mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
1,981 Commits 5 Branches 45 Tags 4.4 MiB
Commit Graph

87 Commits

Author SHA1 Message Date
Joris Vink 98fba44147 mention lua in readme 2023-01-23 21:34:22 +01:00
Joris Vink 81987cd022 openssl 3 works for now. 2022-12-28 15:51:14 +01:00
Joris Vink 377295c04c Update README after 4.2.3 release 2022-09-08 13:08:31 +02:00
Joris Vink 8a0aad31fe Update README with new text 2022-08-08 12:49:55 +02:00
Joris Vink 5e47218ccd bump for newer release 2022-04-20 12:02:00 +02:00
Joris Vink f072e4d5e4 update README with correct versions 2022-03-21 12:44:01 +01:00
Joris Vink f3135d5e71 Mention TLS_BACKEND in README 2022-02-18 15:49:56 +01:00
Joris Vink 0337af2067 note on openssl 3 2021-12-06 21:27:11 +01:00
Joris Vink cf9e97f087 Improve TLS settings and dependencies. 
- Kore now only supports OpenSSL 1.1.1 and LibreSSL 3.x.
- Revise the default TLS ciphersuites.
- Kore now carries ffdhe4096.pem and installs it under PREFIX/share/kore.
- Kore its tls_dhparam config setting defaults to the path mentioned above
  so you no longer have to set it.
 2021-04-21 10:48:00 +02:00
Joris Vink 20c38fca57 Add link to new release 2021-01-25 23:33:05 +01:00
Joris Vink 58247eec4a I don't support x86 on Linux, remove it. 
Pointed out by entitled end user.
 2020-09-03 19:05:43 +02:00
Joris Vink 45f5ec97a2 we are at 4.0.0 2020-08-31 19:59:31 +02:00
Joris Vink e38c6e5d30 Python: Several fixes for our async curl support. 
- Fix the curl-extract-opt.sh generation script to work on newer
  curl releases as the header changed slightly.
- Use the correct handles when calling curl_easy_setopt() inside
  of our setopt functions exported via Python.
- Add a curl.setbody() method, allowing a body to be sent to be set.
  (eg when sending mail via SMTP).
- Regen of our python_curlopt.h from 7.71.1
 2020-07-02 08:41:17 +02:00
Joris Vink 9bcf6fdf6d wording 2019-11-13 15:57:07 +01:00
Joris Vink ff2d961be7 add ACME mention 2019-11-07 12:25:14 +01:00
Joris Vink ebee0f3752 nope, changed my mind, drop libressl 2.7.5. 2019-10-28 12:47:51 +01:00
Joris Vink d001b022a7 Cleanup ifdef mess for different OpenSSL based libs. 
Now everything that has the "newer" OpenSSL API (1.1.x) is hidden
behind a KORE_OPENSSL_NEWER_API define. Tone down minimum libressl
version again to 2.7.5.
 2019-10-28 12:33:39 +01:00
Joris Vink e59dcfb236 fix doc link 2019-09-27 23:55:42 +02:00
Joris Vink 4cfff12b46 mention sandboxing 2019-09-27 23:53:15 +02:00
Joris Vink 7350131232 Allow listening of tls/notls ports at the same time. 
Before kore needed to be built with NOTLS=1 to be able to do non TLS
connections. This has been like this for years.

It is time to allow non TLS listeners without having to rebuild Kore.

This commit changes your configuration format and will break existing
applications their config.

Configurations now get listener {} contexts:

listen default {
	bind 127.0.0.1 8888
}

The above will create a listener on 127.0.0.1, port 8888 that will serve
TLS (still the default).

If you want to turn off TLS on that listener, specify "tls no" in that
context.

Domains now need to be attached to a listener:

Eg:
	domain * {
		attach	default
	}

For the Python API this kills kore.bind(), and kore.bind_unix(). They are
replaced with:

	kore.listen("name", ip=None, port=None, path=None, tls=True).
 2019-09-27 12:27:04 +02:00
Joris Vink eab94eda49 move libressl support to minimum 3.3.0. 2019-09-25 15:39:39 +02:00
Joris Vink c8878ebcde mention libcurl support in README 2019-05-01 22:40:27 +02:00
Joris Vink cf2e158773 3.2.0 2018-11-30 21:36:00 +01:00
Joris Vink 91f420d94a people keep subbing to non-mailing-list mails. 2018-11-29 15:52:40 +01:00
Joris Vink 8b1a5add4b update 2018-11-22 13:05:02 +01:00
Joris Vink ae2ea0be72 specify what openssl versions are expected to work. 2018-10-30 08:45:11 +01:00
Joris Vink 05cccef77c toot toot 2018-07-17 15:16:27 +02:00
Joris Vink 207faad3c2 we're not in GH anymore. 2018-07-11 10:04:23 +02:00
Joris Vink 2bf8cce43c even better 2018-07-09 14:17:39 +02:00
Joris Vink 3269fcef80 spacing 2018-07-09 14:17:10 +02:00
Joris Vink bc1206c4fc better README now that we're moving from GH 2018-07-09 09:10:57 +02:00
Joris Vink 46182608c6 most of the existing docs are updated. 2018-06-19 12:03:10 +02:00
Joris Vink 8802ad5f40 mention that 2.x is outdated. 2018-06-09 20:08:39 +02:00
Joris Vink 21b1d5a905 be honest with documentation. 2018-06-09 12:58:23 +02:00
Joris Vink 6665ad9c45 add comment that master should always work. 2018-04-13 16:07:04 +02:00
Joris Vink dd2dff2318 Rework HTTP and worker processes. 
The HTTP layer used to make a copy of each incoming header and its
value for a request. Stop doing that and make HTTP headers zero-copy
all across the board.

This change comes with some api function changes, notably the
http_request_header() function which now takes a const char ** rather
than a char ** out pointer.

This commit also constifies several members of http_request, beware.

Additional rework how the worker processes deal with the accept lock.

Before:
	if a worker held the accept lock and it accepted a new connection
	it would release the lock for others and back off for 500ms before
	attempting to grab the lock again.

	This approach worked but under high load this starts becoming obvious.

Now:
	- workers not holding the accept lock and not having any connections
	  will wait less long before returning from kore_platform_event_wait().

	- workers not holding the accept lock will no longer blindly wait
	  an arbitrary amount in kore_platform_event_wait() but will look
	  at how long until the next lock grab is and base their timeout
	  on that.

	- if a worker its next_lock timeout is up and failed to grab the
	  lock it will try again in half the time again.

	- the worker process holding the lock will when releasing the lock
	  double check if it still has space for newer connections, if it does
	  it will keep the lock until it is full. This prevents the lock from
	  bouncing between several non busy worker processes all the time.

Additional fixes:

- Reduce the number of times we check the timeout list, only do it twice
  per second rather then every event tick.
- Fix solo worker count for TLS (we actually hold two processes, not one).
- Make sure we don't accidentally miscalculate the idle time causing new
  connections under heavy load to instantly drop.
- Swap from gettimeofday() to clock_gettime() now that MacOS caught up.
 2018-02-14 13:48:49 +01:00
Joris Vink ce9c5a1350 reword 2018-02-05 15:21:28 +00:00
Joris Vink a11190d638 i really don't hang out on irc anymore. 2018-01-16 18:54:45 +01:00
Joris Vink 1465eb2982 slight change in wording 2017-06-28 10:20:14 +02:00
Joris Vink 584ef47c4f update README 2017-05-22 14:36:55 +02:00
Joris Vink aed1a63c38 be more clear about openssl releases. 2017-03-30 09:40:13 +02:00
Joris Vink 529b474991 update README 2017-03-06 14:28:06 +01:00
Joris Vink a43d968f0f add little note on non mixables. 2017-02-07 23:18:05 +01:00
Joris Vink 23d5e9b341 reword 2017-02-06 23:38:21 +01:00
Joris Vink 38df26f59c add first mentions of python support to README. 2017-01-25 22:22:05 +01:00
Joris Vink 7d1d5329c9 Link to latest release. 2016-08-01 15:12:30 +02:00
Joris Vink 176bd204b2 Update README 2016-08-01 15:03:22 +02:00
Joris Vink a16348d524 Remove links to kore.io for releases 2016-08-01 09:59:32 +02:00
Joris Vink c2dd274c40 update with latest 2016-08-01 09:41:12 +02:00
Joris Vink 87a826d89b Better wording. 2016-06-08 14:25:16 +02:00