9b03c64f68
nghttpx: Should postpone early data by default
2018-09-08 19:22:30 +09:00
b8eccec62d
nghttpx: Disable OpenSSL anti-replay
2018-09-08 19:10:59 +09:00
9f21258720
Specify SSL_CTX_set_max_early_data and add an option to change max value
2018-09-08 17:59:28 +09:00
47f6012407
nghttpx: Add an option to postpone early data processing
2018-09-08 17:57:21 +09:00
770e44de4d
Implement draft-ietf-httpbis-replay-02
...
nghttpx sends early-data header field when forwarding requests which
are received in TLSv1.3 early data, and the TLS handshake is still in
progress.
2018-09-08 17:54:35 +09:00
2ab319c137
Don't hide error code from openssl
2018-09-08 17:54:35 +09:00
3992302432
Remove SSL_ERROR_WANT_WRITE handling
2018-09-08 17:54:35 +09:00
b30f312a70
Honor SSL_read semantics
2018-09-08 17:54:35 +09:00
c5cdb78a95
nghttpx: Add TLSv1.3 0-RTT early data support
2018-09-08 17:54:35 +09:00
e959e7338e
src: Refactor utos
2018-09-01 22:29:11 +09:00
fb9a204de2
nghttpx: Fix compile error without mruby
2018-08-31 21:58:35 +09:00
7417fd71a4
nghttpx: Per-pattern not per-backend
2018-08-28 17:50:01 +09:00
45acc922eb
clang-format
2018-08-27 21:34:18 +09:00
214d089910
Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master
2018-08-27 21:30:36 +09:00
31fd707d0c
nghttpx: Fix broken healthmon frontend
2018-08-27 21:21:55 +09:00
9a2e38e058
fix code for reuse addr on asio client
2018-08-27 10:53:14 +03:00
6195d747ce
nghttpx: Share mruby context if it is compiled from same file
2018-08-24 23:11:21 +09:00
fb97f596e1
nghttpx: Allocate mruby file because fopen requires NULL terminated string
2018-08-24 23:08:15 +09:00
0ccc7a770d
nghttpx: Move blocked request data to request buffer for API request
2018-08-24 23:07:43 +09:00
32826466f5
nghttpx: Fix crash with API request
2018-08-24 23:07:16 +09:00
0422f8a844
nghttpx: Fix worker process crash with neverbleed write error
2018-08-24 22:22:53 +09:00
e329479a99
Merge pull request #1215 from nghttp2/mruby-per-backend
...
nghttpx: Support per-backend mruby script
2018-08-23 18:41:40 +09:00
866ac6ab27
add option reuse addr in local endpoint configuration of asio client
2018-08-23 18:19:10 +09:00
b574ae6aa2
nghttpx: Support per-backend mruby script
2018-08-23 18:13:29 +09:00
32d7883c47
nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_
2018-08-23 10:55:42 +09:00
9b24e19763
nghttpx: Choose h1 protocol if headers have been sent to backend on retry
2018-08-22 23:20:13 +09:00
9d5b781df6
Fix stream reset if data from client is arrived before dconn is attached
2018-08-22 22:32:25 +09:00
c6d8c4013c
support definition of local endpoint for cleartext client session
2018-08-02 16:18:23 +09:00
880f948684
Enable IndentPPDirectives
2018-06-09 16:21:30 +09:00
fc94018b97
clang-format-6.0
2018-06-09 16:02:26 +09:00
388e785822
Fix typo
2018-06-03 13:10:32 +09:00
325612bcde
nghttp: Receive ORIGIN frame
2018-05-12 12:35:08 +09:00
3e4f257b91
asio: Support client side SNI
2018-05-03 20:29:16 +09:00
c65ca20a49
h2load: -r and --duration are mutually exclusive
2018-04-28 00:30:43 +09:00
009646421c
Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER)
2018-04-14 18:31:57 +09:00
8d0b4544f8
libressl 2.7 has X509_VERIFY_PARAM_*
2018-04-14 18:31:57 +09:00
d8a34131e1
libressl 2.7 has SSL_CTX_get0_certificate
2018-04-14 18:31:57 +09:00
5db17d0af9
Compile with libressl 2.7.2
2018-04-14 18:09:47 +09:00
1bf69b5662
Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API
...
LIBRESSL_LEGACY_API is drop-in replacement for LIBRESSL_IN_USE. In
the upcoming commits, we will add changes to support libressl 2.7.
2018-04-14 18:09:47 +09:00
e65e7711ca
Add comment on #endif
2018-04-03 21:39:44 +09:00
636ef51b0f
Fix compile error with -Wunused-function
2018-04-03 21:33:09 +09:00
400934e5a3
[PATCH] Allow building without NPN
...
NPN has been superseeded by ALPN. OpenSSL provides a configure
option to disable npn (no-npn) which results in an OpenSSL
installation that defines OPENSSL_NO_NEXTPROTONEG in opensslconf.h
The #ifdef's look safe here (as the next_proto is initialized as
nullptr). Alteratively, macros could be defined for the used npn
methods that return a 0 for next_proto.
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2018-03-25 18:27:23 +02:00
45d76cf501
nghttpx: Close listening socket on graceful shutdown
2018-02-26 22:40:24 +09:00
e70195ae91
nghttpx: Update doc
2018-02-22 16:12:38 +09:00
eb951c2ce4
src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro
2018-02-12 16:22:47 +09:00
39f0ce7c25
Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
...
nghttpx: Add an option to accept expired client certificate
2018-02-10 16:00:43 +09:00
e8af7afc65
nghttpx: Add an option to accept expired client certificate
2018-02-08 16:51:23 +09:00
38abfd1863
nghttpx: Add mruby tls_client_not_before, and tls_client_not_after
2018-02-08 16:25:31 +09:00
ff3edc09ed
nghttpx: Fix potential memory leak
2018-02-03 18:21:42 +09:00
c1a496cf4e
nghttpx: Fix bug that h1 backend idle timeout expires sooner
2018-02-02 21:09:04 +09:00
e098a21132
mruby: Fix bug that response header is unexpectedly overwritten
...
The bug is the same bug fixed by
6deee2037d
2018-01-28 19:41:45 +09:00
6deee2037d
Fix #1119 : Stop overwrite of first header on mruby call to env.req.set_header(..)
2018-01-26 18:49:08 -08:00
5cc3d159e1
nghttpx: Add upgrade-scheme parameter to backend option
...
If "upgrade-scheme" parameter is present in backend option along with
"tls" paramter, HTTP/2 :scheme pseudo header field is changed to
"https" from "http" when forwarding a request to this particular
backend. This is a workaround for a server which requests "https"
scheme on HTTP/2 connection encrypted by TLS.
2018-01-08 18:08:01 +09:00
0fbb46edd6
Merge pull request #1101 from nghttp2/remember-pushed-links
...
nghttpx: Remember which resource is pushed
2018-01-04 23:15:35 +09:00
74754982f1
nghttpx: Fix missing ALPN validation (--npn-list)
...
This commit fixes the bug that ALPN validation does not occur when
ALPN list is not sent from client.
2018-01-04 22:43:47 +09:00
a31a2e3b2c
nghttpx: Remember which resource is pushed
...
Remember which resource is pushed in order to conform to the semantics
described in RFC 8297.
2018-01-04 22:35:22 +09:00
cfd926f09b
src: Define 103 status code
2017-12-20 19:30:55 +09:00
4d1139f653
Remove SPDY
2017-12-17 13:28:44 +09:00
48f574076c
nghttpx: Update doc
2017-12-16 00:13:27 +09:00
216f4dad83
nghttpx: Remove redundant check
2017-12-14 21:39:22 +09:00
a4e27d766b
Revert "nghttpx: Use an existing h2 backend connection as much as possible"
...
This reverts commit f507b5eee4
2017-12-14 21:34:04 +09:00
03f7ec0f60
nghttpx: Write API request body in temporary file
2017-12-03 16:19:57 +09:00
2056e812bd
nghttpx: Increase api-max-request-body
2017-12-02 13:49:42 +09:00
04348ff20e
Merge pull request #1081 from nghttp2/nghttpx-faster-parse-config
...
nghttpx: Faster configuration loading with lots of backends
2017-12-01 23:47:34 +09:00
1ebb6810a1
nghttpx: Faster configuration loading with lots of backends
2017-12-01 23:06:06 +09:00
a3ebeeafba
nghttpx: Fix crash with --backend-http-proxy-uri option
2017-12-01 22:28:16 +09:00
ff200bfcf3
clang-format-5.0
2017-11-23 14:19:12 +09:00
0028275d7b
nghttpx: Add affinity-cookie-secure parameter to backend option
2017-11-21 22:29:22 +09:00
194acb1f2c
src: Use nghttp2_error_callback2
2017-11-19 16:51:52 +09:00
73344ae9aa
nghttpx: Use plain hex string format for client serial
2017-11-17 00:04:23 +09:00
eca0a3025b
nghttpx: Add $tls_client_serial log variable
2017-11-16 22:53:54 +09:00
4720c5cb3d
nghttpx: Make client serial available in mruby script
2017-11-16 22:53:54 +09:00
cd55ab28ab
nghttpx: Add function to get serial number from certificate
2017-11-16 22:53:54 +09:00
22502182d0
Add tls_client_issuer_name log variable and expose it to mruby
2017-11-15 23:41:47 +09:00
f5ddd7f43b
nghttpx: Make initial_addr_idx_ unsigned
2017-11-04 17:30:56 +09:00
88abbce7e7
nghttpx: Fix compile error with gcc
2017-11-04 17:30:27 +09:00
16e9036568
nghttpx: Fix affinity retry
2017-11-04 17:13:45 +09:00
fa7945c627
nghttpx: Refactor
2017-11-04 15:55:25 +09:00
daca43f0dd
nghttpx: Fix stalled backend connection on retry
2017-11-04 15:46:08 +09:00
16bc11e670
nghttpx: Remove duplicated util::make_socket_nodelay
2017-11-04 13:00:17 +09:00
8c0ea56bb8
Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
...
nghttpx: Cookie based session affinity
2017-11-01 22:45:38 +09:00
549053710b
nghttpx: Refactor
2017-11-01 22:33:49 +09:00
be5c39a1cf
src: Add tests
2017-11-01 22:18:03 +09:00
b8fda6808b
nghttpx: Cookie based session affinity
2017-11-01 22:18:03 +09:00
539e27812b
nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
...
Also tls_client_fingerprint is renamed to
tls_client_fingerprint_sha256.
2017-10-31 21:41:40 +09:00
7008afd40e
nghttpx: Refactor get_x509_fingerprint to accept hash function
2017-10-31 21:28:16 +09:00
60baca27e4
nghttpx: Add more TLS related attributes to mruby Env object
...
The added attributes are:
* tls_cipher
* tls_protocol
* tls_session_id
* tls_session_reused
* alpn
2017-10-29 22:42:30 +09:00
cb376bcd80
nghttpx: Add client fingerprint and subject name to accesslog
2017-10-29 21:47:00 +09:00
f2b8edd1e2
nghttpx: Fix memory leak
2017-10-29 21:46:12 +09:00
c4f8afcfde
nghttpx: Get TLS info only when it is necessary when writing accesslog
2017-10-29 21:22:33 +09:00
9f80a82c1a
nghttpx: Add client fingerprint and subject name to mruby env
2017-10-29 19:54:42 +09:00
c573c80bd3
nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec
2017-10-29 19:47:39 +09:00
3cd6817e21
Fix typos
2017-10-29 16:54:21 +09:00
aaeeec8f1c
Fix typos
2017-10-28 22:25:42 +09:00
5119e82b93
src: Fix memory leak in unit test
2017-10-24 21:40:30 +09:00
3be5856c82
nghttpx: Fix unused function warnings
2017-10-24 21:40:30 +09:00
a319143901
nghttpx: Fix bug that header fields are missing in HTTP/1.0 response
2017-10-22 01:11:32 +09:00
f507b5eee4
nghttpx: Use an existing h2 backend connection as much as possible
...
h2load measurement reveals that this strategy is 3 times faster than
the previous implementations.
2017-10-19 21:15:08 +09:00
aaa0b858e4
Amend some macro comments
2017-10-14 11:50:16 +09:00
5fa1938691
clang-format
2017-10-14 11:45:41 +09:00
c2d9a1ed6f
Support for Windows / MinGW
2017-10-12 18:15:12 +02:00
8ffe389daa
h2load: Print out h2 header fields with --verbose option
2017-09-22 18:12:20 +09:00
2576855ded
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only
2017-09-21 21:42:56 +09:00
cc6f759190
src: Add static to constexpr char[]
2017-09-20 23:54:10 +09:00
323001238a
clang-format
2017-09-20 22:08:22 +09:00
91f062f873
src: Fix compile error
2017-09-20 22:08:08 +09:00
a170023f23
nghttpx: Verify OCSP response using trusted CA certificates
2017-09-01 21:35:38 +09:00
4be4c0cddc
Revert "nghttpx: Verify OCSP response using trusted CA certificates"
...
This reverts commit 59c78d5809
2017-08-30 22:27:02 +09:00
5996798a34
Fix OCSP related error when building with BoringSSL
...
BoringSSL has no "openssl/ocsp.h" nor most OCSP related APIs used in
shrpx_tls.cc. This commit add ifdefs to disable related code to allow
building nghttp2 with BoringSSL (again).
It's possible to use !defined(OPENSSL_IS_BORINGSSL), but since BoringSSL
defines OPENSSL_NO_OCSP which is more specific, I chose to go with the
latter one.
2017-08-24 11:56:46 -04:00
6fec532012
Merge pull request #998 from nghttp2/h2load-fix-timing-script-stall
...
Fix bug that timing script stalls with -m1
2017-08-24 21:17:43 +09:00
15713e0b7c
h2load: Ignore -n for timing-based mode instead of requiring -n=0
2017-08-23 20:35:01 +09:00
a6a561af47
Fix bug that timing script stalls with -m1
2017-08-23 20:10:23 +09:00
bcda1c2409
Fix assertion failure
2017-08-23 19:22:23 +09:00
afcd8d9ab1
clang-format
2017-08-23 19:19:00 +09:00
c9b1c91944
Fix compile error
2017-08-23 19:18:27 +09:00
5d9434eb09
Merge branch 'master' of https://github.com/sohamm17/nghttp2 into sohamm17-master
2017-08-23 19:16:40 +09:00
1a44b5d52a
Merge pull request #984 from nghttp2/h2load-reservoir-sampling
...
h2load: Reservoir sampling
2017-08-23 19:00:28 +09:00
af926fbe1f
Refactoring include directories for build as CMake subdirectory (add_subdirectory(nghttp2))
2017-08-16 21:28:12 +03:00
83039ae2d4
h2load: Reservoir sampling
2017-08-14 20:25:02 +09:00
4d76606fa2
Fix bug that forwarded for is not affected by proxy protocol
2017-08-09 22:44:14 +09:00
1baf7d34b3
Duration watcher and warmup watcher is initialised in Worker constructor. Statistic calculation is removed from duration watcher call_back, it's done in free_client.
2017-08-08 17:26:37 -04:00
c78159469a
Added a function to free a client from Worker's list of client, if the client is destroyed
2017-08-07 18:58:12 -04:00
b72ca0289c
formatting issue
2017-08-04 14:20:00 -04:00
46f670f8a2
concurrent connections are created in timing-based mode. Some safety asserts added.
2017-08-03 16:15:14 -04:00
4b44362b9f
minor style changes
2017-08-01 20:22:20 -04:00
d068a29798
removed unnecessary code
2017-08-01 19:51:47 -04:00
0836a51408
Handling requests starting in warm-up phase and ending in MAIN_DURATION
2017-08-01 18:29:00 -04:00
566cee8fe7
MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well.
2017-08-01 17:45:52 -04:00
e85698e131
MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well.
2017-08-01 17:45:18 -04:00
5f3c541c4c
enabled --duration option.
2017-07-28 17:31:13 -04:00
3c43e00d8a
Timing ( #1 )
...
* Adding timing-sensitive load test option in h2load.
* more checks added for parameters
* A worker thread can control its clients' warmup and main duration.
* Changed warmup to an enum variable.
* removed unnecessary call to ev_timer_stop
* assertion is done before starting main measurement phase
* phase variable is implemented only inside the Worker class
* enum to enum class
* else indentation corrected
* check added for timing-based test when duration CB is called explicitly
* New argument is introduced for timing-based benchmarking.
* styling corrections
* duration watcher initialization is pushed back into warmup timeout
* Warmup and Duration timer is moved to Worker instead of clients. Now both timers and phase belongs to the Workers.
* some client functions are modified to return if it's not main_duration phase. client is not destructed but sessions are terminated
* outputs are adjusted for thread.
* Needed to check if a session exist before terminating
* formatting
* more formatting
* formatting
2017-07-28 17:08:20 -04:00
1002c6da1c
src: Use llround instead of round
2017-07-12 23:23:47 +09:00
18dd20ce55
nghttp: Fix bug that upgrade fails if reason-phrase is missing
2017-06-28 01:01:39 +09:00
a18d154e0e
Merge pull request #943 from nghttp2/nghttpx-verify-ocsp-resp-with-cacerts
...
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-15 20:56:44 +09:00
59c78d5809
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-13 23:00:26 +09:00
be164fc8f9
nghttpx: Set default minimum TLS version to TLSv1.2
...
Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers. To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.
2017-06-12 23:54:12 +09:00
6ec7683991
nghttpx: Use nocopy version to send trailer headers to backend
...
It looks like we can use nocopy version here. We use nocopy version
in frontend in day 1.
2017-06-02 22:38:39 +09:00
8f7fa1b1bf
nghttpx: Fix crash in OCSP response verification
2017-05-30 23:52:38 +09:00
db7483ef10
Merge branch 'nghttpx-verify-ocsp'
2017-05-25 23:37:34 +09:00
74c2f1257a
nghttpx: Add --no-verify-ocsp to disable OCSP response verification
2017-05-25 23:14:58 +09:00
1428a5e3ae
nghttpx: Verify OCSP response
...
At least we should make sure that the OCSP response is targeted to the
expected certificate. This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ. Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
c57bf21306
src: memchunks: Don't use std::unique_ptr to avoid potential SO
2017-05-25 00:23:51 +09:00
8401e16a15
nghttpx: Fix compile error with gcc
2017-05-22 22:10:55 +09:00
07fb5854f3
nghttpx: Compile with openssl 1.0.2
2017-05-22 22:09:34 +09:00
796ab87b14
nghttpx: Fix certificate selection based on pub key algorithm
2017-05-21 11:12:47 +09:00
ed1fad3bd4
nghttpx: Call ERR_clear_error()
...
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
9c1876f542
nghttpx: Fix certificate indexing bug
2017-05-21 00:19:33 +09:00
7d111d9963
Merge pull request #923 from nghttp2/compile-with-disable-assert
...
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
1b442cb16f
Compile with --disable-assert
2017-05-18 23:10:44 +09:00
0d4f0f0db5
nghttpx: Run OCSP at startup
...
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish. It does not matter
some of the attempts fail. This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Tatsuhiro Tsujikawa
Alexandros Konstantinakis-Karmis
Bernard Spil
Dylan Plecki
Daniel Evers
Rick Lei
Dmitriy Vetutnev
Soham Sinha
Soham Sinha