Tatsuhiro Tsujikawa
6cfa885207
nghttpx: Remove unused lambda capture
2017-04-12 22:09:44 +09:00
Tatsuhiro Tsujikawa
e61ac4682e
Merge branch 'nghttpx-xfp-take2'
2017-04-09 16:02:53 +09:00
Tatsuhiro Tsujikawa
4d10dce61d
nghttpx: Only send SCT for leaf certificate
2017-04-09 14:38:18 +09:00
Tatsuhiro Tsujikawa
2d9fd87029
nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3
2017-04-09 14:11:49 +09:00
Tatsuhiro Tsujikawa
cc9190ab37
nghttpx: Add options for X-Forwarded-Proto header field
...
This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --no-add-x-forwarded-proto option makes nghttpx not to
append X-Forwarded-Proto value. The
--no-strip-incoming-x-forwarded-proto option prevents nghttpx from
stripping the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit preserves this behaviour, and adds
additional knobs.
2017-04-08 18:46:36 +09:00
Tatsuhiro Tsujikawa
980570de71
Revert "nghttpx: Add options for X-Forwarded-Proto header field"
...
This reverts commit 8c0b2c684a
.
2017-04-08 18:37:54 +09:00
Tatsuhiro Tsujikawa
46ccc4332c
nghttpx: Fix bug that 204 from h1 backend is always treated as error
2017-04-07 21:45:13 +09:00
Tatsuhiro Tsujikawa
4e6bd54dd1
Merge branch 'nghttpx-single-process'
2017-04-06 20:18:33 +09:00
Tatsuhiro Tsujikawa
5c9f46a6b0
Merge branch 'nghttp-verify-server-certificate'
2017-04-06 20:17:29 +09:00
Tatsuhiro Tsujikawa
223e971c7e
nghttpx: Add --single-process option
...
With --single-process option, nghttpx will run in a single process
mode where master and worker are unified into one process. nghttpx
still spawns additional process for neverbleed. In the single process
mode, signal handling is disabled.
2017-04-06 20:02:57 +09:00
Tatsuhiro Tsujikawa
8c0b2c684a
nghttpx: Add options for X-Forwarded-Proto header field
...
This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --add-x-forwarded-proto option makes nghttpx append
X-Forwarded-Proto value. The --strip-incoming-x-forwarded-proto
option makes nghttpx to strip the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit changes this behaviour. Now nghttpx
does not strip, and append X-Forwarded-Proto header field by default.
The X-Forwarded-For, and Forwarded header fields are also handled in
the same way. To recover the old behaviour, use
--add-x-forwarded-proto and --strip-incoming-x-forwarded-proto
options.
2017-04-06 19:17:36 +09:00
Tatsuhiro Tsujikawa
7ae0b2dc09
nghttp: Verify server certificate and show warning if it fails
2017-04-01 17:49:57 +09:00
Tatsuhiro Tsujikawa
058122b804
nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
...
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa
69f63c529d
src: Rename ssl.{h,cc} as tls.{h,cc}
...
nghttp2::ssl namespace was also renamed as nghttp2::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa
e17a6b29b6
nghttpx: Use 502 as server error code
2017-04-01 14:04:55 +09:00
Tatsuhiro Tsujikawa
b12c2a13c0
nghttpx: Fail handshake if server certificate verification fails
...
Previously, we drop connection if server certificate verification
fails after handshake. With this commit, we fail handshake if that
happens.
2017-04-01 13:41:41 +09:00
Tatsuhiro Tsujikawa
236c835abc
nghttpx: Don't enable SSL_MODE_AUTO_RETRY since we do non-blocking I/O
2017-04-01 12:05:07 +09:00
Tatsuhiro Tsujikawa
ad338bfa44
asio: Fix crash if connect takes longer time than ping interval
2017-03-31 21:17:57 +09:00
Tatsuhiro Tsujikawa
a899522679
asio: Fix compile error
2017-03-31 21:14:08 +09:00
Tatsuhiro Tsujikawa
b9b58c781e
nghttpx: Avoid extra TLS handshake calls
2017-03-30 22:23:55 +09:00
Tatsuhiro Tsujikawa
aa1eec4642
nghttpx: Cache client side session inside openssl callback
2017-03-30 21:07:58 +09:00
Tatsuhiro Tsujikawa
0c8d9469ea
nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
2017-03-27 23:58:49 +09:00
Tatsuhiro Tsujikawa
079e1bdffc
Revert "nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl"
...
This reverts commit b4337d1b54
.
2017-03-27 23:47:24 +09:00
Tatsuhiro Tsujikawa
b4337d1b54
nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
2017-03-27 23:29:28 +09:00
Tatsuhiro Tsujikawa
dbe287ff5e
nghttpx: Print version number with -v option
2017-03-27 22:49:53 +09:00
Tatsuhiro Tsujikawa
041531458b
Merge pull request #858 from nghttp2/nghttpx-ai-addrconfig
...
nghttpx: Retry getaddrinfo without AI_ADDRCONFIG
2017-03-27 22:37:07 +09:00
Tatsuhiro Tsujikawa
1374bb81fd
nghttpx: Enable X25519 with boringssl
2017-03-27 21:18:44 +09:00
Tatsuhiro Tsujikawa
f41ac103d3
nghttpx: Retry getaddrinfo without AI_ADDRCONFIG
2017-03-27 00:20:42 +09:00
Tatsuhiro Tsujikawa
f6301714db
nghttpx: Avoid copy of std::mt19937 which is huge
2017-03-26 21:14:34 +09:00
Tatsuhiro Tsujikawa
7dc39b1ee9
nghttpx: Failing to listen on server socket is fatal error
2017-03-26 11:04:45 +09:00
Tatsuhiro Tsujikawa
696a7ce407
Merge pull request #856 from nghttp2/escape-access-log
...
Escape access log
2017-03-25 23:36:02 +09:00
Tatsuhiro Tsujikawa
99122ee7bb
nghttpx: Find illegal character in path for SPDY CONNECT method
2017-03-25 19:18:35 +09:00
Tatsuhiro Tsujikawa
19ee7ec794
nghttpx: Escape certain characters in access log
...
The certain characters coming from client are now escaped with "\xNN"
where NN is the ascii code of the character in hex notation.
2017-03-25 19:17:24 +09:00
Piotr Sikora
cd9ec0d20f
src: BoringSSL supports SSL_CTX_set_{min,max}_proto_version.
...
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-23 19:26:49 -07:00
Tatsuhiro Tsujikawa
e77883e980
nghttpx: Fix typo
2017-03-22 22:53:46 +09:00
Tatsuhiro Tsujikawa
0994c92550
nghttpx: Don't cache session server side if TLS version is 1.3
2017-03-22 21:34:13 +09:00
Tatsuhiro Tsujikawa
465c7208cc
nghttpx: Don't look up session ID if length is 0
2017-03-22 21:33:31 +09:00
Tatsuhiro Tsujikawa
b7e7a4bf26
asio: client: Send PING after 30 seconds idle
2017-03-20 18:37:56 +09:00
Tatsuhiro Tsujikawa
c7df65309b
nghttpx: Ignore further input if connection is going to close
2017-03-19 13:24:12 +09:00
Tatsuhiro Tsujikawa
26900262f3
Revert "nghttpx: Attempt to avoid TCP RST on socket closure on Linux"
...
This reverts commit f69b52b1aa
.
2017-03-18 22:43:30 +09:00
Tatsuhiro Tsujikawa
9b5ce36368
nghttpx: Reset write timer on write
2017-03-18 21:33:00 +09:00
Tatsuhiro Tsujikawa
f69b52b1aa
nghttpx: Attempt to avoid TCP RST on socket closure on Linux
2017-03-18 00:59:26 +09:00
Tatsuhiro Tsujikawa
1e1d908c12
nghttpx: Eliminate global std::random_device
2017-03-17 22:25:10 +09:00
Tatsuhiro Tsujikawa
6c69d675da
nghttpx: Should take reference
2017-03-17 22:24:32 +09:00
Tatsuhiro Tsujikawa
feabd6f739
nghttpx: Delete unused delete_bio_method
2017-03-15 23:37:39 +09:00
Tatsuhiro Tsujikawa
1ea590c364
nghttpx: Return new BIO_METHOD object with OpenSSL < 1.1.0
2017-03-15 23:36:38 +09:00
Tatsuhiro Tsujikawa
b21779e685
nghttpx: Use raw pointer for apis
2017-03-15 23:33:07 +09:00
Tatsuhiro Tsujikawa
12a4e7c3a2
src: Use raw pointer for ssl_global_locks
2017-03-15 23:24:28 +09:00
Tatsuhiro Tsujikawa
799a76de74
nghttpx: Lesser usage of DIE
2017-03-15 23:14:07 +09:00
Tatsuhiro Tsujikawa
b1fee8ff63
nghttpx: Use raw pointer for config
2017-03-15 23:13:14 +09:00