Re: [nginx] support http2 per server

Hi, Valentin. " Also please note that with your patch clients are still able to negotiate HTTP/2 even if nginx doesn't announce it. " Two points: 1. The patch forbids the clients explicitly not support HTTP/2 doing v2 ( ngx_http_v2_init). How to follow you mean of "with the patch, clients are

RE: PSK Support

Maxim, OK, we can skip the patch for turning off the certificate warnings (and just use a dummy certificate) and just support a single PSK file. The {HEX} prefix seems OK. I think it would also be good to support an {ASC}. It is unlikely that anyone would have an ASCII-based PSK that starts wit

Re: [PATCH] HTTP/2: add debug logging of control frames

On Tuesday 30 May 2017 14:21:05 Piotr Sikora via nginx-devel wrote: > Hey Valentin, > > > What do you suggest instead? All 3 params in the same line? > > > >http2 send SETTINGS frame MAX_CONCURRENT_STREAMS:%ui > > INITIAL_WINDOW_SIZE:%uz MAX_FRAME_SIZE:%ud > > > > What about receiving part, th

Re: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header

On Wednesday 31 May 2017 15:48:34 Piotr Sikora via nginx-devel wrote: > Hey Valentin, > > > As the 1.11 branch is going to be stable soon, it's a good idea to postpone > > any changes that explicitly affect interoperability (at least till 1.13). > > Any thoughts on this now that 1.12 branched? >

Re: [nginx] support http2 per server

WRT the below, he H2 RFC includes a new status code to deal with thus, 421: https://tools.ietf.org/html/rfc7540#section-9.1.2 Client support is poor right no so it'd be good if sending 421 was optional perhaps. Cheers Sent from my iPhone On 8 Jun 2017, at 18:17, 洪志道 mailto:hongzhi...@gmail.co

Re: [nginx] support http2 per server

Thanks. On Fri, Jun 9, 2017 at 1:09 AM, Valentin V. Bartenev wrote: > On Friday 09 June 2017 00:08:06 洪志道 wrote: > > " > > > >For "https" resources, connection reuse additionally depends on > >having a certificate that is valid for the host in the URI. The > >certificate presented b

Re: [nginx] support http2 per server

On Friday 09 June 2017 00:08:06 洪志道 wrote: > " > >For "https" resources, connection reuse additionally depends on >having a certificate that is valid for the host in the URI. The >certificate presented by the server MUST satisfy any checks that the >client would perform when formi

Re: [PATCH] Proxy: add "proxy_ssl_alpn" directive

Hello! On Sat, Jun 03, 2017 at 08:04:02PM -0700, Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1489621682 25200 > # Wed Mar 15 16:48:02 2017 -0700 > # Node ID 7733d946e2651a2486a53d912703e2dfaea30421 > # Parent 716852cce9136d977b81a2d1b8b6f9fbca0

Re: [PATCH] Output chain: propagate flush and last_buf flags to send_chain()

Hello! On Sat, Jun 03, 2017 at 08:04:07PM -0700, Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1491708381 25200 > # Sat Apr 08 20:26:21 2017 -0700 > # Node ID 2a48b9b6e67d91594c1787ebf721daebf5f88c91 > # Parent 716852cce9136d977b81a2d1b8b6f9fbca0

Re: [PATCH] Upstream: ignore read-readiness if request wasn't sent

Hello! On Sat, Jun 03, 2017 at 08:04:05PM -0700, Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1491296505 25200 > # Tue Apr 04 02:01:45 2017 -0700 > # Node ID bff5ac3da350d8d9225d4204d8aded90fb670f3f > # Parent 716852cce9136d977b81a2d1b8b6f9fbca0

Re: [PATCH] Proxy: always emit "Host" header first

Hello! On Sat, Jun 03, 2017 at 08:03:57PM -0700, Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1489618489 25200 > # Wed Mar 15 15:54:49 2017 -0700 > # Node ID e472b23fdc387943ea90fb2f0ae415d9d104edc7 > # Parent 716852cce9136d977b81a2d1b8b6f9fbca0

Re: [nginx] support http2 per server

" For "https" resources, connection reuse additionally depends on having a certificate that is valid for the host in the URI. The certificate presented by the server MUST satisfy any checks that the client would perform when forming a new TLS connection for the host in the URI. "

Re: [nginx] support http2 per server

On Thursday 08 June 2017 23:19:23 洪志道 wrote: > It sounds right. > > According to the same situation, how does http2 protocol force other > virtual servers to process certificate (ssl handshake). > > Example: > > server { > listen 443 http2; > a.com; > ssl_certi; > } > > server {

Re: [nginx] support http2 per server

It sounds right. According to the same situation, how does http2 protocol force other virtual servers to process certificate (ssl handshake). Example: server { listen 443 http2; a.com; ssl_certi; } server { listen 443 http2; b.com; ssl_certi; } We assume sni is

Re: [PATCH] HTTP/2: reject HTTP/2 requests with "Connection" header

On Sunday 26 March 2017 01:41:18 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516709 25200 > # Sun Mar 26 01:25:09 2017 -0700 > # Node ID b8daccea5fde213d4b7a10fa9f57070ab3b6a1ec > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: re

Re: [nginx] support http2 per server

On Thursday 08 June 2017 12:07:29 洪志道 wrote: > Hi! > Now, http2 is enabled globally for 'listen' directive with ip:port. > It seems it's possible to enable by server with sni, alpn, npn. > Take a look, please. > [..] How will "sni, alpn, npn" prevent browser from asking other virtual servers usin

[njs] Object.prototype.hasOwnProperty() method.

details: http://hg.nginx.org/njs/rev/692ad3557d58 branches: changeset: 357:692ad3557d58 user: Dmitry Volyntsev date: Thu Jun 08 14:18:37 2017 +0300 description: Object.prototype.hasOwnProperty() method. diffstat: njs/njs_object.c | 50 +