1
0
mirror of https://github.com/moparisthebest/spdylay synced 2024-11-15 22:15:14 -05:00
Commit Graph

12 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa
9ba19df813 shrpx: Add --spdy-bridge option
With --spdy-bridge option, it listens SPDY/HTTPS connections from
front end and forwards them to the backend in SPDY. The usage will be
written later. This change fixes the crash when more than 2
outstanding SpdyDownstreamConnection objects are added to SpdySession
and establishing connection to SPDY backend is failed.
2013-02-08 21:46:58 +09:00
Tatsuhiro Tsujikawa
b18af854af shrpx: Add --subcert option to add additional certificate/private key
This option specifies additional certificate and private key
file. Shrpx will choose certificates based on the hostname indicated
by client using TLS SNI extension. This option can be used multiple
times.
2013-02-06 23:41:28 +09:00
Tatsuhiro Tsujikawa
c45fa16f94 shrpx: Add --no-via option
If --no-via option is given, shrpx does not append to Via header
field. If Via header field is received, it is left unaltered.
2013-01-09 22:03:49 +09:00
Tatsuhiro Tsujikawa
06220f7fdf shrpx: Make is_secure() static 2012-12-07 23:14:20 +09:00
Raul Gutierrez Segales
cbf8ccf7d1 [shrpx] read private key's passwd from a file
This avoids the need to provide the password for your
private key interactively.

It can be used via --private-key-passwd-file or private-key-passwd-file
in the given config file. The first line in the file
(without \n) will be treated as the passwd. There isn't
any validation and all lines after the first one (if any)
are ignored.

The security model behind this is a bit simplistic so I
am open to better ideas. Basically your password file
should be root:root (700) and you *should* drop root
and run as an unprivileged user.

If the file exists and a line can be read then a callback
will be set for the SSL ctxt and it'll feed the passwd
when the private key is read (if password is needed).

If the file exists with the wrong permisions it'll be
logged and ignored.
2012-12-03 21:55:32 -08:00
Tatsuhiro Tsujikawa
baf2dc3ddf shrpx: Add --backend-ipv4 and --backend-ipv6 options. 2012-11-23 21:11:01 +09:00
Tatsuhiro Tsujikawa
7a21905312 shrpx: Remove Config ctor and fill all initial values in fill_default_config() 2012-11-22 23:35:10 +09:00
Tatsuhiro Tsujikawa
d589f4c74c shrpx: Verify backend server's certificate in client mode
The -k, --insecure option is added to skip this verification.  The
system wide trusted CA certificates will be loaded at startup. The
--cacert option is added to specify the trusted CA certificate file.
2012-11-22 21:46:15 +09:00
Tatsuhiro Tsujikawa
81adb6bc7f shrpx: Implement downstream SPDY flow control 2012-11-21 23:47:48 +09:00
Tatsuhiro Tsujikawa
0bf15a7694 Rename --client-mode as --client and add --client-proxy
With --client-proxy option, shrpx makes sure that the request path is
an absolute URI, otherwise it will return 400 status code.
2012-11-21 22:10:35 +09:00
Tatsuhiro Tsujikawa
026f4ca3a2 Add --client-mode option
With --client-mode option, shrpx now accepts unencrypted HTTP
connections and communicates with backend server in SPDY.  In short,
this is the "reversed" operation mode against normal mode.  This may
be useful for testing purpose because it can sit between HTTP client
and shrpx "normal" mode.
2012-11-18 21:46:07 +09:00
Tatsuhiro Tsujikawa
b0fcd68783 Move spdycat, spdyd and shrpx from examples to src
To distinguish the to-be-installed programs and non-installable
example source code, the former programs, spdycat, spdydyd and shrpx,
were moved to src directory. spdynative was removed from Makefile
because it does not appeal to any users much.
2012-09-10 21:39:51 +09:00