Tatsuhiro Tsujikawa
74c2f1257a
nghttpx: Add --no-verify-ocsp to disable OCSP response verification
2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa
1428a5e3ae
nghttpx: Verify OCSP response
...
At least we should make sure that the OCSP response is targeted to the
expected certificate. This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ. Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
Tatsuhiro Tsujikawa
7f31278c4c
Update doc
2017-05-22 22:53:49 +09:00
Tatsuhiro Tsujikawa
8401e16a15
nghttpx: Fix compile error with gcc
2017-05-22 22:10:55 +09:00
Tatsuhiro Tsujikawa
07fb5854f3
nghttpx: Compile with openssl 1.0.2
2017-05-22 22:09:34 +09:00
Tatsuhiro Tsujikawa
b56a99bfba
Update bash_completion
2017-05-21 11:43:00 +09:00
Tatsuhiro Tsujikawa
b91e4e4df1
Update manual pages
2017-05-21 11:42:46 +09:00
Tatsuhiro Tsujikawa
52a4d6ac31
Merge branch 'nghttpx-fix-cert-selection'
2017-05-21 11:26:12 +09:00
Tatsuhiro Tsujikawa
796ab87b14
nghttpx: Fix certificate selection based on pub key algorithm
2017-05-21 11:12:47 +09:00
Tatsuhiro Tsujikawa
ed1fad3bd4
nghttpx: Call ERR_clear_error()
...
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
Tatsuhiro Tsujikawa
9c1876f542
nghttpx: Fix certificate indexing bug
2017-05-21 00:19:33 +09:00
Tatsuhiro Tsujikawa
7d111d9963
Merge pull request #923 from nghttp2/compile-with-disable-assert
...
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
Tatsuhiro Tsujikawa
8c2ce0cf3f
Merge pull request #922 from nghttp2/nghttpx-ocsp-startup
...
nghttpx: Run OCSP at startup
2017-05-18 23:49:23 +09:00
Tatsuhiro Tsujikawa
1b442cb16f
Compile with --disable-assert
2017-05-18 23:10:44 +09:00
Tatsuhiro Tsujikawa
2bf3680d87
Merge pull request #919 from projectgus/fix_ndebug_compile
...
nghttp2_session: Allow for compiling library with -DNDEBUG set
2017-05-18 22:37:51 +09:00
Tatsuhiro Tsujikawa
0d4f0f0db5
nghttpx: Run OCSP at startup
...
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish. It does not matter
some of the attempts fail. This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Angus Gratton
e17ff8fd32
nghttp2_session: Allow for compiling library with -DNDEBUG set
2017-05-17 14:43:06 +10:00
Tatsuhiro Tsujikawa
14edd12304
nghttpx: Refactor the code for the anti-replay
2017-05-14 17:45:35 +09:00
Tatsuhiro Tsujikawa
e6ffdb23a4
nghttpx: Share session_cache_ssl_ctx across threads
2017-05-14 17:43:11 +09:00
Tatsuhiro Tsujikawa
98fdedac06
Merge pull request #917 from Tapanito/patch-1
...
Update docs
2017-05-13 10:27:22 +09:00
Tapanito
255037264a
updated docs
2017-05-12 16:35:44 +01:00
Tatsuhiro Tsujikawa
d3fcbe9a02
Merge branch 'invalid-header-field-error'
2017-05-12 21:37:20 +09:00
Tatsuhiro Tsujikawa
bcdd588c6e
Merge branch 'nghttpx-wildcard-path-match'
2017-05-11 23:50:56 +09:00
Tatsuhiro Tsujikawa
b5007d45f7
nghttpx: Wildcard path matching
...
This commit adds wildcard path matching. If path pattern given in
backend option ends with "*", it is considered as wildcard path. "*"
must match at least one character. All paths which include wildcard
path without last "*" as prefix, and are strictly longer than wildcard
path without last "*" are matched.
2017-05-11 22:15:28 +09:00
Tatsuhiro Tsujikawa
a584cf5a4f
Use clang-format-4.0
2017-04-30 15:45:53 +09:00
Tatsuhiro Tsujikawa
77f7a2fa7f
Update doc
2017-04-29 22:21:21 +09:00
Tatsuhiro Tsujikawa
f2c539dc70
Clarify the effect of nghttp2_option_set_no_http_messaging
2017-04-29 21:00:20 +09:00
Tatsuhiro Tsujikawa
78d7160a99
Treat incoming invalid regular header field as stream error
...
Previously, the incoming invalid regular header field was ignored by
default. With this commit, they are now treated as stream error, and
the stream is reset by default. The error code used is now
PROTOCOL_ERROR, instead of INTERNAL_ERROR.
2017-04-28 23:46:06 +09:00
Tatsuhiro Tsujikawa
196673bbce
nghttp: Remove unused short option 'g'
2017-04-28 22:39:12 +09:00
Tatsuhiro Tsujikawa
794d13082c
Merge branch 'nghttp-no-verify-peer'
2017-04-28 22:36:23 +09:00
Tatsuhiro Tsujikawa
5f5cf4107e
nghttpx: Reseve rcbufs_
2017-04-28 22:31:09 +09:00
Tatsuhiro Tsujikawa
6f3ec54b9f
nghttp: Add -y, --no-verify-peer option to suppress peer verify warn
2017-04-28 09:53:37 +09:00
Tatsuhiro Tsujikawa
58043a6b04
nghttpx: Guard the presence of TLS1_3_VERSION
2017-04-27 23:13:15 +09:00
Tatsuhiro Tsujikawa
a885315ef5
Merge branch 'nghttpx-unrecognized-sni'
2017-04-27 22:57:54 +09:00
Tatsuhiro Tsujikawa
d7581525ac
nghttpx: Update TLSv1.3 TLS record overhead
2017-04-27 22:57:06 +09:00
Tatsuhiro Tsujikawa
385068eb91
Merge branch 'altsvc-invalid-callback'
2017-04-27 22:35:25 +09:00
Tatsuhiro Tsujikawa
1085f68018
nghttpx: Return SSL_TLSEXT_ERR_NOACK if server name is not recognized
...
With this commit, SSL_TLSEXT_ERR_NOACK is returned from
servername_callback, which removes server_name extension from
ServerHello. CertLookupTree is now used even if the number of server
certificate is one. It is better to exercise it regularly.
2017-04-27 22:25:58 +09:00
Tatsuhiro Tsujikawa
21af775ce0
Call nghttp2_on_invalid_frame_callback if altsvc validation fails
2017-04-27 18:53:43 +09:00
Tatsuhiro Tsujikawa
bf16fee6e9
Merge pull request #903 from nghttp2/nghttpx-forward-multiple-header-fields
...
nghttpx: Forward multiple via, xff, and xfp header fields
2017-04-26 22:32:33 +09:00
Tatsuhiro Tsujikawa
2358a2137a
Refactor predicate functions
2017-04-26 22:31:43 +09:00
Tatsuhiro Tsujikawa
66baa7dc25
Estimate header block size after predicate function succeeds
2017-04-26 22:15:53 +09:00
Tatsuhiro Tsujikawa
d63b4c1034
nghttpx: Forward multiple via, xff, and xfp header fields
...
Previously, for Via, X-Forwarded-For, and X-Forwarded-Proto header
field, nghttpx only forwarded the last header field of each. With
this commit, nghttpx forwards all of them if it is configured to do
so.
2017-04-26 21:23:13 +09:00
Tatsuhiro Tsujikawa
963e220a1c
Bump up version number to 1.23.0-DEV
2017-04-24 22:34:13 +09:00
Tatsuhiro Tsujikawa
2f146e4d4c
Update manual pages
2017-04-24 21:41:15 +09:00
Tatsuhiro Tsujikawa
f796eede5a
Bump up version number to 1.22.0, LT revision to 27:2:13
2017-04-24 21:32:18 +09:00
Tatsuhiro Tsujikawa
c89453be95
Update AUTHORS
2017-04-24 21:29:12 +09:00
Tatsuhiro Tsujikawa
c3f5f5ca36
nghttpx: Clarify --conf option behaviour
2017-04-20 22:25:38 +09:00
Tatsuhiro Tsujikawa
911d12f7c4
nghttpx: Add log when loading configuration file
2017-04-20 22:22:29 +09:00
Tatsuhiro Tsujikawa
34d3c45d35
Update manual pages
2017-04-19 23:03:08 +09:00
Tatsuhiro Tsujikawa
17614312e0
Merge pull request #892 from nghttp2/nghttpx-sni-fwd
...
nghttpx: SNI based backend server selection
2017-04-19 21:22:15 +09:00