Releases: tatsuhiro-t/spdylay
spdylay v1.4.0
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release removes CREDENTIAL frame support. The API functions are
still there, but they are now noop.
Changes
-
Renew test key pair
-
Fix OpenSSL 1.1.0 deprecation warnings
-
spdylay: compile against openssl-1.1.0
It fails to compile against openssl 1.1.0 due to things like
|shrpx_client_handler.cc:90:30: error: 'strerror' was not declared in this scope
|shrpx_listen_handler.cc:112:32: error: 'memset' was not declared in this scope
|shrpx_listen_handler.cc:114:43: error: 'memcpy' was not declared in this scopeThis resolves it.
Signed-off-by: Sebastian Andrzej Siewior sebastian@breakpoint.cc
Patch from Sebastian Andrzej Siewior
-
spdycat: Fix leak in SpdySession.reqvec
-
Compile with IRIX 6.5.22 using GCC-4.7.4
Based on the patch from Klaus Ziegler
-
Remove CREDENTIAL frame processing completely
We just left API as is, but related functions just do nothing now.
-
Allocate stream ID when spdylay_submit_{syn_stream,request} is called
This commit allocates stream ID when spdylay_submit_syn_stream and
spdylay_submit_request is called. Also create stream when
spdylay_session_predicate_syn_stream_send is failed, to provide
stream to user callback (e.g., on_ctrl_not_send_callback).
Allocating stream ID early ensures that we can create stream because
we can catch stream ID exhaustion early and fail fast. Since stream
ID is allocated serially, we have to send SYN_STREAM in the order
they queued. So now all queued syn_stream have the same priority
(lowest). The DATA frame has given priority by application. This
does not work well with CREDENTIAL frame, since SYN_STREAM may wait
for CREDENTIAL, which results in out of order transmission. Since
CREDENTIAL frame was deprecated in SPDY/3.1, and no one use it, we
remove its functionality in the later commit. -
spdycat: --proxy-port, not --proxyport
Fixes GH-132
-
spdycat: Check :host header field for SNI, since Host header is not allowed
-
spdycat: Update spdycat --help output for --header
Patch from Chris Adams
-
spdycat: Fix resource leak found by coverity scan
spdylay v1.3.2
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release adds spdylay_session_get_stream_user_data() API function
and various source code enhancements using compiler warning flags.
Changes
-
Add spdylay_session_set_stream_user_data() API function
-
spdycat: Support pipe input for -d
This is a port from nghttp2/nghttp2@a8a6684
-
fix implicit conversion loses integer precision [-Werror,-Wshorten-64-to-32]
Patch from Alexis La Goutte
-
fix cast increases required alignment [-Werror,-Wcast-align]
Patch from Alexis La Goutte
-
Fix error: will never be executed [-Werror,-Wunreachable-code]
Patch from Alexis La Goutte
-
Add check compile flag and add some new CFLAG option
Patch from Alexis La Goutte
-
Remove -Wno-unused-parameter (and add U macro)
Patch from Alexis La Goutte
-
Fix -Werror=unused-parameter using U macro
Patch from Alexis La Goutte
-
shrpx: Don't send x-forwarded-proto if -s or -p is used
-
Fix Allocator sizeof operand mismatch found by Clang Analyzer
Patch from Alexis La Goutte
spdylay v1.3.1
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release fix the bug in spdylay_session_consume function.
Changes
-
Fix bug that connection window is consumed excessively
Previously we consider bytes as consumed in
spdylay_session_mem_recv() even if it is not ignored and is passing
to application. As a result, excessive number of bytes are
considered as consumed and library sends excessive amount of
WINDOW_UPDATE to peer. This commit fixes this bug.
spdylay v1.3.0
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release adds new API function spdylay_session_consume() and the
new option SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE2 to enable that
functionality. This is a preferred way to manually control local flow
window. This effectively deprecates SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE
option.
Changes
-
Add spdylay_session_consume() API
This function is back ported from nghttp2 project. This is a
preferred way to manually control flow window.
SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE is not deprecated. New
application should use SPDYLAY_OPT_NO_AUTO_WINDOW_UPDATE2 and use
spdylay_session_consume() to tell the library how many bytes
application consumed.
spdylay v1.2.5
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release fixes the bug that write timeout in shrpx frontend
connection is triggered when there is no data to write.
Changes
-
shrpx: Set timeout to underlying bufferevent
Setting write timeout to filter bufferevent does not work as
intended. It timeouts even when there is no data to write.
spdylay v1.2.4
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release adds several new options to shrpx SPDY proxy. NPN
selection made by spdylay_select_next_protocol() now prefers higher
SPDY version, regardless of the order of received protocol
identifiers. Other several minor fixes were also made.
Changes
-
shrpx: Remove Connection: close header field from CONNECT response
-
spdycat: Fix bug that -H does not allow single letter header name
-
NPN: Prefer higher SPDY version
-
NPN: Check protocol id length so that scanner don't overrun buffer
-
spdycat: Allow -H to override built-in header fields
This change also allow users to send specify multiple same header
fields using -H if it is not built-in header fields. -
shrpx: Add X-Forwarded-For header field to SPDY backend request
This change also fixes its header field in http/1 backend where
x-forwarded-proto has http if frontend is SPDY http. -
shrpx: Add rate limit per worker thread
-
Update http-parser and allow extra characters in TOKEN
Now http-parser is updated to
8d9e5db981b623fffc93657abacdc80270cbee58. We allow additional
characters in TOKEN to access somewhat broken servers. The all
patches we made for spdylay are attached in this directory.
spdylay v1.2.3
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release adds new options to shrpx and spdycat. Spdycat now can
speak the protocol other than TLSv1. For library side, strict header
name/value validation is done against received headers.
Changes
-
shrpx: Disable TLS renegotiation
-
shrpx: Add --client-private-key-file and --client-cert-file options
-
shrpx: Call SpdySession::disconnect() if initiate_connection() failed
This will clean up resources allocated in initiate_connection()
properly. -
spdycat: Fix port checking to share connection
-
shrpx: Send acceptable list of CAs when client cert auth is enabled
-
spdycat: Add support for SPDY proxies
Patch from Nils "irrenhaus" Hesse
-
spdycat: Use SSLv23_client_method instead of TLSv1_client_method
-
shrpx: Add --tls-proto-list option to enable SSL/TLS protocol
selectively -
Validate header name/value pair strictly to avoid possible attack
-
Don't return SPDYLAY_ERR_INVALID_ARGUMENT if priority is larger than
lowest
spdylay v1.2.2
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release fixes the bug that shrpx exits when SPDY backend
connection cannot be established.
Changes
- shrpx: Don't DIE when establishing backend SPDY connection failed
- spdylay_map: Implement hash table
- Tear down connection on invalid DATA frame reception
spdylay v1.2.1
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release fixes the bug which makes shrpx crash on downstream
connection failure.
Changes
- shrpx: Fix crash on downstream connection failure
spdylay v1.2.0
tatsuhiro-t
Tatsuhiro Tsujikawa
Release Note
This release adds SPDY/3.1 support and fixes flow control bug. The
shrpx, SPDY proxy, got client certificate authentication. It now also
supports custom HTTP-version string (e.g., ICY). The spdycat and
spdyd got --color option to force ANSI color escape in output.
Changes
-
shrpx: Add options to specify per-connection window size
-
Interleave streams with same priority
-
Add SPDY/3.1 support
The added feature is connection-level flow control.
-
src/http-parser: Allow custom HTTP-version string (e.g., ICY)
We need HTTP major and minor version later, so we assume it is
HTTP/1.0 equivalent if custom HTTP-version string is used. -
src/http-parser: Update to HEAD
-
shrpx: Add --verify-client-cacert option
Using --cacert to load certificate for client certificate
authentication is problematic since, --cacert is also used for
client mode. This commit adds --verify-client-cacert option which
specify the CA certficate file used only for client certificate
validation. This change also removes the default certficate load
function for client certificate validation. -
shrpx: Add --verify-client option
This option requires client certificate and successful verification.
Use --cacert option to add CA certificates as necessary. -
spdycat, spdyd: Add --color option to force colored log output
-
shrpx: Check DATA_FLAG_FIN on on_data_recv_callback
-
tests: Fix main test fail with address-sanitizer
-
Fix outbound flow control count
We wrongly added the whole payload length even if we sent part of it.
-
shrpx: Fix missing extension HTTP status code in response
-
shrpx: Add rate limit options
-
shrpx: Replace \r\n with space when constructing HTTP/1 headers
-
shrpx: Guard ecdh use with !OPENSSL_NO_EC
-
spdylay_ssl: fix the user-agent position
Patch from soyer
-
spdycat: Add missing verbose output for upload DATA
-
Call on_stream_close_callback for stream in SPDYLAY_STREAM_INITIAL state
We call on_stream_close_callback even if stream->state is
SPDYLAY_STREAM_INITIAL. This will happen while sending request
HEADERS, a local endpoint receives RST_STREAM for that stream. It
may be PROTOCOL_ERROR, but without notifying stream closure will
hang the stream in a local endpoint.