forked from tatsuhiro-t/spdylay
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNEWS
214 lines (127 loc) · 5.4 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
spdylay 1.2.5
=============
Release Note
------------
This release fixes the bug that write timeout in shrpx frontend
connection is triggered when there is no data to write.
Changes
-------
* shrpx: Set timeout to underlying bufferevent
Setting write timeout to filter bufferevent does not work as
intended. It timeouts even when there is no data to write.
spdylay 1.2.4
=============
Release Note
------------
This release adds several new options to shrpx SPDY proxy. NPN
selection made by spdylay_select_next_protocol() now prefers higher
SPDY version, regardless of the order of received protocol
identifiers. Other several minor fixes were also made.
Changes
-------
* shrpx: Remove Connection: close header field from CONNECT response
* spdycat: Fix bug that -H does not allow single letter header name
* NPN: Prefer higher SPDY version
* NPN: Check protocol id length so that scanner don't overrun buffer
* spdycat: Allow -H to override built-in header fields
This change also allow users to send specify multiple same header
fields using -H if it is not built-in header fields.
* shrpx: Add X-Forwarded-For header field to SPDY backend request
This change also fixes its header field in http/1 backend where
x-forwarded-proto has http if frontend is SPDY http.
* shrpx: Add rate limit per worker thread
* Update http-parser and allow extra characters in TOKEN
Now http-parser is updated to
8d9e5db981b623fffc93657abacdc80270cbee58. We allow additional
characters in TOKEN to access somewhat *broken* servers. The all
patches we made for spdylay are attached in this directory.
spdylay 1.2.3
=============
Release Note
------------
This release adds new options to shrpx and spdycat. Spdycat now can
speak the protocol other than TLSv1. For library side, strict header
name/value validation is done against received headers.
Changes
-------
* shrpx: Disable TLS renegotiation
* shrpx: Add --client-private-key-file and --client-cert-file options
* shrpx: Call SpdySession::disconnect() if initiate_connection() failed
This will clean up resources allocated in initiate_connection()
properly.
* spdycat: Fix port checking to share connection
* shrpx: Send acceptable list of CAs when client cert auth is enabled
* spdycat: Add support for SPDY proxies
Patch from Nils "irrenhaus" Hesse
* spdycat: Use SSLv23_client_method instead of TLSv1_client_method
* shrpx: Add --tls-proto-list option to enable SSL/TLS protocol
selectively
* Validate header name/value pair strictly to avoid possible attack
* Don't return SPDYLAY_ERR_INVALID_ARGUMENT if priority is larger than
lowest
spdylay 1.2.2
=============
Release Note
------------
This release fixes the bug that shrpx exits when SPDY backend
connection cannot be established.
Changes
-------
* shrpx: Don't DIE when establishing backend SPDY connection failed
* spdylay_map: Implement hash table
* Tear down connection on invalid DATA frame reception
spdylay 1.2.1
=============
Release Note
------------
This release fixes the bug which makes shrpx crash on downstream
connection failure.
Changes
-------
* shrpx: Fix crash on downstream connection failure
spdylay 1.2.0
=============
Release Note
------------
This release adds SPDY/3.1 support and fixes flow control bug. The
shrpx, SPDY proxy, got client certificate authentication. It now also
supports custom HTTP-version string (e.g., ICY). The spdycat and
spdyd got --color option to force ANSI color escape in output.
Changes
-------
* shrpx: Add options to specify per-connection window size
* Interleave streams with same priority
* Add SPDY/3.1 support
The added feature is connection-level flow control.
* src/http-parser: Allow custom HTTP-version string (e.g., ICY)
We need HTTP major and minor version later, so we assume it is
HTTP/1.0 equivalent if custom HTTP-version string is used.
* src/http-parser: Update to HEAD
* shrpx: Add --verify-client-cacert option
Using --cacert to load certificate for client certificate
authentication is problematic since, --cacert is also used for
client mode. This commit adds --verify-client-cacert option which
specify the CA certficate file used only for client certificate
validation. This change also removes the default certficate load
function for client certificate validation.
* shrpx: Add --verify-client option
This option requires client certificate and successful verification.
Use --cacert option to add CA certificates as necessary.
* spdycat, spdyd: Add --color option to force colored log output
* shrpx: Check DATA_FLAG_FIN on on_data_recv_callback
* tests: Fix main test fail with address-sanitizer
* Fix outbound flow control count
We wrongly added the whole payload length even if we sent part of it.
* shrpx: Fix missing extension HTTP status code in response
* shrpx: Add rate limit options
* shrpx: Replace \r\n with space when constructing HTTP/1 headers
* shrpx: Guard ecdh use with !OPENSSL_NO_EC
* spdylay_ssl: fix the user-agent position
Patch from soyer
* spdycat: Add missing verbose output for upload DATA
* Call on_stream_close_callback for stream in SPDYLAY_STREAM_INITIAL state
We call on_stream_close_callback even if stream->state is
SPDYLAY_STREAM_INITIAL. This will happen while sending request
HEADERS, a local endpoint receives RST_STREAM for that stream. It
may be PROTOCOL_ERROR, but without notifying stream closure will
hang the stream in a local endpoint.