@tatsuhiro-t tatsuhiro-t released this Sep 25, 2016 · 1 commit to master since this release

Assets 5

Release Note

This release removes CREDENTIAL frame support. The API functions are
still there, but they are now noop.


  • Renew test key pair

  • Fix OpenSSL 1.1.0 deprecation warnings

  • spdylay: compile against openssl-1.1.0

    It fails to compile against openssl 1.1.0 due to things like
    |shrpx_client_handler.cc:90:30: error: 'strerror' was not declared in this scope
    |shrpx_listen_handler.cc:112:32: error: 'memset' was not declared in this scope
    |shrpx_listen_handler.cc:114:43: error: 'memcpy' was not declared in this scope

    This resolves it.

    Signed-off-by: Sebastian Andrzej Siewior sebastian@breakpoint.cc

    Patch from Sebastian Andrzej Siewior

  • spdycat: Fix leak in SpdySession.reqvec

  • Compile with IRIX 6.5.22 using GCC-4.7.4

    Based on the patch from Klaus Ziegler

  • Remove CREDENTIAL frame processing completely

    We just left API as is, but related functions just do nothing now.

  • Allocate stream ID when spdylay_submit_{syn_stream,request} is called

    This commit allocates stream ID when spdylay_submit_syn_stream and
    spdylay_submit_request is called. Also create stream when
    spdylay_session_predicate_syn_stream_send is failed, to provide
    stream to user callback (e.g., on_ctrl_not_send_callback).
    Allocating stream ID early ensures that we can create stream because
    we can catch stream ID exhaustion early and fail fast. Since stream
    ID is allocated serially, we have to send SYN_STREAM in the order
    they queued. So now all queued syn_stream have the same priority
    (lowest). The DATA frame has given priority by application. This
    does not work well with CREDENTIAL frame, since SYN_STREAM may wait
    for CREDENTIAL, which results in out of order transmission. Since
    CREDENTIAL frame was deprecated in SPDY/3.1, and no one use it, we
    remove its functionality in the later commit.

  • spdycat: --proxy-port, not --proxyport

    Fixes GH-132

  • spdycat: Check :host header field for SNI, since Host header is not allowed

  • spdycat: Update spdycat --help output for --header

    Patch from Chris Adams

  • spdycat: Fix resource leak found by coverity scan

@tatsuhiro-t tatsuhiro-t released this Mar 12, 2015 · 22 commits to master since this release

Assets 5

Release Note

This release adds spdylay_session_get_stream_user_data() API function
and various source code enhancements using compiler warning flags.


  • Add spdylay_session_set_stream_user_data() API function

  • spdycat: Support pipe input for -d

    This is a port from nghttp2/nghttp2@a8a6684

  • fix implicit conversion loses integer precision [-Werror,-Wshorten-64-to-32]

    Patch from Alexis La Goutte

  • fix cast increases required alignment [-Werror,-Wcast-align]

    Patch from Alexis La Goutte

  • Fix error: will never be executed [-Werror,-Wunreachable-code]

    Patch from Alexis La Goutte

  • Add check compile flag and add some new CFLAG option

    Patch from Alexis La Goutte

  • Remove -Wno-unused-parameter (and add U macro)

    Patch from Alexis La Goutte

  • Fix -Werror=unused-parameter using U macro

    Patch from Alexis La Goutte

  • shrpx: Don't send x-forwarded-proto if -s or -p is used

  • Fix Allocator sizeof operand mismatch found by Clang Analyzer

    Patch from Alexis La Goutte

@tatsuhiro-t tatsuhiro-t released this Aug 24, 2014 · 41 commits to master since this release

Assets 5

Release Note

This release fix the bug in spdylay_session_consume function.


  • Fix bug that connection window is consumed excessively

    Previously we consider bytes as consumed in
    spdylay_session_mem_recv() even if it is not ignored and is passing
    to application. As a result, excessive number of bytes are
    considered as consumed and library sends excessive amount of
    WINDOW_UPDATE to peer. This commit fixes this bug.

@tatsuhiro-t tatsuhiro-t released this Aug 23, 2014 · 45 commits to master since this release

Assets 5

Release Note

This release adds new API function spdylay_session_consume() and the
new option SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE2 to enable that
functionality. This is a preferred way to manually control local flow
window. This effectively deprecates SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE


  • Add spdylay_session_consume() API

    This function is back ported from nghttp2 project. This is a
    preferred way to manually control flow window.
    SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE is not deprecated. New
    application should use SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE2 and use
    spdylay_session_consume() to tell the library how many bytes
    application consumed.

@tatsuhiro-t tatsuhiro-t released this Jun 2, 2014 · 53 commits to master since this release

Assets 5

Release Note

This release fixes the bug that write timeout in shrpx frontend
connection is triggered when there is no data to write.


  • shrpx: Set timeout to underlying bufferevent

    Setting write timeout to filter bufferevent does not work as
    intended. It timeouts even when there is no data to write.

@tatsuhiro-t tatsuhiro-t released this May 16, 2014 · 57 commits to master since this release

Assets 5

Release Note

This release adds several new options to shrpx SPDY proxy. NPN
selection made by spdylay_select_next_protocol() now prefers higher
SPDY version, regardless of the order of received protocol
identifiers. Other several minor fixes were also made.


  • shrpx: Remove Connection: close header field from CONNECT response

  • spdycat: Fix bug that -H does not allow single letter header name

  • NPN: Prefer higher SPDY version

  • NPN: Check protocol id length so that scanner don't overrun buffer

  • spdycat: Allow -H to override built-in header fields

    This change also allow users to send specify multiple same header
    fields using -H if it is not built-in header fields.

  • shrpx: Add X-Forwarded-For header field to SPDY backend request

    This change also fixes its header field in http/1 backend where
    x-forwarded-proto has http if frontend is SPDY http.

  • shrpx: Add rate limit per worker thread

  • Update http-parser and allow extra characters in TOKEN

    Now http-parser is updated to
    8d9e5db981b623fffc93657abacdc80270cbee58. We allow additional
    characters in TOKEN to access somewhat broken servers. The all
    patches we made for spdylay are attached in this directory.

@tatsuhiro-t tatsuhiro-t released this Feb 5, 2014 · 83 commits to master since this release

Assets 5

Release Note

This release adds new options to shrpx and spdycat. Spdycat now can
speak the protocol other than TLSv1. For library side, strict header
name/value validation is done against received headers.


  • shrpx: Disable TLS renegotiation

  • shrpx: Add --client-private-key-file and --client-cert-file options

  • shrpx: Call SpdySession::disconnect() if initiate_connection() failed

    This will clean up resources allocated in initiate_connection()

  • spdycat: Fix port checking to share connection

  • shrpx: Send acceptable list of CAs when client cert auth is enabled

  • spdycat: Add support for SPDY proxies

    Patch from Nils "irrenhaus" Hesse

  • spdycat: Use SSLv23_client_method instead of TLSv1_client_method

  • shrpx: Add --tls-proto-list option to enable SSL/TLS protocol

  • Validate header name/value pair strictly to avoid possible attack

  • Don't return SPDYLAY_ERR_INVALID_ARGUMENT if priority is larger than

@tatsuhiro-t tatsuhiro-t released this Dec 16, 2013 · 113 commits to master since this release

Assets 5

Release Note

This release fixes the bug that shrpx exits when SPDY backend
connection cannot be established.


  • shrpx: Don't DIE when establishing backend SPDY connection failed
  • spdylay_map: Implement hash table
  • Tear down connection on invalid DATA frame reception

@tatsuhiro-t tatsuhiro-t released this Nov 20, 2013 · 124 commits to master since this release

Assets 4

Release Note

This release fixes the bug which makes shrpx crash on downstream
connection failure.


  • shrpx: Fix crash on downstream connection failure

@tatsuhiro-t tatsuhiro-t released this Nov 20, 2013 · 130 commits to master since this release

Assets 4

Release Note

This release adds SPDY/3.1 support and fixes flow control bug. The
shrpx, SPDY proxy, got client certificate authentication. It now also
supports custom HTTP-version string (e.g., ICY). The spdycat and
spdyd got --color option to force ANSI color escape in output.


  • shrpx: Add options to specify per-connection window size

  • Interleave streams with same priority

  • Add SPDY/3.1 support

    The added feature is connection-level flow control.

  • src/http-parser: Allow custom HTTP-version string (e.g., ICY)

    We need HTTP major and minor version later, so we assume it is
    HTTP/1.0 equivalent if custom HTTP-version string is used.

  • src/http-parser: Update to HEAD

  • shrpx: Add --verify-client-cacert option

    Using --cacert to load certificate for client certificate
    authentication is problematic since, --cacert is also used for
    client mode. This commit adds --verify-client-cacert option which
    specify the CA certficate file used only for client certificate
    validation. This change also removes the default certficate load
    function for client certificate validation.

  • shrpx: Add --verify-client option

    This option requires client certificate and successful verification.
    Use --cacert option to add CA certificates as necessary.

  • spdycat, spdyd: Add --color option to force colored log output

  • shrpx: Check DATA_FLAG_FIN on on_data_recv_callback

  • tests: Fix main test fail with address-sanitizer

  • Fix outbound flow control count

    We wrongly added the whole payload length even if we sent part of it.

  • shrpx: Fix missing extension HTTP status code in response

  • shrpx: Add rate limit options

  • shrpx: Replace \r\n with space when constructing HTTP/1 headers

  • shrpx: Guard ecdh use with !OPENSSL_NO_EC

  • spdylay_ssl: fix the user-agent position

    Patch from soyer

  • spdycat: Add missing verbose output for upload DATA

  • Call on_stream_close_callback for stream in SPDYLAY_STREAM_INITIAL state

    We call on_stream_close_callback even if stream->state is
    SPDYLAY_STREAM_INITIAL. This will happen while sending request
    HEADERS, a local endpoint receives RST_STREAM for that stream. It
    may be PROTOCOL_ERROR, but without notifying stream closure will
    hang the stream in a local endpoint.