af926fbe1f
Refactoring include directories for build as CMake subdirectory (add_subdirectory(nghttp2))
2017-08-16 21:28:12 +03:00
83039ae2d4
h2load: Reservoir sampling
2017-08-14 20:25:02 +09:00
4d76606fa2
Fix bug that forwarded for is not affected by proxy protocol
2017-08-09 22:44:14 +09:00
1baf7d34b3
Duration watcher and warmup watcher is initialised in Worker constructor. Statistic calculation is removed from duration watcher call_back, it's done in free_client.
2017-08-08 17:26:37 -04:00
c78159469a
Added a function to free a client from Worker's list of client, if the client is destroyed
2017-08-07 18:58:12 -04:00
b72ca0289c
formatting issue
2017-08-04 14:20:00 -04:00
46f670f8a2
concurrent connections are created in timing-based mode. Some safety asserts added.
2017-08-03 16:15:14 -04:00
4b44362b9f
minor style changes
2017-08-01 20:22:20 -04:00
d068a29798
removed unnecessary code
2017-08-01 19:51:47 -04:00
0836a51408
Handling requests starting in warm-up phase and ending in MAIN_DURATION
2017-08-01 18:29:00 -04:00
566cee8fe7
MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well.
2017-08-01 17:45:52 -04:00
e85698e131
MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well.
2017-08-01 17:45:18 -04:00
5f3c541c4c
enabled --duration option.
2017-07-28 17:31:13 -04:00
3c43e00d8a
Timing ( #1 )
...
* Adding timing-sensitive load test option in h2load.
* more checks added for parameters
* A worker thread can control its clients' warmup and main duration.
* Changed warmup to an enum variable.
* removed unnecessary call to ev_timer_stop
* assertion is done before starting main measurement phase
* phase variable is implemented only inside the Worker class
* enum to enum class
* else indentation corrected
* check added for timing-based test when duration CB is called explicitly
* New argument is introduced for timing-based benchmarking.
* styling corrections
* duration watcher initialization is pushed back into warmup timeout
* Warmup and Duration timer is moved to Worker instead of clients. Now both timers and phase belongs to the Workers.
* some client functions are modified to return if it's not main_duration phase. client is not destructed but sessions are terminated
* outputs are adjusted for thread.
* Needed to check if a session exist before terminating
* formatting
* more formatting
* formatting
2017-07-28 17:08:20 -04:00
1002c6da1c
src: Use llround instead of round
2017-07-12 23:23:47 +09:00
18dd20ce55
nghttp: Fix bug that upgrade fails if reason-phrase is missing
2017-06-28 01:01:39 +09:00
a18d154e0e
Merge pull request #943 from nghttp2/nghttpx-verify-ocsp-resp-with-cacerts
...
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-15 20:56:44 +09:00
59c78d5809
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-13 23:00:26 +09:00
be164fc8f9
nghttpx: Set default minimum TLS version to TLSv1.2
...
Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers. To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.
2017-06-12 23:54:12 +09:00
6ec7683991
nghttpx: Use nocopy version to send trailer headers to backend
...
It looks like we can use nocopy version here. We use nocopy version
in frontend in day 1.
2017-06-02 22:38:39 +09:00
8f7fa1b1bf
nghttpx: Fix crash in OCSP response verification
2017-05-30 23:52:38 +09:00
db7483ef10
Merge branch 'nghttpx-verify-ocsp'
2017-05-25 23:37:34 +09:00
74c2f1257a
nghttpx: Add --no-verify-ocsp to disable OCSP response verification
2017-05-25 23:14:58 +09:00
1428a5e3ae
nghttpx: Verify OCSP response
...
At least we should make sure that the OCSP response is targeted to the
expected certificate. This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ. Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
c57bf21306
src: memchunks: Don't use std::unique_ptr to avoid potential SO
2017-05-25 00:23:51 +09:00
8401e16a15
nghttpx: Fix compile error with gcc
2017-05-22 22:10:55 +09:00
07fb5854f3
nghttpx: Compile with openssl 1.0.2
2017-05-22 22:09:34 +09:00
796ab87b14
nghttpx: Fix certificate selection based on pub key algorithm
2017-05-21 11:12:47 +09:00
ed1fad3bd4
nghttpx: Call ERR_clear_error()
...
Call ERR_clear_error() before the OpenSSL function if we use
SSL_get_error() to examine error stack.
2017-05-21 10:32:12 +09:00
9c1876f542
nghttpx: Fix certificate indexing bug
2017-05-21 00:19:33 +09:00
7d111d9963
Merge pull request #923 from nghttp2/compile-with-disable-assert
...
Compile with --disable-assert
2017-05-18 23:49:41 +09:00
1b442cb16f
Compile with --disable-assert
2017-05-18 23:10:44 +09:00
0d4f0f0db5
nghttpx: Run OCSP at startup
...
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish. It does not matter
some of the attempts fail. This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
14edd12304
nghttpx: Refactor the code for the anti-replay
2017-05-14 17:45:35 +09:00
e6ffdb23a4
nghttpx: Share session_cache_ssl_ctx across threads
2017-05-14 17:43:11 +09:00
b5007d45f7
nghttpx: Wildcard path matching
...
This commit adds wildcard path matching. If path pattern given in
backend option ends with "*", it is considered as wildcard path. "*"
must match at least one character. All paths which include wildcard
path without last "*" as prefix, and are strictly longer than wildcard
path without last "*" are matched.
2017-05-11 22:15:28 +09:00
a584cf5a4f
Use clang-format-4.0
2017-04-30 15:45:53 +09:00
196673bbce
nghttp: Remove unused short option 'g'
2017-04-28 22:39:12 +09:00
794d13082c
Merge branch 'nghttp-no-verify-peer'
2017-04-28 22:36:23 +09:00
5f5cf4107e
nghttpx: Reseve rcbufs_
2017-04-28 22:31:09 +09:00
6f3ec54b9f
nghttp: Add -y, --no-verify-peer option to suppress peer verify warn
2017-04-28 09:53:37 +09:00
58043a6b04
nghttpx: Guard the presence of TLS1_3_VERSION
2017-04-27 23:13:15 +09:00
a885315ef5
Merge branch 'nghttpx-unrecognized-sni'
2017-04-27 22:57:54 +09:00
d7581525ac
nghttpx: Update TLSv1.3 TLS record overhead
2017-04-27 22:57:06 +09:00
1085f68018
nghttpx: Return SSL_TLSEXT_ERR_NOACK if server name is not recognized
...
With this commit, SSL_TLSEXT_ERR_NOACK is returned from
servername_callback, which removes server_name extension from
ServerHello. CertLookupTree is now used even if the number of server
certificate is one. It is better to exercise it regularly.
2017-04-27 22:25:58 +09:00
d63b4c1034
nghttpx: Forward multiple via, xff, and xfp header fields
...
Previously, for Via, X-Forwarded-For, and X-Forwarded-Proto header
field, nghttpx only forwarded the last header field of each. With
this commit, nghttpx forwards all of them if it is configured to do
so.
2017-04-26 21:23:13 +09:00
c3f5f5ca36
nghttpx: Clarify --conf option behaviour
2017-04-20 22:25:38 +09:00
911d12f7c4
nghttpx: Add log when loading configuration file
2017-04-20 22:22:29 +09:00
17614312e0
Merge pull request #892 from nghttp2/nghttpx-sni-fwd
...
nghttpx: SNI based backend server selection
2017-04-19 21:22:15 +09:00
a2e35a0757
nghttpx: Add $tls_sni access log variable
2017-04-18 22:44:26 +09:00
a4a2b6403b
nghttpx: Use SHRPX_LOGF_TLS_* instead of SHRPX_LOGF_SSL_*
2017-04-18 22:34:08 +09:00
03be97e437
nghttpx: Rename ssl_* log variables as tls_*
...
The exiting ssl_* log variables still work for backward compatibility.
2017-04-18 22:11:05 +09:00
0a2d1965df
nghttpx: Fix path matching bug
...
Previously, if path is empty or path does not start with "/", nghttpx
did not try to match with wildcard pattern. This commit fixes it.
2017-04-18 21:03:50 +09:00
c8a5f1e335
nghttpx: SNI based backend server selection
2017-04-16 23:47:10 +09:00
a1bc83a2ba
Merge pull request #881 from mway/dev/request-priority
...
Support specifying stream priority via session::submit()
2017-04-12 23:36:40 +09:00
bc3949db9e
Support specifying stream priority via session::submit()
2017-04-12 10:07:16 -04:00
6cfa885207
nghttpx: Remove unused lambda capture
2017-04-12 22:09:44 +09:00
e61ac4682e
Merge branch 'nghttpx-xfp-take2'
2017-04-09 16:02:53 +09:00
4d10dce61d
nghttpx: Only send SCT for leaf certificate
2017-04-09 14:38:18 +09:00
2d9fd87029
nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3
2017-04-09 14:11:49 +09:00
cc9190ab37
nghttpx: Add options for X-Forwarded-Proto header field
...
This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --no-add-x-forwarded-proto option makes nghttpx not to
append X-Forwarded-Proto value. The
--no-strip-incoming-x-forwarded-proto option prevents nghttpx from
stripping the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit preserves this behaviour, and adds
additional knobs.
2017-04-08 18:46:36 +09:00
980570de71
Revert "nghttpx: Add options for X-Forwarded-Proto header field"
...
This reverts commit 8c0b2c684a
2017-04-08 18:37:54 +09:00
46ccc4332c
nghttpx: Fix bug that 204 from h1 backend is always treated as error
2017-04-07 21:45:13 +09:00
4e6bd54dd1
Merge branch 'nghttpx-single-process'
2017-04-06 20:18:33 +09:00
5c9f46a6b0
Merge branch 'nghttp-verify-server-certificate'
2017-04-06 20:17:29 +09:00
223e971c7e
nghttpx: Add --single-process option
...
With --single-process option, nghttpx will run in a single process
mode where master and worker are unified into one process. nghttpx
still spawns additional process for neverbleed. In the single process
mode, signal handling is disabled.
2017-04-06 20:02:57 +09:00
8c0b2c684a
nghttpx: Add options for X-Forwarded-Proto header field
...
This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --add-x-forwarded-proto option makes nghttpx append
X-Forwarded-Proto value. The --strip-incoming-x-forwarded-proto
option makes nghttpx to strip the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit changes this behaviour. Now nghttpx
does not strip, and append X-Forwarded-Proto header field by default.
The X-Forwarded-For, and Forwarded header fields are also handled in
the same way. To recover the old behaviour, use
--add-x-forwarded-proto and --strip-incoming-x-forwarded-proto
options.
2017-04-06 19:17:36 +09:00
7ae0b2dc09
nghttp: Verify server certificate and show warning if it fails
2017-04-01 17:49:57 +09:00
058122b804
nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
...
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
69f63c529d
src: Rename ssl.{h,cc} as tls.{h,cc}
...
nghttp2::ssl namespace was also renamed as nghttp2::tls.
2017-04-01 15:12:28 +09:00
e17a6b29b6
nghttpx: Use 502 as server error code
2017-04-01 14:04:55 +09:00
b12c2a13c0
nghttpx: Fail handshake if server certificate verification fails
...
Previously, we drop connection if server certificate verification
fails after handshake. With this commit, we fail handshake if that
happens.
2017-04-01 13:41:41 +09:00
236c835abc
nghttpx: Don't enable SSL_MODE_AUTO_RETRY since we do non-blocking I/O
2017-04-01 12:05:07 +09:00
ad338bfa44
asio: Fix crash if connect takes longer time than ping interval
2017-03-31 21:17:57 +09:00
a899522679
asio: Fix compile error
2017-03-31 21:14:08 +09:00
b9b58c781e
nghttpx: Avoid extra TLS handshake calls
2017-03-30 22:23:55 +09:00
aa1eec4642
nghttpx: Cache client side session inside openssl callback
2017-03-30 21:07:58 +09:00
0c8d9469ea
nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
2017-03-27 23:58:49 +09:00
079e1bdffc
Revert "nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl"
...
This reverts commit b4337d1b54
2017-03-27 23:47:24 +09:00
b4337d1b54
nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
2017-03-27 23:29:28 +09:00
dbe287ff5e
nghttpx: Print version number with -v option
2017-03-27 22:49:53 +09:00
041531458b
Merge pull request #858 from nghttp2/nghttpx-ai-addrconfig
...
nghttpx: Retry getaddrinfo without AI_ADDRCONFIG
2017-03-27 22:37:07 +09:00
1374bb81fd
nghttpx: Enable X25519 with boringssl
2017-03-27 21:18:44 +09:00
f41ac103d3
nghttpx: Retry getaddrinfo without AI_ADDRCONFIG
2017-03-27 00:20:42 +09:00
f6301714db
nghttpx: Avoid copy of std::mt19937 which is huge
2017-03-26 21:14:34 +09:00
7dc39b1ee9
nghttpx: Failing to listen on server socket is fatal error
2017-03-26 11:04:45 +09:00
696a7ce407
Merge pull request #856 from nghttp2/escape-access-log
...
Escape access log
2017-03-25 23:36:02 +09:00
99122ee7bb
nghttpx: Find illegal character in path for SPDY CONNECT method
2017-03-25 19:18:35 +09:00
19ee7ec794
nghttpx: Escape certain characters in access log
...
The certain characters coming from client are now escaped with "\xNN"
where NN is the ascii code of the character in hex notation.
2017-03-25 19:17:24 +09:00
cd9ec0d20f
src: BoringSSL supports SSL_CTX_set_{min,max}_proto_version.
...
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-23 19:26:49 -07:00
e77883e980
nghttpx: Fix typo
2017-03-22 22:53:46 +09:00
0994c92550
nghttpx: Don't cache session server side if TLS version is 1.3
2017-03-22 21:34:13 +09:00
465c7208cc
nghttpx: Don't look up session ID if length is 0
2017-03-22 21:33:31 +09:00
b7e7a4bf26
asio: client: Send PING after 30 seconds idle
2017-03-20 18:37:56 +09:00
c7df65309b
nghttpx: Ignore further input if connection is going to close
2017-03-19 13:24:12 +09:00
26900262f3
Revert "nghttpx: Attempt to avoid TCP RST on socket closure on Linux"
...
This reverts commit f69b52b1aa
2017-03-18 22:43:30 +09:00
9b5ce36368
nghttpx: Reset write timer on write
2017-03-18 21:33:00 +09:00
f69b52b1aa
nghttpx: Attempt to avoid TCP RST on socket closure on Linux
2017-03-18 00:59:26 +09:00
1e1d908c12
nghttpx: Eliminate global std::random_device
2017-03-17 22:25:10 +09:00
6c69d675da
nghttpx: Should take reference
2017-03-17 22:24:32 +09:00
Dmitriy Vetutnev
Tatsuhiro Tsujikawa
Soham Sinha
Soham Sinha
Matt Way
Piotr Sikora