Commit Graph

29 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 8741503db1 nghttpx: Add --no-http2-cipher-black-list to allow black listed cipher suite 2016-02-06 17:05:14 +09:00
Tatsuhiro Tsujikawa 85bb37ab7c Enable ConstructorInitializerAllOnOneLineOrOnePerLine for better diff 2016-01-27 21:14:07 +09:00
Tatsuhiro Tsujikawa 0402481be4 nghttpx: Organize connection related configuration into struct 2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa 0b2c139eaa clang-format-3.5 2015-10-25 17:04:54 +09:00
Lucas Pardue dcc9aaaa24 Add TLS dynamic record size behaviour command line options 2015-10-22 14:07:18 +00:00
Tatsuhiro Tsujikawa ed1e84fc0a nghttpx: Improve libssl error logging 2015-10-14 22:32:47 +09:00
Tatsuhiro Tsujikawa f0d2c9f94b Compile with BoringSSL
Compile with BoringSSL except for neverbleed and libnghttp2_asio.  The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL.  The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa 4aaf111c58 nghttpx: Fix assertion failure on TLS handshake 2015-09-15 23:24:30 +09:00
Tatsuhiro Tsujikawa d70eb14ce0 nghttpx: Drop connection before TLS finish if h2 requirement is not fulfilled 2015-08-31 23:30:40 +09:00
Tatsuhiro Tsujikawa 473311269d nghttpx: Drop connection if client TLS handshake packet is too large 2015-08-13 01:24:59 +09:00
Tatsuhiro Tsujikawa e91a576179 nghttpx: Rewrite TLS async handshake using memchunk buffers 2015-08-13 00:42:59 +09:00
Tatsuhiro Tsujikawa f8c30d0229 nghttpx: Fix heap-use-after-free 2015-08-12 21:14:18 +09:00
Tatsuhiro Tsujikawa 020e66b9da nghttpx: Start read watcher after handshake 2015-08-11 23:14:48 +09:00
Tatsuhiro Tsujikawa d2a63a88a0 nghttpx: Fix stall if read buffer has app data when handshake finished 2015-08-11 22:37:15 +09:00
Tatsuhiro Tsujikawa 8410f684fb nghttpx: Drop connection if client hello is too large 2015-08-10 00:29:43 +09:00
Tatsuhiro Tsujikawa ff44e211ed nghttpx: Fix tls handshake bug
This fixes 2 things:
1. potential busy loop
2. disabling ticket is not working after resumption
2015-08-09 18:33:49 +09:00
Tatsuhiro Tsujikawa 6446660113 nghttpx: Make record size timeout more durable to high load situation 2015-07-29 20:57:11 +09:00
Tatsuhiro Tsujikawa d0a37d59a5 nghttpx: Disable TLS session ticket if ticket key is not available 2015-07-29 20:38:49 +09:00
Tatsuhiro Tsujikawa 1708d2e69e nghttpx: Add doc 2015-07-27 02:14:52 +09:00
Tatsuhiro Tsujikawa 90b4b48c7e nghttpx: Add shared session cache using memcached 2015-07-26 23:33:06 +09:00
Tatsuhiro Tsujikawa afbb99ecf7 nghttpx: Enable session resumption on HTTP/2 backend 2015-07-24 23:40:27 +09:00
Tatsuhiro Tsujikawa 0479f833fc Revert "nghttpx: Remove last write/read fields for TLS"
This reverts commit 585af93828.
2015-05-15 22:20:15 +09:00
Tatsuhiro Tsujikawa 38cfc5c47c Check more headers and funcs 2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa d42f31ca78 nghttpx: Fix bug that data buffered in SSL object are not read
This is same issue described in https://github.com/h2o/h2o/issues/268.
That is if SSL object has decrypted data buffered inside it, and
application does not read it for some reason (e.g., rate limit), we
have to check the existence of data using SSL_pending.  This is
because buffered data inside SSL is not notified by io watcher.  It is
obvious, but we totally missed it.

nghttpx code normally reads everything until SSL_read returns error
(want-read).  But if rate limit is involved, we stop reading early.
Also in HTTP/1 code, while processing one request, we just read until
buffer is filled up.  In these cases, we may suffer from this problem.

This commit fixes this problem, by performing SSL_pending() and if it
has buffered data and read io watcher is enabled, we feed event using
ev_feed_event().
2015-04-06 22:31:36 +09:00
Tatsuhiro Tsujikawa 585af93828 nghttpx: Remove last write/read fields for TLS
It seems that we don't care about this since we don't change buffer
pointer between would-block write/read and next write/read.  Somehow
we decided we need these fields.  As a precaution, we set
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER in SSL_set_mode() for both server
and client contexts.
2015-03-10 00:11:11 +09:00
Tatsuhiro Tsujikawa c462093555 src: Use same convention for len parameter in TLS I/O with cleartext I/O 2015-02-11 23:22:53 +09:00
Tatsuhiro Tsujikawa 364772f508 src: Fix error reported by coverity scan 2015-02-11 23:20:13 +09:00
Tatsuhiro Tsujikawa 1216d7d912 nghttpx: Connection: Explicit assignment to double field 2015-02-05 21:26:55 +09:00
Tatsuhiro Tsujikawa b2fb888363 Share I/O code with all upstreams/downstream objects 2015-02-05 03:05:34 +09:00