1
0
mirror of https://git.kore.io/kore.git synced 2024-11-11 12:49:32 +01:00
Commit Graph

82 Commits

Author SHA1 Message Date
Joris Vink
f072e4d5e4 update README with correct versions 2022-03-21 12:44:01 +01:00
Joris Vink
f3135d5e71 Mention TLS_BACKEND in README 2022-02-18 15:49:56 +01:00
Joris Vink
0337af2067 note on openssl 3 2021-12-06 21:27:11 +01:00
Joris Vink
cf9e97f087 Improve TLS settings and dependencies.
- Kore now only supports OpenSSL 1.1.1 and LibreSSL 3.x.
- Revise the default TLS ciphersuites.
- Kore now carries ffdhe4096.pem and installs it under PREFIX/share/kore.
- Kore its tls_dhparam config setting defaults to the path mentioned above
  so you no longer have to set it.
2021-04-21 10:48:00 +02:00
Joris Vink
20c38fca57 Add link to new release 2021-01-25 23:33:05 +01:00
Joris Vink
58247eec4a I don't support x86 on Linux, remove it.
Pointed out by entitled end user.
2020-09-03 19:05:43 +02:00
Joris Vink
45f5ec97a2 we are at 4.0.0 2020-08-31 19:59:31 +02:00
Joris Vink
e38c6e5d30 Python: Several fixes for our async curl support.
- Fix the curl-extract-opt.sh generation script to work on newer
  curl releases as the header changed slightly.
- Use the correct handles when calling curl_easy_setopt() inside
  of our setopt functions exported via Python.
- Add a curl.setbody() method, allowing a body to be sent to be set.
  (eg when sending mail via SMTP).
- Regen of our python_curlopt.h from 7.71.1
2020-07-02 08:41:17 +02:00
Joris Vink
9bcf6fdf6d wording 2019-11-13 15:57:07 +01:00
Joris Vink
ff2d961be7 add ACME mention 2019-11-07 12:25:14 +01:00
Joris Vink
ebee0f3752 nope, changed my mind, drop libressl 2.7.5. 2019-10-28 12:47:51 +01:00
Joris Vink
d001b022a7 Cleanup ifdef mess for different OpenSSL based libs.
Now everything that has the "newer" OpenSSL API (1.1.x) is hidden
behind a KORE_OPENSSL_NEWER_API define. Tone down minimum libressl
version again to 2.7.5.
2019-10-28 12:33:39 +01:00
Joris Vink
e59dcfb236 fix doc link 2019-09-27 23:55:42 +02:00
Joris Vink
4cfff12b46 mention sandboxing 2019-09-27 23:53:15 +02:00
Joris Vink
7350131232 Allow listening of tls/notls ports at the same time.
Before kore needed to be built with NOTLS=1 to be able to do non TLS
connections. This has been like this for years.

It is time to allow non TLS listeners without having to rebuild Kore.

This commit changes your configuration format and will break existing
applications their config.

Configurations now get listener {} contexts:

listen default {
	bind 127.0.0.1 8888
}

The above will create a listener on 127.0.0.1, port 8888 that will serve
TLS (still the default).

If you want to turn off TLS on that listener, specify "tls no" in that
context.

Domains now need to be attached to a listener:

Eg:
	domain * {
		attach	default
	}

For the Python API this kills kore.bind(), and kore.bind_unix(). They are
replaced with:

	kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:27:04 +02:00
Joris Vink
eab94eda49 move libressl support to minimum 3.3.0. 2019-09-25 15:39:39 +02:00
Joris Vink
c8878ebcde mention libcurl support in README 2019-05-01 22:40:27 +02:00
Joris Vink
cf2e158773 3.2.0 2018-11-30 21:36:00 +01:00
Joris Vink
91f420d94a people keep subbing to non-mailing-list mails. 2018-11-29 15:52:40 +01:00
Joris Vink
8b1a5add4b update 2018-11-22 13:05:02 +01:00
Joris Vink
ae2ea0be72 specify what openssl versions are expected to work. 2018-10-30 08:45:11 +01:00
Joris Vink
05cccef77c toot toot 2018-07-17 15:16:27 +02:00
Joris Vink
207faad3c2 we're not in GH anymore. 2018-07-11 10:04:23 +02:00
Joris Vink
2bf8cce43c even better 2018-07-09 14:17:39 +02:00
Joris Vink
3269fcef80 spacing 2018-07-09 14:17:10 +02:00
Joris Vink
bc1206c4fc better README now that we're moving from GH 2018-07-09 09:10:57 +02:00
Joris Vink
46182608c6 most of the existing docs are updated. 2018-06-19 12:03:10 +02:00
Joris Vink
8802ad5f40 mention that 2.x is outdated. 2018-06-09 20:08:39 +02:00
Joris Vink
21b1d5a905 be honest with documentation. 2018-06-09 12:58:23 +02:00
Joris Vink
6665ad9c45 add comment that master should always work. 2018-04-13 16:07:04 +02:00
Joris Vink
dd2dff2318 Rework HTTP and worker processes.
The HTTP layer used to make a copy of each incoming header and its
value for a request. Stop doing that and make HTTP headers zero-copy
all across the board.

This change comes with some api function changes, notably the
http_request_header() function which now takes a const char ** rather
than a char ** out pointer.

This commit also constifies several members of http_request, beware.

Additional rework how the worker processes deal with the accept lock.

Before:
	if a worker held the accept lock and it accepted a new connection
	it would release the lock for others and back off for 500ms before
	attempting to grab the lock again.

	This approach worked but under high load this starts becoming obvious.

Now:
	- workers not holding the accept lock and not having any connections
	  will wait less long before returning from kore_platform_event_wait().

	- workers not holding the accept lock will no longer blindly wait
	  an arbitrary amount in kore_platform_event_wait() but will look
	  at how long until the next lock grab is and base their timeout
	  on that.

	- if a worker its next_lock timeout is up and failed to grab the
	  lock it will try again in half the time again.

	- the worker process holding the lock will when releasing the lock
	  double check if it still has space for newer connections, if it does
	  it will keep the lock until it is full. This prevents the lock from
	  bouncing between several non busy worker processes all the time.

Additional fixes:

- Reduce the number of times we check the timeout list, only do it twice
  per second rather then every event tick.
- Fix solo worker count for TLS (we actually hold two processes, not one).
- Make sure we don't accidentally miscalculate the idle time causing new
  connections under heavy load to instantly drop.
- Swap from gettimeofday() to clock_gettime() now that MacOS caught up.
2018-02-14 13:48:49 +01:00
Joris Vink
ce9c5a1350 reword 2018-02-05 15:21:28 +00:00
Joris Vink
a11190d638 i really don't hang out on irc anymore. 2018-01-16 18:54:45 +01:00
Joris Vink
1465eb2982 slight change in wording 2017-06-28 10:20:14 +02:00
Joris Vink
584ef47c4f update README 2017-05-22 14:36:55 +02:00
Joris Vink
aed1a63c38 be more clear about openssl releases. 2017-03-30 09:40:13 +02:00
Joris Vink
529b474991 update README 2017-03-06 14:28:06 +01:00
Joris Vink
a43d968f0f add little note on non mixables. 2017-02-07 23:18:05 +01:00
Joris Vink
23d5e9b341 reword 2017-02-06 23:38:21 +01:00
Joris Vink
38df26f59c add first mentions of python support to README. 2017-01-25 22:22:05 +01:00
Joris Vink
7d1d5329c9 Link to latest release. 2016-08-01 15:12:30 +02:00
Joris Vink
176bd204b2 Update README 2016-08-01 15:03:22 +02:00
Joris Vink
a16348d524 Remove links to kore.io for releases 2016-08-01 09:59:32 +02:00
Joris Vink
c2dd274c40 update with latest 2016-08-01 09:41:12 +02:00
Joris Vink
87a826d89b Better wording. 2016-06-08 14:25:16 +02:00
Joris Vink
a261c03435 mention keymgr. 2016-06-08 14:24:51 +02:00
Joris Vink
5533211e80 Real life came in the way of Kore 2.0.0.
Bump release date so I have a bit more time to finish up
before committing to a stable release.
2016-05-02 08:44:32 +02:00
Joris Vink
ca2837fbaf Add release date for 2.0.0. 2016-02-27 11:56:55 +01:00
Joris Vink
f36ac911d3 Mention NOOPT. 2016-02-01 22:19:16 +01:00
Joris Vink
8282baf63d s/http/https/ 2016-01-27 08:42:08 +01:00