Tatsuhiro Tsujikawa
f0d2c9f94b
Compile with BoringSSL
...
Compile with BoringSSL except for neverbleed and libnghttp2_asio. The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL. The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa
49ef571ecf
nghttpx: Stop watchers in ConnectionHandler dtor
2015-09-29 00:45:31 +09:00
Tatsuhiro Tsujikawa
75ff04f87a
nghttpx: Don't stop default loop of worker process on graceful shutdown
...
To keep ipc channel being read from worker process, default loop
should not be stopped. To join all worker threads, now we use
dedicated thread to do this. When all worker threads are joined,
ev_async_send sends message to default loop, and it is finally
stopped.
2015-09-29 00:40:33 +09:00
Tatsuhiro Tsujikawa
566b0476d7
nghttpx: Enable neverbleed for client private key; don't run nb without TLS
2015-09-26 21:28:46 +09:00
Tatsuhiro Tsujikawa
044385ab6e
Add neverbleed support
...
neverbleed is disabled by default. To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa
c44587a70c
nghttpx: Use _Exit when exiting from child process
2015-09-24 23:57:24 +09:00
Tatsuhiro Tsujikawa
389a96483a
nghttpx: Fix improper signal handling
2015-09-24 23:43:24 +09:00
Tatsuhiro Tsujikawa
da9e535c7a
nghttpx: Log worker thread creating in NOTICE level
2015-09-18 23:35:25 +09:00
Tatsuhiro Tsujikawa
4ad00200a2
Merge branch 'master' into nghttpx-mruby
2015-09-04 22:22:06 +09:00
Tatsuhiro Tsujikawa
6b38f7e0d2
nghttpx: Fix crash with multi workers and QUIT signal
2015-09-04 22:21:10 +09:00
Tatsuhiro Tsujikawa
d044c58558
nghttpx: Detect mruby presence and guard mruby related code with ifdef
2015-09-04 00:54:41 +09:00
Tatsuhiro Tsujikawa
1508c50a45
nghttpx: Add basic infrastructure for mruby support
2015-09-02 02:45:15 +09:00
Tatsuhiro Tsujikawa
f1b163a32c
nghttpx: Log notice level when TLS ticket key was retrieved from memcached
2015-07-28 02:19:14 +09:00
Tatsuhiro Tsujikawa
2f2a300e83
nghttpx: Add TLS ticket key sharing among nghttpx instances using memcached
2015-07-28 00:54:44 +09:00
Tatsuhiro Tsujikawa
04bd25d468
nghttpx: Simplify ticket handling between workers just using mutex
2015-07-23 23:13:29 +09:00
Tatsuhiro Tsujikawa
5dc060c1a2
src: Use C++11 value-initialization, instead of memset-ing 0
2015-07-19 17:55:37 +09:00
Tatsuhiro Tsujikawa
285c74c394
nghttpx: Fix crash with --http2-bridge and both frontend and backend TLS
2015-06-24 21:31:17 +09:00
Tatsuhiro Tsujikawa
39f89f4a60
src: Use user-defined literals for k, m, and g.
2015-06-21 14:32:47 +09:00
Tatsuhiro Tsujikawa
532bffdb01
nghttpx: Minimize critical section for shared ocsp response
2015-06-12 21:27:12 +09:00
Tatsuhiro Tsujikawa
d4d7597efb
nghttpx: Delete SSL_CTX on quit
2015-06-10 21:31:58 +09:00
Tatsuhiro Tsujikawa
38cfc5c47c
Check more headers and funcs
2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa
889e705f35
nghttpx: Add logging for somewhat important events (logs, tickets, and ocsp)
2015-04-11 00:08:28 +09:00
Tatsuhiro Tsujikawa
b873930802
nghttpx: Now ocsp works without threads
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa
bc53c81616
nghttpx: Replace posix_spawn functions with fork + dup2 + execve
...
Although posx_spawn is very convenient and useful, we have platform
which don't have these functions (e.g., Android NDK r10d).
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa
d247470da2
nghttpx: Rewrite ocsp without thread
...
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa
1442b1bd0a
nghttpx: Remove --tls-ctx-per-worker option
...
--tls-ctx-per-worker option does not work well of OCSP stapling. Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
Tatsuhiro Tsujikawa
4bc9afe20a
nghttpx: Add OCSP stapling feature
2015-03-30 23:58:28 +09:00
Tatsuhiro Tsujikawa
1c0d617742
nghttpx: Rename WorkerConfig as LogConfig
...
This is a sign that we only use thread-local storage for logging only.
2015-02-26 00:02:29 +09:00
Tatsuhiro Tsujikawa
b161dfe573
nghttpx: Move graceful_shutdown flag from WorkerConfig to Worker
...
A part of an effort to eliminate thread_local WorkerConfig
2015-02-25 22:53:53 +09:00
Tatsuhiro Tsujikawa
df32a534fc
nghttpx: Rename ConnectionHandler::acceptor4_ as acceptor_
...
This change is motivated by that fact that we use it for UNIX domain
socket as well as IPv4.
2015-02-22 17:59:50 +09:00
Tatsuhiro Tsujikawa
ae0100a9ab
nghttpx: Refactor worker interface
2015-02-11 22:49:03 +09:00
Tatsuhiro Tsujikawa
54851ef7a6
src: Move make_unique to nghttp2 namespace
2015-02-06 00:15:43 +09:00
Tatsuhiro Tsujikawa
1e4f8f27fd
nghttpx: Add --tls-ctx-per-worker option
...
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it. We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine. Good side of sharing SSL_CTX across threads is
we can share session ID pool.
If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks. The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread. But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
Tatsuhiro Tsujikawa
53604782e5
nghttpx: Clean up worker_event handling
2015-01-08 22:24:29 +09:00
Tatsuhiro Tsujikawa
0173929538
nghttpx: Rename ListenHandler as ConnectionHandler
2015-01-08 21:48:39 +09:00