spdylay 0.3.8 ============= Release Note ------------ This release fixes stability problems in shrpx. Shrpx gets several new options and operation modes in this release. See the changes below for details. Spdycat and spdyd get colored verbose output. Build script for Android was added. Changes ------- * Add Android build scripts and document * shrpx: Fix assertion failure in SpdyDownstreamConnection::attach_stream_data * src: Provide timegm replacement and android build fix * Add --without-libxml2 configure option * Document about flags of spdylay_send_callback and spdylay_recv_callback * shrpx: Fix not send RST_STREAM when downstream gets valid EOF * shrpx: Fix WINDOW_UPDATE may block until SpdyUpstream::send() spdy_data_read_callback in SpdyDownstreamConnection calls SpdyUpstream::resume_read() which submits WINDOW_UPDATE, but after that they are not call SpdyUpstream::send(). This means that if no pending outgoing data in upstream, then WINDOW_UPDATE is blocked until SpdyUpstream::send() from somewhere. This change adds SpdyUpstream::send() to resume_read() so that WINDOW_UPDATE is not blocked. * shrpx: Fix blocking upstream RST_STREAM and propagate REFUSED_STREAM This change fixes upstream RST_STREAM is blocked until SpdyUpstream::send() is called. Now downstream REFUSED_STREAM is propagated to upstream client so that client can reset request. The RST_STREAM error code when downstream went wrong is changed from CANCEL to INTERNAL_ERROR. * shrpx: Remove strerror(3) from code which may run in multi-thread * shrpx: Add non-TLS SPDY backend connection support Use --backend-spdy-no-tls to disable TLS on backend SPDY connection. The SPDY protocol used there must be configured by --backend-spdy-proto option. * spdycat: Add --multiply option * spdycli: Fix missing last by with IPv6 addr and check argc * spdycat: Fix error handling of spdylay_gzip_inflate() * shrpx: More backend EOF handling Now we set Downstream::set_response_connection_close(true) for tunneled connections. Also call Upstream::on_downstream_body_complete() callback when setting MSG_COMPLETE in SpdySession when RST_STREAM is caught. Clean up EOF handling in https_downstream_readcb. * shrpx: Send pending response data before RST_STREAM in tunnel connection * shprx: Add --backend-http-proxy-uri option Specify proxy URI in the form http://[USER:PASS]PROXY:PORT. USER and PASS are optional and if they exist they must be properly percent-encoded. This proxy is used when the backend connection is SPDY. First, make a CONNECT request to the proxy and it connects to the backend on behalf of shrpx. This forms tunnel. After that, shrpx performs SSL/TLS handshake with the downstream through the tunnel. The timeouts when connecting and making CONNECT request can be specified by --backend-read-timeout and --backend-write-timeout options. * shrpx: Add --spdy-bridge option With --spdy-bridge option, it listens SPDY/HTTPS connections from front end and forwards them to the backend in SPDY. The usage will be written later. This change fixes the crash when more than 2 outstanding SpdyDownstreamConnection objects are added to SpdySession and establishing connection to SPDY backend is failed. * shrpx: Add --subcert option to add additional certificate/private key This option specifies additional certificate and private key file. Shrpx will choose certificates based on the hostname indicated by client using TLS SNI extension. This option can be used multiple times. * shrpx: Relay Connection: upgrade header field for HTTP/1.1 connections * spdycat: Send "accept-encoding: gzip, deflate" header field * spdycat: Output error messages to std::cerr * spdycat, spdyd: Color verbose output * shrpx: Don't return chunked response for pre-HTTP/1.1 request * Fix SPDY/3 priority pack and unpack handling spdylay 0.3.7 ============= Release Note ------------ This release updates INTERNAL_ERROR value of GOAWAY frame according to SPDY/3 spec change. The spdycat and spdyd now can operate on non-SSL/TLS SPDY connections. The shrpx now has --client and --client-proxy options to make it accept plain HTTP connection and forward to the backend in SPDY. There are many enhancements to these programs in this release. Please read Changes below. Changes ------- * spdycat: Add -d option to POST data * shrpx: Capitalize header field name in HTTP downstream connection * shrpx: Add --no-via option If --no-via option is given, shrpx does not append to Via header field. If Via header field is received, it is left unaltered. * spdycat: Log error when no supported SPDY version was negotiated * shrpx: Log status code, method, path and HTTP version in accesslog * shrpx: Color HTTP headers in console log * shrpx: Color severity level in terminal Color severity level if stderr refers to a terminal. * shrpx: Read private key's passwd from a file This avoids the need to provide the password for your private key interactively. It can be used via --private-key-passwd-file or private-key-passwd-file in the given config file. The first line in the file (without \n) will be treated as the passwd. There isn't any validation and all lines after the first one (if any) are ignored. The security model behind this is a bit simplistic so I am open to better ideas. Basically your password file should be root:root (700) and you *should* drop root and run as an unprivileged user. If the file exists and a line can be read then a callback will be set for the SSL ctxt and it'll feed the passwd when the private key is read (if password is needed). If the file exists with the wrong permisions it'll be logged and ignored. * spdycat, spdyd: Support SPDY without SSL/TLS Use --no-tls option to disable SSL/TLS and specify SPDY protocol version using -2 or -3. * shrpx: Add --backend-ipv4 and --backend-ipv6 options. * shrpx: Add -v, --version option * shrpx: Verify backend server's certificate in client mode The -k, --insecure option is added to skip this verification. The system wide trusted CA certificates will be loaded at startup. The --cacert option is added to specify the trusted CA certificate file. * shrpx: Check the length of output buffer in write callback Possibly because of deferred callback, we may get this callback when the output buffer is not empty. * shrpx: Add --client-proxy and --client option With --client, instead of accepting SPDY/HTTPS connection, shrpx accepts plain HTTP connection and communicate with backend server in SPDY (SSL/TLS). To use shrpx as a forward proxy, use -p option instead. The --client-proxy option is mostly the same with with --client option, but it also requires the request path from frontend must be an absolute URI, suitable for use as a forward proxy. * shrpx: Don't send response-body for 304 response * Update GOAWAY INTERNAL_ERROR value according to SPDY/3 spec change * shrpx: Fix password handling for certs keys We should only call daemon() after ListenHandler is instantiated, where SSL_CTX_use_PrivateKey_file is called, otherwise we have no stdin/stdout to get the password for keyfile. * spdycat: Handle timeout in connect and SSL/TLS handshake spdylay 0.3.6 ============= Release Note ------------ This release fixes bugs in configure command-line options and spdycat. The client side header block compression was disabled. The on_ctrl_not_send_callback now gets SPDYLAY_ERR_FRAME_TOO_LARGE as error code when packed frame is too large to fit in SPDY frame size limit. Shrpx SPDY proxy mode now announces SPDY/3 as default protocol. Changes ------- * shrpx: Made SPDY/3 default protocol in SPDY proxy mode. The reason why we choose SPDY/2 as default for SPDY prxy was due to Chrome's window update bug. Now its fix is available in Chrome stable, we make SPDY/3 as default. * spdycat: Just return in check_response_header if stream_user_data is NULL. * spdycat: Add missing break after handling -H option * configure: Fix bug that $withval is used where $enableval should be used * shrpx: Use request HTTP version in HTTPS upstream response * shrpx: Log when SPDY stream is closed * Check provisioned frame length when packing a frame. If resultant length of a frame exceeds the maximum value (which is 2**24 - 1 for SPDY/2 and 3), SPDYLAY_ERR_FRAME_TOO_LARGE is used to indicate this error. This error will be notified by on_ctrl_not_send_callback. * Disable client side header block compression. spdylay 0.3.5 ============= Release Note ------------ This release fixes the bug that shrpx tries to read response body when HTTP status code is 304 and nonzero Content-Length is returned. The SPDY client and server programs, spdycat, spdyd and shrpx, were moved to src directory. The --enable-src configure option was added to enable/disable to build them. In Python API, Session.resume_data() now returns boolean value to indicate error instead of raising InvalidArgumentError. This release was made because the previous release, 0.3.4, did not update library version. Other than updated library version number, anything has not been changed since 0.3.4. Changes ------- * shrpx: Check request_connection_close_ when deciding closing connection. When deciding whether to close the client connection, check request_connection_close_ of Downstream in addition of response_connection_close_. Also we only add "Connection: Keep-Alive" header to the HTTP/1.0 or HTTP/0.9 clients. * python: Don't raise exception from Session.resume_data(). In practice, Session.resume_data() will be used without checking there is deferred data or not. Actually, there is no API to check this. So it is better not to raise exception. Instead return False to notify error. If the method succeeds, it returns True. * Add --enable-src configure option. When --enable-src is given, the programs in src directory will be built. If --disable-src is given, those programs will not be built. If none of them are given, --enable-src is assumed. * Move spdycat, spdyd and shrpx from examples to src. To distinguish the to-be-installed programs and non-installable example source code, the former programs, spdycat, spdydyd and shrpx, were moved to src directory. spdynative was removed from Makefile because it does not appeal to any users much. * shrpx: Ignore response body if HTTP status code is 1xx, 204 or 304. spdylay 0.3.4 ============= Release Note ------------ This release fixes the bug that shrpx tries to read response body when HTTP status code is 304 and nonzero Content-Length is returned. The SPDY client and server programs, spdycat, spdyd and shrpx, were moved to src directory. The --enable-src configure option was added to enable/disable to build them. In Python API, Session.resume_data() now returns boolean value to indicate error instead of raising InvalidArgumentError. Changes ------- * shrpx: Check request_connection_close_ when deciding closing connection. When deciding whether to close the client connection, check request_connection_close_ of Downstream in addition of response_connection_close_. Also we only add "Connection: Keep-Alive" header to the HTTP/1.0 or HTTP/0.9 clients. * python: Don't raise exception from Session.resume_data(). In practice, Session.resume_data() will be used without checking there is deferred data or not. Actually, there is no API to check this. So it is better not to raise exception. Instead return False to notify error. If the method succeeds, it returns True. * Add --enable-src configure option. When --enable-src is given, the programs in src directory will be built. If --disable-src is given, those programs will not be built. If none of them are given, --enable-src is assumed. * Move spdycat, spdyd and shrpx from examples to src. To distinguish the to-be-installed programs and non-installable example source code, the former programs, spdycat, spdydyd and shrpx, were moved to src directory. spdynative was removed from Makefile because it does not appeal to any users much. * shrpx: Ignore response body if HTTP status code is 1xx, 204 or 304. spdylay 0.3.3 ============= Release Note ------------ This release fixes the segmentation fault error if the name/value pairs which include empty string name are passed as nv argument to spdylay_submit_* functions. Spdycat gets new option to specify arbitrary headers from command line. Shrpx gets new option to specify allowed cipher list. Python wrapper python-spdylay was added. Changes ------- * Add spdylay_npn_get_proto_list() public API function. spdylay_npn_get_proto_list() returns a pointer to the supported SPDY version list. The element of the list is spdylay_npn_proto struct. It contains all SPDY version information this library supports. The application can use this information to configure NPN protocol offerings/selection. * Add --enable-example configure option. If --disable-example is used, example programs will not be compiled. * Fix error with w64-mingw32 cross compiler. * Remove unused zlib.h header file from spdylay.h * Fix segmentation fault error if the name/value pairs which include empty string name are passed as nv argument to spdylay_submit_* functions. * spdycat: Adding arbitrary headers form the command line. Patch from Stephen Ludin. * Fix intptr_t check in configure.ac. Patch from Stephen Ludin. * shrpx: add --ciphers option to specify allowed cipher list * python: Add Python wrapper for spdylay. It is released separately as python-spdylay package from PyPI. spdylay 0.3.2 ============= Release Note ------------ This release adds many features and options to shrpx, HTTPS/SPDY reverse proxy. Secure SPDY proxy mode was added to shrpx. Spdycat now supports SNI, thanks to the patch contributed by Piotr Sikora. Changes ------- * spdycat: Add support for Server Name Indication (SNI). Patch from Piotr Sikora. * spdycat: Use TLSv1_client_method * shrpx: Add many new command-line options. It also now supports configuration file. Use http-parser instead of htparse. Add SPDY proxy mode. * lib: Take into account shut_flags when accepting DATA frame. spdylay 0.3.1 ============= Release Note ------------ This release fixes the bug that on_ctrl_recv_callback is not called when RST_STREAM is received. It also fixes the bug that on_data_recv_callback and on_data_chunk_recv_callback is called after the stream was closed. A multi-threaded reverse proxy for SPDY/HTTPS is added as an example program. Changes ------- * Added --enable-maintainer-mode configure option If it is enabled, turn on extra compiler warnings. * Don't call on_data_recv_callback and on_data_chunk_recv_callback if stream was closed or being closed. * Added example program Shrpx: a multi-threaded reverse proxy for SPDY/HTTPS. It accepts SPDY/HTTPS connections and converts them to normal HTTP and forwards to the downstream servers. * Fixed bug on_ctrl_recv_callback not called for RST_STREAM * Return nonzero exit status if test fails. Fixed failmalloc tests. spdylay 0.3.0 ============= Release Note ------------ This release fixes buffer overrun when a lot of streams are created. SPDYLAY_OPT_MAX_RECV_CTRL_FRAME_BUFFER option was added to control the maximum payload size of the incoming control frames. Changes ------- * Bump up LT version to 2.0.1. * Included from spdy.h * Made spdylay_strerror(0) return "Success" * Added SPDYLAY_OPT_MAX_RECV_CTRL_FRAME_BUFFER option. This option sets maximum receive buffer size for incoming control frame. Basically the library checks the length field of the incoming control frame. For frames with name/value header block, the library also checks the length of inflated block is also under the limit. This is done while incrementally inflating block. If the length of frames with name/value header block exceeds the limit, the library will issue RST_STREAM with FRAME_TOO_LARGE. For other frames, it will issue GOAWAY. * Incremental name/value block decompression * Fixed buffer overrun in spdylay_pq_push