Tatsuhiro Tsujikawa
3dbe3b3e7f
Follow ngtcp2 API changes and use libngtcp2_crypto_openssl
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
7aa4bff97b
quic: Support TLS_AES_128_CCM_SHA256
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
6002fac9f1
h2load: Add --tls13-ciphers option
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
c3eb7e1634
Handle preferred address
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
05a6ee2b49
Show ngtcp2 debug log with --verbose
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
94d76c042d
h2load: Add --groups option
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
23ccaa6191
Always call write_quic when timer expires
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
476e9d0a48
h3-22
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
7cd5ed6fc6
Handle Retry
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
750c23f319
quic: Configure settings with options
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
bb36df8b2e
h2load: Fix possible deadlock
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
9c748d20d5
[WIP] Add QUIC to h2load
2021-08-21 18:33:38 +09:00
Tatsuhiro Tsujikawa
80c9c705b8
Merge pull request #1607 from nghttp2/dnf
...
Add "dnf" (= "do not forward") parameter to backend option
2021-08-14 17:35:20 +09:00
Tatsuhiro Tsujikawa
138419d232
Add "dnf" (= "do not forward") parameter to backend option
2021-08-14 17:16:21 +09:00
lhuang04
c2d4a53b67
Fix prototype mismatch for function 'file_read_callback'
...
Summary:
The [data_flags](https://github.com/lhuang04/nghttp2/blob/master/src/HttpServer.cc#L1078 ) is defined as `uint32_t*` in definition, but delared as [int*](https://github.com/lhuang04/nghttp2/blob/master/src/HttpServer.h#L245 ) in the prototype.
```
stderr: error: no previous prototype for function 'file_read_callback' [-Werror,-Wmissing-prototypes]
ssize_t file_read_callback(nghttp2_session *session, int32_t stream_id,
^
```
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
2021-08-07 07:24:21 -07:00
Tatsuhiro Tsujikawa
29cbf8b83f
clang-format-12
2021-08-04 15:04:58 +09:00
Tatsuhiro Tsujikawa
fa16e66a6d
nghttpx: Fix max distance in weight group/address cycle comparison
2021-07-14 23:26:33 +09:00
Tatsuhiro Tsujikawa
40af31da4c
nghttpx: Set connect_blocker and live_check after shuffling addresses
2021-07-14 23:09:28 +09:00
Tatsuhiro Tsujikawa
43a47aa08b
Do not return HPE_USER from where it is prohibited
2021-05-13 13:59:44 +09:00
Tatsuhiro Tsujikawa
cef458c31c
Replace black-list with block-list
...
nghttpx --no-http2-cipher-black-list and
--client-no-http2-cipher-black-list are deprecated and replaced with
--no-http2-cipher-block-list and --client-no-http2-cipher-block-list
respectively.
2021-04-02 22:35:37 +09:00
Tatsuhiro Tsujikawa
617a5766a2
Replace master with main
2021-04-02 22:08:19 +09:00
Tatsuhiro Tsujikawa
f1d6733554
Initialize Config rps field
2021-03-10 13:45:20 +09:00
Tatsuhiro Tsujikawa
5f3bcb1f58
Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS
2021-03-06 22:32:17 +09:00
Tatsuhiro Tsujikawa
e406a2c15e
Update doc
2021-02-23 17:41:27 +09:00
Tatsuhiro Tsujikawa
6cdc13d6c6
h2load: Add --rps option
2021-02-23 16:40:17 +09:00
Tatsuhiro Tsujikawa
92944f7847
h2load: Allow unit in -D option
2021-02-23 15:31:54 +09:00
Tatsuhiro Tsujikawa
276792a812
Remove unnecessary function
...
on_stream_close is called after on_frame_not_send_callback with
success=false without this function.
2021-02-23 14:32:43 +09:00
Tatsuhiro Tsujikawa
2f2b211766
Add LIBTOOL_LDFLAGS configure variable
2021-02-21 21:32:48 +09:00
Tatsuhiro Tsujikawa
40679cf638
Merge pull request #1553 from nghttp2/nghttpx-fix-accesslog-method
...
nghttpx: Remove trailing white space after $method log variable
2021-02-08 23:02:19 +09:00
Tatsuhiro Tsujikawa
50a1121d81
nghttpx: Remove trailing white space after $method log variable
2021-02-08 22:22:05 +09:00
Jan Kundrát
5b9892a902
docs: asio: fix some typos
...
Really just a s/pusedo/pseudo/g and s/exluced/excluded/g.
2021-01-15 00:39:39 +01:00
Tatsuhiro Tsujikawa
d32e20bcaa
nghttpx: Make sure that Pool gets cleared when all buffers are returned
2020-12-16 23:27:58 +09:00
Tatsuhiro Tsujikawa
81fb015391
nghttpx: Choose ECDSA cert if compatible signature algorithm available
2020-12-13 23:40:43 +09:00
Tatsuhiro Tsujikawa
6787423edc
nghttpx: Add workaround to include ':' in backend pattern
2020-11-27 22:15:46 +09:00
Tatsuhiro Tsujikawa
da7959c2e8
nghttpx: Deal with the case when h2 backend is retired before it is initialized
2020-11-15 11:19:07 +09:00
Tatsuhiro Tsujikawa
4e3c61ef4d
nghttpx: Add accesslog variables to record request path without query
...
This commit the following variables to construct request line without
including query component:
* $method
* $path
* $path_without_query
* $protocol_version
2020-09-19 23:58:37 +09:00
Tatsuhiro Tsujikawa
7b4de401d2
nghttpx: Check worker wide blocker before creating new downstream connection
2020-09-19 23:22:14 +09:00
Tatsuhiro Tsujikawa
7df73a5d90
nghttpx: mrb_run was removed
2020-09-02 22:12:45 +09:00
Tatsuhiro Tsujikawa
d5550e946d
Amend f1d8547b29
...
Better handling of tls and early data buffer
2020-07-14 19:47:08 +09:00
Tatsuhiro Tsujikawa
62411f5a6e
nghttpx: Set client_handler to special frontend objects
2020-07-14 01:13:29 +09:00
Tatsuhiro Tsujikawa
e9465f0ee5
Revert "nghttpx: Fix ubsan error"
...
This reverts commit 14dfeee4ed
.
2020-07-14 01:13:29 +09:00
Tatsuhiro Tsujikawa
14dfeee4ed
nghttpx: Fix ubsan error
2020-07-14 00:12:07 +09:00
Tatsuhiro Tsujikawa
f1d8547b29
nghttpx: Fix stall when TLS follows after proxy protocol
...
This fixes that nghttpx stalls when TLS handshake and data follow
after proxy protocol header and no extra read notification is
triggered (e.g., just small 1 HTTP request).
2020-07-13 23:39:17 +09:00
Tatsuhiro Tsujikawa
abe80e371e
nghttpx: Fix logging integer
2020-06-10 20:56:33 +09:00
Tatsuhiro Tsujikawa
854e9fe395
nghttpx: Always call init_forwarded_for
...
Always call init_forwarded_for to get the default when source address
in PROXY protocol is ignored. This ensures that forwarded header
field has the same value as x-forwarded-for.
2020-04-18 17:16:45 +09:00
Tatsuhiro Tsujikawa
49cd8e6e73
nghttpx: Add PROXY-protocol v2 support
2020-04-18 17:16:30 +09:00
Jacky Tian
4922bb41d6
static_cast size parameter in StringRef constructor to size_t
2020-03-31 00:54:08 -07:00
Jacky Tian
aad8697575
Fix get_x509_serial for long serial numbers
2020-03-31 00:19:06 -07:00
Tatsuhiro Tsujikawa
5e13274b7c
Fix typo
2019-12-21 11:39:05 +09:00
Tatsuhiro Tsujikawa
e0d7f7de5e
h2load: Allow port in --connect-to
2019-12-21 11:39:05 +09:00
lucas
df575f968f
h2load: add --connect-to option
2019-12-21 11:39:05 +09:00
Richard Wolfert
29042f1c95
priority_spec::valid(): remove const qualifier from return value
...
gcc generates warning:
* type qualifiers ignored on function return type [-Wignored-qualifiers]
2019-10-29 11:28:26 +01:00
Tatsuhiro Tsujikawa
6f967c6ef3
Fix errors reported by coverity scan
2019-09-21 13:45:20 +09:00
Tatsuhiro Tsujikawa
fe8946ddc7
nghttpx: Fix bug that mruby is incorrectly shared between backends
...
Previously, mruby context is wrongly shared by multiple patterns if
the underlying SharedDownstreamAddr is shared by multiple
DownstreamAddrGroups. This commit fixes it.
2019-09-16 22:25:06 +09:00
Tatsuhiro Tsujikawa
f8933fe504
nghttpx: Reconnect h1 backend if it lost connection before sending headers
...
This is the second attempt. The first attempt was
8a59ce6d37
and it failed.
2019-09-07 18:20:24 +09:00
Tatsuhiro Tsujikawa
5080db84e2
Revert "nghttpx: Reconnect h1 backend if it lost connection before sending headers"
...
This reverts commit 8a59ce6d37
.
2019-09-06 22:01:03 +09:00
Tatsuhiro Tsujikawa
053c7ac588
nghttpx: Returns 408 if backend timed out before sending headers
2019-09-03 00:29:01 +09:00
Tatsuhiro Tsujikawa
8a59ce6d37
nghttpx: Reconnect h1 backend if it lost connection before sending headers
2019-09-03 00:28:21 +09:00
Tatsuhiro Tsujikawa
f2fde180cd
Remove redundant null check before delete
...
Reported in https://github.com/nghttp2/nghttp2/issues/1384
2019-08-19 22:27:32 +09:00
Tatsuhiro Tsujikawa
95efb3e19d
Don't read too greedily
2019-08-14 11:44:28 +09:00
Tatsuhiro Tsujikawa
319d5ab1c6
nghttpx: Fix request stall
...
Fix request stall if backend connection is reused and buffer is full.
2019-08-06 20:50:29 +09:00
Andrew Penkrat
4f7aedc9d2
cmake: Support building nghttpx with systemd
2019-07-29 13:55:05 +03:00
Tatsuhiro Tsujikawa
7a5908933e
Fix clang-8 warning
2019-06-22 17:44:16 +09:00
Tatsuhiro Tsujikawa
ee44313445
Fix FPE with default backend
2019-06-11 23:15:01 +09:00
Tatsuhiro Tsujikawa
abef9b90ef
Fix log-level is not set with cmd-line or configuration file
2019-06-11 23:13:43 +09:00
Tatsuhiro Tsujikawa
b7220f075c
cmake: Remove SPDY related files
2019-06-08 00:23:17 +09:00
Tatsuhiro Tsujikawa
77f1c872b1
nghttpx: Fix unchanged log level on configuration reload
...
Previously, if log-level is not mentioned in configuration file and
reload happens, the log level was not set to the default value NOTICE.
Instead, the log level stayed the same. This commit fixes this bug.
2019-06-05 21:17:23 +09:00
Tatsuhiro Tsujikawa
b0f5e5cc79
Implement daemon() using fork() for OSX
2019-05-30 23:22:44 +09:00
Tatsuhiro Tsujikawa
2e1975ddf6
clang-format-8
2019-05-18 10:28:35 +09:00
Tatsuhiro Tsujikawa
4fca2502d8
nghttpx: Ignore Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT
...
A well known server sends content-length: 0 in 101 response. RFC 7230
says Content-Length or Transfer-Encoding in 200 response to CONNECT
request: https://tools.ietf.org/html/rfc7230#section-3.3.3
2019-05-17 22:58:26 +09:00
Tatsuhiro Tsujikawa
0288093caf
Fix llhttp_get_error_pos usage
...
It returns NULL if return value is HPE_OK.
2019-04-21 00:07:11 +09:00
Tatsuhiro Tsujikawa
c64d2573dc
Replace http-parser with llhttp
...
llhttp does not include URL parser. We extracted URL parser code from
http-parser and put it under third-party/url-parser.
llhttp bd3d224eb8cdc92c6fc8f508d7bbe0ba266e8e92
2019-04-20 18:42:30 +09:00
Tatsuhiro Tsujikawa
f028cc4392
clang-format
2019-04-18 23:37:48 +09:00
Adam Gołębiowski
cbba1ebf8f
asio: support boost-1.70
...
In boost 1.70, deprecated get_io_context() has finally been removed.
Introduce GET_IO_SERVICE macro that based on boost version uses
old get_io_service() interface (boost < 1.70), or get_executor().context()
for boost 1.70+.
Commit based idea seen in monero-project/monero@17769db946
2019-04-18 12:35:54 +02:00
Tatsuhiro Tsujikawa
a35059e3f1
nghttpx: Fix bug that altered authority and path affect backend selection
...
Fix bug that altered authority and path by per-pattern mruby script
affect backend selection on retry.
2019-04-16 22:18:30 +09:00
Tatsuhiro Tsujikawa
5a30fafdda
Merge branch 'nghttpx-fix-chunked-request-stall'
2019-04-16 00:26:18 +09:00
Tatsuhiro Tsujikawa
2cff8b43cf
nghttpx: Fix bug that chunked request stalls
2019-04-15 23:58:30 +09:00
Tatsuhiro Tsujikawa
be96654d56
nghttpx: Don't log authorization request header field value with -LINFO
2019-04-15 22:59:26 +09:00
Tatsuhiro Tsujikawa
ec519f22dc
Merge pull request #1270 from baitisj/master
...
Fix for compilation against modern LibreSSL
2019-03-13 20:52:50 +09:00
Tatsuhiro Tsujikawa
371bc3a8f7
clang-format
2019-03-08 00:19:34 +09:00
Tatsuhiro Tsujikawa
f5feb16ef4
Merge pull request #1295 from bratkartoffel/fix-compile-boringssl
...
Fix compilation with boringssl
2019-02-20 00:13:00 +09:00
Don
2591960e2f
Explicitly set install location when building shared libs
2019-02-06 10:26:30 -08:00
Tatsuhiro Tsujikawa
d93842db3e
nghttpx: Fix backend stall if header and request body are sent in 2 packets
2019-01-23 17:57:12 +09:00
Tatsuhiro Tsujikawa
8dc2b263ba
nghttpx: Use std::priority_queue
2019-01-22 00:01:17 +09:00
Tatsuhiro Tsujikawa
1ff9de4c87
nghttpx: Backend address selection with weight
2019-01-21 22:23:19 +09:00
Simon Frankenberger
34482ed4df
Fix compilation with boringssl
2019-01-18 20:12:57 +01:00
Tatsuhiro Tsujikawa
ab2aa5672b
Fix test failure
...
Now http_parser_parse_url returns nonzero if empty URI is given.
2019-01-17 23:16:49 +09:00
Tatsuhiro Tsujikawa
e9c9838cdc
nghttpx: Pool h1 backend connection per address
...
Pool HTTP/1.1 backend connection per address and reuse it only when
the next round robin index refers to this address. Previously if
there is a pooled connection, there is no round robin selection.
2019-01-14 22:20:58 +09:00
Tatsuhiro Tsujikawa
803d4ba948
Merge branch 'nghttpx-randomize-roundrobin-order'
2019-01-14 22:17:12 +09:00
Tatsuhiro Tsujikawa
732245e562
make clang-format
2019-01-12 00:11:31 +09:00
Tatsuhiro Tsujikawa
fdcdb21c38
nghttpx: Randomize backend address round robin order per thread
2019-01-11 22:36:45 +09:00
Tatsuhiro Tsujikawa
11d0533cfc
nghttpx: Ensure that cert serial does not exceed 20 bytes
2019-01-05 10:03:44 +09:00
Josh Braegger
5b2efc0a12
Fix getting long serial numbers for openssl < 1.1
...
From https://www.ietf.org/rfc/rfc5280.txt
> As noted in Section 4.1.2.2, serial numbers can be expected to
> contain long integers. Certificate users MUST be able to handle
> serialNumber values up to 20 octets in length. Conforming CAs MUST
> NOT use serialNumber values longer than 20 octets.
Without this, nghttpx will fatal.
jbraeg$ openssl x509 -in ~/test_certs/client.crt -serial -noout
serial=E0CFDFC7CEA10DF8AAF715C37FAEB410
jbraeg$ curl -k --key ~/test_certs/client.key --cert ~/test_certs/client.crt https://192.168.98.100:3000/ ; echo
curl: (56) Unexpected EOF
...
Assertion failed: n == b.size() (shrpx_tls.cc: get_x509_serial: 2051)
2019-01-03T20:25:21.289Z 1 1 f84316ae NOTICE (shrpx_log.cc:895) Worker process: [9] exited abnormally with status 0x06; exit status 0; signal Aborted(6)
2019-01-03T20:25:21.290Z 1 1 f84316ae NOTICE (shrpx.cc:4311) Shutdown momentarily
2019-01-03 13:20:29 -08:00
Tatsuhiro Tsujikawa
124c7848c0
nghttpx: Add missing return
2018-12-11 22:52:34 +09:00
Tatsuhiro Tsujikawa
f3f40840b3
nghttpx: Fix broken trailing slash handling
...
nghttpx allows a pattern with trailing slash to match a request path
without it. Previously, under certain pattern registration, this does
not work.
2018-12-09 17:07:28 +09:00
Jeff 'Raid' Baitis
2c1570595e
Fix for compilation against modern LibreSSL
2018-12-02 13:30:42 -08:00
Tatsuhiro Tsujikawa
302abf1b46
h2load: Fix compile error with gcc
2018-11-23 14:39:51 +09:00
Tatsuhiro Tsujikawa
089a03be42
h2load: Write log file with write(2)
2018-11-23 13:08:38 +09:00
dawg
d1b3a83f59
h2load: add an option to write per-request logs
2018-11-23 12:11:00 +09:00
Pedro Santos
6800d317e7
added access to the number of the current server port
2018-11-23 10:56:21 +09:00
Tatsuhiro Tsujikawa
f51e696e4a
asio: Add stop() to listen_and_serve doc
2018-11-18 17:30:35 +09:00
Tatsuhiro Tsujikawa
a433b132fc
Merge pull request #1260 from nghttp2/h2load-non-final-response
...
h2load: Handle HTTP/1 non-final response
2018-11-15 17:32:15 +09:00
Tatsuhiro Tsujikawa
6cad1b243b
nghttpx: Write mruby send_info early
2018-11-15 10:17:47 +09:00
Tatsuhiro Tsujikawa
3c393dca58
nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
2018-11-15 10:17:41 +09:00
Tatsuhiro Tsujikawa
172924457f
h2load: Handle HTTP/1 non-final response
2018-11-15 10:13:19 +09:00
Tatsuhiro Tsujikawa
dcbe0c690f
nghttpx: Simplify move ctor and operator
2018-11-02 15:40:53 +09:00
Tatsuhiro Tsujikawa
2996c28456
nghttpx: Cleanup
2018-11-02 15:16:36 +09:00
Tatsuhiro Tsujikawa
42e8ceb656
nghttpx: Convert API status code to enum class
2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
1daf9ce8b7
nghttpx: Convert WorkerEventType to enum class
2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
d68edf56c0
nghttpx: Convert MemcachedStatusCode to enum class
2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
0c4e9fef29
nghttpx: Convert memcached op to enum class
2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
571404c6e8
nghttpx: Convert MemcachedParseState to enum class
2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
4d562b773b
nghttpx: Convert LogFragmentType to enum class
2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
e62258713e
nghttpx: Convert connection check status to enum class
2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
4bd075defd
nghttpx: Convert Http2Session state to enum class
2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
b46a324943
nghttpx: Convert FreelistZone to enum class
2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa
4bd44b9cdf
nghttpx: Convert dispatch state to enum class
2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa
1b42110d4f
nghttpx: Make Downstream state enum class
2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa
0735ec55f3
nghttpx: Convert shrpx_connect_proto to enum class
2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa
00554779e1
nghttpx: Convert DNSResolverStatus to enum class
2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa
0963f38935
nghttpx: Convert SerialEventType to enum class
2018-10-17 14:19:58 +09:00
Tatsuhiro Tsujikawa
1abfa3ca5f
nghttpx: Make TLS handshake state enum class
2018-10-17 08:52:27 +09:00
Tatsuhiro Tsujikawa
f2159bc2c1
nghttpx: Convert UpstreamAltMode to enum class
2018-10-17 08:38:55 +09:00
Tatsuhiro Tsujikawa
b0eb68ee9e
nghttpx: Convert shrpx_forwarded_node_type to enum class
2018-10-16 23:10:17 +09:00
Tatsuhiro Tsujikawa
e7b7b037f6
nghttpx: Convert shrpx_cookie_secure to enum class
2018-10-16 23:06:59 +09:00
Tatsuhiro Tsujikawa
5e4f434fd8
nghttpx: Convert shrpx_session_affinity to enum class
2018-10-16 23:03:17 +09:00
Tatsuhiro Tsujikawa
20ea964f2f
nghttpx: Convert shrpx_proto to enum class
2018-10-16 22:59:34 +09:00
Tatsuhiro Tsujikawa
d105619bc3
src: Remove extra braces if possible
2018-10-15 23:46:33 +09:00
Tatsuhiro Tsujikawa
ec5729b1fa
Use std::make_unique
2018-10-15 23:02:44 +09:00
Tatsuhiro Tsujikawa
46576178a3
Don't send Transfer-Encoding to pre-HTTP/1.1 clients
2018-10-14 22:57:54 +09:00
Tatsuhiro Tsujikawa
5e925f873e
Update doc
2018-10-14 22:57:11 +09:00
Tatsuhiro Tsujikawa
153531d4d0
nghttpx: Use the same type as standard stream operator<<
2018-10-07 22:19:00 +09:00
Tatsuhiro Tsujikawa
7c8cb3a0ce
nghttpx: Improve CONNECT response status handling
2018-10-04 12:04:15 +09:00
Tatsuhiro Tsujikawa
aeb92bbbe2
nghttpx: Add read/write-timeout parameters to backend option
2018-09-30 12:32:43 +09:00
Tatsuhiro Tsujikawa
fc7489e044
nghttpx: Fix mruby parameter validation
2018-09-30 12:30:19 +09:00
Tatsuhiro Tsujikawa
87ac872fdc
nghttpx: Update doc
2018-09-30 12:28:43 +09:00
Tatsuhiro Tsujikawa
c278adde7a
nghttpx: Log error when mruby file cannot be opened
2018-09-30 12:23:01 +09:00
Tatsuhiro Tsujikawa
f94d720909
Merge pull request #1234 from nghttp2/nghttpx-rfc8441
...
nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
2018-09-29 11:54:47 +09:00
Tatsuhiro Tsujikawa
02566ee383
nghttpx: Update doc
2018-09-29 11:42:37 +09:00
Tatsuhiro Tsujikawa
3002f31b1f
src: Add debug output for SETTINGS_ENABLE_CONNECT_PROTOCOL
2018-09-29 11:39:49 +09:00
Tatsuhiro Tsujikawa
d2a594a753
nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
2018-09-29 11:35:41 +09:00
Tatsuhiro Tsujikawa
a42faf1cc2
nghttpx: Write TLS alert during handshake
2018-09-23 18:01:38 +09:00
Tatsuhiro Tsujikawa
88ff8c69a0
Update mruby 1.4.1
2018-09-16 22:54:09 +09:00
Tatsuhiro Tsujikawa
a63558a1eb
nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful
2018-09-16 22:19:27 +09:00
Tatsuhiro Tsujikawa
3575a1325e
nghttpx: Fix crash with plain text HTTP
2018-09-15 12:16:23 +09:00
Tatsuhiro Tsujikawa
9c824b87fe
nghttpx: Get rid of std::stringstream from Log
2018-09-14 22:58:48 +09:00
Tatsuhiro Tsujikawa
ed7c9db2a6
nghttpx: Add mruby env.tls_handshake_finished
2018-09-09 22:59:35 +09:00
Tatsuhiro Tsujikawa
5b42815afb
nghttpx: Strip incoming Early-Data header field by default
2018-09-09 22:37:22 +09:00
Tatsuhiro Tsujikawa
cfe7fa9a75
nghttpx: Add --tls13-ciphers and --tls-client-ciphers options
2018-09-09 16:35:47 +09:00
Tatsuhiro Tsujikawa
cb8a9d58fd
src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST
...
TLSv1.3 ciphers are treated differently from the ciphers for TLSv1.2
or earlier.
2018-09-09 15:53:04 +09:00
Tatsuhiro Tsujikawa
9b03c64f68
nghttpx: Should postpone early data by default
2018-09-08 19:22:30 +09:00
Tatsuhiro Tsujikawa
b8eccec62d
nghttpx: Disable OpenSSL anti-replay
2018-09-08 19:10:59 +09:00
Tatsuhiro Tsujikawa
9f21258720
Specify SSL_CTX_set_max_early_data and add an option to change max value
2018-09-08 17:59:28 +09:00
Tatsuhiro Tsujikawa
47f6012407
nghttpx: Add an option to postpone early data processing
2018-09-08 17:57:21 +09:00
Tatsuhiro Tsujikawa
770e44de4d
Implement draft-ietf-httpbis-replay-02
...
nghttpx sends early-data header field when forwarding requests which
are received in TLSv1.3 early data, and the TLS handshake is still in
progress.
2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa
2ab319c137
Don't hide error code from openssl
2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa
3992302432
Remove SSL_ERROR_WANT_WRITE handling
2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa
b30f312a70
Honor SSL_read semantics
2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa
c5cdb78a95
nghttpx: Add TLSv1.3 0-RTT early data support
2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa
e959e7338e
src: Refactor utos
2018-09-01 22:29:11 +09:00
Tatsuhiro Tsujikawa
fb9a204de2
nghttpx: Fix compile error without mruby
2018-08-31 21:58:35 +09:00
Tatsuhiro Tsujikawa
7417fd71a4
nghttpx: Per-pattern not per-backend
2018-08-28 17:50:01 +09:00
Tatsuhiro Tsujikawa
45acc922eb
clang-format
2018-08-27 21:34:18 +09:00
Tatsuhiro Tsujikawa
214d089910
Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master
2018-08-27 21:30:36 +09:00
Tatsuhiro Tsujikawa
31fd707d0c
nghttpx: Fix broken healthmon frontend
2018-08-27 21:21:55 +09:00
Alexandros Konstantinakis-Karmis
9a2e38e058
fix code for reuse addr on asio client
2018-08-27 10:53:14 +03:00
Tatsuhiro Tsujikawa
6195d747ce
nghttpx: Share mruby context if it is compiled from same file
2018-08-24 23:11:21 +09:00
Tatsuhiro Tsujikawa
fb97f596e1
nghttpx: Allocate mruby file because fopen requires NULL terminated string
2018-08-24 23:08:15 +09:00
Tatsuhiro Tsujikawa
0ccc7a770d
nghttpx: Move blocked request data to request buffer for API request
2018-08-24 23:07:43 +09:00
Tatsuhiro Tsujikawa
32826466f5
nghttpx: Fix crash with API request
2018-08-24 23:07:16 +09:00
Tatsuhiro Tsujikawa
0422f8a844
nghttpx: Fix worker process crash with neverbleed write error
2018-08-24 22:22:53 +09:00
Tatsuhiro Tsujikawa
e329479a99
Merge pull request #1215 from nghttp2/mruby-per-backend
...
nghttpx: Support per-backend mruby script
2018-08-23 18:41:40 +09:00
Alexandros Konstantinakis-Karmis
866ac6ab27
add option reuse addr in local endpoint configuration of asio client
2018-08-23 18:19:10 +09:00
Tatsuhiro Tsujikawa
b574ae6aa2
nghttpx: Support per-backend mruby script
2018-08-23 18:13:29 +09:00
Tatsuhiro Tsujikawa
32d7883c47
nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_
2018-08-23 10:55:42 +09:00
Tatsuhiro Tsujikawa
9b24e19763
nghttpx: Choose h1 protocol if headers have been sent to backend on retry
2018-08-22 23:20:13 +09:00
Tatsuhiro Tsujikawa
9d5b781df6
Fix stream reset if data from client is arrived before dconn is attached
2018-08-22 22:32:25 +09:00
Alexandros Konstantinakis-Karmis
c6d8c4013c
support definition of local endpoint for cleartext client session
2018-08-02 16:18:23 +09:00
Tatsuhiro Tsujikawa
880f948684
Enable IndentPPDirectives
2018-06-09 16:21:30 +09:00
Tatsuhiro Tsujikawa
fc94018b97
clang-format-6.0
2018-06-09 16:02:26 +09:00
Tatsuhiro Tsujikawa
388e785822
Fix typo
2018-06-03 13:10:32 +09:00
Tatsuhiro Tsujikawa
325612bcde
nghttp: Receive ORIGIN frame
2018-05-12 12:35:08 +09:00
Tatsuhiro Tsujikawa
3e4f257b91
asio: Support client side SNI
2018-05-03 20:29:16 +09:00
Tatsuhiro Tsujikawa
c65ca20a49
h2load: -r and --duration are mutually exclusive
2018-04-28 00:30:43 +09:00
Tatsuhiro Tsujikawa
009646421c
Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER)
2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa
8d0b4544f8
libressl 2.7 has X509_VERIFY_PARAM_*
2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa
d8a34131e1
libressl 2.7 has SSL_CTX_get0_certificate
2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa
5db17d0af9
Compile with libressl 2.7.2
2018-04-14 18:09:47 +09:00
Tatsuhiro Tsujikawa
1bf69b5662
Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API
...
LIBRESSL_LEGACY_API is drop-in replacement for LIBRESSL_IN_USE. In
the upcoming commits, we will add changes to support libressl 2.7.
2018-04-14 18:09:47 +09:00
Tatsuhiro Tsujikawa
e65e7711ca
Add comment on #endif
2018-04-03 21:39:44 +09:00
Tatsuhiro Tsujikawa
636ef51b0f
Fix compile error with -Wunused-function
2018-04-03 21:33:09 +09:00
Bernard Spil
400934e5a3
[PATCH] Allow building without NPN
...
NPN has been superseeded by ALPN. OpenSSL provides a configure
option to disable npn (no-npn) which results in an OpenSSL
installation that defines OPENSSL_NO_NEXTPROTONEG in opensslconf.h
The #ifdef's look safe here (as the next_proto is initialized as
nullptr). Alteratively, macros could be defined for the used npn
methods that return a 0 for next_proto.
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2018-03-25 18:27:23 +02:00
Tatsuhiro Tsujikawa
45d76cf501
nghttpx: Close listening socket on graceful shutdown
2018-02-26 22:40:24 +09:00
Tatsuhiro Tsujikawa
e70195ae91
nghttpx: Update doc
2018-02-22 16:12:38 +09:00
Tatsuhiro Tsujikawa
eb951c2ce4
src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro
2018-02-12 16:22:47 +09:00
Tatsuhiro Tsujikawa
39f0ce7c25
Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
...
nghttpx: Add an option to accept expired client certificate
2018-02-10 16:00:43 +09:00
Tatsuhiro Tsujikawa
e8af7afc65
nghttpx: Add an option to accept expired client certificate
2018-02-08 16:51:23 +09:00
Tatsuhiro Tsujikawa
38abfd1863
nghttpx: Add mruby tls_client_not_before, and tls_client_not_after
2018-02-08 16:25:31 +09:00
Tatsuhiro Tsujikawa
ff3edc09ed
nghttpx: Fix potential memory leak
2018-02-03 18:21:42 +09:00
Tatsuhiro Tsujikawa
c1a496cf4e
nghttpx: Fix bug that h1 backend idle timeout expires sooner
2018-02-02 21:09:04 +09:00
Tatsuhiro Tsujikawa
e098a21132
mruby: Fix bug that response header is unexpectedly overwritten
...
The bug is the same bug fixed by
6deee2037d
, but in response handler.
2018-01-28 19:41:45 +09:00
Dylan Plecki
6deee2037d
Fix #1119 : Stop overwrite of first header on mruby call to env.req.set_header(..)
2018-01-26 18:49:08 -08:00
Tatsuhiro Tsujikawa
5cc3d159e1
nghttpx: Add upgrade-scheme parameter to backend option
...
If "upgrade-scheme" parameter is present in backend option along with
"tls" paramter, HTTP/2 :scheme pseudo header field is changed to
"https" from "http" when forwarding a request to this particular
backend. This is a workaround for a server which requests "https"
scheme on HTTP/2 connection encrypted by TLS.
2018-01-08 18:08:01 +09:00
Tatsuhiro Tsujikawa
0fbb46edd6
Merge pull request #1101 from nghttp2/remember-pushed-links
...
nghttpx: Remember which resource is pushed
2018-01-04 23:15:35 +09:00
Tatsuhiro Tsujikawa
74754982f1
nghttpx: Fix missing ALPN validation (--npn-list)
...
This commit fixes the bug that ALPN validation does not occur when
ALPN list is not sent from client.
2018-01-04 22:43:47 +09:00
Tatsuhiro Tsujikawa
a31a2e3b2c
nghttpx: Remember which resource is pushed
...
Remember which resource is pushed in order to conform to the semantics
described in RFC 8297.
2018-01-04 22:35:22 +09:00
Tatsuhiro Tsujikawa
cfd926f09b
src: Define 103 status code
2017-12-20 19:30:55 +09:00
Tatsuhiro Tsujikawa
4d1139f653
Remove SPDY
2017-12-17 13:28:44 +09:00
Tatsuhiro Tsujikawa
48f574076c
nghttpx: Update doc
2017-12-16 00:13:27 +09:00
Tatsuhiro Tsujikawa
216f4dad83
nghttpx: Remove redundant check
2017-12-14 21:39:22 +09:00
Tatsuhiro Tsujikawa
a4e27d766b
Revert "nghttpx: Use an existing h2 backend connection as much as possible"
...
This reverts commit f507b5eee4
.
Balancing load is more important at the moment.
2017-12-14 21:34:04 +09:00
Tatsuhiro Tsujikawa
03f7ec0f60
nghttpx: Write API request body in temporary file
2017-12-03 16:19:57 +09:00
Tatsuhiro Tsujikawa
2056e812bd
nghttpx: Increase api-max-request-body
2017-12-02 13:49:42 +09:00
Tatsuhiro Tsujikawa
04348ff20e
Merge pull request #1081 from nghttp2/nghttpx-faster-parse-config
...
nghttpx: Faster configuration loading with lots of backends
2017-12-01 23:47:34 +09:00
Tatsuhiro Tsujikawa
1ebb6810a1
nghttpx: Faster configuration loading with lots of backends
2017-12-01 23:06:06 +09:00
Tatsuhiro Tsujikawa
a3ebeeafba
nghttpx: Fix crash with --backend-http-proxy-uri option
2017-12-01 22:28:16 +09:00
Tatsuhiro Tsujikawa
ff200bfcf3
clang-format-5.0
2017-11-23 14:19:12 +09:00
Tatsuhiro Tsujikawa
0028275d7b
nghttpx: Add affinity-cookie-secure parameter to backend option
2017-11-21 22:29:22 +09:00
Tatsuhiro Tsujikawa
194acb1f2c
src: Use nghttp2_error_callback2
2017-11-19 16:51:52 +09:00
Tatsuhiro Tsujikawa
73344ae9aa
nghttpx: Use plain hex string format for client serial
2017-11-17 00:04:23 +09:00
Tatsuhiro Tsujikawa
eca0a3025b
nghttpx: Add $tls_client_serial log variable
2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa
4720c5cb3d
nghttpx: Make client serial available in mruby script
2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa
cd55ab28ab
nghttpx: Add function to get serial number from certificate
2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa
22502182d0
Add tls_client_issuer_name log variable and expose it to mruby
2017-11-15 23:41:47 +09:00
Tatsuhiro Tsujikawa
f5ddd7f43b
nghttpx: Make initial_addr_idx_ unsigned
2017-11-04 17:30:56 +09:00
Tatsuhiro Tsujikawa
88abbce7e7
nghttpx: Fix compile error with gcc
2017-11-04 17:30:27 +09:00
Tatsuhiro Tsujikawa
16e9036568
nghttpx: Fix affinity retry
2017-11-04 17:13:45 +09:00
Tatsuhiro Tsujikawa
fa7945c627
nghttpx: Refactor
2017-11-04 15:55:25 +09:00
Tatsuhiro Tsujikawa
daca43f0dd
nghttpx: Fix stalled backend connection on retry
2017-11-04 15:46:08 +09:00
Tatsuhiro Tsujikawa
16bc11e670
nghttpx: Remove duplicated util::make_socket_nodelay
2017-11-04 13:00:17 +09:00
Tatsuhiro Tsujikawa
8c0ea56bb8
Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
...
nghttpx: Cookie based session affinity
2017-11-01 22:45:38 +09:00
Tatsuhiro Tsujikawa
549053710b
nghttpx: Refactor
2017-11-01 22:33:49 +09:00
Tatsuhiro Tsujikawa
be5c39a1cf
src: Add tests
2017-11-01 22:18:03 +09:00
Tatsuhiro Tsujikawa
b8fda6808b
nghttpx: Cookie based session affinity
2017-11-01 22:18:03 +09:00
Tatsuhiro Tsujikawa
539e27812b
nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
...
Also tls_client_fingerprint is renamed to
tls_client_fingerprint_sha256.
2017-10-31 21:41:40 +09:00
Tatsuhiro Tsujikawa
7008afd40e
nghttpx: Refactor get_x509_fingerprint to accept hash function
2017-10-31 21:28:16 +09:00
Tatsuhiro Tsujikawa
60baca27e4
nghttpx: Add more TLS related attributes to mruby Env object
...
The added attributes are:
* tls_cipher
* tls_protocol
* tls_session_id
* tls_session_reused
* alpn
2017-10-29 22:42:30 +09:00
Tatsuhiro Tsujikawa
cb376bcd80
nghttpx: Add client fingerprint and subject name to accesslog
2017-10-29 21:47:00 +09:00
Tatsuhiro Tsujikawa
f2b8edd1e2
nghttpx: Fix memory leak
2017-10-29 21:46:12 +09:00
Tatsuhiro Tsujikawa
c4f8afcfde
nghttpx: Get TLS info only when it is necessary when writing accesslog
2017-10-29 21:22:33 +09:00
Tatsuhiro Tsujikawa
9f80a82c1a
nghttpx: Add client fingerprint and subject name to mruby env
2017-10-29 19:54:42 +09:00
Tatsuhiro Tsujikawa
c573c80bd3
nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec
2017-10-29 19:47:39 +09:00
Tatsuhiro Tsujikawa
3cd6817e21
Fix typos
2017-10-29 16:54:21 +09:00
Tatsuhiro Tsujikawa
aaeeec8f1c
Fix typos
2017-10-28 22:25:42 +09:00
Tatsuhiro Tsujikawa
5119e82b93
src: Fix memory leak in unit test
2017-10-24 21:40:30 +09:00
Tatsuhiro Tsujikawa
3be5856c82
nghttpx: Fix unused function warnings
2017-10-24 21:40:30 +09:00
Tatsuhiro Tsujikawa
a319143901
nghttpx: Fix bug that header fields are missing in HTTP/1.0 response
2017-10-22 01:11:32 +09:00
Tatsuhiro Tsujikawa
f507b5eee4
nghttpx: Use an existing h2 backend connection as much as possible
...
h2load measurement reveals that this strategy is 3 times faster than
the previous implementations.
2017-10-19 21:15:08 +09:00
Tatsuhiro Tsujikawa
aaa0b858e4
Amend some macro comments
2017-10-14 11:50:16 +09:00
Tatsuhiro Tsujikawa
5fa1938691
clang-format
2017-10-14 11:45:41 +09:00
Daniel Evers
c2d9a1ed6f
Support for Windows / MinGW
2017-10-12 18:15:12 +02:00
Tatsuhiro Tsujikawa
8ffe389daa
h2load: Print out h2 header fields with --verbose option
2017-09-22 18:12:20 +09:00
Tatsuhiro Tsujikawa
2576855ded
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only
2017-09-21 21:42:56 +09:00
Tatsuhiro Tsujikawa
cc6f759190
src: Add static to constexpr char[]
2017-09-20 23:54:10 +09:00
Tatsuhiro Tsujikawa
323001238a
clang-format
2017-09-20 22:08:22 +09:00
Tatsuhiro Tsujikawa
91f062f873
src: Fix compile error
2017-09-20 22:08:08 +09:00
Tatsuhiro Tsujikawa
a170023f23
nghttpx: Verify OCSP response using trusted CA certificates
2017-09-01 21:35:38 +09:00
Tatsuhiro Tsujikawa
4be4c0cddc
Revert "nghttpx: Verify OCSP response using trusted CA certificates"
...
This reverts commit 59c78d5809
.
2017-08-30 22:27:02 +09:00
Rick Lei
5996798a34
Fix OCSP related error when building with BoringSSL
...
BoringSSL has no "openssl/ocsp.h" nor most OCSP related APIs used in
shrpx_tls.cc. This commit add ifdefs to disable related code to allow
building nghttp2 with BoringSSL (again).
It's possible to use !defined(OPENSSL_IS_BORINGSSL), but since BoringSSL
defines OPENSSL_NO_OCSP which is more specific, I chose to go with the
latter one.
2017-08-24 11:56:46 -04:00
Tatsuhiro Tsujikawa
6fec532012
Merge pull request #998 from nghttp2/h2load-fix-timing-script-stall
...
Fix bug that timing script stalls with -m1
2017-08-24 21:17:43 +09:00
Tatsuhiro Tsujikawa
15713e0b7c
h2load: Ignore -n for timing-based mode instead of requiring -n=0
2017-08-23 20:35:01 +09:00
Tatsuhiro Tsujikawa
a6a561af47
Fix bug that timing script stalls with -m1
2017-08-23 20:10:23 +09:00
Tatsuhiro Tsujikawa
bcda1c2409
Fix assertion failure
2017-08-23 19:22:23 +09:00
Tatsuhiro Tsujikawa
afcd8d9ab1
clang-format
2017-08-23 19:19:00 +09:00
Tatsuhiro Tsujikawa
c9b1c91944
Fix compile error
2017-08-23 19:18:27 +09:00
Tatsuhiro Tsujikawa
5d9434eb09
Merge branch 'master' of https://github.com/sohamm17/nghttp2 into sohamm17-master
2017-08-23 19:16:40 +09:00
Tatsuhiro Tsujikawa
1a44b5d52a
Merge pull request #984 from nghttp2/h2load-reservoir-sampling
...
h2load: Reservoir sampling
2017-08-23 19:00:28 +09:00
Dmitriy Vetutnev
af926fbe1f
Refactoring include directories for build as CMake subdirectory (add_subdirectory(nghttp2))
2017-08-16 21:28:12 +03:00
Tatsuhiro Tsujikawa
83039ae2d4
h2load: Reservoir sampling
2017-08-14 20:25:02 +09:00
Tatsuhiro Tsujikawa
4d76606fa2
Fix bug that forwarded for is not affected by proxy protocol
2017-08-09 22:44:14 +09:00
Soham Sinha
1baf7d34b3
Duration watcher and warmup watcher is initialised in Worker constructor. Statistic calculation is removed from duration watcher call_back, it's done in free_client.
2017-08-08 17:26:37 -04:00
Soham Sinha
c78159469a
Added a function to free a client from Worker's list of client, if the client is destroyed
2017-08-07 18:58:12 -04:00
Soham Sinha
b72ca0289c
formatting issue
2017-08-04 14:20:00 -04:00
Soham Sinha
46f670f8a2
concurrent connections are created in timing-based mode. Some safety asserts added.
2017-08-03 16:15:14 -04:00
Soham Sinha
4b44362b9f
minor style changes
2017-08-01 20:22:20 -04:00
Soham Sinha
d068a29798
removed unnecessary code
2017-08-01 19:51:47 -04:00
Soham Sinha
0836a51408
Handling requests starting in warm-up phase and ending in MAIN_DURATION
2017-08-01 18:29:00 -04:00
Soham Sinha
566cee8fe7
MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well.
2017-08-01 17:45:52 -04:00
Soham Sinha
e85698e131
MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well.
2017-08-01 17:45:18 -04:00
Soham Sinha
5f3c541c4c
enabled --duration option.
2017-07-28 17:31:13 -04:00
Soham Sinha
3c43e00d8a
Timing ( #1 )
...
* Adding timing-sensitive load test option in h2load.
* more checks added for parameters
* A worker thread can control its clients' warmup and main duration.
* Changed warmup to an enum variable.
* removed unnecessary call to ev_timer_stop
* assertion is done before starting main measurement phase
* phase variable is implemented only inside the Worker class
* enum to enum class
* else indentation corrected
* check added for timing-based test when duration CB is called explicitly
* New argument is introduced for timing-based benchmarking.
* styling corrections
* duration watcher initialization is pushed back into warmup timeout
* Warmup and Duration timer is moved to Worker instead of clients. Now both timers and phase belongs to the Workers.
* some client functions are modified to return if it's not main_duration phase. client is not destructed but sessions are terminated
* outputs are adjusted for thread.
* Needed to check if a session exist before terminating
* formatting
* more formatting
* formatting
2017-07-28 17:08:20 -04:00
Tatsuhiro Tsujikawa
1002c6da1c
src: Use llround instead of round
2017-07-12 23:23:47 +09:00
Tatsuhiro Tsujikawa
18dd20ce55
nghttp: Fix bug that upgrade fails if reason-phrase is missing
2017-06-28 01:01:39 +09:00
Tatsuhiro Tsujikawa
a18d154e0e
Merge pull request #943 from nghttp2/nghttpx-verify-ocsp-resp-with-cacerts
...
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-15 20:56:44 +09:00
Tatsuhiro Tsujikawa
59c78d5809
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-13 23:00:26 +09:00
Tatsuhiro Tsujikawa
be164fc8f9
nghttpx: Set default minimum TLS version to TLSv1.2
...
Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers. To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.
2017-06-12 23:54:12 +09:00
Tatsuhiro Tsujikawa
6ec7683991
nghttpx: Use nocopy version to send trailer headers to backend
...
It looks like we can use nocopy version here. We use nocopy version
in frontend in day 1.
2017-06-02 22:38:39 +09:00
Tatsuhiro Tsujikawa
8f7fa1b1bf
nghttpx: Fix crash in OCSP response verification
2017-05-30 23:52:38 +09:00
Tatsuhiro Tsujikawa
db7483ef10
Merge branch 'nghttpx-verify-ocsp'
2017-05-25 23:37:34 +09:00
Tatsuhiro Tsujikawa
74c2f1257a
nghttpx: Add --no-verify-ocsp to disable OCSP response verification
2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa
1428a5e3ae
nghttpx: Verify OCSP response
...
At least we should make sure that the OCSP response is targeted to the
expected certificate. This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ. Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
Tatsuhiro Tsujikawa
c57bf21306
src: memchunks: Don't use std::unique_ptr to avoid potential SO
2017-05-25 00:23:51 +09:00
Tatsuhiro Tsujikawa
8401e16a15
nghttpx: Fix compile error with gcc
2017-05-22 22:10:55 +09:00
Tatsuhiro Tsujikawa
07fb5854f3
nghttpx: Compile with openssl 1.0.2
2017-05-22 22:09:34 +09:00
Tatsuhiro Tsujikawa
796ab87b14
nghttpx: Fix certificate selection based on pub key algorithm
2017-05-21 11:12:47 +09:00
Tatsuhiro Tsujikawa
ed1fad3bd4
nghttpx: Call ERR_clear_error()
...
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
Tatsuhiro Tsujikawa
9c1876f542
nghttpx: Fix certificate indexing bug
2017-05-21 00:19:33 +09:00
Tatsuhiro Tsujikawa
7d111d9963
Merge pull request #923 from nghttp2/compile-with-disable-assert
...
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
Tatsuhiro Tsujikawa
1b442cb16f
Compile with --disable-assert
2017-05-18 23:10:44 +09:00
Tatsuhiro Tsujikawa
0d4f0f0db5
nghttpx: Run OCSP at startup
...
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish. It does not matter
some of the attempts fail. This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Tatsuhiro Tsujikawa
14edd12304
nghttpx: Refactor the code for the anti-replay
2017-05-14 17:45:35 +09:00
Tatsuhiro Tsujikawa
e6ffdb23a4
nghttpx: Share session_cache_ssl_ctx across threads
2017-05-14 17:43:11 +09:00
Tatsuhiro Tsujikawa
b5007d45f7
nghttpx: Wildcard path matching
...
This commit adds wildcard path matching. If path pattern given in
backend option ends with "*", it is considered as wildcard path. "*"
must match at least one character. All paths which include wildcard
path without last "*" as prefix, and are strictly longer than wildcard
path without last "*" are matched.
2017-05-11 22:15:28 +09:00
Tatsuhiro Tsujikawa
a584cf5a4f
Use clang-format-4.0
2017-04-30 15:45:53 +09:00
Tatsuhiro Tsujikawa
196673bbce
nghttp: Remove unused short option 'g'
2017-04-28 22:39:12 +09:00
Tatsuhiro Tsujikawa
794d13082c
Merge branch 'nghttp-no-verify-peer'
2017-04-28 22:36:23 +09:00
Tatsuhiro Tsujikawa
5f5cf4107e
nghttpx: Reseve rcbufs_
2017-04-28 22:31:09 +09:00
Tatsuhiro Tsujikawa
6f3ec54b9f
nghttp: Add -y, --no-verify-peer option to suppress peer verify warn
2017-04-28 09:53:37 +09:00
Tatsuhiro Tsujikawa
58043a6b04
nghttpx: Guard the presence of TLS1_3_VERSION
2017-04-27 23:13:15 +09:00
Tatsuhiro Tsujikawa
a885315ef5
Merge branch 'nghttpx-unrecognized-sni'
2017-04-27 22:57:54 +09:00
Tatsuhiro Tsujikawa
d7581525ac
nghttpx: Update TLSv1.3 TLS record overhead
2017-04-27 22:57:06 +09:00
Tatsuhiro Tsujikawa
1085f68018
nghttpx: Return SSL_TLSEXT_ERR_NOACK if server name is not recognized
...
With this commit, SSL_TLSEXT_ERR_NOACK is returned from
servername_callback, which removes server_name extension from
ServerHello. CertLookupTree is now used even if the number of server
certificate is one. It is better to exercise it regularly.
2017-04-27 22:25:58 +09:00
Tatsuhiro Tsujikawa
d63b4c1034
nghttpx: Forward multiple via, xff, and xfp header fields
...
Previously, for Via, X-Forwarded-For, and X-Forwarded-Proto header
field, nghttpx only forwarded the last header field of each. With
this commit, nghttpx forwards all of them if it is configured to do
so.
2017-04-26 21:23:13 +09:00
Tatsuhiro Tsujikawa
c3f5f5ca36
nghttpx: Clarify --conf option behaviour
2017-04-20 22:25:38 +09:00
Tatsuhiro Tsujikawa
911d12f7c4
nghttpx: Add log when loading configuration file
2017-04-20 22:22:29 +09:00
Tatsuhiro Tsujikawa
17614312e0
Merge pull request #892 from nghttp2/nghttpx-sni-fwd
...
nghttpx: SNI based backend server selection
2017-04-19 21:22:15 +09:00
Tatsuhiro Tsujikawa
a2e35a0757
nghttpx: Add $tls_sni access log variable
2017-04-18 22:44:26 +09:00
Tatsuhiro Tsujikawa
a4a2b6403b
nghttpx: Use SHRPX_LOGF_TLS_* instead of SHRPX_LOGF_SSL_*
2017-04-18 22:34:08 +09:00
Tatsuhiro Tsujikawa
03be97e437
nghttpx: Rename ssl_* log variables as tls_*
...
The exiting ssl_* log variables still work for backward compatibility.
2017-04-18 22:11:05 +09:00
Tatsuhiro Tsujikawa
0a2d1965df
nghttpx: Fix path matching bug
...
Previously, if path is empty or path does not start with "/", nghttpx
did not try to match with wildcard pattern. This commit fixes it.
2017-04-18 21:03:50 +09:00
Tatsuhiro Tsujikawa
c8a5f1e335
nghttpx: SNI based backend server selection
2017-04-16 23:47:10 +09:00
Tatsuhiro Tsujikawa
a1bc83a2ba
Merge pull request #881 from mway/dev/request-priority
...
Support specifying stream priority via session::submit()
2017-04-12 23:36:40 +09:00
Matt Way
bc3949db9e
Support specifying stream priority via session::submit()
2017-04-12 10:07:16 -04:00
Tatsuhiro Tsujikawa
6cfa885207
nghttpx: Remove unused lambda capture
2017-04-12 22:09:44 +09:00
Tatsuhiro Tsujikawa
e61ac4682e
Merge branch 'nghttpx-xfp-take2'
2017-04-09 16:02:53 +09:00
Tatsuhiro Tsujikawa
4d10dce61d
nghttpx: Only send SCT for leaf certificate
2017-04-09 14:38:18 +09:00
Tatsuhiro Tsujikawa
2d9fd87029
nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3
2017-04-09 14:11:49 +09:00
Tatsuhiro Tsujikawa
cc9190ab37
nghttpx: Add options for X-Forwarded-Proto header field
...
This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --no-add-x-forwarded-proto option makes nghttpx not to
append X-Forwarded-Proto value. The
--no-strip-incoming-x-forwarded-proto option prevents nghttpx from
stripping the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit preserves this behaviour, and adds
additional knobs.
2017-04-08 18:46:36 +09:00
Tatsuhiro Tsujikawa
980570de71
Revert "nghttpx: Add options for X-Forwarded-Proto header field"
...
This reverts commit 8c0b2c684a
.
2017-04-08 18:37:54 +09:00
Tatsuhiro Tsujikawa
46ccc4332c
nghttpx: Fix bug that 204 from h1 backend is always treated as error
2017-04-07 21:45:13 +09:00
Tatsuhiro Tsujikawa
4e6bd54dd1
Merge branch 'nghttpx-single-process'
2017-04-06 20:18:33 +09:00
Tatsuhiro Tsujikawa
5c9f46a6b0
Merge branch 'nghttp-verify-server-certificate'
2017-04-06 20:17:29 +09:00
Tatsuhiro Tsujikawa
223e971c7e
nghttpx: Add --single-process option
...
With --single-process option, nghttpx will run in a single process
mode where master and worker are unified into one process. nghttpx
still spawns additional process for neverbleed. In the single process
mode, signal handling is disabled.
2017-04-06 20:02:57 +09:00
Tatsuhiro Tsujikawa
8c0b2c684a
nghttpx: Add options for X-Forwarded-Proto header field
...
This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --add-x-forwarded-proto option makes nghttpx append
X-Forwarded-Proto value. The --strip-incoming-x-forwarded-proto
option makes nghttpx to strip the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit changes this behaviour. Now nghttpx
does not strip, and append X-Forwarded-Proto header field by default.
The X-Forwarded-For, and Forwarded header fields are also handled in
the same way. To recover the old behaviour, use
--add-x-forwarded-proto and --strip-incoming-x-forwarded-proto
options.
2017-04-06 19:17:36 +09:00
Tatsuhiro Tsujikawa
7ae0b2dc09
nghttp: Verify server certificate and show warning if it fails
2017-04-01 17:49:57 +09:00
Tatsuhiro Tsujikawa
058122b804
nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
...
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa
69f63c529d
src: Rename ssl.{h,cc} as tls.{h,cc}
...
nghttp2::ssl namespace was also renamed as nghttp2::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa
e17a6b29b6
nghttpx: Use 502 as server error code
2017-04-01 14:04:55 +09:00
Tatsuhiro Tsujikawa
b12c2a13c0
nghttpx: Fail handshake if server certificate verification fails
...
Previously, we drop connection if server certificate verification
fails after handshake. With this commit, we fail handshake if that
happens.
2017-04-01 13:41:41 +09:00
Tatsuhiro Tsujikawa
236c835abc
nghttpx: Don't enable SSL_MODE_AUTO_RETRY since we do non-blocking I/O
2017-04-01 12:05:07 +09:00
Tatsuhiro Tsujikawa
ad338bfa44
asio: Fix crash if connect takes longer time than ping interval
2017-03-31 21:17:57 +09:00
Tatsuhiro Tsujikawa
a899522679
asio: Fix compile error
2017-03-31 21:14:08 +09:00
Tatsuhiro Tsujikawa
b9b58c781e
nghttpx: Avoid extra TLS handshake calls
2017-03-30 22:23:55 +09:00
Tatsuhiro Tsujikawa
aa1eec4642
nghttpx: Cache client side session inside openssl callback
2017-03-30 21:07:58 +09:00
Tatsuhiro Tsujikawa
0c8d9469ea
nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
2017-03-27 23:58:49 +09:00
Tatsuhiro Tsujikawa
079e1bdffc
Revert "nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl"
...
This reverts commit b4337d1b54
.
2017-03-27 23:47:24 +09:00
Tatsuhiro Tsujikawa
b4337d1b54
nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
2017-03-27 23:29:28 +09:00
Tatsuhiro Tsujikawa
dbe287ff5e
nghttpx: Print version number with -v option
2017-03-27 22:49:53 +09:00
Tatsuhiro Tsujikawa
041531458b
Merge pull request #858 from nghttp2/nghttpx-ai-addrconfig
...
nghttpx: Retry getaddrinfo without AI_ADDRCONFIG
2017-03-27 22:37:07 +09:00
Tatsuhiro Tsujikawa
1374bb81fd
nghttpx: Enable X25519 with boringssl
2017-03-27 21:18:44 +09:00