Commit Graph

2791 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 5b42815afb nghttpx: Strip incoming Early-Data header field by default 2018-09-09 22:37:22 +09:00
Tatsuhiro Tsujikawa cfe7fa9a75 nghttpx: Add --tls13-ciphers and --tls-client-ciphers options 2018-09-09 16:35:47 +09:00
Tatsuhiro Tsujikawa cb8a9d58fd src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST
TLSv1.3 ciphers are treated differently from the ciphers for TLSv1.2
or earlier.
2018-09-09 15:53:04 +09:00
Tatsuhiro Tsujikawa 9b03c64f68 nghttpx: Should postpone early data by default 2018-09-08 19:22:30 +09:00
Tatsuhiro Tsujikawa b8eccec62d nghttpx: Disable OpenSSL anti-replay 2018-09-08 19:10:59 +09:00
Tatsuhiro Tsujikawa 9f21258720 Specify SSL_CTX_set_max_early_data and add an option to change max value 2018-09-08 17:59:28 +09:00
Tatsuhiro Tsujikawa 47f6012407 nghttpx: Add an option to postpone early data processing 2018-09-08 17:57:21 +09:00
Tatsuhiro Tsujikawa 770e44de4d Implement draft-ietf-httpbis-replay-02
nghttpx sends early-data header field when forwarding requests which
are received in TLSv1.3 early data, and the TLS handshake is still in
progress.
2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa 2ab319c137 Don't hide error code from openssl 2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa 3992302432 Remove SSL_ERROR_WANT_WRITE handling 2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa b30f312a70 Honor SSL_read semantics 2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa c5cdb78a95 nghttpx: Add TLSv1.3 0-RTT early data support 2018-09-08 17:54:35 +09:00
Tatsuhiro Tsujikawa e959e7338e src: Refactor utos 2018-09-01 22:29:11 +09:00
Tatsuhiro Tsujikawa fb9a204de2 nghttpx: Fix compile error without mruby 2018-08-31 21:58:35 +09:00
Tatsuhiro Tsujikawa 7417fd71a4 nghttpx: Per-pattern not per-backend 2018-08-28 17:50:01 +09:00
Tatsuhiro Tsujikawa 45acc922eb clang-format 2018-08-27 21:34:18 +09:00
Tatsuhiro Tsujikawa 214d089910 Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master 2018-08-27 21:30:36 +09:00
Tatsuhiro Tsujikawa 31fd707d0c nghttpx: Fix broken healthmon frontend 2018-08-27 21:21:55 +09:00
Alexandros Konstantinakis-Karmis 9a2e38e058 fix code for reuse addr on asio client 2018-08-27 10:53:14 +03:00
Tatsuhiro Tsujikawa 6195d747ce nghttpx: Share mruby context if it is compiled from same file 2018-08-24 23:11:21 +09:00
Tatsuhiro Tsujikawa fb97f596e1 nghttpx: Allocate mruby file because fopen requires NULL terminated string 2018-08-24 23:08:15 +09:00
Tatsuhiro Tsujikawa 0ccc7a770d nghttpx: Move blocked request data to request buffer for API request 2018-08-24 23:07:43 +09:00
Tatsuhiro Tsujikawa 32826466f5 nghttpx: Fix crash with API request 2018-08-24 23:07:16 +09:00
Tatsuhiro Tsujikawa 0422f8a844 nghttpx: Fix worker process crash with neverbleed write error 2018-08-24 22:22:53 +09:00
Tatsuhiro Tsujikawa e329479a99
Merge pull request #1215 from nghttp2/mruby-per-backend
nghttpx: Support per-backend mruby script
2018-08-23 18:41:40 +09:00
Alexandros Konstantinakis-Karmis 866ac6ab27 add option reuse addr in local endpoint configuration of asio client 2018-08-23 18:19:10 +09:00
Tatsuhiro Tsujikawa b574ae6aa2 nghttpx: Support per-backend mruby script 2018-08-23 18:13:29 +09:00
Tatsuhiro Tsujikawa 32d7883c47 nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_ 2018-08-23 10:55:42 +09:00
Tatsuhiro Tsujikawa 9b24e19763 nghttpx: Choose h1 protocol if headers have been sent to backend on retry 2018-08-22 23:20:13 +09:00
Tatsuhiro Tsujikawa 9d5b781df6 Fix stream reset if data from client is arrived before dconn is attached 2018-08-22 22:32:25 +09:00
Alexandros Konstantinakis-Karmis c6d8c4013c support definition of local endpoint for cleartext client session 2018-08-02 16:18:23 +09:00
Tatsuhiro Tsujikawa 880f948684 Enable IndentPPDirectives 2018-06-09 16:21:30 +09:00
Tatsuhiro Tsujikawa fc94018b97 clang-format-6.0 2018-06-09 16:02:26 +09:00
Tatsuhiro Tsujikawa 388e785822 Fix typo 2018-06-03 13:10:32 +09:00
Tatsuhiro Tsujikawa 325612bcde nghttp: Receive ORIGIN frame 2018-05-12 12:35:08 +09:00
Tatsuhiro Tsujikawa 3e4f257b91 asio: Support client side SNI 2018-05-03 20:29:16 +09:00
Tatsuhiro Tsujikawa c65ca20a49 h2load: -r and --duration are mutually exclusive 2018-04-28 00:30:43 +09:00
Tatsuhiro Tsujikawa 009646421c Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER) 2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa 8d0b4544f8 libressl 2.7 has X509_VERIFY_PARAM_* 2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa d8a34131e1 libressl 2.7 has SSL_CTX_get0_certificate 2018-04-14 18:31:57 +09:00
Tatsuhiro Tsujikawa 5db17d0af9 Compile with libressl 2.7.2 2018-04-14 18:09:47 +09:00
Tatsuhiro Tsujikawa 1bf69b5662 Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API
LIBRESSL_LEGACY_API is drop-in replacement for LIBRESSL_IN_USE.  In
the upcoming commits, we will add changes to support libressl 2.7.
2018-04-14 18:09:47 +09:00
Tatsuhiro Tsujikawa e65e7711ca Add comment on #endif 2018-04-03 21:39:44 +09:00
Tatsuhiro Tsujikawa 636ef51b0f Fix compile error with -Wunused-function 2018-04-03 21:33:09 +09:00
Bernard Spil 400934e5a3 [PATCH] Allow building without NPN
NPN has been superseeded by ALPN. OpenSSL provides a configure
option to disable npn (no-npn) which results in an OpenSSL
installation that defines OPENSSL_NO_NEXTPROTONEG in opensslconf.h

The #ifdef's look safe here (as the next_proto is initialized as
nullptr). Alteratively, macros could be defined for the used npn
methods that return a 0 for next_proto.

Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2018-03-25 18:27:23 +02:00
Tatsuhiro Tsujikawa 45d76cf501 nghttpx: Close listening socket on graceful shutdown 2018-02-26 22:40:24 +09:00
Tatsuhiro Tsujikawa e70195ae91 nghttpx: Update doc 2018-02-22 16:12:38 +09:00
Tatsuhiro Tsujikawa eb951c2ce4 src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro 2018-02-12 16:22:47 +09:00
Tatsuhiro Tsujikawa 39f0ce7c25
Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
nghttpx: Add an option to accept expired client certificate
2018-02-10 16:00:43 +09:00
Tatsuhiro Tsujikawa e8af7afc65 nghttpx: Add an option to accept expired client certificate 2018-02-08 16:51:23 +09:00