- 07 Dec, 2012 2 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
- 04 Dec, 2012 1 commit
-
-
Raul Gutierrez Segales authored
This avoids the need to provide the password for your private key interactively. It can be used via --private-key-passwd-file or private-key-passwd-file in the given config file. The first line in the file (without \n) will be treated as the passwd. There isn't any validation and all lines after the first one (if any) are ignored. The security model behind this is a bit simplistic so I am open to better ideas. Basically your password file should be root:root (700) and you *should* drop root and run as an unprivileged user. If the file exists and a line can be read then a callback will be set for the SSL ctxt and it'll feed the passwd when the private key is read (if password is needed). If the file exists with the wrong permisions it'll be logged and ignored.
-
- 25 Nov, 2012 1 commit
-
-
Tatsuhiro Tsujikawa authored
Use --no-tls option to disable SSL/TLS and specify SPDY protocol version using -2 or -3.
-
- 24 Nov, 2012 1 commit
-
-
Tatsuhiro Tsujikawa authored
-
- 23 Nov, 2012 4 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
- 22 Nov, 2012 8 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
The -k, --insecure option is added to skip this verification. The system wide trusted CA certificates will be loaded at startup. The --cacert option is added to specify the trusted CA certificate file.
-
- 21 Nov, 2012 3 commits
-
-
Tatsuhiro Tsujikawa authored
Possibly because of deferred callback, we may get this callback when the output buffer is not empty.
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
With --client-proxy option, shrpx makes sure that the request path is an absolute URI, otherwise it will return 400 status code.
-
- 20 Nov, 2012 1 commit
-
-
Tatsuhiro Tsujikawa authored
In client mode, now SPDY connection to the backend server is established per thread. The frontend connections which belong to the same thread share the SPDY connection.
-
- 19 Nov, 2012 1 commit
-
-
Tatsuhiro Tsujikawa authored
-
- 18 Nov, 2012 10 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
Don't call HttpsUpstream::resume_read() from the call tree of on_read(). Avoid parsing next http data after parse error.
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
With --client-mode option, shrpx now accepts unencrypted HTTP connections and communicates with backend server in SPDY. In short, this is the "reversed" operation mode against normal mode. This may be useful for testing purpose because it can sit between HTTP client and shrpx "normal" mode.
-
Tatsuhiro Tsujikawa authored
-
- 14 Nov, 2012 3 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
- 28 Oct, 2012 1 commit
-
-
Raul Gutierrez Segales authored
We should only call daemon() after ListenHandler is instantiated, where SSL_CTX_use_PrivateKey_file is called, otherwise we have no stdin/stdout to get the password for keyfile.
-
- 27 Oct, 2012 1 commit
-
-
Raul Gutierrez Segales authored
We should probably make this spec file a template and integrate it with our build process (make package?). Will follow-up with that eventually.
-
- 16 Oct, 2012 1 commit
-
-
Tatsuhiro Tsujikawa authored
-
- 14 Oct, 2012 1 commit
-
-
Tatsuhiro Tsujikawa authored
-
- 05 Oct, 2012 1 commit
-
-
Tatsuhiro Tsujikawa authored
-