Commit Graph

35 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa f0d2c9f94b Compile with BoringSSL
Compile with BoringSSL except for neverbleed and libnghttp2_asio.  The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL.  The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa 49ef571ecf nghttpx: Stop watchers in ConnectionHandler dtor 2015-09-29 00:45:31 +09:00
Tatsuhiro Tsujikawa 75ff04f87a nghttpx: Don't stop default loop of worker process on graceful shutdown
To keep ipc channel being read from worker process, default loop
should not be stopped.  To join all worker threads, now we use
dedicated thread to do this.  When all worker threads are joined,
ev_async_send sends message to default loop, and it is finally
stopped.
2015-09-29 00:40:33 +09:00
Tatsuhiro Tsujikawa 566b0476d7 nghttpx: Enable neverbleed for client private key; don't run nb without TLS 2015-09-26 21:28:46 +09:00
Tatsuhiro Tsujikawa 044385ab6e Add neverbleed support
neverbleed is disabled by default.  To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa c44587a70c nghttpx: Use _Exit when exiting from child process 2015-09-24 23:57:24 +09:00
Tatsuhiro Tsujikawa 389a96483a nghttpx: Fix improper signal handling 2015-09-24 23:43:24 +09:00
Tatsuhiro Tsujikawa da9e535c7a nghttpx: Log worker thread creating in NOTICE level 2015-09-18 23:35:25 +09:00
Tatsuhiro Tsujikawa 4ad00200a2 Merge branch 'master' into nghttpx-mruby 2015-09-04 22:22:06 +09:00
Tatsuhiro Tsujikawa 6b38f7e0d2 nghttpx: Fix crash with multi workers and QUIT signal 2015-09-04 22:21:10 +09:00
Tatsuhiro Tsujikawa d044c58558 nghttpx: Detect mruby presence and guard mruby related code with ifdef 2015-09-04 00:54:41 +09:00
Tatsuhiro Tsujikawa 1508c50a45 nghttpx: Add basic infrastructure for mruby support 2015-09-02 02:45:15 +09:00
Tatsuhiro Tsujikawa f1b163a32c nghttpx: Log notice level when TLS ticket key was retrieved from memcached 2015-07-28 02:19:14 +09:00
Tatsuhiro Tsujikawa 2f2a300e83 nghttpx: Add TLS ticket key sharing among nghttpx instances using memcached 2015-07-28 00:54:44 +09:00
Tatsuhiro Tsujikawa 04bd25d468 nghttpx: Simplify ticket handling between workers just using mutex 2015-07-23 23:13:29 +09:00
Tatsuhiro Tsujikawa 5dc060c1a2 src: Use C++11 value-initialization, instead of memset-ing 0 2015-07-19 17:55:37 +09:00
Tatsuhiro Tsujikawa 285c74c394 nghttpx: Fix crash with --http2-bridge and both frontend and backend TLS 2015-06-24 21:31:17 +09:00
Tatsuhiro Tsujikawa 39f89f4a60 src: Use user-defined literals for k, m, and g. 2015-06-21 14:32:47 +09:00
Tatsuhiro Tsujikawa 532bffdb01 nghttpx: Minimize critical section for shared ocsp response 2015-06-12 21:27:12 +09:00
Tatsuhiro Tsujikawa d4d7597efb nghttpx: Delete SSL_CTX on quit 2015-06-10 21:31:58 +09:00
Tatsuhiro Tsujikawa 38cfc5c47c Check more headers and funcs 2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa 889e705f35 nghttpx: Add logging for somewhat important events (logs, tickets, and ocsp) 2015-04-11 00:08:28 +09:00
Tatsuhiro Tsujikawa b873930802 nghttpx: Now ocsp works without threads 2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa bc53c81616 nghttpx: Replace posix_spawn functions with fork + dup2 + execve
Although posx_spawn is very convenient and useful, we have platform
which don't have these functions (e.g., Android NDK r10d).
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa d247470da2 nghttpx: Rewrite ocsp without thread
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa 1442b1bd0a nghttpx: Remove --tls-ctx-per-worker option
--tls-ctx-per-worker option does not work well of OCSP stapling.  Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
Tatsuhiro Tsujikawa 4bc9afe20a nghttpx: Add OCSP stapling feature 2015-03-30 23:58:28 +09:00
Tatsuhiro Tsujikawa 1c0d617742 nghttpx: Rename WorkerConfig as LogConfig
This is a sign that we only use thread-local storage for logging only.
2015-02-26 00:02:29 +09:00
Tatsuhiro Tsujikawa b161dfe573 nghttpx: Move graceful_shutdown flag from WorkerConfig to Worker
A part of an effort to eliminate thread_local WorkerConfig
2015-02-25 22:53:53 +09:00
Tatsuhiro Tsujikawa df32a534fc nghttpx: Rename ConnectionHandler::acceptor4_ as acceptor_
This change is motivated by that fact that we use it for UNIX domain
socket as well as IPv4.
2015-02-22 17:59:50 +09:00
Tatsuhiro Tsujikawa ae0100a9ab nghttpx: Refactor worker interface 2015-02-11 22:49:03 +09:00
Tatsuhiro Tsujikawa 54851ef7a6 src: Move make_unique to nghttp2 namespace 2015-02-06 00:15:43 +09:00
Tatsuhiro Tsujikawa 1e4f8f27fd nghttpx: Add --tls-ctx-per-worker option
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it.  We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine.  Good side of sharing SSL_CTX across threads is
we can share session ID pool.

If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks.  The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread.  But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
Tatsuhiro Tsujikawa 53604782e5 nghttpx: Clean up worker_event handling 2015-01-08 22:24:29 +09:00
Tatsuhiro Tsujikawa 0173929538 nghttpx: Rename ListenHandler as ConnectionHandler 2015-01-08 21:48:39 +09:00