- 25 May, 2017 2 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
At least we should make sure that the OCSP response is targeted to the expected certificate. This is important because we pass the file path to the external script, and if the file is replaced because of renewal, and nghttpx has not reloaded its configuration, the certificate nghttpx has loaded and the one included in the file differ. Verifying the OCSP response detects this, and avoids to send wrong OCSP response.
-
- 22 May, 2017 3 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
- 21 May, 2017 5 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
Call ERR_clear_error() before the OpenSSL function if we use SSL_get_error() to examine error stack.
-
- 20 May, 2017 1 commit
-
-
Tatsuhiro Tsujikawa authored
-
- 18 May, 2017 5 commits
-
-
Tatsuhiro Tsujikawa authored
Compile with --disable-assert
-
Tatsuhiro Tsujikawa authored
nghttpx: Run OCSP at startup
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
nghttp2_session: Allow for compiling library with -DNDEBUG set
-
Tatsuhiro Tsujikawa authored
With --ocsp-startup option, nghttpx starts accepting connections after initial attempts to get OCSP responses finish. It does not matter some of the attempts fail. This feature is useful if OCSP responses must be available before accepting connections.
-
- 17 May, 2017 1 commit
-
-
Angus Gratton authored
-
- 14 May, 2017 2 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
- 13 May, 2017 1 commit
-
-
Tatsuhiro Tsujikawa authored
Update docs
-
- 12 May, 2017 2 commits
-
-
Tapanito authored
-
Tatsuhiro Tsujikawa authored
-
- 11 May, 2017 2 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
This commit adds wildcard path matching. If path pattern given in backend option ends with "*", it is considered as wildcard path. "*" must match at least one character. All paths which include wildcard path without last "*" as prefix, and are strictly longer than wildcard path without last "*" are matched.
-
- 30 Apr, 2017 1 commit
-
-
Tatsuhiro Tsujikawa authored
-
- 29 Apr, 2017 2 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
- 28 Apr, 2017 5 commits
-
-
Tatsuhiro Tsujikawa authored
Previously, the incoming invalid regular header field was ignored by default. With this commit, they are now treated as stream error, and the stream is reset by default. The error code used is now PROTOCOL_ERROR, instead of INTERNAL_ERROR.
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
- 27 Apr, 2017 6 commits
-
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
-
Tatsuhiro Tsujikawa authored
With this commit, SSL_TLSEXT_ERR_NOACK is returned from servername_callback, which removes server_name extension from ServerHello. CertLookupTree is now used even if the number of server certificate is one. It is better to exercise it regularly.
-
Tatsuhiro Tsujikawa authored
-
- 26 Apr, 2017 2 commits
-
-
Tatsuhiro Tsujikawa authored
nghttpx: Forward multiple via, xff, and xfp header fields
-
Tatsuhiro Tsujikawa authored
-