The experimental SPDY protocol version 2, 3 and 3.1 implementation in C
This release removes CREDENTIAL frame support. The API functions are still there, but they are now noop.
Renew test key pair
Fix OpenSSL 1.1.0 deprecation warnings
spdylay: compile against openssl-1.1.0
It fails to compile against openssl 1.1.0 due to things like |shrpx_client_handler.cc:90:30: error: 'strerror' was not declared in this scope |shrpx_listen_handler.cc:112:32: error: 'memset' was not declared in this scope |shrpx_listen_handler.cc:114:43: error: 'memcpy' was not declared in this scope
This resolves it.
Signed-off-by: Sebastian Andrzej Siewior [email protected]
Patch from Sebastian Andrzej Siewior
spdycat: Fix leak in SpdySession.reqvec
Compile with IRIX 6.5.22 using GCC-4.7.4
Based on the patch from Klaus Ziegler
Remove CREDENTIAL frame processing completely
We just left API as is, but related functions just do nothing now.
Allocate stream ID when spdylay_submit_{syn_stream,request} is called
This commit allocates stream ID when spdylay_submit_syn_stream and spdylay_submit_request is called. Also create stream when spdylay_session_predicate_syn_stream_send is failed, to provide stream to user callback (e.g., on_ctrl_not_send_callback). Allocating stream ID early ensures that we can create stream because we can catch stream ID exhaustion early and fail fast. Since stream ID is allocated serially, we have to send SYN_STREAM in the order they queued. So now all queued syn_stream have the same priority (lowest). The DATA frame has given priority by application. This does not work well with CREDENTIAL frame, since SYN_STREAM may wait for CREDENTIAL, which results in out of order transmission. Since CREDENTIAL frame was deprecated in SPDY/3.1, and no one use it, we remove its functionality in the later commit.
spdycat: --proxy-port, not --proxyport
Fixes GH-132
spdycat: Check :host header field for SNI, since Host header is not allowed
spdycat: Update spdycat --help output for --header
Patch from Chris Adams
spdycat: Fix resource leak found by coverity scan
This release adds spdylay_session_get_stream_user_data() API function and various source code enhancements using compiler warning flags.
Add spdylay_session_set_stream_user_data() API function
spdycat: Support pipe input for -d
This is a port from https://github.com/tatsuhiro-t/nghttp2/commit/a8a66843db98377398edf6f65d3dabe35e82b98f
fix implicit conversion loses integer precision [-Werror,-Wshorten-64-to-32]
Patch from Alexis La Goutte
fix cast increases required alignment [-Werror,-Wcast-align]
Patch from Alexis La Goutte
Fix error: will never be executed [-Werror,-Wunreachable-code]
Patch from Alexis La Goutte
Add check compile flag and add some new CFLAG option
Patch from Alexis La Goutte
Remove -Wno-unused-parameter (and add U macro)
Patch from Alexis La Goutte
Fix -Werror=unused-parameter using U macro
Patch from Alexis La Goutte
shrpx: Don't send x-forwarded-proto if -s or -p is used
Fix Allocator sizeof operand mismatch found by Clang Analyzer
Patch from Alexis La Goutte
This release fix the bug in spdylay_session_consume function.
Fix bug that connection window is consumed excessively
Previously we consider bytes as consumed in spdylay_session_mem_recv() even if it is not ignored and is passing to application. As a result, excessive number of bytes are considered as consumed and library sends excessive amount of WINDOW_UPDATE to peer. This commit fixes this bug.
This release adds new API function spdylay_session_consume() and the new option SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE2 to enable that functionality. This is a preferred way to manually control local flow window. This effectively deprecates SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE option.
Add spdylay_session_consume() API
This function is back ported from nghttp2 project. This is a preferred way to manually control flow window. SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE is not deprecated. New application should use SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE2 and use spdylay_session_consume() to tell the library how many bytes application consumed.
This release fixes the bug that write timeout in shrpx frontend connection is triggered when there is no data to write.
shrpx: Set timeout to underlying bufferevent
Setting write timeout to filter bufferevent does not work as intended. It timeouts even when there is no data to write.
This release adds several new options to shrpx SPDY proxy. NPN selection made by spdylay_select_next_protocol() now prefers higher SPDY version, regardless of the order of received protocol identifiers. Other several minor fixes were also made.
shrpx: Remove Connection: close header field from CONNECT response
spdycat: Fix bug that -H does not allow single letter header name
NPN: Prefer higher SPDY version
NPN: Check protocol id length so that scanner don't overrun buffer
spdycat: Allow -H to override built-in header fields
This change also allow users to send specify multiple same header fields using -H if it is not built-in header fields.
shrpx: Add X-Forwarded-For header field to SPDY backend request
This change also fixes its header field in http/1 backend where x-forwarded-proto has http if frontend is SPDY http.
shrpx: Add rate limit per worker thread
Update http-parser and allow extra characters in TOKEN
Now http-parser is updated to 8d9e5db981b623fffc93657abacdc80270cbee58. We allow additional characters in TOKEN to access somewhat broken servers. The all patches we made for spdylay are attached in this directory.
This release adds new options to shrpx and spdycat. Spdycat now can speak the protocol other than TLSv1. For library side, strict header name/value validation is done against received headers.
shrpx: Disable TLS renegotiation
shrpx: Add --client-private-key-file and --client-cert-file options
shrpx: Call SpdySession::disconnect() if initiate_connection() failed
This will clean up resources allocated in initiate_connection() properly.
spdycat: Fix port checking to share connection
shrpx: Send acceptable list of CAs when client cert auth is enabled
spdycat: Add support for SPDY proxies
Patch from Nils "irrenhaus" Hesse
spdycat: Use SSLv23_client_method instead of TLSv1_client_method
shrpx: Add --tls-proto-list option to enable SSL/TLS protocol selectively
Validate header name/value pair strictly to avoid possible attack
Don't return SPDYLAY_ERR_INVALID_ARGUMENT if priority is larger than lowest
This release adds SPDY/3.1 support and fixes flow control bug. The shrpx, SPDY proxy, got client certificate authentication. It now also supports custom HTTP-version string (e.g., ICY). The spdycat and spdyd got --color option to force ANSI color escape in output.
shrpx: Add options to specify per-connection window size
Interleave streams with same priority
Add SPDY/3.1 support
The added feature is connection-level flow control.
src/http-parser: Allow custom HTTP-version string (e.g., ICY)
We need HTTP major and minor version later, so we assume it is HTTP/1.0 equivalent if custom HTTP-version string is used.
src/http-parser: Update to HEAD
shrpx: Add --verify-client-cacert option
Using --cacert to load certificate for client certificate authentication is problematic since, --cacert is also used for client mode. This commit adds --verify-client-cacert option which specify the CA certficate file used only for client certificate validation. This change also removes the default certficate load function for client certificate validation.
shrpx: Add --verify-client option
This option requires client certificate and successful verification. Use --cacert option to add CA certificates as necessary.
spdycat, spdyd: Add --color option to force colored log output
shrpx: Check DATA_FLAG_FIN on on_data_recv_callback
tests: Fix main test fail with address-sanitizer
Fix outbound flow control count
We wrongly added the whole payload length even if we sent part of it.
shrpx: Fix missing extension HTTP status code in response
shrpx: Add rate limit options
shrpx: Replace \r\n with space when constructing HTTP/1 headers
shrpx: Guard ecdh use with !OPENSSL_NO_EC
spdylay_ssl: fix the user-agent position
Patch from soyer
spdycat: Add missing verbose output for upload DATA
Call on_stream_close_callback for stream in SPDYLAY_STREAM_INITIAL state
We call on_stream_close_callback even if stream->state is SPDYLAY_STREAM_INITIAL. This will happen while sending request HEADERS, a local endpoint receives RST_STREAM for that stream. It may be PROTOCOL_ERROR, but without notifying stream closure will hang the stream in a local endpoint.