We have released nghttp2 v1.20.0.
libnghttp2
Alexis La Goutte fixed the issue found by PVS Studio.
New API, nghttp2_option_set_no_closed_streams
, has been added. By
default, libnghttp2 retains closed streams as suggested by RFC 7540, Section 5.3.4. If
this option is used, libnghttp2 discards closed streams from memory in
order to save memory usage.
build
SPDY has been dropped by Chromium and Firefox, and the maintenance of
SPDY related code becomes burden for us. To start deprecation
process, now the detection for spdylay library, which does SPDY
protocol handling, is disabled by default. For those of you who want
to enable SPDY support, --with-spdylay
option must be given to
configure script.
Since systemd support is integrated into nghttpx (see nghttpx section
below), --with-systemd
option is added to configure script.
fuzz
nghttp2 project has been accepted by OSS-Fuzz project. The fuzz directory of nghttp2 project contains the fuzz target source code. It also contains test corpus files which were generated by capturing communications during h2spec tests, and accessed by nghttp client.
libnghttp2_asio
Amir Pakdel added an ability to shut down server gracefully.
clemahieu fixed a crash in client code.
clemahieu fixed the infinite loop bug in acceptor handler.
clemahieu fixed the iterator invalidation bug in server.
src
If nghttp2 is built with OpenSSL master branch or BoringSSL, the applications, nghttp, nghttpd, nghttpx, and h2load, enable TLSv1.3 by default. Note that TLSv1.3 is not finalized yet, and TLSv1.3 support in OpenSSL is still WIP.
nghttpx
The server version number is now stripped from Server header field.
Previously, nghttpx will use only one single thread inside the worker
process if --workers=1
(this is default). If --workers=N
, N > 1,
we use additional threads for accepting connections, or API request
processing, etc. Now we use the same processing model for N > 1 even
if N == 1. To restore the original single thread execution mode,
--single-worker
option is added.
We fixed the bug that API and mruby request did not participate graceful shutdown.
--frontend-max-requests
option has been added to limit the number of
requests per connection. For HTTP/1.1, this limits the nubmer of keep
alive requests per single connection.
This release added configuration revision, which is considered opaque
string, and changes after reloading configuration with SIGHUP. This
revision is returned as a response to configrevision
API endpoint.
This allows external application to know whether nghttpx has finished
reloading new configuration or not. Note that this revision does not
change on backendconfig
API calls.
redirect-if-not-tls
parameter has been added to --backend
option.
nghttpx now responds to the request with 308 status code to redirect
the request to https URI if frontend connection is not TLS encrypted,
and redirect-if-no-tls
parameter is used in --backend
option. The
port number in Location header field is 443 by default (thus omitted),
but it can be configurable using --redirect-https-port
option.
--tls-proto-list
option has been deprecated, and instead, these 2
new options have been added: --tls-min-proto-version
and
--tls-max-proto-version
to specify minimum and maximum TLS protocol
version respectively. Versions between the two are enabled. The
deprecated --tls-proto-list
has empty default value, and acts like
enabling only specific protocol versions in the range for now.
Previously, after sending SIGUSR2 to the original master process, and the new master process gets ready, user has to send SIGQUIT to the original master process to shut it down gracefully. With this release, the new master process automatically sends SIGQUIT to the original master process when it is ready to serve requests, eliminating for user to send SIGQUIT manually.
Tomasz Torcz added systemd support to nghttpx. Type=notify can be used in unit file, and it will send new master process PID to systemd around fork.
This release fixes the bug that nghttpx crashes on SIGHUP with multi thread configuration.
Nghttpx::Response#send_info
method has been added to mruby
scripting. When used, it sends 1xx non-final (informational)
response.
nghttpx has supported multiple certificates using --subcert
option.
Previously, SNI hostname is used to select certificate. With this
commit, signature algorithm presented by client is also taken into
consideration. nghttpx now accepts certificates which share the same
hostname (CN, SAN), but have different signature algorithm (e.g.,
ECDSA+SHA256, RSA+SHA256).
Now POST method is recommend for backendconfig
API request.
Bernard Spil disabled PSK feature when nghttp2 is built with LibreSSL which has removed PSK.
nghttp
Christoph Wolters added support for link rel=“preload” for --get-assets
.
h2load
There was a bug in the code to calculate statistics. This bug was revealed when some connections were closed due to an error. It has been fixed in this release.