1863 nghttpx: Add mruby tls_client_not_before, and tls_client_not_after 2018-02-08 16:25:31 +09:00
Tatsuhiro Tsujikawa ff3edc09ed nghttpx: Fix potential memory leak 2018-02-03 18:21:42 +09:00
Tatsuhiro Tsujikawa c1a496cf4e nghttpx: Fix bug that h1 backend idle timeout expires sooner 2018-02-02 21:09:04 +09:00
Tatsuhiro Tsujikawa e098a21132 mruby: Fix bug that response header is unexpectedly overwritten
The bug is the same bug fixed by
6deee2037d, but in response handler.
2018-01-28 19:41:45 +09:00
Dylan Plecki 6deee2037d Fix #1119: Stop overwrite of first header on mruby call to env.req.set_header(..) 2018-01-26 18:49:08 -08:00
Tatsuhiro Tsujikawa 5cc3d159e1 nghttpx: Add upgrade-scheme parameter to backend option
If "upgrade-scheme" parameter is present in backend option along with
"tls" paramter, HTTP/2 :scheme pseudo header field is changed to
"https" from "http" when forwarding a request to this particular
backend.  This is a workaround for a server which requests "https"
scheme on HTTP/2 connection encrypted by TLS.
2018-01-08 18:08:01 +09:00
Tatsuhiro Tsujikawa 0fbb46edd6
Merge pull request #1101 from nghttp2/remember-pushed-links
nghttpx: Remember which resource is pushed
2018-01-04 23:15:35 +09:00
Tatsuhiro Tsujikawa 74754982f1 nghttpx: Fix missing ALPN validation (--npn-list)
This commit fixes the bug that ALPN validation does not occur when
ALPN list is not sent from client.
2018-01-04 22:43:47 +09:00
Tatsuhiro Tsujikawa a31a2e3b2c nghttpx: Remember which resource is pushed
Remember which resource is pushed in order to conform to the semantics
described in RFC 8297.
2018-01-04 22:35:22 +09:00
Tatsuhiro Tsujikawa cfd926f09b src: Define 103 status code 2017-12-20 19:30:55 +09:00
Tatsuhiro Tsujikawa 4d1139f653 Remove SPDY 2017-12-17 13:28:44 +09:00
Tatsuhiro Tsujikawa 48f574076c nghttpx: Update doc 2017-12-16 00:13:27 +09:00
Tatsuhiro Tsujikawa 216f4dad83 nghttpx: Remove redundant check 2017-12-14 21:39:22 +09:00
Tatsuhiro Tsujikawa a4e27d766b Revert "nghttpx: Use an existing h2 backend connection as much as possible"
This reverts commit f507b5eee4.

Balancing load is more important at the moment.
2017-12-14 21:34:04 +09:00
Tatsuhiro Tsujikawa 03f7ec0f60 nghttpx: Write API request body in temporary file 2017-12-03 16:19:57 +09:00
Tatsuhiro Tsujikawa 2056e812bd nghttpx: Increase api-max-request-body 2017-12-02 13:49:42 +09:00
Tatsuhiro Tsujikawa 04348ff20e
Merge pull request #1081 from nghttp2/nghttpx-faster-parse-config
nghttpx: Faster configuration loading with lots of backends
2017-12-01 23:47:34 +09:00
Tatsuhiro Tsujikawa 1ebb6810a1 nghttpx: Faster configuration loading with lots of backends 2017-12-01 23:06:06 +09:00
Tatsuhiro Tsujikawa a3ebeeafba nghttpx: Fix crash with --backend-http-proxy-uri option 2017-12-01 22:28:16 +09:00
Tatsuhiro Tsujikawa ff200bfcf3 clang-format-5.0 2017-11-23 14:19:12 +09:00
Tatsuhiro Tsujikawa 0028275d7b nghttpx: Add affinity-cookie-secure parameter to backend option 2017-11-21 22:29:22 +09:00
Tatsuhiro Tsujikawa 194acb1f2c src: Use nghttp2_error_callback2 2017-11-19 16:51:52 +09:00
Tatsuhiro Tsujikawa 73344ae9aa nghttpx: Use plain hex string format for client serial 2017-11-17 00:04:23 +09:00
Tatsuhiro Tsujikawa eca0a3025b nghttpx: Add $tls_client_serial log variable 2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa 4720c5cb3d nghttpx: Make client serial available in mruby script 2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa cd55ab28ab nghttpx: Add function to get serial number from certificate 2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa 22502182d0 Add tls_client_issuer_name log variable and expose it to mruby 2017-11-15 23:41:47 +09:00
Tatsuhiro Tsujikawa f5ddd7f43b nghttpx: Make initial_addr_idx_ unsigned 2017-11-04 17:30:56 +09:00
Tatsuhiro Tsujikawa 88abbce7e7 nghttpx: Fix compile error with gcc 2017-11-04 17:30:27 +09:00
Tatsuhiro Tsujikawa 16e9036568 nghttpx: Fix affinity retry 2017-11-04 17:13:45 +09:00
Tatsuhiro Tsujikawa fa7945c627 nghttpx: Refactor 2017-11-04 15:55:25 +09:00
Tatsuhiro Tsujikawa daca43f0dd nghttpx: Fix stalled backend connection on retry 2017-11-04 15:46:08 +09:00
Tatsuhiro Tsujikawa 16bc11e670 nghttpx: Remove duplicated util::make_socket_nodelay 2017-11-04 13:00:17 +09:00
Tatsuhiro Tsujikawa 8c0ea56bb8
Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
nghttpx: Cookie based session affinity
2017-11-01 22:45:38 +09:00
Tatsuhiro Tsujikawa 549053710b nghttpx: Refactor 2017-11-01 22:33:49 +09:00
Tatsuhiro Tsujikawa be5c39a1cf src: Add tests 2017-11-01 22:18:03 +09:00
Tatsuhiro Tsujikawa b8fda6808b nghttpx: Cookie based session affinity 2017-11-01 22:18:03 +09:00
Tatsuhiro Tsujikawa 539e27812b nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
Also tls_client_fingerprint is renamed to
tls_client_fingerprint_sha256.
2017-10-31 21:41:40 +09:00
Tatsuhiro Tsujikawa 7008afd40e nghttpx: Refactor get_x509_fingerprint to accept hash function 2017-10-31 21:28:16 +09:00
Tatsuhiro Tsujikawa 60baca27e4 nghttpx: Add more TLS related attributes to mruby Env object
The added attributes are:

* tls_cipher
* tls_protocol
* tls_session_id
* tls_session_reused
* alpn
2017-10-29 22:42:30 +09:00
Tatsuhiro Tsujikawa cb376bcd80 nghttpx: Add client fingerprint and subject name to accesslog 2017-10-29 21:47:00 +09:00
Tatsuhiro Tsujikawa f2b8edd1e2 nghttpx: Fix memory leak 2017-10-29 21:46:12 +09:00
Tatsuhiro Tsujikawa c4f8afcfde nghttpx: Get TLS info only when it is necessary when writing accesslog 2017-10-29 21:22:33 +09:00
Tatsuhiro Tsujikawa 9f80a82c1a nghttpx: Add client fingerprint and subject name to mruby env 2017-10-29 19:54:42 +09:00
Tatsuhiro Tsujikawa c573c80bd3 nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec 2017-10-29 19:47:39 +09:00
Tatsuhiro Tsujikawa 3cd6817e21 Fix typos 2017-10-29 16:54:21 +09:00
Tatsuhiro Tsujikawa aaeeec8f1c Fix typos 2017-10-28 22:25:42 +09:00
Tatsuhiro Tsujikawa 5119e82b93 src: Fix memory leak in unit test 2017-10-24 21:40:30 +09:00
Tatsuhiro Tsujikawa 3be5856c82 nghttpx: Fix unused function warnings 2017-10-24 21:40:30 +09:00
Tatsuhiro Tsujikawa a319143901 nghttpx: Fix bug that header fields are missing in HTTP/1.0 response 2017-10-22 01:11:32 +09:00
Tatsuhiro Tsujikawa f507b5eee4 nghttpx: Use an existing h2 backend connection as much as possible
h2load measurement reveals that this strategy is 3 times faster than
the previous implementations.
2017-10-19 21:15:08 +09:00
Tatsuhiro Tsujikawa aaa0b858e4 Amend some macro comments 2017-10-14 11:50:16 +09:00
Tatsuhiro Tsujikawa 5fa1938691 clang-format 2017-10-14 11:45:41 +09:00
Daniel Evers c2d9a1ed6f Support for Windows / MinGW 2017-10-12 18:15:12 +02:00
Tatsuhiro Tsujikawa 8ffe389daa h2load: Print out h2 header fields with --verbose option 2017-09-22 18:12:20 +09:00
Tatsuhiro Tsujikawa 2576855ded nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only 2017-09-21 21:42:56 +09:00
Tatsuhiro Tsujikawa cc6f759190 src: Add static to constexpr char[] 2017-09-20 23:54:10 +09:00
Tatsuhiro Tsujikawa 323001238a clang-format 2017-09-20 22:08:22 +09:00
Tatsuhiro Tsujikawa 91f062f873 src: Fix compile error 2017-09-20 22:08:08 +09:00
Tatsuhiro Tsujikawa a170023f23 nghttpx: Verify OCSP response using trusted CA certificates 2017-09-01 21:35:38 +09:00
Tatsuhiro Tsujikawa 4be4c0cddc Revert "nghttpx: Verify OCSP response using trusted CA certificates"
This reverts commit 59c78d5809.
2017-08-30 22:27:02 +09:00
Rick Lei 5996798a34 Fix OCSP related error when building with BoringSSL
BoringSSL has no "openssl/ocsp.h" nor most OCSP related APIs used in
shrpx_tls.cc. This commit add ifdefs to disable related code to allow
building nghttp2 with BoringSSL (again).

It's possible to use !defined(OPENSSL_IS_BORINGSSL), but since BoringSSL
defines OPENSSL_NO_OCSP which is more specific, I chose to go with the
latter one.
2017-08-24 11:56:46 -04:00
Tatsuhiro Tsujikawa 6fec532012 Merge pull request #998 from nghttp2/h2load-fix-timing-script-stall
Fix bug that timing script stalls with -m1
2017-08-24 21:17:43 +09:00
Tatsuhiro Tsujikawa 15713e0b7c h2load: Ignore -n for timing-based mode instead of requiring -n=0 2017-08-23 20:35:01 +09:00
Tatsuhiro Tsujikawa a6a561af47 Fix bug that timing script stalls with -m1 2017-08-23 20:10:23 +09:00
Tatsuhiro Tsujikawa bcda1c2409 Fix assertion failure 2017-08-23 19:22:23 +09:00
Tatsuhiro Tsujikawa afcd8d9ab1 clang-format 2017-08-23 19:19:00 +09:00
Tatsuhiro Tsujikawa c9b1c91944 Fix compile error 2017-08-23 19:18:27 +09:00
Tatsuhiro Tsujikawa 5d9434eb09 Merge branch 'master' of https://github.com/sohamm17/nghttp2 into sohamm17-master 2017-08-23 19:16:40 +09:00
Tatsuhiro Tsujikawa 1a44b5d52a Merge pull request #984 from nghttp2/h2load-reservoir-sampling
h2load: Reservoir sampling
2017-08-23 19:00:28 +09:00
Dmitriy Vetutnev af926fbe1f Refactoring include directories for build as CMake subdirectory (add_subdirectory(nghttp2)) 2017-08-16 21:28:12 +03:00
Tatsuhiro Tsujikawa 83039ae2d4 h2load: Reservoir sampling 2017-08-14 20:25:02 +09:00
Tatsuhiro Tsujikawa 4d76606fa2 Fix bug that forwarded for is not affected by proxy protocol 2017-08-09 22:44:14 +09:00
Soham Sinha 1baf7d34b3 Duration watcher and warmup watcher is initialised in Worker constructor. Statistic calculation is removed from duration watcher call_back, it's done in free_client. 2017-08-08 17:26:37 -04:00
Soham Sinha c78159469a Added a function to free a client from Worker's list of client, if the client is destroyed 2017-08-07 18:58:12 -04:00
Soham Sinha b72ca0289c formatting issue 2017-08-04 14:20:00 -04:00
Soham Sinha 46f670f8a2 concurrent connections are created in timing-based mode. Some safety asserts added. 2017-08-03 16:15:14 -04:00
Soham Sinha 4b44362b9f minor style changes 2017-08-01 20:22:20 -04:00
Soham Sinha d068a29798 removed unnecessary code 2017-08-01 19:51:47 -04:00
Soham Sinha 0836a51408 Handling requests starting in warm-up phase and ending in MAIN_DURATION 2017-08-01 18:29:00 -04:00
Soham Sinha 566cee8fe7 MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well. 2017-08-01 17:45:52 -04:00
Soham Sinha e85698e131 MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well. 2017-08-01 17:45:18 -04:00
Soham Sinha 5f3c541c4c enabled --duration option. 2017-07-28 17:31:13 -04:00
Soham Sinha 3c43e00d8a Timing (#1)
* Adding timing-sensitive load test option in h2load.

* more checks added for parameters

* A worker thread can control its clients' warmup and main duration.

* Changed warmup to an enum variable.

* removed unnecessary call to ev_timer_stop

* assertion is done before starting main measurement phase

* phase variable is implemented only inside the Worker class

* enum to enum class

* else indentation corrected

* check added for timing-based test when duration CB is called explicitly

* New argument is introduced for timing-based benchmarking.

* styling corrections

* duration watcher initialization is pushed back into warmup timeout

* Warmup and Duration timer is moved to Worker instead of clients. Now both timers and phase belongs to the Workers.

* some client functions are modified to return if it's not main_duration phase. client is not destructed but sessions are terminated

* outputs are adjusted for thread.

* Needed to check if a session exist before terminating

* formatting

* more formatting

* formatting
2017-07-28 17:08:20 -04:00
Tatsuhiro Tsujikawa 1002c6da1c src: Use llround instead of round 2017-07-12 23:23:47 +09:00
Tatsuhiro Tsujikawa 18dd20ce55 nghttp: Fix bug that upgrade fails if reason-phrase is missing 2017-06-28 01:01:39 +09:00
Tatsuhiro Tsujikawa a18d154e0e Merge pull request #943 from nghttp2/nghttpx-verify-ocsp-resp-with-cacerts
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-15 20:56:44 +09:00
Tatsuhiro Tsujikawa 59c78d5809 nghttpx: Verify OCSP response using trusted CA certificates 2017-06-13 23:00:26 +09:00
Tatsuhiro Tsujikawa be164fc8f9 nghttpx: Set default minimum TLS version to TLSv1.2
Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers.  To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.
2017-06-12 23:54:12 +09:00
Tatsuhiro Tsujikawa 6ec7683991 nghttpx: Use nocopy version to send trailer headers to backend
It looks like we can use nocopy version here.  We use nocopy version
in frontend in day 1.
2017-06-02 22:38:39 +09:00
Tatsuhiro Tsujikawa 8f7fa1b1bf nghttpx: Fix crash in OCSP response verification 2017-05-30 23:52:38 +09:00
Tatsuhiro Tsujikawa db7483ef10 Merge branch 'nghttpx-verify-ocsp' 2017-05-25 23:37:34 +09:00
Tatsuhiro Tsujikawa 74c2f1257a nghttpx: Add --no-verify-ocsp to disable OCSP response verification 2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa 1428a5e3ae nghttpx: Verify OCSP response
At least we should make sure that the OCSP response is targeted to the
expected certificate.  This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ.  Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
Tatsuhiro Tsujikawa c57bf21306 src: memchunks: Don't use std::unique_ptr to avoid potential SO 2017-05-25 00:23:51 +09:00
Tatsuhiro Tsujikawa 8401e16a15 nghttpx: Fix compile error with gcc 2017-05-22 22:10:55 +09:00
Tatsuhiro Tsujikawa 07fb5854f3 nghttpx: Compile with openssl 1.0.2 2017-05-22 22:09:34 +09:00
Tatsuhiro Tsujikawa 796ab87b14 nghttpx: Fix certificate selection based on pub key algorithm 2017-05-21 11:12:47 +09:00
Tatsuhiro Tsujikawa ed1fad3bd4 nghttpx: Call ERR_clear_error()
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
Tatsuhiro Tsujikawa 9c1876f542 nghttpx: Fix certificate indexing bug 2017-05-21 00:19:33 +09:00
Tatsuhiro Tsujikawa 7d111d9963 Merge pull request #923 from nghttp2/compile-with-disable-assert
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
Tatsuhiro Tsujikawa 1b442cb16f Compile with --disable-assert 2017-05-18 23:10:44 +09:00
Tatsuhiro Tsujikawa 0d4f0f0db5 nghttpx: Run OCSP at startup
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish.  It does not matter
some of the attempts fail.  This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Tatsuhiro Tsujikawa 14edd12304 nghttpx: Refactor the code for the anti-replay 2017-05-14 17:45:35 +09:00
Tatsuhiro Tsujikawa e6ffdb23a4 nghttpx: Share session_cache_ssl_ctx across threads 2017-05-14 17:43:11 +09:00
Tatsuhiro Tsujikawa b5007d45f7 nghttpx: Wildcard path matching
This commit adds wildcard path matching.  If path pattern given in
backend option ends with "*", it is considered as wildcard path.  "*"
must match at least one character.  All paths which include wildcard
path without last "*" as prefix, and are strictly longer than wildcard
path without last "*" are matched.
2017-05-11 22:15:28 +09:00
Tatsuhiro Tsujikawa a584cf5a4f Use clang-format-4.0 2017-04-30 15:45:53 +09:00
Tatsuhiro Tsujikawa 196673bbce nghttp: Remove unused short option 'g' 2017-04-28 22:39:12 +09:00
Tatsuhiro Tsujikawa 794d13082c Merge branch 'nghttp-no-verify-peer' 2017-04-28 22:36:23 +09:00
Tatsuhiro Tsujikawa 5f5cf4107e nghttpx: Reseve rcbufs_ 2017-04-28 22:31:09 +09:00
Tatsuhiro Tsujikawa 6f3ec54b9f nghttp: Add -y, --no-verify-peer option to suppress peer verify warn 2017-04-28 09:53:37 +09:00
Tatsuhiro Tsujikawa 58043a6b04 nghttpx: Guard the presence of TLS1_3_VERSION 2017-04-27 23:13:15 +09:00
Tatsuhiro Tsujikawa a885315ef5 Merge branch 'nghttpx-unrecognized-sni' 2017-04-27 22:57:54 +09:00
Tatsuhiro Tsujikawa d7581525ac nghttpx: Update TLSv1.3 TLS record overhead 2017-04-27 22:57:06 +09:00
Tatsuhiro Tsujikawa 1085f68018 nghttpx: Return SSL_TLSEXT_ERR_NOACK if server name is not recognized
With this commit, SSL_TLSEXT_ERR_NOACK is returned from
servername_callback, which removes server_name extension from
ServerHello.  CertLookupTree is now used even if the number of server
certificate is one.  It is better to exercise it regularly.
2017-04-27 22:25:58 +09:00
Tatsuhiro Tsujikawa d63b4c1034 nghttpx: Forward multiple via, xff, and xfp header fields
Previously, for Via, X-Forwarded-For, and X-Forwarded-Proto header
field, nghttpx only forwarded the last header field of each.  With
this commit, nghttpx forwards all of them if it is configured to do
so.
2017-04-26 21:23:13 +09:00
Tatsuhiro Tsujikawa c3f5f5ca36 nghttpx: Clarify --conf option behaviour 2017-04-20 22:25:38 +09:00
Tatsuhiro Tsujikawa 911d12f7c4 nghttpx: Add log when loading configuration file 2017-04-20 22:22:29 +09:00
Tatsuhiro Tsujikawa 17614312e0 Merge pull request #892 from nghttp2/nghttpx-sni-fwd
nghttpx: SNI based backend server selection
2017-04-19 21:22:15 +09:00
Tatsuhiro Tsujikawa a2e35a0757 nghttpx: Add $tls_sni access log variable 2017-04-18 22:44:26 +09:00
Tatsuhiro Tsujikawa a4a2b6403b nghttpx: Use SHRPX_LOGF_TLS_* instead of SHRPX_LOGF_SSL_* 2017-04-18 22:34:08 +09:00
Tatsuhiro Tsujikawa 03be97e437 nghttpx: Rename ssl_* log variables as tls_*
The exiting ssl_* log variables still work for backward compatibility.
2017-04-18 22:11:05 +09:00
Tatsuhiro Tsujikawa 0a2d1965df nghttpx: Fix path matching bug
Previously, if path is empty or path does not start with "/", nghttpx
did not try to match with wildcard pattern.  This commit fixes it.
2017-04-18 21:03:50 +09:00
Tatsuhiro Tsujikawa c8a5f1e335 nghttpx: SNI based backend server selection 2017-04-16 23:47:10 +09:00
Tatsuhiro Tsujikawa a1bc83a2ba Merge pull request #881 from mway/dev/request-priority
Support specifying stream priority via session::submit()
2017-04-12 23:36:40 +09:00
Matt Way bc3949db9e Support specifying stream priority via session::submit() 2017-04-12 10:07:16 -04:00
Tatsuhiro Tsujikawa 6cfa885207 nghttpx: Remove unused lambda capture 2017-04-12 22:09:44 +09:00
Tatsuhiro Tsujikawa e61ac4682e Merge branch 'nghttpx-xfp-take2' 2017-04-09 16:02:53 +09:00
Tatsuhiro Tsujikawa 4d10dce61d nghttpx: Only send SCT for leaf certificate 2017-04-09 14:38:18 +09:00
Tatsuhiro Tsujikawa 2d9fd87029 nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3 2017-04-09 14:11:49 +09:00
Tatsuhiro Tsujikawa cc9190ab37 nghttpx: Add options for X-Forwarded-Proto header field
This commit adds 2 new options to handle X-Forwarded-Proto header
field.  The --no-add-x-forwarded-proto option makes nghttpx not to
append X-Forwarded-Proto value.  The
--no-strip-incoming-x-forwarded-proto option prevents nghttpx from
stripping the header field from client.

Previously, nghttpx always strips incoming header field, and set its
own header field.  This commit preserves this behaviour, and adds
additional knobs.
2017-04-08 18:46:36 +09:00
Tatsuhiro Tsujikawa 980570de71 Revert "nghttpx: Add options for X-Forwarded-Proto header field"
This reverts commit 8c0b2c684a.
2017-04-08 18:37:54 +09:00
Tatsuhiro Tsujikawa 46ccc4332c nghttpx: Fix bug that 204 from h1 backend is always treated as error 2017-04-07 21:45:13 +09:00
Tatsuhiro Tsujikawa 4e6bd54dd1 Merge branch 'nghttpx-single-process' 2017-04-06 20:18:33 +09:00
Tatsuhiro Tsujikawa 5c9f46a6b0 Merge branch 'nghttp-verify-server-certificate' 2017-04-06 20:17:29 +09:00
Tatsuhiro Tsujikawa 223e971c7e nghttpx: Add --single-process option
With --single-process option, nghttpx will run in a single process
mode where master and worker are unified into one process.  nghttpx
still spawns additional process for neverbleed.  In the single process
mode, signal handling is disabled.
2017-04-06 20:02:57 +09:00
Tatsuhiro Tsujikawa 8c0b2c684a nghttpx: Add options for X-Forwarded-Proto header field
This commit adds 2 new options to handle X-Forwarded-Proto header
field.  The --add-x-forwarded-proto option makes nghttpx append
X-Forwarded-Proto value.  The --strip-incoming-x-forwarded-proto
option makes nghttpx to strip the header field from client.

Previously, nghttpx always strips incoming header field, and set its
own header field.  This commit changes this behaviour.  Now nghttpx
does not strip, and append X-Forwarded-Proto header field by default.
The X-Forwarded-For, and Forwarded header fields are also handled in
the same way.  To recover the old behaviour, use
--add-x-forwarded-proto and --strip-incoming-x-forwarded-proto
options.
2017-04-06 19:17:36 +09:00
Tatsuhiro Tsujikawa 7ae0b2dc09 nghttp: Verify server certificate and show warning if it fails 2017-04-01 17:49:57 +09:00
Tatsuhiro Tsujikawa 058122b804 nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa 69f63c529d src: Rename ssl.{h,cc} as tls.{h,cc}
nghttp2::ssl namespace was also renamed as nghttp2::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa e17a6b29b6 nghttpx: Use 502 as server error code 2017-04-01 14:04:55 +09:00
Tatsuhiro Tsujikawa b12c2a13c0 nghttpx: Fail handshake if server certificate verification fails
Previously, we drop connection if server certificate verification
fails after handshake.  With this commit, we fail handshake if that
happens.
2017-04-01 13:41:41 +09:00
Tatsuhiro Tsujikawa 236c835abc nghttpx: Don't enable SSL_MODE_AUTO_RETRY since we do non-blocking I/O 2017-04-01 12:05:07 +09:00
Tatsuhiro Tsujikawa ad338bfa44 asio: Fix crash if connect takes longer time than ping interval 2017-03-31 21:17:57 +09:00
Tatsuhiro Tsujikawa a899522679 asio: Fix compile error 2017-03-31 21:14:08 +09:00
Tatsuhiro Tsujikawa b9b58c781e nghttpx: Avoid extra TLS handshake calls 2017-03-30 22:23:55 +09:00
Tatsuhiro Tsujikawa aa1eec4642 nghttpx: Cache client side session inside openssl callback 2017-03-30 21:07:58 +09:00
Tatsuhiro Tsujikawa 0c8d9469ea nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl 2017-03-27 23:58:49 +09:00
Tatsuhiro Tsujikawa 079e1bdffc Revert "nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl"
This reverts commit b4337d1b54.
2017-03-27 23:47:24 +09:00
Tatsuhiro Tsujikawa b4337d1b54 nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl 2017-03-27 23:29:28 +09:00
Tatsuhiro Tsujikawa dbe287ff5e nghttpx: Print version number with -v option 2017-03-27 22:49:53 +09:00
Tatsuhiro Tsujikawa 041531458b Merge pull request #858 from nghttp2/nghttpx-ai-addrconfig
nghttpx: Retry getaddrinfo without AI_ADDRCONFIG
2017-03-27 22:37:07 +09:00
Tatsuhiro Tsujikawa 1374bb81fd nghttpx: Enable X25519 with boringssl 2017-03-27 21:18:44 +09:00