Tatsuhiro Tsujikawa
1002c6da1c
src: Use llround instead of round
2017-07-12 23:23:47 +09:00
Tatsuhiro Tsujikawa
0911337689
Bump up version number to 1.25.0-DEV
2017-07-02 17:51:24 +09:00
Tatsuhiro Tsujikawa
3bcc416e13
Update manual pages
2017-07-02 13:40:21 +09:00
Tatsuhiro Tsujikawa
65837806f5
Bump up version number to 1.24.0
2017-07-02 13:37:53 +09:00
Tatsuhiro Tsujikawa
b0772dcc66
Update AUTHORS
2017-07-02 13:31:47 +09:00
Tatsuhiro Tsujikawa
c6d65aad3b
Merge branch 'nghttp-not-upgrade-without-reason-phrase'
2017-06-28 21:36:13 +09:00
Tatsuhiro Tsujikawa
18dd20ce55
nghttp: Fix bug that upgrade fails if reason-phrase is missing
2017-06-28 01:01:39 +09:00
Tatsuhiro Tsujikawa
0f6d76a501
Merge pull request #947 from bassosimone/patch-1
...
README.rst: fix typo
2017-06-23 00:33:00 +09:00
Simone Basso
0f1320109f
README.rst: fix typo
2017-06-22 17:03:05 +02:00
Tatsuhiro Tsujikawa
defa28c618
Merge pull request #945 from benjaminp/trailer-grammar
...
fix up grammar in submit_trailer docs
2017-06-20 00:35:46 +09:00
Benjamin Peterson
b7c95be47c
fix up grammar in submit_trailer docs
2017-06-18 23:55:53 -07:00
Tatsuhiro Tsujikawa
a18d154e0e
Merge pull request #943 from nghttp2/nghttpx-verify-ocsp-resp-with-cacerts
...
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-15 20:56:44 +09:00
Tatsuhiro Tsujikawa
52195a12ee
Merge pull request #941 from nghttp2/nghttpx-tls-min-proto
...
nghttpx: Set default minimum TLS version to TLSv1.2
2017-06-13 23:01:54 +09:00
Tatsuhiro Tsujikawa
59c78d5809
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-13 23:00:26 +09:00
Tatsuhiro Tsujikawa
be164fc8f9
nghttpx: Set default minimum TLS version to TLSv1.2
...
Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers. To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.
2017-06-12 23:54:12 +09:00
Tatsuhiro Tsujikawa
5833ef1efc
Merge pull request #938 from benjaminp/fix-clean
...
fix cleaning in out-of-tree builds
2017-06-12 00:21:10 +09:00
Benjamin Peterson
28f88d46f3
fix cleaning in out-of-tree builds
...
The altered previously failed if the rst sources hadn't been copied over.
2017-06-11 00:03:36 -07:00
Tatsuhiro Tsujikawa
6ec7683991
nghttpx: Use nocopy version to send trailer headers to backend
...
It looks like we can use nocopy version here. We use nocopy version
in frontend in day 1.
2017-06-02 22:38:39 +09:00
Tatsuhiro Tsujikawa
fb2d8f79d6
Update doc
2017-06-02 22:22:44 +09:00
Tatsuhiro Tsujikawa
8f7fa1b1bf
nghttpx: Fix crash in OCSP response verification
2017-05-30 23:52:38 +09:00
Tatsuhiro Tsujikawa
e5889ce622
Bump up version number to 1.24.0-DEV
2017-05-26 23:07:50 +09:00
Tatsuhiro Tsujikawa
3a6f83394c
Update bash_completion
2017-05-26 22:17:10 +09:00
Tatsuhiro Tsujikawa
acf36f3d1a
Update manual pages
2017-05-26 22:16:51 +09:00
Tatsuhiro Tsujikawa
63e6a8bab2
Bump up version number to 1.23.0, LT revision to 27:3:13
2017-05-26 21:37:28 +09:00
Tatsuhiro Tsujikawa
5361cc6bd1
Update authors
2017-05-26 21:34:43 +09:00
Tatsuhiro Tsujikawa
cabac55394
Merge pull request #925 from sohamm17/patch-1
...
spelling mistake in arguments to build nghttp apps
2017-05-25 23:38:54 +09:00
Tatsuhiro Tsujikawa
db7483ef10
Merge branch 'nghttpx-verify-ocsp'
2017-05-25 23:37:34 +09:00
Tatsuhiro Tsujikawa
4b51ccbefe
examples: Attempt to fix OpenSSL link error
2017-05-25 23:24:44 +09:00
Tatsuhiro Tsujikawa
74c2f1257a
nghttpx: Add --no-verify-ocsp to disable OCSP response verification
2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa
1428a5e3ae
nghttpx: Verify OCSP response
...
At least we should make sure that the OCSP response is targeted to the
expected certificate. This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ. Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
Tatsuhiro Tsujikawa
fe021c1524
Merge branch 'memchunk-no-unique-ptr'
2017-05-25 00:53:13 +09:00
Tatsuhiro Tsujikawa
c57bf21306
src: memchunks: Don't use std::unique_ptr to avoid potential SO
2017-05-25 00:23:51 +09:00
Soham Sinha
1743b7d92d
spelling mistake in arguments to build nghttp apps
2017-05-22 17:20:30 -04:00
Tatsuhiro Tsujikawa
7f31278c4c
Update doc
2017-05-22 22:53:49 +09:00
Tatsuhiro Tsujikawa
8401e16a15
nghttpx: Fix compile error with gcc
2017-05-22 22:10:55 +09:00
Tatsuhiro Tsujikawa
07fb5854f3
nghttpx: Compile with openssl 1.0.2
2017-05-22 22:09:34 +09:00
Tatsuhiro Tsujikawa
b56a99bfba
Update bash_completion
2017-05-21 11:43:00 +09:00
Tatsuhiro Tsujikawa
b91e4e4df1
Update manual pages
2017-05-21 11:42:46 +09:00
Tatsuhiro Tsujikawa
52a4d6ac31
Merge branch 'nghttpx-fix-cert-selection'
2017-05-21 11:26:12 +09:00
Tatsuhiro Tsujikawa
796ab87b14
nghttpx: Fix certificate selection based on pub key algorithm
2017-05-21 11:12:47 +09:00
Tatsuhiro Tsujikawa
ed1fad3bd4
nghttpx: Call ERR_clear_error()
...
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
Tatsuhiro Tsujikawa
9c1876f542
nghttpx: Fix certificate indexing bug
2017-05-21 00:19:33 +09:00
Tatsuhiro Tsujikawa
7d111d9963
Merge pull request #923 from nghttp2/compile-with-disable-assert
...
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
Tatsuhiro Tsujikawa
8c2ce0cf3f
Merge pull request #922 from nghttp2/nghttpx-ocsp-startup
...
nghttpx: Run OCSP at startup
2017-05-18 23:49:23 +09:00
Tatsuhiro Tsujikawa
1b442cb16f
Compile with --disable-assert
2017-05-18 23:10:44 +09:00
Tatsuhiro Tsujikawa
2bf3680d87
Merge pull request #919 from projectgus/fix_ndebug_compile
...
nghttp2_session: Allow for compiling library with -DNDEBUG set
2017-05-18 22:37:51 +09:00
Tatsuhiro Tsujikawa
0d4f0f0db5
nghttpx: Run OCSP at startup
...
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish. It does not matter
some of the attempts fail. This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Angus Gratton
e17ff8fd32
nghttp2_session: Allow for compiling library with -DNDEBUG set
2017-05-17 14:43:06 +10:00
Tatsuhiro Tsujikawa
14edd12304
nghttpx: Refactor the code for the anti-replay
2017-05-14 17:45:35 +09:00
Tatsuhiro Tsujikawa
e6ffdb23a4
nghttpx: Share session_cache_ssl_ctx across threads
2017-05-14 17:43:11 +09:00