Commit Graph

5797 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa c6d89dd0ba Bump up version number to 1.23.1 2017-05-30 23:55:55 +09:00
Tatsuhiro Tsujikawa d134ccd35d nghttpx: Fix crash in OCSP response verification 2017-05-30 23:55:11 +09:00
Tatsuhiro Tsujikawa 3a6f83394c Update bash_completion 2017-05-26 22:17:10 +09:00
Tatsuhiro Tsujikawa acf36f3d1a Update manual pages 2017-05-26 22:16:51 +09:00
Tatsuhiro Tsujikawa 63e6a8bab2 Bump up version number to 1.23.0, LT revision to 27:3:13 2017-05-26 21:37:28 +09:00
Tatsuhiro Tsujikawa 5361cc6bd1 Update authors 2017-05-26 21:34:43 +09:00
Tatsuhiro Tsujikawa cabac55394 Merge pull request #925 from sohamm17/patch-1
spelling mistake in arguments to build nghttp apps
2017-05-25 23:38:54 +09:00
Tatsuhiro Tsujikawa db7483ef10 Merge branch 'nghttpx-verify-ocsp' 2017-05-25 23:37:34 +09:00
Tatsuhiro Tsujikawa 4b51ccbefe examples: Attempt to fix OpenSSL link error 2017-05-25 23:24:44 +09:00
Tatsuhiro Tsujikawa 74c2f1257a nghttpx: Add --no-verify-ocsp to disable OCSP response verification 2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa 1428a5e3ae nghttpx: Verify OCSP response
At least we should make sure that the OCSP response is targeted to the
expected certificate.  This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ.  Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
Tatsuhiro Tsujikawa fe021c1524 Merge branch 'memchunk-no-unique-ptr' 2017-05-25 00:53:13 +09:00
Tatsuhiro Tsujikawa c57bf21306 src: memchunks: Don't use std::unique_ptr to avoid potential SO 2017-05-25 00:23:51 +09:00
Soham Sinha 1743b7d92d spelling mistake in arguments to build nghttp apps 2017-05-22 17:20:30 -04:00
Tatsuhiro Tsujikawa 7f31278c4c Update doc 2017-05-22 22:53:49 +09:00
Tatsuhiro Tsujikawa 8401e16a15 nghttpx: Fix compile error with gcc 2017-05-22 22:10:55 +09:00
Tatsuhiro Tsujikawa 07fb5854f3 nghttpx: Compile with openssl 1.0.2 2017-05-22 22:09:34 +09:00
Tatsuhiro Tsujikawa b56a99bfba Update bash_completion 2017-05-21 11:43:00 +09:00
Tatsuhiro Tsujikawa b91e4e4df1 Update manual pages 2017-05-21 11:42:46 +09:00
Tatsuhiro Tsujikawa 52a4d6ac31 Merge branch 'nghttpx-fix-cert-selection' 2017-05-21 11:26:12 +09:00
Tatsuhiro Tsujikawa 796ab87b14 nghttpx: Fix certificate selection based on pub key algorithm 2017-05-21 11:12:47 +09:00
Tatsuhiro Tsujikawa ed1fad3bd4 nghttpx: Call ERR_clear_error()
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
Tatsuhiro Tsujikawa 9c1876f542 nghttpx: Fix certificate indexing bug 2017-05-21 00:19:33 +09:00
Tatsuhiro Tsujikawa 7d111d9963 Merge pull request #923 from nghttp2/compile-with-disable-assert
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
Tatsuhiro Tsujikawa 8c2ce0cf3f Merge pull request #922 from nghttp2/nghttpx-ocsp-startup
nghttpx: Run OCSP at startup
2017-05-18 23:49:23 +09:00
Tatsuhiro Tsujikawa 1b442cb16f Compile with --disable-assert 2017-05-18 23:10:44 +09:00
Tatsuhiro Tsujikawa 2bf3680d87 Merge pull request #919 from projectgus/fix_ndebug_compile
nghttp2_session: Allow for compiling library with -DNDEBUG set
2017-05-18 22:37:51 +09:00
Tatsuhiro Tsujikawa 0d4f0f0db5 nghttpx: Run OCSP at startup
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish.  It does not matter
some of the attempts fail.  This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Angus Gratton e17ff8fd32 nghttp2_session: Allow for compiling library with -DNDEBUG set 2017-05-17 14:43:06 +10:00
Tatsuhiro Tsujikawa 14edd12304 nghttpx: Refactor the code for the anti-replay 2017-05-14 17:45:35 +09:00
Tatsuhiro Tsujikawa e6ffdb23a4 nghttpx: Share session_cache_ssl_ctx across threads 2017-05-14 17:43:11 +09:00
Tatsuhiro Tsujikawa 98fdedac06 Merge pull request #917 from Tapanito/patch-1
Update docs
2017-05-13 10:27:22 +09:00
Tapanito 255037264a updated docs 2017-05-12 16:35:44 +01:00
Tatsuhiro Tsujikawa d3fcbe9a02 Merge branch 'invalid-header-field-error' 2017-05-12 21:37:20 +09:00
Tatsuhiro Tsujikawa bcdd588c6e Merge branch 'nghttpx-wildcard-path-match' 2017-05-11 23:50:56 +09:00
Tatsuhiro Tsujikawa b5007d45f7 nghttpx: Wildcard path matching
This commit adds wildcard path matching.  If path pattern given in
backend option ends with "*", it is considered as wildcard path.  "*"
must match at least one character.  All paths which include wildcard
path without last "*" as prefix, and are strictly longer than wildcard
path without last "*" are matched.
2017-05-11 22:15:28 +09:00
Tatsuhiro Tsujikawa a584cf5a4f Use clang-format-4.0 2017-04-30 15:45:53 +09:00
Tatsuhiro Tsujikawa 77f7a2fa7f Update doc 2017-04-29 22:21:21 +09:00
Tatsuhiro Tsujikawa f2c539dc70 Clarify the effect of nghttp2_option_set_no_http_messaging 2017-04-29 21:00:20 +09:00
Tatsuhiro Tsujikawa 78d7160a99 Treat incoming invalid regular header field as stream error
Previously, the incoming invalid regular header field was ignored by
default.  With this commit, they are now treated as stream error, and
the stream is reset by default.  The error code used is now
PROTOCOL_ERROR, instead of INTERNAL_ERROR.
2017-04-28 23:46:06 +09:00
Tatsuhiro Tsujikawa 196673bbce nghttp: Remove unused short option 'g' 2017-04-28 22:39:12 +09:00
Tatsuhiro Tsujikawa 794d13082c Merge branch 'nghttp-no-verify-peer' 2017-04-28 22:36:23 +09:00
Tatsuhiro Tsujikawa 5f5cf4107e nghttpx: Reseve rcbufs_ 2017-04-28 22:31:09 +09:00
Tatsuhiro Tsujikawa 6f3ec54b9f nghttp: Add -y, --no-verify-peer option to suppress peer verify warn 2017-04-28 09:53:37 +09:00
Tatsuhiro Tsujikawa 58043a6b04 nghttpx: Guard the presence of TLS1_3_VERSION 2017-04-27 23:13:15 +09:00
Tatsuhiro Tsujikawa a885315ef5 Merge branch 'nghttpx-unrecognized-sni' 2017-04-27 22:57:54 +09:00
Tatsuhiro Tsujikawa d7581525ac nghttpx: Update TLSv1.3 TLS record overhead 2017-04-27 22:57:06 +09:00
Tatsuhiro Tsujikawa 385068eb91 Merge branch 'altsvc-invalid-callback' 2017-04-27 22:35:25 +09:00
Tatsuhiro Tsujikawa 1085f68018 nghttpx: Return SSL_TLSEXT_ERR_NOACK if server name is not recognized
With this commit, SSL_TLSEXT_ERR_NOACK is returned from
servername_callback, which removes server_name extension from
ServerHello.  CertLookupTree is now used even if the number of server
certificate is one.  It is better to exercise it regularly.
2017-04-27 22:25:58 +09:00
Tatsuhiro Tsujikawa 21af775ce0 Call nghttp2_on_invalid_frame_callback if altsvc validation fails 2017-04-27 18:53:43 +09:00