nginx.git - nginx

Age	Commit message (Collapse)	Author	Files	Lines
2020-03-28	HTTP/3: http3 variable.	Sergey Kandaurov	1	-0/+24

2020-03-28	HTTP/3: static table cleanup.	Sergey Kandaurov	1	-7/+8

2020-03-27	Parsing HTTP/3 request body.	Roman Arutyunyan	8	-10/+167

2020-03-27	Chunked response body in HTTP/3.	Roman Arutyunyan	3	-18/+76

2020-03-27	Fixed buffer overflow.	Roman Arutyunyan	1	-1/+1

2020-03-25	Simplifed handling HTTP/3 streams.	Roman Arutyunyan	2	-178/+86

2020-03-24	When closing a QUIC connection, wait for all streams to finish.	Roman Arutyunyan	1	-0/+21
	Additionally, streams are now removed from the tree in cleanup handler.
2020-03-24	Removed ngx_quic_stream_node_t.	Roman Arutyunyan	1	-1/+1
	Now ngx_quic_stream_t is directly inserted into the tree.
2020-03-24	QUIC streams don't need filter_need_in_memory after 7f0981be07c4.	Sergey Kandaurov	1	-1/+0
	Now they inherit c->ssl always enabled from the main connection, which makes r->main_filter_need_in_memory set for them.
2020-03-23	Fixed client certificate verification.	Sergey Kandaurov	1	-0/+1
	For ngx_http_process_request() part to work, this required to set both r->http_connection->ssl and c->ssl on a QUIC stream. To avoid damaging global SSL object, ngx_ssl_shutdown() is managed to ignore QUIC streams.
2020-03-23	Respect QUIC max_idle_timeout.	Roman Arutyunyan	2	-4/+2

2020-03-23	Support for HTTP/3 ALPN.	Roman Arutyunyan	2	-2/+13
	This is required by Chrome.
2020-03-23	Limit output QUIC packets with client max_packet_size.	Roman Arutyunyan	1	-3/+6
	Additionally, receive larger packets than 512 bytes.
2020-03-20	Removed unused variable.	Roman Arutyunyan	1	-3/+1

2020-03-20	Adedd the http "quic" variable.	Vladimir Homutov	1	-1/+52
	The value is literal "quic" for requests passed over HTTP/3, and empty string otherwise.
2020-03-20	Configurable transport parameters.	Vladimir Homutov	3	-3/+189
	- integer parameters can be configured using the following directives: quic_max_idle_timeout quic_max_ack_delay quic_max_packet_size quic_initial_max_data quic_initial_max_stream_data_bidi_local quic_initial_max_stream_data_bidi_remote quic_initial_max_stream_data_uni quic_initial_max_streams_bidi quic_initial_max_streams_uni quic_ack_delay_exponent quic_active_migration quic_active_connection_id_limit - only following parameters are actually sent: active_connection_id_limit initial_max_streams_uni initial_max_streams_bidi initial_max_stream_data_bidi_local initial_max_stream_data_bidi_remote initial_max_stream_data_uni (other parameters are to be added into ngx_quic_create_transport_params() function as needed, should be easy now) - draft 24 and draft 27 are now supported (at compile-time using quic_version macro)
2020-03-19	Fixed header creation for header_only responses in HTTP/3.	Roman Arutyunyan	2	-24/+31

2020-03-18	HTTP/3 $request_line variable.	Roman Arutyunyan	2	-540/+37

2020-03-18	Moved setting QUIC methods to runtime.	Roman Arutyunyan	2	-15/+0
	This allows listening to both https and http3 in the same server. Also, the change eliminates the ssl_quic directive.
2020-03-18	Fixed pointer increment while parsing HTTP/3 header.	Roman Arutyunyan	1	-3/+2

2020-03-18	Fixed HTTP/3 server stream creation.	Roman Arutyunyan	1	-5/+5

2020-03-18	Removed comment.	Roman Arutyunyan	1	-1/+0

2020-03-18	Refactored HTTP/3 parser.	Roman Arutyunyan	9	-694/+1872

2020-03-14	Temporary fix for header null-termination in HTTP/3.	Roman Arutyunyan	2	-2/+14

2020-03-13	HTTP/3.	Roman Arutyunyan	12	-56/+2926

2020-03-13	Stream "connection" read/write methods.	Vladimir Homutov	1	-0/+31

2020-03-12	Fix build.	Sergey Kandaurov	1	-1/+2

2020-03-12	HTTP/QUIC interface reworked.	Vladimir Homutov	1	-87/+18
	- events handling moved into src/event/ngx_event_quic.c - http invokes once ngx_quic_run() and passes stream callback (diff to original http_request.c is now minimal) - streams are stored in rbtree using ID as a key - when a new stream is registered, appropriate callback is called - ngx_quic_stream_t type represents STREAM and stored in c->qs
2020-02-28	Moved all QUIC code into ngx_event_quic.c	Vladimir Homutov	1	-545/+10
	Introduced ngx_quic_input() and ngx_quic_output() as interface between nginx and protocol. They are the only functions that are exported. While there, added copyrights.
2020-02-28	Introduced quic_version macro, uint16/uint32 routines ported.	Sergey Kandaurov	1	-6/+6

2020-02-28	Cleanup.	Sergey Kandaurov	2	-51/+19

2020-02-26	Generic function for HKDF expansion.	Vladimir Homutov	1	-282/+69

2020-02-28	QUIC header protection routines, introduced ngx_quic_tls_hp().	Sergey Kandaurov	1	-38/+4

2020-02-28	AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().	Sergey Kandaurov	1	-243/+27

2020-02-28	Transport parameters stub, to complete handshake.	Sergey Kandaurov	1	-1/+11

2020-02-28	Introduced ngx_quic_secret_t.	Sergey Kandaurov	1	-88/+88

2020-02-28	QUIC handshake handler, draft 24 bump.	Sergey Kandaurov	1	-3/+353

2020-02-28	Fixed indentation.	Sergey Kandaurov	1	-199/+196

2020-02-28	PN-aware AEAD nonce, feeding proper CRYPTO length.	Sergey Kandaurov	1	-1/+21

2020-02-28	OpenSSL compatibility.	Sergey Kandaurov	1	-52/+199

2020-02-28	QUIC add_handshake_data callback, varint routines.	Sergey Kandaurov	1	-39/+1

2020-02-28	QUIC set_encryption_secrets callback.	Sergey Kandaurov	1	-2/+2

2020-02-28	Server Initial Keys.	Sergey Kandaurov	1	-4/+137

2020-02-28	Initial QUIC support in http.	Sergey Kandaurov	7	-6/+564

2020-02-28	HTTP UDP layer, QUIC support autotest.	Sergey Kandaurov	4	-1/+24

2020-02-28	Added default overwrite in error_page 494.	Maxim Dounin	1	-0/+1
	We used to have default error_page overwrite for 495, 496, and 497, so a configuration like error_page 495 /error; will result in error 400, much like without any error_page configured. The 494 status code was introduced later (in 3848:de59ad6bf557, nginx 0.9.4), and relevant changes to ngx_http_core_error_page() were missed, resulting in inconsistent behaviour of "error_page 494" - with error_page configured it results in 494 being returned instead of 400. Reported by Frank Liu, http://mailman.nginx.org/pipermail/nginx/2020-February/058957.html.
2020-02-26	Mp4: fixed possible chunk offset overflow.	Roman Arutyunyan	1	-11/+64
	In "co64" atom chunk start offset is a 64-bit unsigned integer. When trimming the "mdat" atom, chunk offsets are casted to off_t values which are typically 64-bit signed integers. A specially crafted mp4 file with huge chunk offsets may lead to off_t overflow and result in negative trim boundaries. The consequences of the overflow are: - Incorrect Content-Length header value in the response. - Negative left boundary of the response file buffer holding the trimmed "mdat". This leads to pread()/sendfile() errors followed by closing the client connection. On rare systems where off_t is a 32-bit integer, this scenario is also feasible with the "stco" atom. The fix is to add checks which make sure data chunks referenced by each track are within the mp4 file boundaries. Additionally a few more checks are added to ensure mp4 file consistency and log errors.
2020-02-27	Disabled connection reuse while in SSL handshake.	Sergey Kandaurov	1	-2/+2
	During SSL handshake, the connection could be reused in the OCSP stapling callback, if configured, which subsequently leads to a segmentation fault.
2020-02-20	Disabled duplicate "Host" headers (ticket #1724).	Maxim Dounin	1	-2/+10
	Duplicate "Host" headers were allowed in nginx 0.7.0 (revision b9de93d804ea) as a workaround for some broken Motorola phones which used to generate requests with two "Host" headers[1]. It is believed that this workaround is no longer relevant. [1] http://mailman.nginx.org/pipermail/nginx-ru/2008-May/017845.html
2020-02-20	Removed "Transfer-Encoding: identity" support.	Maxim Dounin	1	-4/+1
	The "identity" transfer coding has been removed in RFC 7230. It is believed that it is not used in real life, and at the same time it provides a potential attack vector.