罗泽轩
966d68829a
feat: validate certificate & key ( #3085 )
...
Fix #296
Fix #2816
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
2020-12-23 21:30:09 +08:00
罗泽轩
370beda74d
feat: improve the error msg when client doesn't send SNI ( #3053 )
2020-12-16 08:56:30 +08:00
Peter Zhu
95226d950f
fix: check decrypt key to prevent lua thread aborted ( #2815 )
...
Fix #2791
2020-11-24 16:43:29 +08:00
Shuyang Wu
36162e3607
fix: move conf/cert
to t/certs
and disable ssl by default ( #2112 )
2020-11-20 11:10:01 +08:00
Yousa
53e2d5387f
fix: remove upstream 'Server' header info. fix #2714 ( #2731 )
...
fix #2714
2020-11-18 13:15:31 +08:00
罗泽轩
960077f245
fix(echo): modify response body correctly ( #2561 )
...
Fix #2427 , #2554
2020-10-29 16:48:53 +08:00
Alex Zhang
36d3b82ec4
bugfix: supported the encryption/decryption for multi priv keys ( #2179 )
...
Co-authored-by: Wen Ming <moonbingbing@gmail.com>
2020-09-22 20:37:14 +08:00
Alex Zhang
dd6ee5e99f
improve: use optimistic locking to avoid concurrency problem in admin PATCH APIs. ( #2216 )
...
There is a potential concurrency problem in all admin PATCH APIs when
two patch requests come in simultaneously, in such case, the patched
result of the first applied request will be overridden, also the
probability is tidy, but from the perspective of software's robust,
that's not what we wanna to see.
In this commit, we use the optimistic locking to avoid this problem, for
the example aforementioned, the second PATCH request will failure, and
it's up to the user to retry this PATCH request again.
The optimistic locking mechanism in ETCD v3 APIs is showed by it's
transcation mechanism.
Signed-off-by: tokers <zchao1995@gmail.com>
2020-09-18 17:20:55 +08:00
Alex Zhang
1556cd0d7e
improve: cache parsed certs and pkeys to LRU cache ( #2163 )
2020-09-10 15:35:55 +08:00
Alex Zhang
2886b2169b
feature: support multiple certificates(RSA and ECC) for single domain ( #2089 )
2020-08-24 09:23:06 +08:00
Swayam Raina
6e0da454d1
feature: add apisix-version info to headers in APISIX core ( #1961 )
...
related #1877
2020-08-15 07:24:33 +08:00
YuanSheng Wang
c67e998dad
bugfix: fail to handshake if there is no certificate matched by host. ( #1980 )
...
* bugfix: fail to handshake if there is no certificate matched by host.
* fix: grpc proxy test case
2020-08-04 23:20:34 +08:00
nic-chen
e598e6fa6a
bugfix: wrong counter was used, resulting in only one certificate working fine. ( #1818 )
...
Fix #1817
2020-07-10 18:39:08 +08:00
nic-chen
56aeb4a6a9
feature: ssl enhance ( #1678 )
...
support enable or disable ssl by patch method
support encrypted storage of the SSL private key in etcd
support multi snis
Fix #1668
2020-06-13 16:10:27 +08:00
YuanSheng Wang
c452846b81
bugfix: wildcard certificates cannot match multi-level subdomains in … ( #810 )
2020-06-08 10:52:25 +08:00
YuanSheng Wang
051baded1f
test: avoided listening on unnecessary unix sockets. ( #995 )
2019-12-24 09:50:22 +08:00
YuanSheng Wang
4ee11806de
travis: supported to run APISIX with Tengine. ( #683 )
2019-11-02 09:05:38 +08:00
WenMing
12a2b01b71
license: add ASF header. ( #743 )
2019-10-31 09:27:28 +08:00
YuanSheng Wang
0e10fa6c68
feature: enabled HTTP2 and supported to set ssl_protocols
. ( #663 )
...
* feature: enabled HTTP2 and supported to set `ssl_protocols`.
* bugfix: used default certificate if failed to load certificate by SNI.
Fix #595 .
2019-10-10 22:28:58 +08:00
Yuansheng
4bb40df857
change(test): name style.
2019-09-10 10:07:29 +08:00
YuanSheng Wang
275cfa8c73
change(router): use radixtree_sni
as default SSL router. ( #419 )
...
* change(router): use `radixtree_sni` as default SSL router.
* change(route): use `radixtree_uri` as default HTTP(S) router.
* luarocks: removed `lua-resty-libr3` component by default.
2019-08-20 22:07:59 +08:00
YuanSheng Wang
56ca3645eb
feature(router): implemented new SNI router radixtree_sni
, and change ( #418 )
...
* feature(router): implemented new SNI router `radixtree_sni`, and change
default router to `radixtree_uri` and `radixtree_sni`.
* optimize: avoided one lrucache call.
2019-08-20 13:03:25 +08:00