Merge pull request #803 from clemahieu/asio_threading

Holding more shared_ptrs instead of raw ptrs

.clang-format

@@ -78,7 +78,6 @@ PointerAlignment: Right
 ReflowComments:  true
 SortIncludes:    false
 SpaceAfterCStyleCast: false
-SpaceAfterTemplateKeyword: true
 SpaceBeforeAssignmentOperators: true
 SpaceBeforeParens: ControlStatements
 SpaceInEmptyParentheses: false

AUTHORS

@@ -17,15 +17,11 @@ github issues [2].
 Alek Storm
 Alex Nalivko
 Alexis La Goutte
-Amir Pakdel
 Anders Bakken
 Andreas Pohl
 Andy Davies
-Angus Gratton
 Ant Bryan
 Benedikt Christoph Wolters
-Benedikt Christoph Wolters
-Bernard Spil
 Bernard Spil
 Brian Card
 Brian Suh
@@ -54,7 +50,6 @@ Kyle Schomp
 Lucas Pardue
 MATSUMOTO Ryosuke
 Matt Rudary
-Matt Way
 Mike Conlen
 Mike Frysinger
 Nicholas Hurley
@@ -67,18 +62,15 @@ Remo E
 Reza Tavakoli
 Ross Smith II
 Scott Mitchell
-Soham Sinha
 Stefan Eissing
 Stephen Ludin
 Sunpoet Po-Chuan Hsieh
 Svante Signell
 Syohei YOSHIDA
-Tapanito
 Tatsuhiko Kubo
 Tatsuhiro Tsujikawa
 Tom Harwood
 Tomasz Buchert
-Tomasz Torcz
 Vernon Tang
 Viacheslav Biriukov
 Viktor Szépe
@@ -88,12 +80,10 @@ Zhuoyun Wei
 acesso
 ayanamist
 bxshi
-clemahieu
 dalf
 es
 fangdingjun
 kumagi
-lstefani
 makovich
 mod-h2-dev
 moparisthebest

CMakeLists.txt

@@ -24,13 +24,13 @@
 
 cmake_minimum_required(VERSION 3.0)
 # XXX using 1.8.90 instead of 1.9.0-DEV
-project(nghttp2 VERSION 1.23.1)
+project(nghttp2 VERSION 1.19.90)
 
 # See versioning rule:
 #  http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-set(LT_CURRENT  27)
-set(LT_REVISION 3)
-set(LT_AGE      13)
+set(LT_CURRENT  26)
+set(LT_REVISION 4)
+set(LT_AGE      12)
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 include(Version)
@@ -110,9 +110,19 @@ foreach(_build_type "Release" "MinSizeRel" "RelWithDebInfo")
   endforeach()
 endforeach()
 
+#
+# If we're running GCC or clang define _U_ to be "__attribute__((unused))"
+# so we can use _U_ to flag unused function parameters and not get warnings
+# about them. Otherwise, define _U_ to be an empty string so that _U_ used
+# to flag an unused function parameters will compile with other compilers.
+#
+# XXX - similar hints for other compilers?
+#
 if(CMAKE_C_COMPILER_ID MATCHES "GNU" OR CMAKE_C_COMPILER_ID MATCHES "Clang")
+  set(HINT_UNUSED_PARAM   "__attribute__((unused))")
   set(HINT_NORETURN       "__attribute__((noreturn))")
 else()
+  set(HINT_UNUSED_PARAM)
   set(HINT_NORETURN)
 endif()
 

README.rst

@@ -81,19 +81,11 @@ To enable the SPDY protocol in the application program ``nghttpx`` and
 
 * spdylay >= 1.3.2
 
-We no longer recommend to build nghttp2 with SPDY protocol support
-enabled.  SPDY support will be removed soon.
-
 To enable ``-a`` option (getting linked assets from the downloaded
 resource) in ``nghttp``, the following package is required:
 
 * libxml2 >= 2.7.7
 
-To enable systemd support in nghttpx, the following package is
-required:
-
-* libsystemd-dev >= 209
-
 The HPACK tools require the following package:
 
 * jansson >= 2.5
@@ -123,17 +115,15 @@ The Python bindings require the following packages:
 * python >= 2.7
 * python-setuptools
 
-If you are using Ubuntu 16.04 LTS (Xenial Xerus) or Debian 8 (jessie)
-and above, run the following to install the required packages:
+If you are using Ubuntu 14.04 LTS (trusty) or Debian 7.0 (wheezy) and above run the following to install the needed packages:
 
 .. code-block:: text
 
     sudo apt-get install g++ make binutils autoconf automake autotools-dev libtool pkg-config \
       zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev libevent-dev libjansson-dev \
-      libc-ares-dev libjemalloc-dev libsystemd-dev libspdylay-dev \
-      cython python3-dev python-setuptools
+      libc-ares-dev libjemalloc-dev cython python3-dev python-setuptools
 
-Since Ubuntu 15.10, spdylay has been available as a package named
+From Ubuntu 15.10, spdylay has been available as a package named
 `libspdylay-dev`.  For the earlier Ubuntu release, you need to build
 it yourself: http://tatsuhiro-t.github.io/spdylay/
 
@@ -157,8 +147,22 @@ minimizes the risk of private key leakage when serious bug like
 Heartbleed is exploited.  The neverbleed is disabled by default.  To
 enable it, use ``--with-neverbleed`` configure option.
 
-In ordre to compile the source code, gcc >= 4.8.3 or clang >= 3.4 is
-required.
+Building from git
+-----------------
+
+Building from git is easy, but please be sure that at least autoconf 2.68 is
+used:
+
+.. code-block:: text
+
+    $ git submodule update --init
+    $ autoreconf -i
+    $ automake
+    $ autoconf
+    $ ./configure
+    $ make
+
+To compile the source code, gcc >= 4.8.3 or clang >= 3.4 is required.
 
 .. note::
 
@@ -183,62 +187,6 @@ required.
    applications were not built, then using ``--enable-app`` may find
    that cause, such as the missing dependency.
 
-.. note::
-
-   In order to detect third party libraries, pkg-config is used
-   (however we don't use pkg-config for some libraries (e.g., libev)).
-   By default, pkg-config searches ``*.pc`` file in the standard
-   locations (e.g., /usr/lib/pkgconfig).  If it is necessary to use
-   ``*.pc`` file in the custom location, specify paths to
-   ``PKG_CONFIG_PATH`` environment variable, and pass it to configure
-   script, like so:
-
-   .. code-block:: text
-
-       $ ./configure PKG_CONFIG_PATH=/path/to/pkgconfig
-
-   For pkg-config managed libraries, ``*_CFLAG`` and ``*_LIBS``
-   environment variables are defined (e.g., ``OPENSSL_CFLAGS``,
-   ``OPENSSL_LIBS``).  Specifying non-empty string to these variables
-   completely overrides pkg-config.  In other words, if they are
-   specified, pkg-config is not used for detection, and user is
-   responsible to specify the correct values to these variables.  For
-   complete list of these variables, run ``./configure -h``.
-
-Building nghttp2 from release tar archive
------------------------------------------
-
-The nghttp2 project regularly releases tar archives which includes
-nghttp2 source code, and generated build files.  They can be
-downloaded from `Releases
-<https://github.com/nghttp2/nghttp2/releases>`_ page.
-
-Building nghttp2 from git requires autotools development packages.
-Building from tar archives does not require them, and thus it is much
-easier.  The usual build step is as follows:
-
-.. code-block:: text
-
-    $ tar xf nghttp2-X.Y.Z.tar.bz2
-    $ cd nghttp2-X.Y.Z
-    $ ./configure
-    $ make
-
-Building from git
------------------
-
-Building from git is easy, but please be sure that at least autoconf 2.68 is
-used:
-
-.. code-block:: text
-
-    $ git submodule update --init
-    $ autoreconf -i
-    $ automake
-    $ autoconf
-    $ ./configure
-    $ make
-
 Notes for building on Windows (MSVC)
 ------------------------------------
 
@@ -285,18 +233,6 @@ If you want to compile the applications under ``examples/``, you need
 to remove or rename the ``event.h`` from libev's installation, because
 it conflicts with libevent's installation.
 
-Notes for installation on Linux systems
---------------------------------------------
-After installing nghttp2 tool suite with ``make install`` one might experience a similar error:
-
-.. code-block:: text
-
-    nghttpx: error while loading shared libraries: libnghttp2.so.14: cannot open shared object file: No such file or directory
-
-This means that the tool is unable to locate the ``libnghttp2.so`` shared library.
-
-To update the shared library cache run ``sudo ldconfig``.
-
 Building the documentation
 --------------------------
 

cmakeconfig.h.in

@@ -1,3 +1,7 @@
+
+/* Hint to the compiler that a function parameter is not used  */
+#define _U_ @HINT_UNUSED_PARAM@
+
 /* Hint to the compiler that a function never returns */
 #define NGHTTP2_NORETURN @HINT_NORETURN@
 

configure.ac

@@ -25,7 +25,7 @@ dnl Do not change user variables!
 dnl http://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
 
 AC_PREREQ(2.61)
-AC_INIT([nghttp2], [1.23.1], [t-tujikawa@users.sourceforge.net])
+AC_INIT([nghttp2], [1.20.0-DEV], [t-tujikawa@users.sourceforge.net])
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h])
@@ -44,9 +44,9 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 
 dnl See versioning rule:
 dnl  http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-AC_SUBST(LT_CURRENT, 27)
-AC_SUBST(LT_REVISION, 3)
-AC_SUBST(LT_AGE, 13)
+AC_SUBST(LT_CURRENT, 26)
+AC_SUBST(LT_REVISION, 4)
+AC_SUBST(LT_AGE, 12)
 
 major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"`
 minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/[^0-9]//g"`
@@ -119,13 +119,8 @@ AC_ARG_WITH([jemalloc],
 
 AC_ARG_WITH([spdylay],
     [AS_HELP_STRING([--with-spdylay],
-                    [Use spdylay [default=no]])],
-    [request_spdylay=$withval], [request_spdylay=no])
-
-AC_ARG_WITH([systemd],
-    [AS_HELP_STRING([--with-systemd],
-                    [Enable systemd support in nghttpx [default=check]])],
-    [request_systemd=$withval], [request_systemd=check])
+                    [Use spdylay [default=check]])],
+    [request_spdylay=$withval], [request_spdylay=check])
 
 AC_ARG_WITH([mruby],
     [AS_HELP_STRING([--with-mruby],
@@ -176,9 +171,19 @@ else
   AC_SUBST([CYTHON])
 fi
 
+#
+# If we're running GCC or clang define _U_ to be "__attribute__((unused))"
+# so we can use _U_ to flag unused function parameters and not get warnings
+# about them. Otherwise, define _U_ to be an empty string so that _U_ used
+# to flag an unused function parameters will compile with other compilers.
+#
+# XXX - similar hints for other compilers?
+#
 if test "x$GCC" = "xyes" -o "x$CC" = "xclang" ; then
+  AC_DEFINE([_U_], [__attribute__((unused))], [Hint to the compiler that a function parameters is not used])
   AC_DEFINE([NGHTTP2_NORETURN], [__attribute__((noreturn))], [Hint to the compiler that a function never return])
 else
+  AC_DEFINE([_U_], , [Hint to the compiler that a function parameter is not used])
   AC_DEFINE([NGHTTP2_NORETURN], , [Hint to the compiler that a function never return])
 fi
 
@@ -390,25 +395,6 @@ else
   AC_MSG_NOTICE($JANSSON_PKG_ERRORS)
 fi
 
-
-#  libsystemd (for src/nghttpx)
-have_libsystemd=no
-if test "x${request_systemd}" != "xno"; then
-  PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 209], [have_libsystemd=yes],
-                    [have_libsystemd=no])
-  if test "x${have_libsystemd}" = "xyes"; then
-    AC_DEFINE([HAVE_LIBSYSTEMD], [1],
-              [Define to 1 if you have `libsystemd` library.])
-  else
-    AC_MSG_NOTICE($SYSTEMD_PKG_ERRORS)
-  fi
-fi
-
-if test "x${request_systemd}" = "xyes" &&
-   test "x${have_libsystemd}" != "xyes"; then
-  AC_MSG_ERROR([systemd was requested (--with-systemd) but not found])
-fi
-
 # libxml2 (for src/nghttp)
 PKG_CHECK_MODULES([LIBXML2], [libxml-2.0 >= 2.7.7],
                   [have_libxml2=yes], [have_libxml2=no])
@@ -928,7 +914,6 @@ AC_MSG_NOTICE([summary of build options:
       Jansson:        ${have_jansson} (CFLAGS='${JANSSON_CFLAGS}' LIBS='${JANSSON_LIBS}')
       Jemalloc:       ${have_jemalloc} (LIBS='${JEMALLOC_LIBS}')
       Zlib:           ${have_zlib} (CFLAGS='${ZLIB_CFLAGS}' LIBS='${ZLIB_LIBS}')
-      Systemd:        ${have_libsystemd} (CFLAGS='${SYSTEMD_CFLAGS}' LIBS='${SYSTEMD_LIBS}')
       Boost CPPFLAGS: ${BOOST_CPPFLAGS}
       Boost LDFLAGS:  ${BOOST_LDFLAGS}
       Boost::ASIO:    ${BOOST_ASIO_LIB}

contrib/nghttpx.service.in

@@ -1,17 +1,10 @@
 [Unit]
 Description=HTTP/2 proxy
-Documentation=man:nghttpx
 After=network.target
 
 [Service]
-Type=notify
-ExecStart=@bindir@/nghttpx --conf=/etc/nghttpx/nghttpx.conf
-ExecReload=/bin/kill --signal HUP $MAINPID
-KillSignal=SIGQUIT
-PrivateTmp=yes
-ProtectHome=yes
-ProtectSystem=full
-Restart=always
+Type=forking
+ExecStart=@bindir@/nghttpx --conf=/etc/nghttpx/nghttpx.conf --pid-file=/run/nghttpx.pid --daemon
 
 [Install]
 WantedBy=multi-user.target

doc/Makefile.am

@@ -62,7 +62,6 @@ APIDOCS= \
 	nghttp2_option_set_max_send_header_block_length.rst \
 	nghttp2_option_set_no_auto_ping_ack.rst \
 	nghttp2_option_set_no_auto_window_update.rst \
-	nghttp2_option_set_no_closed_streams.rst \
 	nghttp2_option_set_no_http_messaging.rst \
 	nghttp2_option_set_no_recv_client_magic.rst \
 	nghttp2_option_set_peer_max_concurrent_streams.rst \

doc/bash_completion/nghttp

@@ -8,7 +8,7 @@ _nghttp()
     _get_comp_words_by_ref cur prev
     case $cur in
         -*)
-            COMPREPLY=( $( compgen -W '--no-push --verbose --no-dep --get-assets --har --header-table-size --multiply --encoder-header-table-size --padding --hexdump --max-concurrent-streams --continuation --connection-window-bits --peer-max-concurrent-streams --timeout --data --no-content-length --version --color --cert --upgrade --remote-name --trailer --weight --help --key --null-out --window-bits --expect-continue --stat --no-verify-peer --header ' -- "$cur" ) )
+            COMPREPLY=( $( compgen -W '--no-push --verbose --no-dep --get-assets --har --header-table-size --multiply --encoder-header-table-size --padding --hexdump --max-concurrent-streams --continuation --connection-window-bits --peer-max-concurrent-streams --timeout --data --no-content-length --version --color --cert --upgrade --remote-name --trailer --weight --help --key --null-out --window-bits --expect-continue --stat --header ' -- "$cur" ) )
             ;;
         *)
             _filedir

doc/bash_completion/nghttpx

@@ -8,7 +8,7 @@ _nghttpx()
     _get_comp_words_by_ref cur prev
     case $cur in
         -*)
-            COMPREPLY=( $( compgen -W '--worker-read-rate --include --frontend-http2-dump-response-header --tls-ticket-key-file --verify-client-cacert --max-response-header-fields --backend-http2-window-size --frontend-keep-alive-timeout --backend-request-buffer --max-request-header-fields --fastopen --backend-connect-timeout --tls-max-proto-version --conf --dns-lookup-timeout --backend-http2-max-concurrent-streams --worker-write-burst --npn-list --dns-max-try --fetch-ocsp-response-file --no-via --tls-session-cache-memcached-cert-file --no-http2-cipher-black-list --mruby-file --client-no-http2-cipher-black-list --stream-read-timeout --client-ciphers --ocsp-update-interval --forwarded-for --accesslog-syslog --dns-cache-timeout --frontend-http2-read-timeout --listener-disable-timeout --ciphers --client-psk-secrets --strip-incoming-x-forwarded-for --no-server-rewrite --private-key-passwd-file --backend-keep-alive-timeout --backend-http-proxy-uri --frontend-max-requests --rlimit-nofile --no-strip-incoming-x-forwarded-proto --tls-ticket-key-memcached-cert-file --no-verify-ocsp --forwarded-by --tls-session-cache-memcached-private-key-file --error-page --ocsp-startup --backend-write-timeout --tls-dyn-rec-warmup-threshold --tls-ticket-key-memcached-max-retry --frontend-http2-window-size --http2-no-cookie-crumbling --worker-read-burst --dh-param-file --accesslog-format --errorlog-syslog --redirect-https-port --request-header-field-buffer --api-max-request-body --frontend-http2-decoder-dynamic-table-size --errorlog-file --frontend-http2-max-concurrent-streams --psk-secrets --frontend-write-timeout --tls-ticket-key-cipher --read-burst --no-add-x-forwarded-proto --backend --server-name --insecure --backend-max-backoff --log-level --host-rewrite --tls-ticket-key-memcached-interval --frontend-http2-setting-timeout --frontend-http2-connection-window-size --worker-frontend-connections --syslog-facility --no-server-push --no-location-rewrite --single-thread --tls-session-cache-memcached --no-ocsp --backend-response-buffer --tls-min-proto-version --workers --add-forwarded --worker-write-rate --add-request-header --backend-http2-settings-timeout --subcert --ecdh-curves --no-kqueue --help --frontend-frame-debug --tls-sct-dir --pid-file --frontend-http2-dump-request-header --daemon --write-rate --altsvc --backend-http2-decoder-dynamic-table-size --user --add-x-forwarded-for --frontend-read-timeout --tls-ticket-key-memcached-max-fail --backlog --write-burst --backend-connections-per-host --response-header-field-buffer --tls-ticket-key-memcached-address-family --padding --tls-session-cache-memcached-address-family --stream-write-timeout --cacert --tls-ticket-key-memcached-private-key-file --accesslog-write-early --backend-address-family --backend-http2-connection-window-size --version --add-response-header --backend-read-timeout --frontend-http2-optimize-window-size --frontend --accesslog-file --http2-proxy --backend-http2-encoder-dynamic-table-size --client-private-key-file --single-process --client-cert-file --tls-ticket-key-memcached --tls-dyn-rec-idle-timeout --frontend-http2-optimize-write-buffer-size --verify-client --frontend-http2-encoder-dynamic-table-size --read-rate --backend-connections-per-frontend --strip-incoming-forwarded ' -- "$cur" ) )
+            COMPREPLY=( $( compgen -W '--worker-read-rate --include --frontend-http2-dump-response-header --tls-ticket-key-file --verify-client-cacert --max-response-header-fields --backend-http2-window-size --frontend-keep-alive-timeout --backend-request-buffer --max-request-header-fields --fastopen --backend-connect-timeout --conf --dns-lookup-timeout --backend-http2-max-concurrent-streams --worker-write-burst --npn-list --dns-max-try --fetch-ocsp-response-file --no-via --tls-session-cache-memcached-cert-file --no-http2-cipher-black-list --mruby-file --client-no-http2-cipher-black-list --stream-read-timeout --client-ciphers --forwarded-for --accesslog-syslog --dns-cache-timeout --frontend-http2-read-timeout --listener-disable-timeout --ciphers --client-psk-secrets --strip-incoming-x-forwarded-for --no-server-rewrite --private-key-passwd-file --backend-keep-alive-timeout --backend-http-proxy-uri --rlimit-nofile --tls-ticket-key-memcached-cert-file --ocsp-update-interval --forwarded-by --tls-session-cache-memcached-private-key-file --error-page --backend-write-timeout --tls-dyn-rec-warmup-threshold --tls-ticket-key-memcached-max-retry --frontend-http2-window-size --http2-no-cookie-crumbling --worker-read-burst --dh-param-file --accesslog-format --errorlog-syslog --request-header-field-buffer --api-max-request-body --frontend-http2-decoder-dynamic-table-size --errorlog-file --frontend-http2-max-concurrent-streams --psk-secrets --frontend-write-timeout --tls-ticket-key-cipher --read-burst --backend --server-name --insecure --backend-max-backoff --log-level --host-rewrite --tls-proto-list --tls-ticket-key-memcached-interval --frontend-http2-setting-timeout --frontend-http2-connection-window-size --worker-frontend-connections --syslog-facility --no-server-push --no-location-rewrite --tls-session-cache-memcached --no-ocsp --frontend-http2-encoder-dynamic-table-size --workers --add-forwarded --worker-write-rate --add-request-header --backend-http2-settings-timeout --subcert --ecdh-curves --no-kqueue --help --frontend-frame-debug --tls-sct-dir --pid-file --frontend-http2-dump-request-header --daemon --write-rate --altsvc --backend-http2-decoder-dynamic-table-size --user --add-x-forwarded-for --frontend-read-timeout --tls-ticket-key-memcached-max-fail --backlog --write-burst --backend-connections-per-host --response-header-field-buffer --tls-ticket-key-memcached-address-family --padding --tls-session-cache-memcached-address-family --stream-write-timeout --cacert --tls-ticket-key-memcached-private-key-file --accesslog-write-early --backend-address-family --backend-http2-connection-window-size --version --add-response-header --backend-read-timeout --frontend-http2-optimize-window-size --frontend --accesslog-file --http2-proxy --backend-http2-encoder-dynamic-table-size --client-private-key-file --client-cert-file --tls-ticket-key-memcached --tls-dyn-rec-idle-timeout --frontend-http2-optimize-write-buffer-size --verify-client --backend-response-buffer --read-rate --backend-connections-per-frontend --strip-incoming-forwarded ' -- "$cur" ) )
             ;;
         *)
             _filedir

doc/h2load.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "H2LOAD" "1" "May 30, 2017" "1.23.1" "nghttp2"
+.TH "H2LOAD" "1" "Jan 25, 2017" "1.19.0" "nghttp2"
 .SH NAME
 h2load \- HTTP/2 benchmarking tool
 .
@@ -124,14 +124,14 @@ Add/Override a header to the requests.
 Set allowed  cipher list.  The  format of the  string is
 described in OpenSSL ciphers(1).
 .sp
-Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
+Default: \fBECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256:ECDHE\-ECDSA\-AES128\-SHA:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-RSA\-AES128\-SHA:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES256\-SHA:ECDHE\-RSA\-AES256\-SHA:DHE\-RSA\-AES128\-SHA256:DHE\-RSA\-AES128\-SHA:DHE\-RSA\-AES256\-SHA256:DHE\-RSA\-AES256\-SHA:ECDHE\-ECDSA\-DES\-CBC3\-SHA:ECDHE\-RSA\-DES\-CBC3\-SHA:EDH\-RSA\-DES\-CBC3\-SHA:AES128\-GCM\-SHA256:AES256\-GCM\-SHA384:AES128\-SHA256:AES256\-SHA256:AES128\-SHA:AES256\-SHA:DES\-CBC3\-SHA:!DSS\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-p, \-\-no\-tls\-proto=<PROTOID>
 Specify ALPN identifier of the  protocol to be used when
 accessing http URI without SSL/TLS.
-Available protocols: h2c and
+Available protocols: spdy/2, spdy/3, spdy/3.1, h2c and
 http/1.1
 .sp
 Default: \fBh2c\fP
@@ -233,7 +233,7 @@ NPN.  The parameter must be  delimited by a single comma
 only  and any  white spaces  are  treated as  a part  of
 protocol string.
 .sp
-Default: \fBh2,h2\-16,h2\-14,http/1.1\fP
+Default: \fBh2,h2\-16,h2\-14,spdy/3.1,spdy/3,spdy/2,http/1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP

doc/h2load.1.rst

@@ -96,13 +96,13 @@ OPTIONS
     Set allowed  cipher list.  The  format of the  string is
     described in OpenSSL ciphers(1).
 
-    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
+    Default: ``ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS``
 
 .. option:: -p, --no-tls-proto=<PROTOID>
 
     Specify ALPN identifier of the  protocol to be used when
     accessing http URI without SSL/TLS.
-    Available protocols: h2c and
+    Available protocols: spdy/2, spdy/3, spdy/3.1, h2c and
     http/1.1
 
     Default: ``h2c``
@@ -196,7 +196,7 @@ OPTIONS
     only  and any  white spaces  are  treated as  a part  of
     protocol string.
 
-    Default: ``h2,h2-16,h2-14,http/1.1``
+    Default: ``h2,h2-16,h2-14,spdy/3.1,spdy/3,spdy/2,http/1.1``
 
 .. option:: --h1
 

doc/nghttp.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTP" "1" "May 30, 2017" "1.23.1" "nghttp2"
+.TH "NGHTTP" "1" "Jan 25, 2017" "1.19.0" "nghttp2"
 .SH NAME
 nghttp \- HTTP/2 client
 .
@@ -236,12 +236,6 @@ combined with the \fI\%\-d\fP option.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-y, \-\-no\-verify\-peer
-Suppress  warning  on  server  certificate  verification
-failure.
-.UNINDENT
-.INDENT 0.0
-.TP
 .B \-\-version
 Display version information and exit.
 .UNINDENT

doc/nghttp.1.rst

@@ -186,11 +186,6 @@ OPTIONS
     Continue interim response. This option is ignored unless
     combined with the :option:`-d` option.
 
-.. option:: -y, --no-verify-peer
-
-    Suppress  warning  on  server  certificate  verification
-    failure.
-
 .. option:: --version
 
     Display version information and exit.

doc/nghttpd.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPD" "1" "May 30, 2017" "1.23.1" "nghttp2"
+.TH "NGHTTPD" "1" "Jan 25, 2017" "1.19.0" "nghttp2"
 .SH NAME
 nghttpd \- HTTP/2 server
 .

doc/nghttpx.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPX" "1" "May 30, 2017" "1.23.1" "nghttp2"
+.TH "NGHTTPX" "1" "Jan 25, 2017" "1.19.0" "nghttp2"
 .SH NAME
 nghttpx \- HTTP/2 proxy
 .
@@ -62,7 +62,8 @@ domain socket  can be  specified by prefixing  path name
 with "unix:" (e.g., unix:/var/run/backend.sock).
 .sp
 Optionally, if <PATTERN>s are given, the backend address
-is  only  used  if  request matches  the  pattern.   The
+is  only  used  if  request  matches  the  pattern.   If
+\fI\%\-\-http2\-proxy\fP  is  used,  <PATTERN>s are  ignored.   The
 pattern  matching is  closely  designed  to ServeMux  in
 net/http package of  Go programming language.  <PATTERN>
 consists of  path, host +  path or just host.   The path
@@ -73,16 +74,11 @@ path which ends  with "\fI/\fP" also matches  the request path
 which  only  lacks  trailing  \(aq\fI/\fP\(aq  (e.g.,  path  "\fI/foo/\fP"
 matches request path  "\fI/foo\fP").  If it does  not end with
 "\fI/\fP", it  performs exact match against  the request path.
-If  host  is given,  it  performs  a match  against  the
-request host.   For a  request received on  the frontend
-lister  with "sni\-fwd"  parameter enabled,  SNI host  is
-used instead of a request host.  If host alone is given,
-"\fI/\fP" is  appended to it,  so that it matches  all request
-paths  under the  host  (e.g., specifying  "nghttp2.org"
-equals  to "nghttp2.org/").   CONNECT method  is treated
-specially.  It  does not have  path, and we  don\(aqt allow
-empty path.  To workaround  this, we assume that CONNECT
-method has "\fI/\fP" as path.
+If host  is given, it  performs exact match  against the
+request host.  If  host alone is given,  "\fI/\fP" is appended
+to it,  so that it  matches all request paths  under the
+host   (e.g.,   specifying   "nghttp2.org"   equals   to
+"nghttp2.org/").
 .sp
 Patterns with  host take  precedence over  patterns with
 just path.   Then, longer patterns take  precedence over
@@ -96,18 +92,6 @@ host    pattern    "*.nghttp2.org"    matches    against
 match  against  "nghttp2.org".   The exact  hosts  match
 takes precedence over the wildcard hosts match.
 .sp
-If path  part ends with  "*", it is treated  as wildcard
-path.  The  wildcard path  behaves differently  from the
-normal path.  For normal path,  match is made around the
-boundary of path component  separator,"\fI/\fP".  On the other
-hand, the wildcard  path does not take  into account the
-path component  separator.  All paths which  include the
-wildcard  path  without  last  "*" as  prefix,  and  are
-strictly longer than wildcard  path without last "*" are
-matched.  "*"  must match  at least one  character.  For
-example,  the   pattern  "\fI/foo*\fP"  matches   "\fI/foo/\fP"  and
-"\fI/foobar\fP".  But it does not match "\fI/foo\fP", or "\fI/fo\fP".
-.sp
 If <PATTERN> is omitted or  empty string, "\fI/\fP" is used as
 pattern,  which  matches  all request  paths  (catch\-all
 pattern).  The catch\-all backend must be given.
@@ -137,12 +121,12 @@ Several parameters <PARAM> are accepted after <PATTERN>.
 The  parameters are  delimited  by  ";".  The  available
 parameters       are:      "proto=<PROTO>",       "tls",
 "sni=<SNI_HOST>",         "fall=<N>",        "rise=<N>",
-"affinity=<METHOD>",  "dns", and  "redirect\-if\-not\-tls".
-The  parameter  consists   of  keyword,  and  optionally
-followed by  "=" and value.  For  example, the parameter
-"proto=h2"  consists of  the keyword  "proto" and  value
-"h2".  The parameter "tls" consists of the keyword "tls"
-without value.  Each parameter is described as follows.
+"affinity=<METHOD>", and "dns".   The parameter consists
+of keyword,  and optionally  followed by "="  and value.
+For example,  the parameter  "proto=h2" consists  of the
+keyword  "proto" and  value "h2".   The parameter  "tls"
+consists  of  the  keyword "tls"  without  value.   Each
+parameter is described as follows.
 .sp
 The backend application protocol  can be specified using
 optional  "proto"   parameter,  and   in  the   form  of
@@ -199,19 +183,6 @@ frequently.   If  "dns"  is given,  name  resolution  of
 backend   host   name   at  start   up,   or   reloading
 configuration is skipped.
 .sp
-If "redirect\-if\-not\-tls" parameter  is used, the matched
-backend  requires   that  frontend  connection   is  TLS
-encrypted.  If it isn\(aqt, nghttpx responds to the request
-with 308  status code, and  https URI the  client should
-use instead  is included in Location  header field.  The
-port number in  redirect URI is 443 by  default, and can
-be  changed using  \fI\%\-\-redirect\-https\-port\fP option.   If at
-least one  backend has  "redirect\-if\-not\-tls" parameter,
-this feature is enabled  for all backend servers sharing
-the   same   <PATTERN>.    It    is   advised   to   set
-"redirect\-if\-no\-tls"    parameter   to    all   backends
-explicitly if this feature is desired.
-.sp
 Since ";" and ":" are  used as delimiter, <PATTERN> must
 not  contain these  characters.  Since  ";" has  special
 meaning in shell, the option value must be quoted.
@@ -235,11 +206,6 @@ parameters are mutually exclusive.
 Optionally, TLS  can be disabled by  specifying "no\-tls"
 parameter.  TLS is enabled by default.
 .sp
-If "sni\-fwd" parameter is  used, when performing a match
-to select a backend server,  SNI host name received from
-the client  is used  instead of  the request  host.  See
-\fI\%\-\-backend\fP option about the pattern match.
-.sp
 To  make this  frontend as  API endpoint,  specify "api"
 parameter.   This   is  disabled  by  default.    It  is
 important  to  limit the  access  to  the API  frontend.
@@ -301,15 +267,6 @@ Default: \fB1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-single\-thread
-Run everything in one  thread inside the worker process.
-This   feature   is   provided  for   better   debugging
-experience,  or  for  the platforms  which  lack  thread
-support.   If  threading  is disabled,  this  option  is
-always enabled.
-.UNINDENT
-.INDENT 0.0
-.TP
 .B \-\-read\-rate=<SIZE>
 Set maximum  average read  rate on  frontend connection.
 Setting 0 to this option means read rate is unlimited.
@@ -496,7 +453,7 @@ Default: \fB0\fP
 Specify write  timeout for  HTTP/2 and SPDY  streams.  0
 means no timeout.
 .sp
-Default: \fB1m\fP
+Default: \fB0\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -574,7 +531,7 @@ Default: \fB2m\fP
 Set allowed  cipher list  for frontend  connection.  The
 format of the string is described in OpenSSL ciphers(1).
 .sp
-Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
+Default: \fBECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256:ECDHE\-ECDSA\-AES128\-SHA:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-RSA\-AES128\-SHA:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES256\-SHA:ECDHE\-RSA\-AES256\-SHA:DHE\-RSA\-AES128\-SHA256:DHE\-RSA\-AES128\-SHA:DHE\-RSA\-AES256\-SHA256:DHE\-RSA\-AES256\-SHA:ECDHE\-ECDSA\-DES\-CBC3\-SHA:ECDHE\-RSA\-DES\-CBC3\-SHA:EDH\-RSA\-DES\-CBC3\-SHA:AES128\-GCM\-SHA256:AES256\-GCM\-SHA384:AES128\-SHA256:AES256\-SHA256:AES128\-SHA:AES256\-SHA:DES\-CBC3\-SHA:!DSS\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -582,7 +539,7 @@ Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:EC
 Set  allowed cipher  list for  backend connection.   The
 format of the string is described in OpenSSL ciphers(1).
 .sp
-Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
+Default: \fBECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256:ECDHE\-ECDSA\-AES128\-SHA:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-RSA\-AES128\-SHA:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES256\-SHA:ECDHE\-RSA\-AES256\-SHA:DHE\-RSA\-AES128\-SHA256:DHE\-RSA\-AES128\-SHA:DHE\-RSA\-AES256\-SHA256:DHE\-RSA\-AES256\-SHA:ECDHE\-ECDSA\-DES\-CBC3\-SHA:ECDHE\-RSA\-DES\-CBC3\-SHA:EDH\-RSA\-DES\-CBC3\-SHA:AES128\-GCM\-SHA256:AES256\-GCM\-SHA384:AES128\-SHA256:AES256\-SHA256:AES128\-SHA:AES256\-SHA:DES\-CBC3\-SHA:!DSS\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -622,14 +579,9 @@ password protected it\(aqll be requested interactively.
 .B \-\-subcert=<KEYPATH>:<CERTPATH>[[;<PARAM>]...]
 Specify  additional certificate  and  private key  file.
 nghttpx will  choose certificates based on  the hostname
-indicated by client using TLS SNI extension.  If nghttpx
-is  built with  OpenSSL  >= 1.0.2,  the shared  elliptic
-curves (e.g., P\-256) between  client and server are also
-taken into  consideration.  This allows nghttpx  to send
-ECDSA certificate  to modern clients, while  sending RSA
-based certificate to older  clients.  This option can be
-used  multiple  times.   To  make  OCSP  stapling  work,
-<CERTPATH> must be absolute path.
+indicated  by  client  using TLS  SNI  extension.   This
+option  can  be  used  multiple  times.   To  make  OCSP
+stapling work, <CERTPATH> must be absolute path.
 .sp
 Additional parameter  can be specified in  <PARAM>.  The
 available <PARAM> is "sct\-dir=<DIR>".
@@ -657,7 +609,7 @@ NPN.  The parameter must be  delimited by a single comma
 only  and any  white spaces  are  treated as  a part  of
 protocol string.
 .sp
-Default: \fBh2,h2\-16,h2\-14,http/1.1\fP
+Default: \fBh2,h2\-16,h2\-14,spdy/3.1,http/1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -685,29 +637,18 @@ backend client authentication.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-tls\-min\-proto\-version=<VER>
-Specify minimum SSL/TLS protocol.   The name matching is
-done in  case\-insensitive manner.  The  versions between
-\fI\%\-\-tls\-min\-proto\-version\fP and  \fI\%\-\-tls\-max\-proto\-version\fP are
-enabled.  If the protocol list advertised by client does
-not  overlap  this range,  you  will  receive the  error
-message "unknown protocol".  The available versions are:
-TLSv1.2, TLSv1.1, and TLSv1.0
+.B \-\-tls\-proto\-list=<LIST>
+Comma delimited list of  SSL/TLS protocol to be enabled.
+The following protocols  are available: TLSv1.2, TLSv1.1
+and   TLSv1.0.    The   name   matching   is   done   in
+case\-insensitive   manner.    The  parameter   must   be
+delimited by  a single comma  only and any  white spaces
+are  treated  as a  part  of  protocol string.   If  the
+protocol list advertised by client does not overlap this
+list,  you  will  receive  the  error  message  "unknown
+protocol".
 .sp
-Default: \fBTLSv1.1\fP
-.UNINDENT
-.INDENT 0.0
-.TP
-.B \-\-tls\-max\-proto\-version=<VER>
-Specify maximum SSL/TLS protocol.   The name matching is
-done in  case\-insensitive manner.  The  versions between
-\fI\%\-\-tls\-min\-proto\-version\fP and  \fI\%\-\-tls\-max\-proto\-version\fP are
-enabled.  If the protocol list advertised by client does
-not  overlap  this range,  you  will  receive the  error
-message "unknown protocol".  The available versions are:
-TLSv1.2, TLSv1.1, and TLSv1.0
-.sp
-Default: \fBTLSv1.2\fP
+Default: \fBTLSv1.2,TLSv1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -824,20 +765,6 @@ Default: \fB4h\fP
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-ocsp\-startup
-Start  accepting connections  after initial  attempts to
-get OCSP responses  finish.  It does not  matter some of
-the  attempts  fail.  This  feature  is  useful if  OCSP
-responses   must    be   available    before   accepting
-connections.
-.UNINDENT
-.INDENT 0.0
-.TP
-.B \-\-no\-verify\-ocsp
-nghttpx does not verify OCSP response.
-.UNINDENT
-.INDENT 0.0
-.TP
 .B \-\-no\-ocsp
 Disable OCSP stapling.
 .UNINDENT
@@ -1175,17 +1102,15 @@ $alpn: ALPN identifier of the protocol which generates
 the response.   For HTTP/1,  ALPN is  always http/1.1,
 regardless of minor version.
 .IP \(bu 2
-$tls_cipher: cipher used for SSL/TLS connection.
+$ssl_cipher: cipher used for SSL/TLS connection.
 .IP \(bu 2
-$tls_protocol: protocol for SSL/TLS connection.
+$ssl_protocol: protocol for SSL/TLS connection.
 .IP \(bu 2
-$tls_session_id: session ID for SSL/TLS connection.
+$ssl_session_id: session ID for SSL/TLS connection.
 .IP \(bu 2
-$tls_session_reused:  "r"   if  SSL/TLS   session  was
+$ssl_session_reused:  "r"   if  SSL/TLS   session  was
 reused.  Otherwise, "."
 .IP \(bu 2
-$tls_sni: SNI server name for SSL/TLS connection.
-.IP \(bu 2
 $backend_host:  backend  host   used  to  fulfill  the
 request.  "\-" if backend host is not available.
 .IP \(bu 2
@@ -1242,21 +1167,6 @@ requests.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-no\-add\-x\-forwarded\-proto
-Don\(aqt append  additional X\-Forwarded\-Proto  header field
-to  the   backend  request.   If  inbound   client  sets
-X\-Forwarded\-Proto,                                   and
-\fI\%\-\-no\-strip\-incoming\-x\-forwarded\-proto\fP  option  is  used,
-they are passed to the backend.
-.UNINDENT
-.INDENT 0.0
-.TP
-.B \-\-no\-strip\-incoming\-x\-forwarded\-proto
-Don\(aqt strip X\-Forwarded\-Proto  header field from inbound
-client requests.
-.UNINDENT
-.INDENT 0.0
-.TP
 .B \-\-add\-forwarded=<LIST>
 Append RFC  7239 Forwarded header field  with parameters
 specified in comma delimited list <LIST>.  The supported
@@ -1403,7 +1313,7 @@ backend server, the custom error pages are not used.
 .B \-\-server\-name=<NAME>
 Change server response header field value to <NAME>.
 .sp
-Default: \fBnghttpx\fP
+Default: \fBnghttpx nghttp2/1.19.0\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -1412,15 +1322,6 @@ Don\(aqt rewrite server header field in default mode.  When
 \fI\%\-\-http2\-proxy\fP is used, these headers will not be altered
 regardless of this option.
 .UNINDENT
-.INDENT 0.0
-.TP
-.B \-\-redirect\-https\-port=<PORT>
-Specify the port number which appears in Location header
-field  when  redirect  to  HTTPS  URI  is  made  due  to
-"redirect\-if\-not\-tls" parameter in \fI\%\-\-backend\fP option.
-.sp
-Default: \fB443\fP
-.UNINDENT
 .SS API
 .INDENT 0.0
 .TP
@@ -1456,16 +1357,6 @@ lookup.
 .sp
 Default: \fB2\fP
 .UNINDENT
-.INDENT 0.0
-.TP
-.B \-\-frontend\-max\-requests=<N>
-The number  of requests that single  frontend connection
-can process.  For HTTP/2, this  is the number of streams
-in  one  HTTP/2 connection.   For  HTTP/1,  this is  the
-number of keep alive requests.  This is hint to nghttpx,
-and it  may allow additional few  requests.  The default
-value is unlimited.
-.UNINDENT
 .SS Debug
 .INDENT 0.0
 .TP
@@ -1510,17 +1401,6 @@ Set path to save PID of this program.
 Run this program as <USER>.   This option is intended to
 be used to drop root privileges.
 .UNINDENT
-.INDENT 0.0
-.TP
-.B \-\-single\-process
-Run this program in a  single process mode for debugging
-purpose.  Without this option,  nghttpx creates at least
-2  processes:  master  and worker  processes.   If  this
-option is  used, master  and worker  are unified  into a
-single process.  nghttpx still spawns additional process
-if neverbleed is used.  In  the single process mode, the
-signal handling feature is disabled.
-.UNINDENT
 .SS Scripting
 .INDENT 0.0
 .TP
@@ -1531,9 +1411,7 @@ Set mruby script file
 .INDENT 0.0
 .TP
 .B \-\-conf=<PATH>
-Load  configuration  from   <PATH>.   Please  note  that
-nghttpx always  tries to read the  default configuration
-file if \fI\%\-\-conf\fP is not given.
+Load configuration from <PATH>.
 .sp
 Default: \fB/etc/nghttpx/nghttpx.conf\fP
 .UNINDENT
@@ -1660,23 +1538,16 @@ Reload configuration file given in \fI\%\-\-conf\fP\&.
 .TP
 .B SIGUSR1
 Reopen log files.
-.UNINDENT
-.sp
-SIGUSR2
-.INDENT 0.0
-.INDENT 3.5
+.TP
+.B SIGUSR2
 Fork and execute nghttpx.  It will execute the binary in the same
-path with same command\-line arguments and environment variables.  As
-of nghttpx version 1.20.0, the new master process sends SIGQUIT to
-the original master process when it is ready to serve requests.  For
-the earlier versions of nghttpx, user has to send SIGQUIT to the
-original master process.
-.sp
-The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
-is usually used to execute new binary, and the master process is
-newly spawned.  On the other hand, the latter just reloads
-configuration file, and the same master process continues to exist.
-.UNINDENT
+path with same command\-line arguments and environment variables.
+After new process comes up, sending SIGQUIT to the original process
+to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
+and SIGHUP is that former is usually used to execute new binary, and
+the master process is newly spawned.  On the other hand, the latter
+just reloads configuration file, and the same master process
+continues to exist.
 .UNINDENT
 .sp
 \fBNOTE:\fP
@@ -1756,22 +1627,6 @@ be customized using \fI\%\-\-fetch\-ocsp\-response\-file\fP option.
 .sp
 If OCSP query is failed, previous OCSP response, if any, is continued
 to be used.
-.sp
-\fI\%\-\-fetch\-ocsp\-response\-file\fP option provides wide range of
-possibility to manage OCSP response.  It can take an arbitrary script
-or executable.  The requirement is that it supports the command\-line
-interface of \fBfetch\-ocsp\-response\fP script, and it must return a
-valid DER encoded OCSP response on success.  It must return exit code
-0 on success, and 75 for temporary error, and the other error code for
-generic failure.  For large cluster of servers, it is not efficient
-for each server to perform OCSP query using \fBfetch\-ocsp\-response\fP\&.
-Instead, you can retrieve OCSP response in some way, and store it in a
-disk or a shared database.  Then specify a program in
-\fI\%\-\-fetch\-ocsp\-response\-file\fP to fetch it from those stores.
-This could provide a way to share the OCSP response between fleet of
-servers, and also any OCSP query strategy can be applied which may be
-beyond the ability of nghttpx itself or \fBfetch\-ocsp\-response\fP
-script.
 .SH TLS SESSION RESUMPTION
 .sp
 nghttpx supports TLS session resumption through both session ID and
@@ -2113,19 +1968,6 @@ completely custom header fields, first call
 existing header fields, and then add required header fields.
 It is an error to call this method twice for a given request.
 .UNINDENT
-.INDENT 7.0
-.TP
-.B send_info(status, headers)
-Send non\-final (informational) response to a client.  \fIstatus\fP
-must be in the range [100, 199], inclusive.  \fIheaders\fP is a
-hash containing response header fields.  Its key must be a
-string, and the associated value must be either string or
-array of strings.  Since this is not a final response, even if
-this method is invoked, request is still forwarded to a
-backend unless \fI\%Nghttpx::Response#return\fP is called.
-This method can be called multiple times.  It cannot be called
-after \fI\%Nghttpx::Response#return\fP is called.
-.UNINDENT
 .UNINDENT
 .SS MRUBY EXAMPLES
 .sp
@@ -2201,18 +2043,15 @@ The request was failed.  No change has been made.
 HTTP status code
 .UNINDENT
 .sp
-Additionally, depending on the API endpoint, \fBdata\fP key may be
-present, and its value contains the API endpoint specific data.
-.sp
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
 .sp
 The following section describes available API endpoints.
-.SS POST /api/v1beta1/backendconfig
+.SS PUT /api/v1beta1/backendconfig
 .sp
 This API replaces the current backend server settings with the
-requested ones.  The request method should be POST, but PUT is also
+requested ones.  The request method should be PUT, but POST is also
 acceptable.  The request body must be nghttpx configuration file
 format.  For configuration file format, see \fI\%FILES\fP section.  The
 line separator inside the request body must be single LF (0x0A).
@@ -2231,24 +2070,6 @@ The one limitation is that only numeric IP address is allowd in
 \fI\%backend\fP in request body unless "dns" parameter
 is used while non numeric hostname is allowed in command\-line or
 configuration file is read using \fI\%\-\-conf\fP\&.
-.SS GET /api/v1beta1/configrevision
-.sp
-This API returns configuration revision of the current nghttpx.  The
-configuration revision is opaque string, and it changes after each
-reloading by SIGHUP.  With this API, an external application knows
-that whether nghttpx has finished reloading its configuration by
-comparing the configuration revisions between before and after
-reloading.  It is recommended to disable persistent (keep\-alive)
-connection for this purpose in order to avoid to send a request using
-the reused connection which may bound to an old process.
-.sp
-This API returns response including \fBdata\fP key.  Its value is JSON
-object, and it contains at least the following key:
-.INDENT 0.0
-.TP
-.B configRevision
-The configuration revision of the current nghttpx
-.UNINDENT
 .SH SEE ALSO
 .sp
 \fBnghttp(1)\fP, \fBnghttpd(1)\fP, \fBh2load(1)\fP

doc/nghttpx.1.rst

@@ -46,7 +46,8 @@ Connections
     with "unix:" (e.g., unix:/var/run/backend.sock).
 
     Optionally, if <PATTERN>s are given, the backend address
-    is  only  used  if  request matches  the  pattern.   The
+    is  only  used  if  request  matches  the  pattern.   If
+    :option:`--http2-proxy`  is  used,  <PATTERN>s are  ignored.   The
     pattern  matching is  closely  designed  to ServeMux  in
     net/http package of  Go programming language.  <PATTERN>
     consists of  path, host +  path or just host.   The path
@@ -57,16 +58,11 @@ Connections
     which  only  lacks  trailing  '*/*'  (e.g.,  path  "*/foo/*"
     matches request path  "*/foo*").  If it does  not end with
     "*/*", it  performs exact match against  the request path.
-    If  host  is given,  it  performs  a match  against  the
-    request host.   For a  request received on  the frontend
-    lister  with "sni-fwd"  parameter enabled,  SNI host  is
-    used instead of a request host.  If host alone is given,
-    "*/*" is  appended to it,  so that it matches  all request
-    paths  under the  host  (e.g., specifying  "nghttp2.org"
-    equals  to "nghttp2.org/").   CONNECT method  is treated
-    specially.  It  does not have  path, and we  don't allow
-    empty path.  To workaround  this, we assume that CONNECT
-    method has "*/*" as path.
+    If host  is given, it  performs exact match  against the
+    request host.  If  host alone is given,  "*/*" is appended
+    to it,  so that it  matches all request paths  under the
+    host   (e.g.,   specifying   "nghttp2.org"   equals   to
+    "nghttp2.org/").
 
     Patterns with  host take  precedence over  patterns with
     just path.   Then, longer patterns take  precedence over
@@ -80,18 +76,6 @@ Connections
     match  against  "nghttp2.org".   The exact  hosts  match
     takes precedence over the wildcard hosts match.
 
-    If path  part ends with  "\*", it is treated  as wildcard
-    path.  The  wildcard path  behaves differently  from the
-    normal path.  For normal path,  match is made around the
-    boundary of path component  separator,"*/*".  On the other
-    hand, the wildcard  path does not take  into account the
-    path component  separator.  All paths which  include the
-    wildcard  path  without  last  "\*" as  prefix,  and  are
-    strictly longer than wildcard  path without last "\*" are
-    matched.  "\*"  must match  at least one  character.  For
-    example,  the   pattern  "*/foo\**"  matches   "*/foo/*"  and
-    "*/foobar*".  But it does not match "*/foo*", or "*/fo*".
-
     If <PATTERN> is omitted or  empty string, "*/*" is used as
     pattern,  which  matches  all request  paths  (catch-all
     pattern).  The catch-all backend must be given.
@@ -121,12 +105,12 @@ Connections
     The  parameters are  delimited  by  ";".  The  available
     parameters       are:      "proto=<PROTO>",       "tls",
     "sni=<SNI_HOST>",         "fall=<N>",        "rise=<N>",
-    "affinity=<METHOD>",  "dns", and  "redirect-if-not-tls".
-    The  parameter  consists   of  keyword,  and  optionally
-    followed by  "=" and value.  For  example, the parameter
-    "proto=h2"  consists of  the keyword  "proto" and  value
-    "h2".  The parameter "tls" consists of the keyword "tls"
-    without value.  Each parameter is described as follows.
+    "affinity=<METHOD>", and "dns".   The parameter consists
+    of keyword,  and optionally  followed by "="  and value.
+    For example,  the parameter  "proto=h2" consists  of the
+    keyword  "proto" and  value "h2".   The parameter  "tls"
+    consists  of  the  keyword "tls"  without  value.   Each
+    parameter is described as follows.
 
     The backend application protocol  can be specified using
     optional  "proto"   parameter,  and   in  the   form  of
@@ -183,19 +167,6 @@ Connections
     backend   host   name   at  start   up,   or   reloading
     configuration is skipped.
 
-    If "redirect-if-not-tls" parameter  is used, the matched
-    backend  requires   that  frontend  connection   is  TLS
-    encrypted.  If it isn't, nghttpx responds to the request
-    with 308  status code, and  https URI the  client should
-    use instead  is included in Location  header field.  The
-    port number in  redirect URI is 443 by  default, and can
-    be  changed using  :option:`--redirect-https-port` option.   If at
-    least one  backend has  "redirect-if-not-tls" parameter,
-    this feature is enabled  for all backend servers sharing
-    the   same   <PATTERN>.    It    is   advised   to   set
-    "redirect-if-no-tls"    parameter   to    all   backends
-    explicitly if this feature is desired.
-
     Since ";" and ":" are  used as delimiter, <PATTERN> must
     not  contain these  characters.  Since  ";" has  special
     meaning in shell, the option value must be quoted.
@@ -219,11 +190,6 @@ Connections
     Optionally, TLS  can be disabled by  specifying "no-tls"
     parameter.  TLS is enabled by default.
 
-    If "sni-fwd" parameter is  used, when performing a match
-    to select a backend server,  SNI host name received from
-    the client  is used  instead of  the request  host.  See
-    :option:`--backend` option about the pattern match.
-
     To  make this  frontend as  API endpoint,  specify "api"
     parameter.   This   is  disabled  by  default.    It  is
     important  to  limit the  access  to  the API  frontend.
@@ -283,14 +249,6 @@ Performance
 
     Default: ``1``
 
-.. option:: --single-thread
-
-    Run everything in one  thread inside the worker process.
-    This   feature   is   provided  for   better   debugging
-    experience,  or  for  the platforms  which  lack  thread
-    support.   If  threading  is disabled,  this  option  is
-    always enabled.
-
 .. option:: --read-rate=<SIZE>
 
     Set maximum  average read  rate on  frontend connection.
@@ -460,7 +418,7 @@ Timeout
     Specify write  timeout for  HTTP/2 and SPDY  streams.  0
     means no timeout.
 
-    Default: ``1m``
+    Default: ``0``
 
 .. option:: --backend-read-timeout=<DURATION>
 
@@ -532,14 +490,14 @@ SSL/TLS
     Set allowed  cipher list  for frontend  connection.  The
     format of the string is described in OpenSSL ciphers(1).
 
-    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
+    Default: ``ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS``
 
 .. option:: --client-ciphers=<SUITE>
 
     Set  allowed cipher  list for  backend connection.   The
     format of the string is described in OpenSSL ciphers(1).
 
-    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
+    Default: ``ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS``
 
 .. option:: --ecdh-curves=<LIST>
 
@@ -574,14 +532,9 @@ SSL/TLS
 
     Specify  additional certificate  and  private key  file.
     nghttpx will  choose certificates based on  the hostname
-    indicated by client using TLS SNI extension.  If nghttpx
-    is  built with  OpenSSL  >= 1.0.2,  the shared  elliptic
-    curves (e.g., P-256) between  client and server are also
-    taken into  consideration.  This allows nghttpx  to send
-    ECDSA certificate  to modern clients, while  sending RSA
-    based certificate to older  clients.  This option can be
-    used  multiple  times.   To  make  OCSP  stapling  work,
-    <CERTPATH> must be absolute path.
+    indicated  by  client  using TLS  SNI  extension.   This
+    option  can  be  used  multiple  times.   To  make  OCSP
+    stapling work, <CERTPATH> must be absolute path.
 
     Additional parameter  can be specified in  <PARAM>.  The
     available <PARAM> is "sct-dir=<DIR>".
@@ -607,7 +560,7 @@ SSL/TLS
     only  and any  white spaces  are  treated as  a part  of
     protocol string.
 
-    Default: ``h2,h2-16,h2-14,http/1.1``
+    Default: ``h2,h2-16,h2-14,spdy/3.1,http/1.1``
 
 .. option:: --verify-client
 
@@ -629,29 +582,19 @@ SSL/TLS
     Path to  file that  contains client certificate  used in
     backend client authentication.
 
-.. option:: --tls-min-proto-version=<VER>
+.. option:: --tls-proto-list=<LIST>
 
-    Specify minimum SSL/TLS protocol.   The name matching is
-    done in  case-insensitive manner.  The  versions between
-    :option:`--tls-min-proto-version` and  :option:`\--tls-max-proto-version` are
-    enabled.  If the protocol list advertised by client does
-    not  overlap  this range,  you  will  receive the  error
-    message "unknown protocol".  The available versions are:
-    TLSv1.2, TLSv1.1, and TLSv1.0
+    Comma delimited list of  SSL/TLS protocol to be enabled.
+    The following protocols  are available: TLSv1.2, TLSv1.1
+    and   TLSv1.0.    The   name   matching   is   done   in
+    case-insensitive   manner.    The  parameter   must   be
+    delimited by  a single comma  only and any  white spaces
+    are  treated  as a  part  of  protocol string.   If  the
+    protocol list advertised by client does not overlap this
+    list,  you  will  receive  the  error  message  "unknown
+    protocol".
 
-    Default: ``TLSv1.1``
-
-.. option:: --tls-max-proto-version=<VER>
-
-    Specify maximum SSL/TLS protocol.   The name matching is
-    done in  case-insensitive manner.  The  versions between
-    :option:`--tls-min-proto-version` and  :option:`\--tls-max-proto-version` are
-    enabled.  If the protocol list advertised by client does
-    not  overlap  this range,  you  will  receive the  error
-    message "unknown protocol".  The available versions are:
-    TLSv1.2, TLSv1.1, and TLSv1.0
-
-    Default: ``TLSv1.2``
+    Default: ``TLSv1.2,TLSv1.1``
 
 .. option:: --tls-ticket-key-file=<PATH>
 
@@ -755,18 +698,6 @@ SSL/TLS
 
     Default: ``4h``
 
-.. option:: --ocsp-startup
-
-    Start  accepting connections  after initial  attempts to
-    get OCSP responses  finish.  It does not  matter some of
-    the  attempts  fail.  This  feature  is  useful if  OCSP
-    responses   must    be   available    before   accepting
-    connections.
-
-.. option:: --no-verify-ocsp
-
-    nghttpx does not verify OCSP response.
-
 .. option:: --no-ocsp
 
     Disable OCSP stapling.
@@ -1070,12 +1001,11 @@ Logging
     * $alpn: ALPN identifier of the protocol which generates
       the response.   For HTTP/1,  ALPN is  always http/1.1,
       regardless of minor version.
-    * $tls_cipher: cipher used for SSL/TLS connection.
-    * $tls_protocol: protocol for SSL/TLS connection.
-    * $tls_session_id: session ID for SSL/TLS connection.
-    * $tls_session_reused:  "r"   if  SSL/TLS   session  was
+    * $ssl_cipher: cipher used for SSL/TLS connection.
+    * $ssl_protocol: protocol for SSL/TLS connection.
+    * $ssl_session_id: session ID for SSL/TLS connection.
+    * $ssl_session_reused:  "r"   if  SSL/TLS   session  was
       reused.  Otherwise, "."
-    * $tls_sni: SNI server name for SSL/TLS connection.
     * $backend_host:  backend  host   used  to  fulfill  the
       request.  "-" if backend host is not available.
     * $backend_port:  backend  port   used  to  fulfill  the
@@ -1126,19 +1056,6 @@ HTTP
     Strip X-Forwarded-For  header field from  inbound client
     requests.
 
-.. option:: --no-add-x-forwarded-proto
-
-    Don't append  additional X-Forwarded-Proto  header field
-    to  the   backend  request.   If  inbound   client  sets
-    X-Forwarded-Proto,                                   and
-    :option:`--no-strip-incoming-x-forwarded-proto`  option  is  used,
-    they are passed to the backend.
-
-.. option:: --no-strip-incoming-x-forwarded-proto
-
-    Don't strip X-Forwarded-Proto  header field from inbound
-    client requests.
-
 .. option:: --add-forwarded=<LIST>
 
     Append RFC  7239 Forwarded header field  with parameters
@@ -1271,7 +1188,7 @@ HTTP
 
     Change server response header field value to <NAME>.
 
-    Default: ``nghttpx``
+    Default: ``nghttpx nghttp2/1.19.0``
 
 .. option:: --no-server-rewrite
 
@@ -1279,14 +1196,6 @@ HTTP
     :option:`--http2-proxy` is used, these headers will not be altered
     regardless of this option.
 
-.. option:: --redirect-https-port=<PORT>
-
-    Specify the port number which appears in Location header
-    field  when  redirect  to  HTTPS  URI  is  made  due  to
-    "redirect-if-not-tls" parameter in :option:`--backend` option.
-
-    Default: ``443``
-
 
 API
 ~~~
@@ -1324,15 +1233,6 @@ DNS
 
     Default: ``2``
 
-.. option:: --frontend-max-requests=<N>
-
-    The number  of requests that single  frontend connection
-    can process.  For HTTP/2, this  is the number of streams
-    in  one  HTTP/2 connection.   For  HTTP/1,  this is  the
-    number of keep alive requests.  This is hint to nghttpx,
-    and it  may allow additional few  requests.  The default
-    value is unlimited.
-
 
 Debug
 ~~~~~
@@ -1377,16 +1277,6 @@ Process
     Run this program as <USER>.   This option is intended to
     be used to drop root privileges.
 
-.. option:: --single-process
-
-    Run this program in a  single process mode for debugging
-    purpose.  Without this option,  nghttpx creates at least
-    2  processes:  master  and worker  processes.   If  this
-    option is  used, master  and worker  are unified  into a
-    single process.  nghttpx still spawns additional process
-    if neverbleed is used.  In  the single process mode, the
-    signal handling feature is disabled.
-
 
 Scripting
 ~~~~~~~~~
@@ -1401,9 +1291,7 @@ Misc
 
 .. option:: --conf=<PATH>
 
-    Load  configuration  from   <PATH>.   Please  note  that
-    nghttpx always  tries to read the  default configuration
-    file if :option:`--conf` is not given.
+    Load configuration from <PATH>.
 
     Default: ``/etc/nghttpx/nghttpx.conf``
 
@@ -1517,18 +1405,14 @@ SIGUSR1
   Reopen log files.
 
 SIGUSR2
-
   Fork and execute nghttpx.  It will execute the binary in the same
-  path with same command-line arguments and environment variables.  As
-  of nghttpx version 1.20.0, the new master process sends SIGQUIT to
-  the original master process when it is ready to serve requests.  For
-  the earlier versions of nghttpx, user has to send SIGQUIT to the
-  original master process.
-
-  The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
-  is usually used to execute new binary, and the master process is
-  newly spawned.  On the other hand, the latter just reloads
-  configuration file, and the same master process continues to exist.
+  path with same command-line arguments and environment variables.
+  After new process comes up, sending SIGQUIT to the original process
+  to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
+  and SIGHUP is that former is usually used to execute new binary, and
+  the master process is newly spawned.  On the other hand, the latter
+  just reloads configuration file, and the same master process
+  continues to exist.
 
 .. note::
 
@@ -1605,22 +1489,6 @@ be customized using :option:`--fetch-ocsp-response-file` option.
 If OCSP query is failed, previous OCSP response, if any, is continued
 to be used.
 
-:option:`--fetch-ocsp-response-file` option provides wide range of
-possibility to manage OCSP response.  It can take an arbitrary script
-or executable.  The requirement is that it supports the command-line
-interface of ``fetch-ocsp-response`` script, and it must return a
-valid DER encoded OCSP response on success.  It must return exit code
-0 on success, and 75 for temporary error, and the other error code for
-generic failure.  For large cluster of servers, it is not efficient
-for each server to perform OCSP query using ``fetch-ocsp-response``.
-Instead, you can retrieve OCSP response in some way, and store it in a
-disk or a shared database.  Then specify a program in
-:option:`--fetch-ocsp-response-file` to fetch it from those stores.
-This could provide a way to share the OCSP response between fleet of
-servers, and also any OCSP query strategy can be applied which may be
-beyond the ability of nghttpx itself or ``fetch-ocsp-response``
-script.
-
 TLS SESSION RESUMPTION
 ----------------------
 
@@ -1936,18 +1804,6 @@ respectively.
         existing header fields, and then add required header fields.
         It is an error to call this method twice for a given request.
 
-    .. rb:method:: send_info(status, headers)
-
-        Send non-final (informational) response to a client.  *status*
-        must be in the range [100, 199], inclusive.  *headers* is a
-        hash containing response header fields.  Its key must be a
-        string, and the associated value must be either string or
-        array of strings.  Since this is not a final response, even if
-        this method is invoked, request is still forwarded to a
-        backend unless :rb:meth:`Nghttpx::Response#return` is called.
-        This method can be called multiple times.  It cannot be called
-        after :rb:meth:`Nghttpx::Response#return` is called.
-
 MRUBY EXAMPLES
 ~~~~~~~~~~~~~~
 
@@ -2009,20 +1865,17 @@ status
 code
   HTTP status code
 
-Additionally, depending on the API endpoint, ``data`` key may be
-present, and its value contains the API endpoint specific data.
-
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
 
 The following section describes available API endpoints.
 
-POST /api/v1beta1/backendconfig
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+PUT /api/v1beta1/backendconfig
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 This API replaces the current backend server settings with the
-requested ones.  The request method should be POST, but PUT is also
+requested ones.  The request method should be PUT, but POST is also
 acceptable.  The request body must be nghttpx configuration file
 format.  For configuration file format, see `FILES`_ section.  The
 line separator inside the request body must be single LF (0x0A).
@@ -2043,25 +1896,6 @@ The one limitation is that only numeric IP address is allowd in
 is used while non numeric hostname is allowed in command-line or
 configuration file is read using :option:`--conf`.
 
-GET /api/v1beta1/configrevision
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This API returns configuration revision of the current nghttpx.  The
-configuration revision is opaque string, and it changes after each
-reloading by SIGHUP.  With this API, an external application knows
-that whether nghttpx has finished reloading its configuration by
-comparing the configuration revisions between before and after
-reloading.  It is recommended to disable persistent (keep-alive)
-connection for this purpose in order to avoid to send a request using
-the reused connection which may bound to an old process.
-
-This API returns response including ``data`` key.  Its value is JSON
-object, and it contains at least the following key:
-
-configRevision
-  The configuration revision of the current nghttpx
-
-
 SEE ALSO
 --------
 

doc/nghttpx.h2r

@@ -83,18 +83,14 @@ SIGUSR1
   Reopen log files.
 
 SIGUSR2
-
   Fork and execute nghttpx.  It will execute the binary in the same
-  path with same command-line arguments and environment variables.  As
-  of nghttpx version 1.20.0, the new master process sends SIGQUIT to
-  the original master process when it is ready to serve requests.  For
-  the earlier versions of nghttpx, user has to send SIGQUIT to the
-  original master process.
-
-  The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
-  is usually used to execute new binary, and the master process is
-  newly spawned.  On the other hand, the latter just reloads
-  configuration file, and the same master process continues to exist.
+  path with same command-line arguments and environment variables.
+  After new process comes up, sending SIGQUIT to the original process
+  to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
+  and SIGHUP is that former is usually used to execute new binary, and
+  the master process is newly spawned.  On the other hand, the latter
+  just reloads configuration file, and the same master process
+  continues to exist.
 
 .. note::
 
@@ -171,22 +167,6 @@ be customized using :option:`--fetch-ocsp-response-file` option.
 If OCSP query is failed, previous OCSP response, if any, is continued
 to be used.
 
-:option:`--fetch-ocsp-response-file` option provides wide range of
-possibility to manage OCSP response.  It can take an arbitrary script
-or executable.  The requirement is that it supports the command-line
-interface of ``fetch-ocsp-response`` script, and it must return a
-valid DER encoded OCSP response on success.  It must return exit code
-0 on success, and 75 for temporary error, and the other error code for
-generic failure.  For large cluster of servers, it is not efficient
-for each server to perform OCSP query using ``fetch-ocsp-response``.
-Instead, you can retrieve OCSP response in some way, and store it in a
-disk or a shared database.  Then specify a program in
-:option:`--fetch-ocsp-response-file` to fetch it from those stores.
-This could provide a way to share the OCSP response between fleet of
-servers, and also any OCSP query strategy can be applied which may be
-beyond the ability of nghttpx itself or ``fetch-ocsp-response``
-script.
-
 TLS SESSION RESUMPTION
 ----------------------
 
@@ -502,18 +482,6 @@ respectively.
         existing header fields, and then add required header fields.
         It is an error to call this method twice for a given request.
 
-    .. rb:method:: send_info(status, headers)
-
-        Send non-final (informational) response to a client.  *status*
-        must be in the range [100, 199], inclusive.  *headers* is a
-        hash containing response header fields.  Its key must be a
-        string, and the associated value must be either string or
-        array of strings.  Since this is not a final response, even if
-        this method is invoked, request is still forwarded to a
-        backend unless :rb:meth:`Nghttpx::Response#return` is called.
-        This method can be called multiple times.  It cannot be called
-        after :rb:meth:`Nghttpx::Response#return` is called.
-
 MRUBY EXAMPLES
 ~~~~~~~~~~~~~~
 
@@ -575,9 +543,6 @@ status
 code
   HTTP status code
 
-Additionally, depending on the API endpoint, ``data`` key may be
-present, and its value contains the API endpoint specific data.
-
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
@@ -609,25 +574,6 @@ The one limitation is that only numeric IP address is allowd in
 is used while non numeric hostname is allowed in command-line or
 configuration file is read using :option:`--conf`.
 
-GET /api/v1beta1/configrevision
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This API returns configuration revision of the current nghttpx.  The
-configuration revision is opaque string, and it changes after each
-reloading by SIGHUP.  With this API, an external application knows
-that whether nghttpx has finished reloading its configuration by
-comparing the configuration revisions between before and after
-reloading.  It is recommended to disable persistent (keep-alive)
-connection for this purpose in order to avoid to send a request using
-the reused connection which may bound to an old process.
-
-This API returns response including ``data`` key.  Its value is JSON
-object, and it contains at least the following key:
-
-configRevision
-  The configuration revision of the current nghttpx
-
-
 SEE ALSO
 --------
 

doc/programmers-guide.rst

@@ -116,10 +116,7 @@ briefly describe what the library does in this area.  In the following
 description, without loss of generality we omit CONTINUATION frame
 since they must follow HEADERS frame and are processed atomically.  In
 other words, they are just one big HEADERS frame.  To disable these
-validations, use `nghttp2_option_set_no_http_messaging()`.  Please
-note that disabling this feature does not change the fundamental
-client and server model of HTTP.  That is, even if the validation is
-disabled, only client can send requests.
+validations, use `nghttp2_option_set_no_http_messaging()`.
 
 For HTTP request, including those carried by PUSH_PROMISE, HTTP
 message starts with one HEADERS frame containing request headers.  It
@@ -152,11 +149,13 @@ header fields must not appear: "Connection", "Keep-Alive",
 Each header field name and value must obey the field-name and
 field-value production rules described in `RFC 7230, section
 3.2. <https://tools.ietf.org/html/rfc7230#section-3.2>`_.
-Additionally, all field name must be lower cased.  The invalid header
-fields are treated as stream error, and that stream is reset.  If
-application wants to treat these headers in their own way, use
-`nghttp2_on_invalid_header_callback
-<https://nghttp2.org/documentation/types.html#c.nghttp2_on_invalid_header_callback>`_.
+Additionally, all field name must be lower cased.  While the pseudo
+header fields must satisfy these rules, we just ignore illegal regular
+headers (this means that these header fields are not passed to
+application callback).  This is because these illegal header fields
+are floating around in existing internet and resetting stream just
+because of this may break many web sites.  This is especially true if
+we forward to or translate from HTTP/1 traffic.
 
 For "http" or "https" URIs, ":path" pseudo header fields must start
 with "/".  The only exception is OPTIONS request, in that case, "*" is

doc/sources/building-android-binary.rst

@@ -2,7 +2,7 @@ Building Android binary
 =======================
 
 In this article, we briefly describe how to build Android binary using
-`Android NDK <https://developer.android.com/ndk/index.html>`_
+`Android NDK <http://developer.android.com/tools/sdk/ndk/index.html>`_
 cross-compiler on Debian Linux.
 
 The easiest way to build android binary is use Dockerfile.android.
@@ -38,6 +38,9 @@ Although zlib comes with Android NDK, it seems not to be a part of
 public API, so we have to built it for our own.  That also provides us
 proper .pc file as a bonus.
 
+If SPDY support is required for nghttpx and h2load, build and install
+spdylay as well.
+
 Before running ``android-config`` and ``android-make``,
 ``ANDROID_HOME`` environment variable must be set to point to the
 correct path.  Also add ``$ANDROID_HOME/toolchain/bin`` to ``PATH``:
@@ -143,6 +146,34 @@ To configure zlib, use the following script:
 
 And run ``make install`` to build and install.
 
+To configure spdylay, use the following script:
+
+.. code-block:: sh
+
+    #!/bin/sh -e
+
+    if [ -z "$ANDROID_HOME" ]; then
+        echo 'No $ANDROID_HOME specified.'
+        exit 1
+    fi
+    PREFIX=$ANDROID_HOME/usr/local
+    TOOLCHAIN=$ANDROID_HOME/toolchain
+    PATH=$TOOLCHAIN/bin:$PATH
+
+    ./configure \
+        --disable-shared \
+        --host=arm-linux-androideabi \
+        --build=`dpkg-architecture -qDEB_BUILD_GNU_TYPE` \
+        --prefix=$PREFIX \
+        --without-libxml2 \
+        --disable-src \
+        --disable-examples \
+        CPPFLAGS="-I$PREFIX/include" \
+        PKG_CONFIG_LIBDIR="$PREFIX/lib/pkgconfig" \
+        LDFLAGS="-L$PREFIX/lib"
+
+And run ``make install`` to build and install.
+
 After prerequisite libraries are prepared, run ``android-config`` and
 then ``android-make`` to compile nghttp2 source files.
 

doc/sources/contribute.rst

@@ -26,7 +26,8 @@ Coding style
 We use clang-format to format source code consistently.  The
 clang-format configuration file .clang-format is located at the root
 directory.  Since clang-format produces slightly different results
-between versions, we currently use clang-format 4.0.
+between versions, we currently use clang-format which comes with
+clang-3.9.
 
 To detect any violation to the coding style, we recommend to setup git
 pre-commit hook to check coding style of the changes you introduced.
@@ -34,7 +35,7 @@ The pre-commit file is located at the root directory.  Copy it under
 .git/hooks and make sure that it is executable.  The pre-commit script
 uses clang-format-diff.py to detect any style errors.  If it is not in
 your PATH or it exists under different name (e.g.,
-clang-format-diff-4.0 in debian), either add it to PATH variable or
+clang-format-diff-3.9 in debian), either add it to PATH variable or
 add git option ``clangformatdiff.binary`` to point to the script.
 
 For emacs users, integrating clang-format to emacs is very easy.

doc/sources/h2load-howto.rst

@@ -12,7 +12,7 @@ Compiling from source
 ---------------------
 
 h2load is compiled alongside nghttp2 and requires that the
-``--enable-app`` flag is passed to ``./configure`` and `required
+``--enable-apps`` flag is passed to ``./configure`` and `required
 dependencies <https://github.com/nghttp2/nghttp2#requirements>`_ are
 available during compilation. For details on compiling, see `nghttp2:
 Building from Git

doc/sources/nghttpx-howto.rst

@@ -229,18 +229,12 @@ Hot swapping
 nghttpx supports hot swapping using signals.  The hot swapping in
 nghttpx is multi step process.  First send USR2 signal to nghttpx
 process.  It will do fork and execute new executable, using same
-command-line arguments and environment variables.
-
-As of nghttpx version 1.20.0, that is all you have to do.  The new
-master process sends QUIT signal to the original process, when it is
-ready to serve requests, to shut it down gracefully.
-
-For earlier versions of nghttpx, you have to do one more thing.  At
-this point, both current and new processes can accept requests.  To
-gracefully shutdown current process, send QUIT signal to current
-nghttpx process.  When all existing frontend connections are done, the
-current process will exit.  At this point, only new nghttpx process
-exists and serves incoming requests.
+command-line arguments and environment variables.  At this point, both
+current and new processes can accept requests.  To gracefully shutdown
+current process, send QUIT signal to current nghttpx process.  When
+all existing frontend connections are done, the current process will
+exit.  At this point, only new nghttpx process exists and serves
+incoming requests.
 
 If you want to just reload configuration file without executing new
 binary, send SIGHUP to nghttpx master process.

examples/Makefile.am

@@ -62,11 +62,11 @@ ASIOCPPFLAGS = ${AM_CPPFLAGS} ${BOOST_CPPFLAGS}
 ASIOLDADD = $(top_builddir)/lib/libnghttp2.la \
 	$(top_builddir)/src/libnghttp2_asio.la @JEMALLOC_LIBS@ \
 	$(top_builddir)/third-party/libhttp-parser.la \
-	@OPENSSL_LIBS@ \
 	${BOOST_LDFLAGS} \
 	${BOOST_ASIO_LIB} \
 	${BOOST_THREAD_LIB} \
 	${BOOST_SYSTEM_LIB} \
+	@OPENSSL_LIBS@ \
 	@APPLDFLAGS@
 
 asio_sv_SOURCES = asio-sv.cc

examples/asio-sv.cc

@@ -36,12 +36,25 @@
 
 #include <iostream>
 #include <string>
+#include <thread>
 
 #include <nghttp2/asio_http2_server.h>
 
 using namespace nghttp2::asio_http2;
 using namespace nghttp2::asio_http2::server;
 
+namespace {
+void run_forever(boost::asio::io_service &io_service, size_t num_threads) {
+  std::vector<std::thread> ts;
+  for (size_t i = 0; i < num_threads; ++i) {
+    ts.emplace_back([&io_service]() { io_service.run(); });
+  }
+  for (auto &t : ts) {
+    t.join();
+  }
+}
+} // namespace
+
 int main(int argc, char *argv[]) {
   try {
     // Check command line arguments.
@@ -58,9 +71,9 @@ int main(int argc, char *argv[]) {
     std::string port = argv[2];
     std::size_t num_threads = std::stoi(argv[3]);
 
-    http2 server;
+    boost::asio::io_service io_service;
 
-    server.num_threads(num_threads);
+    http2 server(io_service);
 
     server.handle("/", [](const request &req, const response &res) {
       res.write_head(200, {{"foo", {"bar"}}});
@@ -136,11 +149,16 @@ int main(int argc, char *argv[]) {
       if (server.listen_and_serve(ec, tls, addr, port)) {
         std::cerr << "error: " << ec.message() << std::endl;
       }
+
+      run_forever(io_service, num_threads);
     } else {
       if (server.listen_and_serve(ec, addr, port)) {
         std::cerr << "error: " << ec.message() << std::endl;
       }
+
+      run_forever(io_service, num_threads);
     }
+
   } catch (std::exception &e) {
     std::cerr << "exception: " << e.what() << "\n";
   }

examples/asio-sv2.cc

@@ -43,12 +43,25 @@
 #endif // HAVE_FCNTL_H
 #include <iostream>
 #include <string>
+#include <thread>
 
 #include <nghttp2/asio_http2_server.h>
 
 using namespace nghttp2::asio_http2;
 using namespace nghttp2::asio_http2::server;
 
+namespace {
+void run_forever(boost::asio::io_service &io_service, size_t num_threads) {
+  std::vector<std::thread> ts;
+  for (size_t i = 0; i < num_threads; ++i) {
+    ts.emplace_back([&io_service]() { io_service.run(); });
+  }
+  for (auto &t : ts) {
+    t.join();
+  }
+}
+} // namespace
+
 int main(int argc, char *argv[]) {
   try {
     // Check command line arguments.
@@ -65,9 +78,9 @@ int main(int argc, char *argv[]) {
     std::size_t num_threads = std::stoi(argv[3]);
     std::string docroot = argv[4];
 
-    http2 server;
+    boost::asio::io_service io_service;
 
-    server.num_threads(num_threads);
+    http2 server(io_service);
 
     server.handle("/", [&docroot](const request &req, const response &res) {
       auto path = percent_decode(req.uri().path);
@@ -112,10 +125,14 @@ int main(int argc, char *argv[]) {
       if (server.listen_and_serve(ec, tls, addr, port)) {
         std::cerr << "error: " << ec.message() << std::endl;
       }
+
+      run_forever(io_service, num_threads);
     } else {
       if (server.listen_and_serve(ec, addr, port)) {
         std::cerr << "error: " << ec.message() << std::endl;
       }
+
+      run_forever(io_service, num_threads);
     }
   } catch (std::exception &e) {
     std::cerr << "exception: " << e.what() << "\n";

examples/client.c

@@ -159,13 +159,10 @@ static void diec(const char *func, int error_code) {
  * bytes actually written. See the documentation of
  * nghttp2_send_callback for the details.
  */
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
+                             size_t length, int flags _U_, void *user_data) {
   struct Connection *connection;
   int rv;
-  (void)session;
-  (void)flags;
-
   connection = (struct Connection *)user_data;
   connection->want_io = IO_NONE;
   ERR_clear_error();
@@ -189,13 +186,10 @@ static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
  * |length| bytes. Returns the number of bytes stored in |buf|. See
  * the documentation of nghttp2_recv_callback for the details.
  */
-static ssize_t recv_callback(nghttp2_session *session, uint8_t *buf,
-                             size_t length, int flags, void *user_data) {
+static ssize_t recv_callback(nghttp2_session *session _U_, uint8_t *buf,
+                             size_t length, int flags _U_, void *user_data) {
   struct Connection *connection;
   int rv;
-  (void)session;
-  (void)flags;
-
   connection = (struct Connection *)user_data;
   connection->want_io = IO_NONE;
   ERR_clear_error();
@@ -216,10 +210,9 @@ static ssize_t recv_callback(nghttp2_session *session, uint8_t *buf,
 }
 
 static int on_frame_send_callback(nghttp2_session *session,
-                                  const nghttp2_frame *frame, void *user_data) {
+                                  const nghttp2_frame *frame,
+                                  void *user_data _U_) {
   size_t i;
-  (void)user_data;
-
   switch (frame->hd.type) {
   case NGHTTP2_HEADERS:
     if (nghttp2_session_get_stream_user_data(session, frame->hd.stream_id)) {
@@ -244,10 +237,9 @@ static int on_frame_send_callback(nghttp2_session *session,
 }
 
 static int on_frame_recv_callback(nghttp2_session *session,
-                                  const nghttp2_frame *frame, void *user_data) {
+                                  const nghttp2_frame *frame,
+                                  void *user_data _U_) {
   size_t i;
-  (void)user_data;
-
   switch (frame->hd.type) {
   case NGHTTP2_HEADERS:
     if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE) {
@@ -282,11 +274,9 @@ static int on_frame_recv_callback(nghttp2_session *session,
  * we submit GOAWAY and close the session.
  */
 static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
-                                    uint32_t error_code, void *user_data) {
+                                    uint32_t error_code _U_,
+                                    void *user_data _U_) {
   struct Request *req;
-  (void)error_code;
-  (void)user_data;
-
   req = nghttp2_session_get_stream_user_data(session, stream_id);
   if (req) {
     int rv;
@@ -303,13 +293,11 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
  * The implementation of nghttp2_on_data_chunk_recv_callback type. We
  * use this function to print the received response body.
  */
-static int on_data_chunk_recv_callback(nghttp2_session *session, uint8_t flags,
-                                       int32_t stream_id, const uint8_t *data,
-                                       size_t len, void *user_data) {
+static int on_data_chunk_recv_callback(nghttp2_session *session,
+                                       uint8_t flags _U_, int32_t stream_id,
+                                       const uint8_t *data, size_t len,
+                                       void *user_data _U_) {
   struct Request *req;
-  (void)flags;
-  (void)user_data;
-
   req = nghttp2_session_get_stream_user_data(session, stream_id);
   if (req) {
     printf("[INFO] C <---------------------------- S (DATA chunk)\n"
@@ -350,13 +338,10 @@ static void setup_nghttp2_callbacks(nghttp2_session_callbacks *callbacks) {
  * HTTP/2 protocol, if server does not offer HTTP/2 the nghttp2
  * library supports, we terminate program.
  */
-static int select_next_proto_cb(SSL *ssl, unsigned char **out,
+static int select_next_proto_cb(SSL *ssl _U_, unsigned char **out,
                                 unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
+                                unsigned int inlen, void *arg _U_) {
   int rv;
-  (void)ssl;
-  (void)arg;
-
   /* nghttp2_select_next_protocol() selects HTTP/2 protocol the
      nghttp2 library supports. */
   rv = nghttp2_select_next_protocol(out, outlen, in, inlen);

examples/deflate.c

@@ -44,7 +44,7 @@ static void deflate(nghttp2_hd_deflater *deflater,
 static int inflate_header_block(nghttp2_hd_inflater *inflater, uint8_t *in,
                                 size_t inlen, int final);
 
-int main() {
+int main(int argc _U_, char **argv _U_) {
   int rv;
   nghttp2_hd_deflater *deflater;
   nghttp2_hd_inflater *inflater;

examples/libevent-client.c

@@ -199,27 +199,22 @@ static void print_headers(FILE *f, nghttp2_nv *nva, size_t nvlen) {
 /* nghttp2_send_callback. Here we transmit the |data|, |length| bytes,
    to the network. Because we are using libevent bufferevent, we just
    write those bytes into bufferevent buffer. */
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
+                             size_t length, int flags _U_, void *user_data) {
   http2_session_data *session_data = (http2_session_data *)user_data;
   struct bufferevent *bev = session_data->bev;
-  (void)session;
-  (void)flags;
-
   bufferevent_write(bev, data, length);
   return (ssize_t)length;
 }
 
 /* nghttp2_on_header_callback: Called when nghttp2 library emits
    single header name/value pair. */
-static int on_header_callback(nghttp2_session *session,
+static int on_header_callback(nghttp2_session *session _U_,
                               const nghttp2_frame *frame, const uint8_t *name,
                               size_t namelen, const uint8_t *value,
-                              size_t valuelen, uint8_t flags, void *user_data) {
+                              size_t valuelen, uint8_t flags _U_,
+                              void *user_data) {
   http2_session_data *session_data = (http2_session_data *)user_data;
-  (void)session;
-  (void)flags;
-
   switch (frame->hd.type) {
   case NGHTTP2_HEADERS:
     if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -234,12 +229,10 @@ static int on_header_callback(nghttp2_session *session,
 
 /* nghttp2_on_begin_headers_callback: Called when nghttp2 library gets
    started to receive header block. */
-static int on_begin_headers_callback(nghttp2_session *session,
+static int on_begin_headers_callback(nghttp2_session *session _U_,
                                      const nghttp2_frame *frame,
                                      void *user_data) {
   http2_session_data *session_data = (http2_session_data *)user_data;
-  (void)session;
-
   switch (frame->hd.type) {
   case NGHTTP2_HEADERS:
     if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -254,11 +247,9 @@ static int on_begin_headers_callback(nghttp2_session *session,
 
 /* nghttp2_on_frame_recv_callback: Called when nghttp2 library
    received a complete frame from the remote peer. */
-static int on_frame_recv_callback(nghttp2_session *session,
+static int on_frame_recv_callback(nghttp2_session *session _U_,
                                   const nghttp2_frame *frame, void *user_data) {
   http2_session_data *session_data = (http2_session_data *)user_data;
-  (void)session;
-
   switch (frame->hd.type) {
   case NGHTTP2_HEADERS:
     if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -275,13 +266,11 @@ static int on_frame_recv_callback(nghttp2_session *session,
    is meant to the stream we initiated, print the received data in
    stdout, so that the user can redirect its output to the file
    easily. */
-static int on_data_chunk_recv_callback(nghttp2_session *session, uint8_t flags,
-                                       int32_t stream_id, const uint8_t *data,
-                                       size_t len, void *user_data) {
+static int on_data_chunk_recv_callback(nghttp2_session *session _U_,
+                                       uint8_t flags _U_, int32_t stream_id,
+                                       const uint8_t *data, size_t len,
+                                       void *user_data) {
   http2_session_data *session_data = (http2_session_data *)user_data;
-  (void)session;
-  (void)flags;
-
   if (session_data->stream_data->stream_id == stream_id) {
     fwrite(data, 1, len, stdout);
   }
@@ -311,12 +300,9 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
 /* NPN TLS extension client callback. We check that server advertised
    the HTTP/2 protocol the nghttp2 library supports. If not, exit
    the program. */
-static int select_next_proto_cb(SSL *ssl, unsigned char **out,
+static int select_next_proto_cb(SSL *ssl _U_, unsigned char **out,
                                 unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
-  (void)ssl;
-  (void)arg;
-
+                                unsigned int inlen, void *arg _U_) {
   if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) {
     errx(1, "Server did not advertise " NGHTTP2_PROTO_VERSION_ID);
   }
@@ -475,10 +461,8 @@ static void readcb(struct bufferevent *bev, void *ptr) {
    receiving GOAWAY, we check the some conditions on the nghttp2
    library and output buffer of bufferevent. If it indicates we have
    no business to this session, tear down the connection. */
-static void writecb(struct bufferevent *bev, void *ptr) {
+static void writecb(struct bufferevent *bev _U_, void *ptr) {
   http2_session_data *session_data = (http2_session_data *)ptr;
-  (void)bev;
-
   if (nghttp2_session_want_read(session_data->session) == 0 &&
       nghttp2_session_want_write(session_data->session) == 0 &&
       evbuffer_get_length(bufferevent_get_output(session_data->bev)) == 0) {

examples/libevent-server.c

@@ -109,23 +109,18 @@ struct app_context {
 static unsigned char next_proto_list[256];
 static size_t next_proto_list_len;
 
-static int next_proto_cb(SSL *ssl, const unsigned char **data,
-                         unsigned int *len, void *arg) {
-  (void)ssl;
-  (void)arg;
-
+static int next_proto_cb(SSL *s _U_, const unsigned char **data,
+                         unsigned int *len, void *arg _U_) {
   *data = next_proto_list;
   *len = (unsigned int)next_proto_list_len;
   return SSL_TLSEXT_ERR_OK;
 }
 
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
-static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
+static int alpn_select_proto_cb(SSL *ssl _U_, const unsigned char **out,
                                 unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
+                                unsigned int inlen, void *arg _U_) {
   int rv;
-  (void)ssl;
-  (void)arg;
 
   rv = nghttp2_select_next_protocol((unsigned char **)out, outlen, in, inlen);
 
@@ -202,10 +197,8 @@ static void add_stream(http2_session_data *session_data,
   }
 }
 
-static void remove_stream(http2_session_data *session_data,
+static void remove_stream(http2_session_data *session_data _U_,
                           http2_stream_data *stream_data) {
-  (void)session_data;
-
   stream_data->prev->next = stream_data->next;
   if (stream_data->next) {
     stream_data->next->prev = stream_data->prev;
@@ -316,13 +309,10 @@ static int session_recv(http2_session_data *session_data) {
   return 0;
 }
 
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
+                             size_t length, int flags _U_, void *user_data) {
   http2_session_data *session_data = (http2_session_data *)user_data;
   struct bufferevent *bev = session_data->bev;
-  (void)session;
-  (void)flags;
-
   /* Avoid excessive buffering in server side. */
   if (evbuffer_get_length(bufferevent_get_output(session_data->bev)) >=
       OUTPUT_WOULDBLOCK_THRESHOLD) {
@@ -385,17 +375,13 @@ static char *percent_decode(const uint8_t *value, size_t valuelen) {
   return res;
 }
 
-static ssize_t file_read_callback(nghttp2_session *session, int32_t stream_id,
-                                  uint8_t *buf, size_t length,
-                                  uint32_t *data_flags,
+static ssize_t file_read_callback(nghttp2_session *session _U_,
+                                  int32_t stream_id _U_, uint8_t *buf,
+                                  size_t length, uint32_t *data_flags,
                                   nghttp2_data_source *source,
-                                  void *user_data) {
+                                  void *user_data _U_) {
   int fd = source->fd;
   ssize_t r;
-  (void)session;
-  (void)stream_id;
-  (void)user_data;
-
   while ((r = read(fd, buf, length)) == -1 && errno == EINTR)
     ;
   if (r == -1) {
@@ -468,12 +454,10 @@ static int error_reply(nghttp2_session *session,
 static int on_header_callback(nghttp2_session *session,
                               const nghttp2_frame *frame, const uint8_t *name,
                               size_t namelen, const uint8_t *value,
-                              size_t valuelen, uint8_t flags, void *user_data) {
+                              size_t valuelen, uint8_t flags _U_,
+                              void *user_data _U_) {
   http2_stream_data *stream_data;
   const char PATH[] = ":path";
-  (void)flags;
-  (void)user_data;
-
   switch (frame->hd.type) {
   case NGHTTP2_HEADERS:
     if (frame->headers.cat != NGHTTP2_HCAT_REQUEST) {
@@ -586,10 +570,9 @@ static int on_frame_recv_callback(nghttp2_session *session,
 }
 
 static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
-                                    uint32_t error_code, void *user_data) {
+                                    uint32_t error_code _U_, void *user_data) {
   http2_session_data *session_data = (http2_session_data *)user_data;
   http2_stream_data *stream_data;
-  (void)error_code;
 
   stream_data = nghttp2_session_get_stream_user_data(session, stream_id);
   if (!stream_data) {
@@ -642,10 +625,8 @@ static int send_server_connection_header(http2_session_data *session_data) {
 
 /* readcb for bufferevent after client connection header was
    checked. */
-static void readcb(struct bufferevent *bev, void *ptr) {
+static void readcb(struct bufferevent *bev _U_, void *ptr) {
   http2_session_data *session_data = (http2_session_data *)ptr;
-  (void)bev;
-
   if (session_recv(session_data) != 0) {
     delete_http2_session_data(session_data);
     return;
@@ -677,13 +658,12 @@ static void writecb(struct bufferevent *bev, void *ptr) {
 }
 
 /* eventcb for bufferevent */
-static void eventcb(struct bufferevent *bev, short events, void *ptr) {
+static void eventcb(struct bufferevent *bev _U_, short events, void *ptr) {
   http2_session_data *session_data = (http2_session_data *)ptr;
   if (events & BEV_EVENT_CONNECTED) {
     const unsigned char *alpn = NULL;
     unsigned int alpnlen = 0;
     SSL *ssl;
-    (void)bev;
 
     fprintf(stderr, "%s connected\n", session_data->client_addr);
 
@@ -723,11 +703,10 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
 }
 
 /* callback for evconnlistener */
-static void acceptcb(struct evconnlistener *listener, int fd,
+static void acceptcb(struct evconnlistener *listener _U_, int fd,
                      struct sockaddr *addr, int addrlen, void *arg) {
   app_context *app_ctx = (app_context *)arg;
   http2_session_data *session_data;
-  (void)listener;
 
   session_data = create_http2_session_data(app_ctx, fd, addr, addrlen);
 

fuzz/README.rst

@@ -1,33 +0,0 @@
-Fuzzer
-======
-
-This directory contains fuzzer target mainly written to integrate
-nghttp2 into `oss-fuzz <https://github.com/google/oss-fuzz>`_.
-
-fuzz_target.cc contains an entry point of fuzzer.  corpus directory
-contains initial data for fuzzer.
-
-The file name of initial data under corpus is the lower-cased hex
-string of SHA-256 hash of its own content.
-
-corpus/h2spec contains input data which was recorded when we ran
-`h2spec <https://github.com/summerwind/h2spec>`_ against nghttpd.
-
-corpus/nghttp contains input data which was recorded when we ran
-nghttp against nghttpd with some varying command line options of
-nghttp.
-
-
-To build fuzz_target.cc, make sure that libnghttp2 is built with
-following compiler/linker flags:
-
-.. code-block:: text
-
-    CPPFLAGS="-fsanitize-coverage=edge -fsanitize=addres"
-    LDFLAGS="-fsanitize-coverage=edge -fsanitize=addres"
-
-Then, fuzz_target.cc can be built using the following command:
-
-.. code-block:: text
-
-    $ clang++ -fsanitize-coverage=edge -fsanitize=address -I../lib/includes -std=c++11 fuzz_target.cc ../lib/.libs/libnghttp2.a  /usr/lib/llvm-3.9/lib/libFuzzer.a -o nghttp2_fuzzer

fuzz/corpus/h2spec/0b39d9df6e1721030667980a41547272ad42377149edcf130b2bf0b76804c61f

@@ -1,2 +0,0 @@
-INVALID CONNECTION PREFACE
-