HTTP/2 C library and tools

Nghttp2 v1.8.0

We released nghttp2 v1.8.0.

This release adds new library APIs to send and receive non-critical HTTP/2 extension frames. It also adds new features to nghttpx and nghttpd, and polishes many rough edges.

We added the APIs to send and receive non-critical HTTP/2 extension frames. “Non-critical” means that it won’t change HTTP/2 standard protocol rules, and those frames may be ignored by a receiver. We have added a set of functions and callbacks for this.

To send HTTP/2 extension frames, implement nghttp2_pack_extension_callback to encode data into wire format, and set it using nghttp2_session_callbacks_set_pack_extension_callback(). If the application wants to send multiple different types of extension frames, it should handle them in this single callback. Then use nghttp2_submit_extension() to submit a frame.

To receive HTTP/2 extension frames, implement 2 callbacks: nghttp2_unpack_extension_callback and nghttp2_on_extension_chunk_recv_callback. nghttp2_unpack_extension_callback implements the way how to decode wire format. nghttp2_on_extension_chunk_recv_callback implements how to buffer the incoming extension payload. These callbacks must be set using nghttp2_session_callbacks_set_unpack_extension_callback and nghttp2_session_callbacks_set_on_extension_chunk_recv_callback. The application also must tell the library which extension frame type it is willing to receive using nghttp2_option_set_user_recv_extension_type(). Note that the application has to create nghttp2_option object for that purpose, and initialize session with it.

Peter Wu sends many patches to fix various bugs, and rough edges, including out-of-tree documentation build and integration tests.

David Beitey documented how to build h2load, and detect the configuration error.

Bernard Spil fixed configure error related to dlopen/libdl detection on *BSD platform.

Reza Tavakoli fixed nghttp2 package version detection in Windows Makefile.

Jay Satiro refactored the portion of the code to check against HTTP/2 cipher black list. It is pretty neat.

We have updated default cipher list used in bundled applications using Security/Server Side TLS compiled by Mozilla.

We fixed compile error with gcc-6 which enables C++14 by default.

In libnghttp2_asio, we fixed the bug that connect timeout did not work. In the part of the fix, we removed nghttp2::asio_http2::client::session::connect_timeout() functon, and instead added connect timeout parameter to constructor. This will break backward compatibility.

We fixed bug in nghttpd that Trailer header field was not added when non-200 status response was returned.

We added -w and -W options to nghttpd to change stream-level and connection-level window size respectively.

nghttpx now supports multiple frontend addresses. --frontend (or -f) can be used multiple times to specify more than one frontend addresses.

nghttpx now interleaves text/html pushed resources with associated resource as well as text/css and application/javascript for Polymer use case.

We fixed the bug that nghttpx did not add headers given in add-response-headers to the response generated by mruby.

In nghttpx, we deprecated --backend-ipv4 and --backend-ipv6 in favor of new --backend-address-family option.

We have added TLS encryption support for memcached connections. We use memcached for sharing and storing TLS session cache and TLS ticket keys. We also added options to set address family, and client certificates for memcached connections.

We have added TLS encryption support for backend HTTP/1. Unlike HTTP/2 backend, backend HTTP/1 encryption is disabled by default for backward compatibility. To enable TLS, use --backend-http1-tls option. The existing option to specify client certificate is working with this as well.

We have added --no-http2-cipher-black-list to allow black listed cipher suite.

In nghttpx, we added --request-header-field-buffer and --max-request-header-fields options, and they deprecated --header-field-buffer and --max-header-fields options. To limit response headers as well, we added its response side counterparts, --response-header-field-buffer and --max-response-header-fields options.