Tatsuhiro Tsujikawa
168c5ac5b3
HttpServer: Code cleanup
2013-08-06 00:07:51 +09:00
Tatsuhiro Tsujikawa
fadbdbae0b
nghttp: Add -p option to specify stream priority
2013-08-04 18:55:26 +09:00
Tatsuhiro Tsujikawa
2a311b3102
src: Print flags in DATA
2013-08-04 18:44:11 +09:00
Tatsuhiro Tsujikawa
690349009d
nghttp: Call on_read() to process all data in buffer after upgrade succeeded
2013-08-04 18:43:10 +09:00
Tatsuhiro Tsujikawa
d4ade2d7d0
nghttpx: Return -1 if dconn_ is nullptr on push_upload_data_chunk
2013-08-03 23:45:28 +09:00
Tatsuhiro Tsujikawa
f613f68a13
src: Make window size - 1
...
To match the -w16 to 65535, which is HTTP/2.0 default initial window
size, decrement 1 from (1 << window_bits).
2013-08-03 19:53:07 +09:00
Tatsuhiro Tsujikawa
6bcfb99cc0
nghttpx: Update help messages
2013-08-03 19:19:04 +09:00
Tatsuhiro Tsujikawa
079f867d68
nghttp: Ignore -u if --no-tls is not given
2013-08-03 19:08:52 +09:00
Tatsuhiro Tsujikawa
d1bc3c89a7
nghttpx: Code cleanup
2013-08-03 19:04:44 +09:00
Tatsuhiro Tsujikawa
0150312022
nghttpx: Rename spdy_{upstream,downstream}_no_tls as {upstream,downstream}_no_tls
2013-08-03 19:01:57 +09:00
Tatsuhiro Tsujikawa
564e6b9ffc
nghttpx: Rename --{front,back}end-spdy-no-tls as --{front,back}end-no-tls
2013-08-03 18:58:14 +09:00
Tatsuhiro Tsujikawa
f620655d08
nghttp, nghttpx: Add HTTP Upgrade from HTTP/1.1 to HTTP/2.0
...
nghttpx does not perform upgrade if the request has request body.
2013-08-03 18:51:01 +09:00
Tatsuhiro Tsujikawa
5594f0ef0b
nghttpx: Preserve upgrade in Connection header field
2013-08-02 00:00:33 +09:00
Tatsuhiro Tsujikawa
8fd1953b21
app_helper: Show flags in hex
2013-08-01 21:42:16 +09:00
Tatsuhiro Tsujikawa
1bbcbd365c
shrpx: Cast uint8_t to uint32_t to print its decimal number
2013-08-01 20:33:04 +09:00
Tatsuhiro Tsujikawa
fec566aa23
src: Send out data in output buffer before HTTP2/SPDY session tear down
2013-08-01 20:31:29 +09:00
Tatsuhiro Tsujikawa
8cb92fc277
nghttpx: Handle error from Upstream::resume_read in upgrade code
2013-07-31 22:14:25 +09:00
Tatsuhiro Tsujikawa
924b1bd61a
Use unmodified http-parser
...
Handle HTTP Upgrade and CONNECT explicitly
2013-07-31 21:48:37 +09:00
Tatsuhiro Tsujikawa
ab56cd4ea3
nghttpx: Fix bug: end marker of chunked encoding is written twice
2013-07-30 21:46:00 +09:00
Tatsuhiro Tsujikawa
dc2ed7414c
src: Cleanup src builds
2013-07-28 19:50:02 +09:00
Tatsuhiro Tsujikawa
9f9c0cbcd1
nghttpd: Add -F and -f option to disable connection/stream level flow control
2013-07-28 19:29:11 +09:00
Tatsuhiro Tsujikawa
56db10cb5e
nghttp: Add -F and -f option to disable connection/stream level flow controls
2013-07-28 19:29:11 +09:00
Tatsuhiro Tsujikawa
60fe0337da
app_helper: Print PUSH_PROMISE
2013-07-27 22:37:09 +09:00
Tatsuhiro Tsujikawa
f7c0df1235
Remove :version from downstream HTTP/2.0 request
2013-07-27 18:57:33 +09:00
Tatsuhiro Tsujikawa
90b06e8572
nghttpx: Add HTTP/2.0 word in help message
2013-07-26 21:55:08 +09:00
Tatsuhiro Tsujikawa
1fca42ed2b
nghttpx: Remove :version from http2 connection
2013-07-26 21:47:53 +09:00
Tatsuhiro Tsujikawa
5ccf647df9
Rename shrpx as nghttpx superficially
2013-07-26 21:42:39 +09:00
Tatsuhiro Tsujikawa
86174f537a
shrpx: Send and receive client connection header
2013-07-26 21:35:14 +09:00
Tatsuhiro Tsujikawa
9b27160195
HttpServer: Fix left_connhd_len_ is not updated
2013-07-26 21:34:39 +09:00
Tatsuhiro Tsujikawa
32bd1425b4
shrpx: SPDY support in upstream connection
2013-07-26 20:12:55 +09:00
Tatsuhiro Tsujikawa
41b21f7938
fixup
2013-07-26 19:38:54 +09:00
Tatsuhiro Tsujikawa
18f450fd2a
Port shrpx to nghttp2 use
2013-07-26 19:33:25 +09:00
Tatsuhiro Tsujikawa
459a269049
Define HTTP/2.0 protocol version ID
2013-07-26 01:38:04 +09:00
Tatsuhiro Tsujikawa
3cc71a707e
Rename nghttp2_headers_category members
...
Add NGHTTP2_HCAT_PUSH_RESPONSE
2013-07-25 20:57:50 +09:00
Tatsuhiro Tsujikawa
cca1d19d3d
Fix WINDOW_UPDATE enum value
2013-07-23 02:08:32 +09:00
Tatsuhiro Tsujikawa
57401bfb8d
src: Print PRIORITY frame in print_frame()
2013-07-23 00:29:52 +09:00
Tatsuhiro Tsujikawa
42ff5b5c04
Rename nghttp2_ssl as app_helper
2013-07-22 22:12:54 +09:00
Tatsuhiro Tsujikawa
ec79d70bd0
Code cleanup
2013-07-22 22:08:52 +09:00
Tatsuhiro Tsujikawa
551ae72f3a
Remove spdyd and spdycat
2013-07-22 22:06:31 +09:00
Tatsuhiro Tsujikawa
9e9a7fb160
Add nghttpd and 24 bytes client connection header support
2013-07-22 21:56:19 +09:00
Tatsuhiro Tsujikawa
6bc7e7bd0b
Add nghttp client backed by libevent
2013-07-22 00:01:33 +09:00
Tatsuhiro Tsujikawa
94258cd0b8
Move NGHTTP2_PRI_* to nghttp2.h, fix too small pri data type in src
2013-07-20 01:59:43 +09:00
Tatsuhiro Tsujikawa
61bf7c6b02
Integrate new header compression
2013-07-20 00:08:14 +09:00
Tatsuhiro Tsujikawa
257bc1c924
print_frame: Show pri only when NGHTTP2_FLAG_PRIORITY flag set
2013-07-17 01:13:58 +09:00
Tatsuhiro Tsujikawa
307e13375d
spdycat: Set on_data_send_callback
2013-07-17 01:10:50 +09:00
Tatsuhiro Tsujikawa
3ed5c78a2c
Remove unnecessary indent in DATA frame line
2013-07-16 20:54:01 +09:00
Tatsuhiro Tsujikawa
68c072485c
Remove :version existence check in spdyd
2013-07-16 20:53:29 +09:00
Tatsuhiro Tsujikawa
24cab312cf
Make spdycat and spdyd barely work
2013-07-16 00:15:04 +09:00
Tatsuhiro Tsujikawa
39e0b06bfc
Comment out shrpx build in Makefile for now
2013-07-13 00:45:42 +09:00
Tatsuhiro Tsujikawa
0edce70343
Rebranding nghttp2
2013-07-13 00:43:06 +09:00
Tatsuhiro Tsujikawa
7b59a11480
shrpx: Create default SSL context once
2013-06-21 23:17:46 +09:00
Tatsuhiro Tsujikawa
d1b9af0268
shrpx: Fix usage doc
2013-06-09 23:09:49 +09:00
Tatsuhiro Tsujikawa
e91b386422
src: Add SRC_LIBS to shrpx_unittest_LDFLAGS
2013-05-03 22:15:07 +09:00
Tatsuhiro Tsujikawa
c02fefe063
spdylay_ssl.cc: Cast tv.tv_sec to long int to pass printf
2013-05-03 22:14:16 +09:00
moparisthebest
aa13b9b980
Drop priveleges only after listening on possibly priveleged port
2013-04-19 07:58:58 -04:00
moparisthebest
7dfa559bc4
Add --honor-cipher-order option to mitigate BEAST attacks
2013-04-18 14:25:48 -04:00
snnn
4c238c5b36
fix building on mac os x. "error: invalid suffix on literal; C++11 requires a space between literal and identifier"
2013-04-17 14:33:55 +08:00
Tatsuhiro Tsujikawa
34e119fde2
shrpx: Remove useless backend spdy version check
...
It is unnecessary because spdy version at this point is always valid.
2013-03-29 22:16:50 +09:00
Tatsuhiro Tsujikawa
a9f475fb88
spdycat, shrpx: TLS SNI enhancements
...
shrpx:
* Added an option to set the TLS SNI extension between shrpx and the
origin on the command line
spdycat:
* If the user set an explicit host header ( using --headers ) use that
name for the TLS SNI extension.
* Added the handshake completion time to the verbose output
* The gettimeofday call in get_time was using the incorrect structure
( I believe )
* In update_html_parser it was submitting the request regardless of
the return value of add_request.
Patch from Stephen Ludin
2013-03-29 22:06:33 +09:00
Tatsuhiro Tsujikawa
bdade00e68
cygwin build fix
2013-03-28 01:25:42 +09:00
Tatsuhiro Tsujikawa
7d709fa3ff
shrpx: Support non-TLS SPDY in frontend connection
2013-03-24 21:03:39 +09:00
Tatsuhiro Tsujikawa
7264966bb5
shrpx: Check get_request_state() == MSG_COMPLETE when body is empty
2013-03-08 01:50:46 +09:00
Tatsuhiro Tsujikawa
4461cb24ed
shrpx: Fix assertion failure in SpdyDownstreamConnection::attach_stream_data
2013-03-07 21:32:10 +09:00
Tatsuhiro Tsujikawa
add067ed7e
Provide timegm replacement and android build fix
2013-03-07 21:17:55 +09:00
Tatsuhiro Tsujikawa
eddd48b783
shrpx: Don't issue RST_STREAM on downstream tunnel connection EOF
...
The RST_STREAM will be issued in spdy_data_read_callback.
2013-03-01 20:43:35 +09:00
Tatsuhiro Tsujikawa
2d23ae3741
shrpx: Fix missing delete
2013-03-01 00:07:00 +09:00
Tatsuhiro Tsujikawa
cf1cfca51f
shrpx: Fix not send RST_STREAM when downstream gets valid EOF
2013-03-01 00:05:57 +09:00
Tatsuhiro Tsujikawa
da36fc3953
shrpx: Fix WINDOW_UPDATE may block until SpdyUpstream::send()
...
spdy_data_read_callback in SpdyDownstreamConnection calls
SpdyUpstream::resume_read() which submits WINDOW_UPDATE, but after
that they are not call SpdyUpstream::send(). This means that if no
pending outgoing data in upstream, then WINDOW_UPDATE is blocked until
SpdyUpstream::send() from somewhere. This change adds
SpdyUpstream::send() to resume_read() so that WINDOW_UPDATE is not
blocked.
2013-02-27 22:55:44 +09:00
Tatsuhiro Tsujikawa
7b3f57cef8
shrpx: Fix blocking upstream RST_STREAM and propagate REFUSED_STREAM
...
This change fixes upstream RST_STREAM is blocked until
SpdyUpstream::send() is called. Now downstream REFUSED_STREAM is
propagated to upstream client so that client can reset request. The
RST_STREAM error code when downstream went wrong is changed from
CANCEL to INTERNAL_ERROR.
2013-02-27 22:39:44 +09:00
Tatsuhiro Tsujikawa
dbb0df5c5b
Remove strerror(3) from code which may run in multi-thread
2013-02-25 22:43:44 +09:00
Tatsuhiro Tsujikawa
c487d152b2
shrpx: Add non-TLS SPDY backend connection support
...
Use --backend-spdy-no-tls to disable TLS on backend SPDY connection.
The SPDY protocol used there must be configured by
--backend-spdy-proto option.
2013-02-22 22:54:54 +09:00
Tatsuhiro Tsujikawa
fc26f08af2
shrpx: Fix Proxy-Authorization is alwasy sent even if userinfo is empty
...
Surprisingly, field_set & UF_USERINFO is nonzero even if userinfo
component is empty string.
2013-02-22 21:23:59 +09:00
Tatsuhiro Tsujikawa
78523c6701
shrpx: Fix backend SPDY connection does not go through proxy
2013-02-22 19:30:15 +09:00
Tatsuhiro Tsujikawa
64fcac48b7
shrpx: Fix bug in building certificate lookup tree
2013-02-16 17:51:38 +09:00
Tatsuhiro Tsujikawa
c8167234fa
shrpx: Fix bug in certificate lookup
2013-02-16 02:33:16 +09:00
Tatsuhiro Tsujikawa
abe5fd1e39
spdycat: Fix -d option in usage
2013-02-14 21:25:46 +09:00
Tatsuhiro Tsujikawa
54d5dda6c4
spdycat: Add --multiply option
2013-02-14 21:24:57 +09:00
Tatsuhiro Tsujikawa
3d2ef18afb
spdycat: Fix error handling of spdylay_gzip_inflate()
2013-02-14 21:12:16 +09:00
Tatsuhiro Tsujikawa
291cbc639b
shrpx: Use patricia trie for cert lookup
2013-02-14 00:28:55 +09:00
Tatsuhiro Tsujikawa
e322af8a6f
src: Add missing base64.h
2013-02-11 21:49:04 +09:00
Tatsuhiro Tsujikawa
e28f169228
shrpx: More backend EOF handling
...
Now we set Downstream::set_response_connection_close(true) for
tunneled connections. Also call
Upstream::on_downstream_body_complete() callback when setting
MSG_COMPLETE in SpdySession when RST_STREAM is caught. Clean up EOF
handling in https_downstream_readcb.
2013-02-11 17:20:52 +09:00
Tatsuhiro Tsujikawa
d830e099a6
shrpx: Send pending response data before RST_STREAM in tunnel connection
2013-02-11 02:05:11 +09:00
Tatsuhiro Tsujikawa
734d7bced8
shrpx: Handle downstream response_state == MSG_RESET case in SPDY upstream
2013-02-09 23:20:29 +09:00
Tatsuhiro Tsujikawa
8b6fbbf3a6
shrpx: Update --backend-http-proxy-uri usage
2013-02-09 19:08:02 +09:00
Tatsuhiro Tsujikawa
39df51188c
shrpx: Log stream ID when submitting RST_STREAM to downstream
2013-02-09 17:56:44 +09:00
Tatsuhiro Tsujikawa
ceba5539a1
shrpx: Fix client mode does not work
2013-02-09 17:45:57 +09:00
Tatsuhiro Tsujikawa
18dc6384d4
shrpx: Remove x-forwarded-proto header from SPDY downstream
...
SPDY frame has :scheme header field, so x-forwarded-proto is not
necessary.
2013-02-09 17:22:33 +09:00
Tatsuhiro Tsujikawa
b43b31c362
shrpx: Remove x-forwarded-spdy header field
2013-02-09 17:21:46 +09:00
Tatsuhiro Tsujikawa
4876412f7d
shrpx: Check return value of HttpsUpstream::resume_read()
...
Currently, resume_read() fails if on_read() returns -1 in case that
evbuffer_add failed, which means, most likely, memory allocation
failure. ClientHandler is marked "should be closed", but if
evbuffer_add is failed, write callback will not be invoked and its
marking is not evaluated. It will eventually be deleted when the
client is disconnected or backend failure though.
2013-02-09 17:03:03 +09:00
Tatsuhiro Tsujikawa
99b687ceca
shrpx: Documented --spdy-bridge
2013-02-09 16:55:49 +09:00
Tatsuhiro Tsujikawa
cb8b8050b5
shprx: Add --backend-http-proxy-uri option
...
Specify proxy URI in the form http://[USER:PASS]PROXY:PORT . USER and
PASS are optional and if they exist they must be properly
percent-encoded. This proxy is used when the backend connection is
SPDY. First, make a CONNECT request to the proxy and it connects to
the backend on behalf of shrpx. This forms tunnel. After that, shrpx
performs SSL/TLS handshake with the downstream through the tunnel. The
timeouts when connecting and making CONNECT request can be specified
by --backend-read-timeout and --backend-write-timeout options.
2013-02-09 16:55:39 +09:00
Tatsuhiro Tsujikawa
9ba19df813
shrpx: Add --spdy-bridge option
...
With --spdy-bridge option, it listens SPDY/HTTPS connections from
front end and forwards them to the backend in SPDY. The usage will be
written later. This change fixes the crash when more than 2
outstanding SpdyDownstreamConnection objects are added to SpdySession
and establishing connection to SPDY backend is failed.
2013-02-08 21:46:58 +09:00
Tatsuhiro Tsujikawa
8925c58d71
shrpx: Send RST_STREAM when downstream becomes stale
2013-02-08 00:22:22 +09:00
Tatsuhiro Tsujikawa
9b4245368a
shrpx: Refactor spdy downstream header field handling
2013-02-07 21:53:20 +09:00
Tatsuhiro Tsujikawa
c707125839
shrpx: Explicitly hold server SSL_CTX and client SSL_CTX
2013-02-07 21:13:36 +09:00
Tatsuhiro Tsujikawa
b18af854af
shrpx: Add --subcert option to add additional certificate/private key
...
This option specifies additional certificate and private key
file. Shrpx will choose certificates based on the hostname indicated
by client using TLS SNI extension. This option can be used multiple
times.
2013-02-06 23:41:28 +09:00
Tatsuhiro Tsujikawa
e3401b0159
shrpx: Lowercase x-forwarded-proto
2013-02-01 23:36:08 +09:00
Tatsuhiro Tsujikawa
ae0533334c
shrpx: Relay Connection: upgrade header field for HTTP/1.1 connections
2013-02-01 23:30:12 +09:00
Tatsuhiro Tsujikawa
d9611e65ac
spdycat: Send "accept-encoding: gzip, deflate" header field
2013-02-01 00:17:28 +09:00
Tatsuhiro Tsujikawa
2e3cd7d04f
spdycat: Output error messages to std::cerr
2013-01-30 21:50:36 +09:00
Tatsuhiro Tsujikawa
37cb94d154
src: Use clock_gettime instead of gettimeofday if available
2013-01-27 17:16:13 +09:00
Tatsuhiro Tsujikawa
09154c61f6
spdycat, spdyd: Color verbose output
2013-01-27 16:27:17 +09:00
Tatsuhiro Tsujikawa
964c0d1005
shrpx: Don't return chunked response for pre-HTTP/1.1 request
2013-01-27 16:20:14 +09:00
Tatsuhiro Tsujikawa
817f35f3e4
spdycat: Free fd and SSL object on error
2013-01-25 23:15:34 +09:00
Tatsuhiro Tsujikawa
ac01e48f7a
spdycat: Initialize SpdySession::sc
2013-01-25 22:58:07 +09:00
Tatsuhiro Tsujikawa
f6c0061117
spdycat: Log if set_tcp_nodelay() failed
2013-01-25 22:58:07 +09:00
Tatsuhiro Tsujikawa
f0fc026799
shrpx: Check return value of library functions
2013-01-25 22:58:07 +09:00
Tatsuhiro Tsujikawa
9f28b3056f
spdyd: Initialize Config::on_request_recv_callback
2013-01-25 21:37:43 +09:00
Tatsuhiro Tsujikawa
6732219dc7
spdyd: ListenEventHandler creation fix
2013-01-25 21:27:54 +09:00
Tatsuhiro Tsujikawa
5774f8110d
shrpx: Fix resource leak
2013-01-25 21:26:03 +09:00
Tatsuhiro Tsujikawa
29bec93eb9
shrpx: Don't run expensive INFO log code
...
INFO log and its surrounding code are now guarded by
LOG_ENABLED(SEVERITY) macro so that they don't run if log level
threshold is higher. This increases performance because log formatting
is somewhat expensive.
2013-01-21 22:48:08 +09:00
Tatsuhiro Tsujikawa
87c1f07013
shrpx: HttpsUpstream::error_reply() without std::stringstream
2013-01-16 22:51:33 +09:00
Tatsuhiro Tsujikawa
c48fb56d3f
shrpx: Add content-length header field to SPDY upstream error page
...
create_error_html() is rewritten without std::stringstream.
2013-01-16 22:47:39 +09:00
Tatsuhiro Tsujikawa
dc2fe52e57
shrpx: Add missing \n to help message
2013-01-12 16:42:48 +09:00
Tatsuhiro Tsujikawa
ae8e5b7a95
spdycat: Add -d option to POST data
2013-01-11 00:15:45 +09:00
Tatsuhiro Tsujikawa
28489fd6a8
shrpx: Set TCP_NODELAY to downstream sockets
2013-01-11 00:11:41 +09:00
Tatsuhiro Tsujikawa
e454cc1301
shrpx: Remove warn log from upstream_{read,write}cb
2013-01-11 00:10:08 +09:00
Tatsuhiro Tsujikawa
c306402a20
shrpx: Capitalize header field name in HTTP downstream connection
2013-01-09 22:55:29 +09:00
Tatsuhiro Tsujikawa
c45fa16f94
shrpx: Add --no-via option
...
If --no-via option is given, shrpx does not append to Via header
field. If Via header field is received, it is left unaltered.
2013-01-09 22:03:49 +09:00
Tatsuhiro Tsujikawa
4d1f1f2395
shrpx: Log IP version number when getaddrinfo failed
2013-01-09 22:03:34 +09:00
Tatsuhiro Tsujikawa
6da492c4e8
Remove uri.{cc,h} and use http_parser_parse_url() instead
2013-01-09 00:42:06 +09:00
Tatsuhiro Tsujikawa
633e85246f
Include http-parser/http_parser.h locally
2013-01-05 23:21:09 +09:00
Tatsuhiro Tsujikawa
6a4a0e7f8c
Remove useless extern "C"
2013-01-05 23:20:18 +09:00
Tatsuhiro Tsujikawa
be5066c450
Updated http-parser
2012-12-23 01:13:02 +09:00
Tatsuhiro Tsujikawa
92260ccc81
Add patch for http-parser to handle tunneling connection transparently
2012-12-20 01:05:51 +09:00
Tatsuhiro Tsujikawa
9425f8a45f
shrpx: Handle graceful shutdown in SPDY backend
2012-12-17 01:10:45 +09:00
Tatsuhiro Tsujikawa
3ba73db7d7
shrpx: Remove unused function modify_location_header_value
2012-12-14 01:14:42 +09:00
Tatsuhiro Tsujikawa
4d80a26188
spdycat: Log error when no supported SPDY version was negotiated
2012-12-12 23:28:32 +09:00
Tatsuhiro Tsujikawa
8c456674cf
shrpx: Remove upstream_spdy_stream and upstream_spdy_stream_close
...
upstream_response logs more detailed information.
2012-12-09 23:30:11 +09:00
Tatsuhiro Tsujikawa
90eebbc88c
shrpx: Log status code, method, path and HTTP version in accesslog
2012-12-09 23:29:43 +09:00
Tatsuhiro Tsujikawa
6ef9b7430d
shrpx: Color HTTP headers in console log
2012-12-09 21:36:02 +09:00
Tatsuhiro Tsujikawa
9b1f36d274
shrpx: Color severity level in terminal
...
Color severity level if stderr refers to a terminal.
2012-12-09 21:02:48 +09:00
Tatsuhiro Tsujikawa
bbf6c18575
shrpx: Log format change
...
Added macros which log messages from the following components are
prefixed with their component name + object pointer address:
ListenHandler: LISTEN
ThreadEventReceiver: THREAD_RECV
Upstream: UPSTREAM
Downstream: DOWNSTREAM
DownstreamConnection: DCONN
SpdySession: DSPDY
2012-12-09 19:15:14 +09:00
Tatsuhiro Tsujikawa
65e965791f
shrpx: Replace strncpy + putting null with memcpy in ssl_pem_passwd_cb
2012-12-07 23:42:58 +09:00
Tatsuhiro Tsujikawa
06220f7fdf
shrpx: Make is_secure() static
2012-12-07 23:14:20 +09:00
Raul Gutierrez Segales
cbf8ccf7d1
[shrpx] read private key's passwd from a file
...
This avoids the need to provide the password for your
private key interactively.
It can be used via --private-key-passwd-file or private-key-passwd-file
in the given config file. The first line in the file
(without \n) will be treated as the passwd. There isn't
any validation and all lines after the first one (if any)
are ignored.
The security model behind this is a bit simplistic so I
am open to better ideas. Basically your password file
should be root:root (700) and you *should* drop root
and run as an unprivileged user.
If the file exists and a line can be read then a callback
will be set for the SSL ctxt and it'll feed the passwd
when the private key is read (if password is needed).
If the file exists with the wrong permisions it'll be
logged and ignored.
2012-12-03 21:55:32 -08:00
Tatsuhiro Tsujikawa
f97110f092
spdycat, spdyd: Support SPDY without SSL/TLS
...
Use --no-tls option to disable SSL/TLS and specify SPDY protocol
version using -2 or -3.
2012-11-25 21:58:44 +09:00
Tatsuhiro Tsujikawa
50211bc1ad
shrpx: Replace "https" with "http" in log message in shrpx_https_upstream.cc
2012-11-23 21:30:57 +09:00
Tatsuhiro Tsujikawa
282b8b567a
shrpx: Log upstream https request headers
2012-11-23 21:30:17 +09:00
Tatsuhiro Tsujikawa
8f62441112
src: Rewrite util::stripIter
2012-11-23 21:14:39 +09:00
Tatsuhiro Tsujikawa
baf2dc3ddf
shrpx: Add --backend-ipv4 and --backend-ipv6 options.
2012-11-23 21:11:01 +09:00
Tatsuhiro Tsujikawa
7a21905312
shrpx: Remove Config ctor and fill all initial values in fill_default_config()
2012-11-22 23:35:10 +09:00
Tatsuhiro Tsujikawa
c1332a35a5
shrpx: Add -v, --version option
2012-11-22 23:08:36 +09:00
Tatsuhiro Tsujikawa
774e64d2b4
shrpx: Group up options in -h output
2012-11-22 23:04:27 +09:00
Tatsuhiro Tsujikawa
9c70c1b867
shrpx: Code cleanup
2012-11-22 22:05:52 +09:00
Tatsuhiro Tsujikawa
4349d42988
shrpx: Add usage for <PRIVATE_KEY> <CERT>
2012-11-22 22:00:38 +09:00
Tatsuhiro Tsujikawa
9aa7af2c7f
shrpx: Use SNI TLS extension in client mode
2012-11-22 21:51:11 +09:00
Tatsuhiro Tsujikawa
d589f4c74c
shrpx: Verify backend server's certificate in client mode
...
The -k, --insecure option is added to skip this verification. The
system wide trusted CA certificates will be loaded at startup. The
--cacert option is added to specify the trusted CA certificate file.
2012-11-22 21:46:15 +09:00
Tatsuhiro Tsujikawa
8a5db1751e
shrpx: Check the length of output buffer in write callback
...
Possibly because of deferred callback, we may get this callback when
the output buffer is not empty.
2012-11-22 03:13:30 +09:00
Tatsuhiro Tsujikawa
81adb6bc7f
shrpx: Implement downstream SPDY flow control
2012-11-21 23:47:48 +09:00