Merge pull request #803 from clemahieu/asio_threading

Holding more shared_ptrs instead of raw ptrs
Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted.
2025-12-07 02:28:53 +08:00 · 2017-02-09 20:55:23 +09:00 · 2017-02-08 23:01:37 -06:00 · 2017-02-05 18:08:31 +09:00 · 2017-02-05 18:08:01 +09:00 · 2017-02-05 17:45:01 +09:00
353 changed files with 5407 additions and 9017 deletions
--- a/.clang-format
+++ b/.clang-format
@@ -4,7 +4,7 @@ AccessModifierOffset: -2
 AlignAfterOpenBracket: Align
 AlignConsecutiveAssignments: false
 AlignConsecutiveDeclarations: false
-AlignEscapedNewlines: Right
+AlignEscapedNewlinesLeft: false
 AlignOperands:   true
 AlignTrailingComments: true
 AllowAllParametersOfDeclarationOnNextLine: true
@@ -31,20 +31,14 @@ BraceWrapping:
  BeforeCatch:     false
  BeforeElse:      false
  IndentBraces:    false
  SplitEmptyFunction: true
  SplitEmptyRecord: true
  SplitEmptyNamespace: true
 BreakBeforeBinaryOperators: None
 BreakBeforeBraces: Attach
 BreakBeforeInheritanceComma: false
 BreakBeforeTernaryOperators: true
 BreakConstructorInitializersBeforeComma: false
 BreakConstructorInitializers: BeforeColon
 BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: true
 ColumnLimit:     80
 CommentPragmas:  '^ IWYU pragma:'
 CompactNamespaces: false
 ConstructorInitializerAllOnOneLineOrOnePerLine: true
 ConstructorInitializerIndentWidth: 4
 ContinuationIndentWidth: 4
@@ -52,11 +46,7 @@ Cpp11BracedListStyle: true
 DerivePointerAlignment: false
 DisableFormat:   false
 ExperimentalAutoDetectBinPacking: false
-FixNamespaceComments: true
+ForEachMacros:   [ foreach, Q_FOREACH, BOOST_FOREACH ]
 ForEachMacros:
  - foreach
  - Q_FOREACH
  - BOOST_FOREACH
 IncludeCategories:
  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
    Priority:        2
@@ -78,7 +68,6 @@ NamespaceIndentation: None
 ObjCBlockIndentWidth: 2
 ObjCSpaceAfterProperty: false
 ObjCSpaceBeforeProtocolList: true
 PenaltyBreakAssignment: 2
 PenaltyBreakBeforeFirstCallParameter: 19
 PenaltyBreakComment: 300
 PenaltyBreakFirstLessLess: 120
@@ -88,9 +77,7 @@ PenaltyReturnTypeOnItsOwnLine: 60
 PointerAlignment: Right
 ReflowComments:  true
 SortIncludes:    false
 SortUsingDeclarations: true
 SpaceAfterCStyleCast: false
 SpaceAfterTemplateKeyword: true
 SpaceBeforeAssignmentOperators: true
 SpaceBeforeParens: ControlStatements
 SpaceInEmptyParentheses: false
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,3 @@
 dist: trusty
 env:
  matrix:
    - CI_BUILD=cmake
@@ -7,13 +6,15 @@ language: cpp
 compiler:
  - clang
  - gcc
-sudo: required
+sudo: false
 addons:
  apt:
    sources:
    - ubuntu-toolchain-r-test
    - george-edison55-precise-backports
    packages:
-    - g++-7
+    - g++-4.9
    - libstdc++-4.9-dev
    - autoconf
    - automake
    - autotools-dev
@@ -32,18 +33,29 @@ addons:
    - cmake-data
 before_install:
  - $CC --version
-  - if [ "$CXX" = "g++" ]; then export CXX="g++-7" CC="gcc-7"; fi
+  - if [ "$CXX" = "g++" ]; then export CXX="g++-4.9" CC="gcc-4.9"; fi
  - $CC --version
  - go version
  - cmake --version
 before_script:
  # First build spdylay, since integration tests require it.
  # spdylay is going to be built under third-party/spdylay
  - cd third-party
  - git clone https://github.com/tatsuhiro-t/spdylay.git
  - cd spdylay
  - autoreconf -i
  # Don't use ASAN for spdylay since failmalloc does not work with it.
  - ./configure --disable-src --disable-examples
  - make check
  - export SPDYLAY_HOME=$PWD
  - cd ../..
  # Now build nghttp2
  - if [ "$CI_BUILD" = "autotools" ]; then autoreconf -i; fi
  - git submodule update --init
-  - if [ "$CI_BUILD" = "autotools" ]; then ./configure --with-mruby; fi
+  - if [ "$CI_BUILD" = "autotools" ]; then ./configure --enable-werror --with-mruby --with-neverbleed LIBSPDYLAY_CFLAGS="-I$SPDYLAY_HOME/lib/includes" LIBSPDYLAY_LIBS="-L$SPDYLAY_HOME/lib/.libs -lspdylay" CPPFLAGS=-fsanitize=address LDFLAGS=-fsanitize=address; fi
-  - if [ "$CI_BUILD" = "cmake" ]; then cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1; fi
+  - if [ "$CI_BUILD" = "cmake" ]; then cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DSPDYLAY_INCLUDE_DIR="$SPDYLAY_HOME/lib/includes" -DSPDYLAY_LIBRARY="$SPDYLAY_HOME/lib/.libs/libspdylay.so"; fi
 script:
-  - if [ "$CI_BUILD" = "autotools" ]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="--with-mruby --with-neverbleed --enable-werror CPPFLAGS=-fsanitize=address LDFLAGS=\"-fsanitize=address -fuse-ld=gold\""; fi
+  - if [ "$CI_BUILD" = "autotools" ]; then make distcheck; fi
  - if [ "$CI_BUILD" = "cmake" ]; then make check; fi
  # As of April, 23, 2016, golang http2 build fails, probably because
  # the default go version is too old.
--- a/23
+++ b/23
@@ -17,30 +17,22 @@ github issues [2].
 Alek Storm
 Alex Nalivko
 Alexis La Goutte
 Amir Pakdel
 Anders Bakken
 Andreas Pohl
 Andy Davies
 Angus Gratton
 Anna Henningsen
 Ant Bryan
 Benedikt Christoph Wolters
 Benjamin Peterson
 Bernard Spil
 Brian Card
 Brian Suh
 Daniel Evers
 Daniel Stenberg
 Dave Reisner
 David Beitey
 David Weekly
 Dmitriy Vetutnev
 Dylan Plecki
 Etienne Cimon
 Fabian Möller
 Fabian Wiesel
 Gabi Davar
 Gitai
 Google Inc.
 Jacob Champion
 Jan-E
@@ -55,15 +47,11 @@ Kenny (kang-yen) Peng
 Kenny Peng
 Kit Chan
 Kyle Schomp
 LazyHamster
 Lucas Pardue
 MATSUMOTO Ryosuke
 Marc Bachmann
 Matt Rudary
 Matt Way
 Mike Conlen
 Mike Frysinger
 Mike Lothian
 Nicholas Hurley
 Nora Shoemaker
 Peeyush Aggarwal
@@ -72,27 +60,19 @@ Piotr Sikora
 Raul Gutierrez Segales
 Remo E
 Reza Tavakoli
 Rick Lei
 Ross Smith II
 Scott Mitchell
 Sebastiaan Deckers
 Simone Basso
 Soham Sinha
 Stefan Eissing
 Stephen Ludin
 Sunpoet Po-Chuan Hsieh
 Svante Signell
 Syohei YOSHIDA
 Tapanito
 Tatsuhiko Kubo
 Tatsuhiro Tsujikawa
 Tobias Geerinckx-Rice
 Tom Harwood
 Tomasz Buchert
 Tomasz Torcz
 Vernon Tang
 Viacheslav Biriukov
 Viktor Szakats
 Viktor Szépe
 Wenfeng Liu
 Xiaoguang Sun
@@ -100,13 +80,10 @@ Zhuoyun Wei
 acesso
 ayanamist
 bxshi
 clemahieu
 dalf
 es
 fangdingjun
 jwchoi
 kumagi
 lstefani
 makovich
 mod-h2-dev
 moparisthebest
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -24,15 +24,15 @@
 cmake_minimum_required(VERSION 3.0)
 # XXX using 1.8.90 instead of 1.9.0-DEV
-project(nghttp2 VERSION 1.32.1)
+project(nghttp2 VERSION 1.19.90)
 # See versioning rule:
 #  http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-set(LT_CURRENT  30)
+set(LT_CURRENT  26)
-set(LT_REVISION 3)
+set(LT_REVISION 4)
-set(LT_AGE      16)
+set(LT_AGE      12)
-set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})
+set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 include(Version)
 math(EXPR LT_SOVERSION "${LT_CURRENT} - ${LT_AGE}")
@@ -79,7 +79,7 @@ else()
  set(ENABLE_PYTHON_BINDINGS_DEFAULT OFF)
 endif()
-find_package(LibXml2 2.6.26)
+find_package(LibXml2 2.7.7)
 set(WITH_LIBXML2_DEFAULT    ${LIBXML2_FOUND})
 find_package(Jemalloc)
 set(WITH_JEMALLOC_DEFAULT   ${JEMALLOC_FOUND})
@@ -110,9 +110,19 @@ foreach(_build_type "Release" "MinSizeRel" "RelWithDebInfo")
  endforeach()
 endforeach()
 #
 # If we're running GCC or clang define _U_ to be "__attribute__((unused))"
 # so we can use _U_ to flag unused function parameters and not get warnings
 # about them. Otherwise, define _U_ to be an empty string so that _U_ used
 # to flag an unused function parameters will compile with other compilers.
 #
 # XXX - similar hints for other compilers?
 #
 if(CMAKE_C_COMPILER_ID MATCHES "GNU" OR CMAKE_C_COMPILER_ID MATCHES "Clang")
  set(HINT_UNUSED_PARAM   "__attribute__((unused))")
  set(HINT_NORETURN       "__attribute__((noreturn))")
 else()
  set(HINT_UNUSED_PARAM)
  set(HINT_NORETURN)
 endif()
@@ -302,7 +312,6 @@ check_type_size("time_t"  SIZEOF_TIME_T)
 include(CheckFunctionExists)
 check_function_exists(_Exit     HAVE__EXIT)
 check_function_exists(accept4   HAVE_ACCEPT4)
 check_function_exists(mkostemp  HAVE_MKOSTEMP)
 include(CheckSymbolExists)
 # XXX does this correctly detect initgroups (un)availability on cygwin?
--- a/CMakeOptions.txt
+++ b/CMakeOptions.txt
@@ -14,7 +14,6 @@ option(ENABLE_PYTHON_BINDINGS "Build Python bindings"
  ${ENABLE_PYTHON_BINDINGS_DEFAULT})
 option(ENABLE_FAILMALLOC "Build failmalloc test program" ON)
 option(ENABLE_LIB_ONLY  "Build libnghttp2 only.  This is a short hand for -DENABLE_APP=0 -DENABLE_EXAMPLES=0 -DENABLE_HPACK_TOOLS=0 -DENABLE_PYTHON_BINDINGS=0")
 option(ENABLE_STATIC_LIB "Build libnghttp2 in static mode also")
 option(WITH_LIBXML2     "Use libxml2"
  ${WITH_LIBXML2_DEFAULT})
--- a/Dockerfile.android
+++ b/Dockerfile.android
@@ -10,47 +10,39 @@
 #
 # $ sudo docker run -v /path/to/dest:/out nghttp2-android cp /root/build/nghttp2/src/nghttpx /out
 FROM ubuntu:vivid
 # Only use standalone-toolchain for reduce size
 FROM ubuntu:xenial
 MAINTAINER Tatsuhiro Tsujikawa
-ENV ANDROID_HOME /root
+
 ENV ANDROID_HOME /root/android
 ENV PREFIX $ANDROID_HOME/usr/local
 ENV TOOLCHAIN $ANDROID_HOME/toolchain
 ENV PATH $TOOLCHAIN/bin:$PATH
-ENV NDK_VERSION r14b
+# It would be better to use nearest ubuntu archive mirror for faster
 # downloads.
 # RUN sed -ie 's/archive\.ubuntu/jp.archive.ubuntu/g' /etc/apt/sources.list
-WORKDIR /root
+RUN apt-get update
-RUN apt-get update && \
+# genisoimage, libc6-i386 and lib32stdc++6 are required to decompress ndk.
-    apt-get install -y unzip make binutils autoconf \
+RUN apt-get install -y make binutils autoconf automake autotools-dev libtool \
-      automake autotools-dev libtool pkg-config git \
+    pkg-config git curl dpkg-dev libxml2-dev \
-      curl dpkg-dev libxml2-dev genisoimage libc6-i386 \
+    genisoimage libc6-i386 lib32stdc++6
      lib32stdc++6 python&& \
    rm -rf /var/cache/apk/*
 # Install toolchain
 RUN curl -L -O https://dl.google.com/android/repository/android-ndk-$NDK_VERSION-linux-x86_64.zip && \
   unzip -q android-ndk-$NDK_VERSION-linux-x86_64.zip && \
   rm android-ndk-$NDK_VERSION-linux-x86_64.zip && \
   mkdir -p $ANDROID_HOME/toolchain && \
   $ANDROID_HOME/android-ndk-$NDK_VERSION/build/tools/make-standalone-toolchain.sh \
       --install-dir=$ANDROID_HOME/toolchain \
       --toolchain=arm-linux-androideabi-4.9 \
       --force && \
   rm -r android-ndk-$NDK_VERSION
 ENV PREFIX /root/usr/local
 # Setup version of libraries
 ENV OPENSSL_VERSION 1.0.2d
 ENV SPDYLAY_VERSION v1.4.0
 ENV LIBEV_VERSION 4.19
 ENV ZLIB_VERSION 1.2.8
 ENV CARES_VERSION 1.13.0
 ENV NGHTTP2_VERSION v1.24.0
 WORKDIR /root/build
-RUN git clone https://github.com/tatsuhiro-t/spdylay -b $SPDYLAY_VERSION --depth 1
+RUN curl -L -O http://dl.google.com/android/ndk/android-ndk-r10d-linux-x86_64.bin && \
    chmod a+x android-ndk-r10d-linux-x86_64.bin && \
    ./android-ndk-r10d-linux-x86_64.bin && \
    rm android-ndk-r10d-linux-x86_64.bin
 WORKDIR /root/build/android-ndk-r10d
 RUN /bin/bash build/tools/make-standalone-toolchain.sh \
    --install-dir=$ANDROID_HOME/toolchain \
    --toolchain=arm-linux-androideabi-4.9 --llvm-version=3.5 \
    --system=linux-x86_64
 WORKDIR /root/build
 RUN git clone https://github.com/tatsuhiro-t/spdylay
 WORKDIR /root/build/spdylay
 RUN autoreconf -i && \
    ./configure \
@@ -67,22 +59,22 @@ RUN autoreconf -i && \
    make install
 WORKDIR /root/build
-RUN curl -L -O https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz && \
+RUN curl -L -O https://www.openssl.org/source/openssl-1.0.2d.tar.gz && \
-    tar xf openssl-$OPENSSL_VERSION.tar.gz && \
+    tar xf openssl-1.0.2d.tar.gz && \
-    rm openssl-$OPENSSL_VERSION.tar.gz
+    rm openssl-1.0.2d.tar.gz
-WORKDIR /root/build/openssl-$OPENSSL_VERSION
+WORKDIR /root/build/openssl-1.0.2d
 RUN export CROSS_COMPILE=$TOOLCHAIN/bin/arm-linux-androideabi- && \
    ./Configure --prefix=$PREFIX android && \
    make && make install_sw
 WORKDIR /root/build
-RUN curl -L -O http://dist.schmorp.de/libev/Attic/libev-$LIBEV_VERSION.tar.gz && \
+RUN curl -L -O http://dist.schmorp.de/libev/libev-4.19.tar.gz && \
    curl -L -O https://gist.github.com/tatsuhiro-t/48c45f08950f587180ed/raw/80a8f003b5d1091eae497c5995bbaa68096e739b/libev-4.19-android.patch && \
-    tar xf libev-$LIBEV_VERSION.tar.gz && \
+    tar xf libev-4.19.tar.gz && \
-    rm libev-$LIBEV_VERSION.tar.gz
+    rm libev-4.19.tar.gz
-WORKDIR /root/build/libev-$LIBEV_VERSION
+WORKDIR /root/build/libev-4.19
 RUN patch -p1 < ../libev-4.19-android.patch && \
    ./configure \
    --host=arm-linux-androideabi \
@@ -95,11 +87,11 @@ RUN patch -p1 < ../libev-4.19-android.patch && \
    make install
 WORKDIR /root/build
-RUN curl -L -O https://downloads.sourceforge.net/project/libpng/zlib/$ZLIB_VERSION/zlib-$ZLIB_VERSION.tar.gz && \
+RUN curl -L -O http://zlib.net/zlib-1.2.8.tar.gz && \
-    tar xf zlib-$ZLIB_VERSION.tar.gz && \
+    tar xf zlib-1.2.8.tar.gz && \
-    rm zlib-$ZLIB_VERSION.tar.gz
+    rm zlib-1.2.8.tar.gz
-WORKDIR /root/build/zlib-$ZLIB_VERSION
+WORKDIR /root/build/zlib-1.2.8
 RUN HOST=arm-linux-androideabi \
    CC=$HOST-gcc \
    AR=$HOST-ar \
@@ -113,26 +105,11 @@ RUN HOST=arm-linux-androideabi \
    --static && \
    make install
 WORKDIR /root/build
-RUN curl -L -O https://c-ares.haxx.se/download/c-ares-$CARES_VERSION.tar.gz && \
+RUN git clone https://github.com/nghttp2/nghttp2
    tar xf c-ares-$CARES_VERSION.tar.gz && \
    rm c-ares-$CARES_VERSION.tar.gz
 WORKDIR /root/build/c-ares-$CARES_VERSION
 RUN ./configure \
      --host=arm-linux-androideabi \
      --build=`dpkg-architecture -qDEB_BUILD_GNU_TYPE` \
      --prefix=$PREFIX \
      --disable-shared && \
    make install
 WORKDIR /root/build
 RUN git clone https://github.com/nghttp2/nghttp2 -b $NGHTTP2_VERSION --depth 1
 WORKDIR /root/build/nghttp2
 RUN autoreconf -i && \
    ./configure \
    --enable-app \
    --disable-shared \
    --host=arm-linux-androideabi \
    --build=`dpkg-architecture -qDEB_BUILD_GNU_TYPE` \
@@ -141,9 +118,10 @@ RUN autoreconf -i && \
    --disable-python-bindings \
    --disable-examples \
    --disable-threads \
-      CC="$TOOLCHAIN"/bin/arm-linux-androideabi-clang \
+    LIBSPDYLAY_CFLAGS=-I$PREFIX/usr/local/include \
-      CXX="$TOOLCHAIN"/bin/arm-linux-androideabi-clang++ \
+    LIBSPDYLAY_LIBS="-L$PREFIX/usr/local/lib -lspdylay" \
    CPPFLAGS="-fPIE -I$PREFIX/include" \
    CXXFLAGS="-fno-strict-aliasing" \
    PKG_CONFIG_LIBDIR="$PREFIX/lib/pkgconfig" \
    LDFLAGS="-fPIE -pie -L$PREFIX/lib" && \
    make && \
--- a/README.rst
+++ b/README.rst
@@ -4,10 +4,10 @@ nghttp2 - HTTP/2 C Library
 This is an implementation of the Hypertext Transfer Protocol version 2
 in C.
-The framing layer of HTTP/2 is implemented as a reusable C library.
+The framing layer of HTTP/2 is implemented as a reusable C
-On top of that, we have implemented an HTTP/2 client, server and
+library.  On top of that, we have implemented an HTTP/2 client, server
-proxy.  We have also developed load test and benchmarking tools for
+and proxy.  We have also developed load test and benchmarking tools for
-HTTP/2.
+HTTP/2 and SPDY.
 An HPACK encoder and decoder are available as a public API.
@@ -34,8 +34,8 @@ implementation.
 * https://nghttp2.org/ (TLS + ALPN/NPN)
-  This endpoint supports ``h2``, ``h2-16``, ``h2-14``, and
+  This endpoint supports ``h2``, ``h2-16``, ``h2-14``, ``spdy/3.1``
-  ``http/1.1`` via ALPN/NPN and requires TLSv1.2 for HTTP/2
+  and ``http/1.1`` via ALPN/NPN and requires TLSv1.2 for HTTP/2
  connection.
 * http://nghttp2.org/ (HTTP Upgrade and HTTP/2 Direct)
@@ -76,15 +76,15 @@ ALPN support requires OpenSSL >= 1.0.2 (released 22 January 2015).
 LibreSSL >= 2.2.0 can be used instead of OpenSSL, but OpenSSL has more
 features than LibreSSL at the time of this writing.
 To enable the SPDY protocol in the application program ``nghttpx`` and
 ``h2load``, the following package is required:
 * spdylay >= 1.3.2
 To enable ``-a`` option (getting linked assets from the downloaded
 resource) in ``nghttp``, the following package is required:
-* libxml2 >= 2.6.26
+* libxml2 >= 2.7.7
 To enable systemd support in nghttpx, the following package is
 required:
 * libsystemd-dev >= 209
 The HPACK tools require the following package:
@@ -115,15 +115,17 @@ The Python bindings require the following packages:
 * python >= 2.7
 * python-setuptools
-If you are using Ubuntu 16.04 LTS (Xenial Xerus) or Debian 8 (jessie)
+If you are using Ubuntu 14.04 LTS (trusty) or Debian 7.0 (wheezy) and above run the following to install the needed packages:
 and above, run the following to install the required packages:
 .. code-block:: text
    sudo apt-get install g++ make binutils autoconf automake autotools-dev libtool pkg-config \
      zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev libevent-dev libjansson-dev \
-      libc-ares-dev libjemalloc-dev libsystemd-dev \
+      libc-ares-dev libjemalloc-dev cython python3-dev python-setuptools
-      cython python3-dev python-setuptools
+
 From Ubuntu 15.10, spdylay has been available as a package named
 `libspdylay-dev`.  For the earlier Ubuntu release, you need to build
 it yourself: http://tatsuhiro-t.github.io/spdylay/
 To enable mruby support for nghttpx, `mruby
 <https://github.com/mruby/mruby>`_ is required.  We need to build
@@ -145,8 +147,22 @@ minimizes the risk of private key leakage when serious bug like
 Heartbleed is exploited.  The neverbleed is disabled by default.  To
 enable it, use ``--with-neverbleed`` configure option.
-In order to compile the source code, gcc >= 4.8.3 or clang >= 3.4 is
+Building from git
-required.
+-----------------
 Building from git is easy, but please be sure that at least autoconf 2.68 is
 used:
 .. code-block:: text
    $ git submodule update --init
    $ autoreconf -i
    $ automake
    $ autoconf
    $ ./configure
    $ make
 To compile the source code, gcc >= 4.8.3 or clang >= 3.4 is required.
 .. note::
@@ -171,62 +187,6 @@ required.
   applications were not built, then using ``--enable-app`` may find
   that cause, such as the missing dependency.
 .. note::
   In order to detect third party libraries, pkg-config is used
   (however we don't use pkg-config for some libraries (e.g., libev)).
   By default, pkg-config searches ``*.pc`` file in the standard
   locations (e.g., /usr/lib/pkgconfig).  If it is necessary to use
   ``*.pc`` file in the custom location, specify paths to
   ``PKG_CONFIG_PATH`` environment variable, and pass it to configure
   script, like so:
   .. code-block:: text
       $ ./configure PKG_CONFIG_PATH=/path/to/pkgconfig
   For pkg-config managed libraries, ``*_CFLAG`` and ``*_LIBS``
   environment variables are defined (e.g., ``OPENSSL_CFLAGS``,
   ``OPENSSL_LIBS``).  Specifying non-empty string to these variables
   completely overrides pkg-config.  In other words, if they are
   specified, pkg-config is not used for detection, and user is
   responsible to specify the correct values to these variables.  For
   complete list of these variables, run ``./configure -h``.
 Building nghttp2 from release tar archive
 -----------------------------------------
 The nghttp2 project regularly releases tar archives which includes
 nghttp2 source code, and generated build files.  They can be
 downloaded from `Releases
 <https://github.com/nghttp2/nghttp2/releases>`_ page.
 Building nghttp2 from git requires autotools development packages.
 Building from tar archives does not require them, and thus it is much
 easier.  The usual build step is as follows:
 .. code-block:: text
    $ tar xf nghttp2-X.Y.Z.tar.bz2
    $ cd nghttp2-X.Y.Z
    $ ./configure
    $ make
 Building from git
 -----------------
 Building from git is easy, but please be sure that at least autoconf 2.68 is
 used:
 .. code-block:: text
    $ git submodule update --init
    $ autoreconf -i
    $ automake
    $ autoconf
    $ ./configure
    $ make
 Notes for building on Windows (MSVC)
 ------------------------------------
@@ -273,18 +233,6 @@ If you want to compile the applications under ``examples/``, you need
 to remove or rename the ``event.h`` from libev's installation, because
 it conflicts with libevent's installation.
 Notes for installation on Linux systems
 --------------------------------------------
 After installing nghttp2 tool suite with ``make install`` one might experience a similar error:
 .. code-block:: text
    nghttpx: error while loading shared libraries: libnghttp2.so.14: cannot open shared object file: No such file or directory
 This means that the tool is unable to locate the ``libnghttp2.so`` shared library.
 To update the shared library cache run ``sudo ldconfig``.
 Building the documentation
 --------------------------
@@ -320,6 +268,7 @@ its testing framework.  We depend on the following libraries:
 * golang.org/x/net/http2
 * golang.org/x/net/websocket
 * https://github.com/tatsuhiro-t/go-nghttp2
 * https://github.com/tatsuhiro-t/spdy
 To download the above packages, after settings ``GOPATH``, run the
 following command under ``integration-tests`` directory:
@@ -337,6 +286,11 @@ To run the tests, run the following command under
 Inside the tests, we use port 3009 to run the test subject server.
 .. note::
   github.com/tatsuhiro-t/spdy is a copy used to be available at
   golang.org/x/net/spdy, but it is now gone.
 Migration from v0.7.15 or earlier
 ---------------------------------
@@ -737,7 +691,7 @@ information.  Here is sample output from ``nghttpd``:
 nghttpx - proxy
 +++++++++++++++
-``nghttpx`` is a multi-threaded reverse proxy for HTTP/2, and
+``nghttpx`` is a multi-threaded reverse proxy for HTTP/2, SPDY and
 HTTP/1.1, and powers http://nghttp2.org and supports HTTP/2 server
 push.
@@ -752,30 +706,31 @@ to know how to migrate from earlier releases.
 ``nghttpx`` implements `important performance-oriented features
 <https://istlsfastyet.com/#server-performance>`_ in TLS, such as
 session IDs, session tickets (with automatic key rotation), OCSP
-stapling, dynamic record sizing, ALPN/NPN, forward secrecy and HTTP/2.
+stapling, dynamic record sizing, ALPN/NPN, forward secrecy and SPDY &
-``nghttpx`` also offers the functionality to share session cache and
+HTTP/2.  ``nghttpx`` also offers the functionality to share session
-ticket keys among multiple ``nghttpx`` instances via memcached.
+cache and ticket keys among multiple ``nghttpx`` instances via
 memcached.
 ``nghttpx`` has 2 operation modes:
-================== ================ ================ =============
+================== ====================== ================ =============
 Mode option        Frontend               Backend          Note
-================== ================ ================ =============
+================== ====================== ================ =============
-default mode       HTTP/2, HTTP/1.1 HTTP/1.1, HTTP/2 Reverse proxy
+default mode       HTTP/2, SPDY, HTTP/1.1 HTTP/1.1, HTTP/2 Reverse proxy
-``--http2-proxy``  HTTP/2, HTTP/1.1 HTTP/1.1, HTTP/2 Forward proxy
+``--http2-proxy``  HTTP/2, SPDY, HTTP/1.1 HTTP/1.1, HTTP/2 Forward proxy
-================== ================ ================ =============
+================== ====================== ================ =============
 The interesting mode at the moment is the default mode.  It works like
-a reverse proxy and listens for HTTP/2, and HTTP/1.1 and can be
+a reverse proxy and listens for HTTP/2, SPDY and HTTP/1.1 and can be
 deployed as a SSL/TLS terminator for existing web server.
 In all modes, the frontend connections are encrypted by SSL/TLS by
 default.  To disable encryption, use the ``no-tls`` keyword in
-``--frontend`` option.  If encryption is disabled, incoming HTTP/1.1
+``--frontend`` option.  If encryption is disabled, SPDY is disabled in
-connections can be upgraded to HTTP/2 through HTTP Upgrade.  On the
+the frontend and incoming HTTP/1.1 connections can be upgraded to
-other hard, backend connections are not encrypted by default.  To
+HTTP/2 through HTTP Upgrade.  On the other hard, backend connections
-encrypt backend connections, use ``tls`` keyword in ``--backend``
+are not encrypted by default.  To encrypt backend connections, use
-option.
+``tls`` keyword in ``--backend`` option.
 ``nghttpx`` supports a configuration file.  See the ``--conf`` option and
 sample configuration file ``nghttpx.conf.sample``.
@@ -785,15 +740,15 @@ server:
 .. code-block:: text
-    Client <-- (HTTP/2, HTTP/1.1) --> nghttpx <-- (HTTP/1.1, HTTP/2) --> Web Server
+    Client <-- (HTTP/2, SPDY, HTTP/1.1) --> nghttpx <-- (HTTP/1.1, HTTP/2) --> Web Server
                                          [reverse proxy]
 With the ``--http2-proxy`` option, it works as forward proxy, and it
-is so called secure HTTP/2 proxy:
+is so called secure HTTP/2 proxy (aka SPDY proxy):
 .. code-block:: text
-    Client <-- (HTTP/2, HTTP/1.1) --> nghttpx <-- (HTTP/1.1) --> Proxy
+    Client <-- (HTTP/2, SPDY, HTTP/1.1) --> nghttpx <-- (HTTP/1.1) --> Proxy
                                           [secure proxy]          (e.g., Squid, ATS)
 The ``Client`` in the above example needs to be configured to use
@@ -826,7 +781,7 @@ proxy through an HTTP proxy:
 .. code-block:: text
-    Client <-- (HTTP/2, HTTP/1.1) --> nghttpx <-- (HTTP/2) --
+    Client <-- (HTTP/2, SPDY, HTTP/1.1) --> nghttpx <-- (HTTP/2) --
            --===================---> HTTP/2 Proxy
              (HTTP proxy tunnel)     (e.g., nghttpx -s)
@@ -834,8 +789,9 @@ proxy through an HTTP proxy:
 Benchmarking tool
 -----------------
-The ``h2load`` program is a benchmarking tool for HTTP/2.  The UI of
+The ``h2load`` program is a benchmarking tool for HTTP/2 and SPDY.
-``h2load`` is heavily inspired by ``weighttp``
+The SPDY support is enabled if the program was built with the spdylay
 library.  The UI of ``h2load`` is heavily inspired by ``weighttp``
 (https://github.com/lighttpd/weighttp).  The typical usage is as
 follows:
@@ -951,7 +907,7 @@ output_length
    The length of the compressed header block.
 percentage_of_original_size
-    ``output_length`` / ``input_length`` * 100
+    ``input_length`` / ``output_length`` * 100
 wire
    The compressed header block as a hex string.
--- a/cmakeconfig.h.in
+++ b/cmakeconfig.h.in
@@ -1,3 +1,7 @@
 /* Hint to the compiler that a function parameter is not used  */
 #define _U_ @HINT_UNUSED_PARAM@
 /* Hint to the compiler that a function never returns */
 #define NGHTTP2_NORETURN @HINT_NORETURN@
@@ -34,9 +38,6 @@
 /* Define to 1 if you have the `accept4` function. */
 #cmakedefine HAVE_ACCEPT4 1
 /* Define to 1 if you have the `mkostemp` function. */
 #cmakedefine HAVE_MKOSTEMP 1
 /* Define to 1 if you have the `initgroups` function. */
 #cmakedefine01 HAVE_DECL_INITGROUPS
--- a/configure.ac
+++ b/configure.ac
@@ -25,7 +25,7 @@ dnl Do not change user variables!
 dnl http://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
 AC_PREREQ(2.61)
-AC_INIT([nghttp2], [1.32.1], [t-tujikawa@users.sourceforge.net])
+AC_INIT([nghttp2], [1.20.0-DEV], [t-tujikawa@users.sourceforge.net])
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h])
@@ -44,9 +44,9 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 dnl See versioning rule:
 dnl  http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-AC_SUBST(LT_CURRENT, 30)
+AC_SUBST(LT_CURRENT, 26)
-AC_SUBST(LT_REVISION, 3)
+AC_SUBST(LT_REVISION, 4)
-AC_SUBST(LT_AGE, 16)
+AC_SUBST(LT_AGE, 12)
 major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"`
 minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/[^0-9]//g"`
@@ -117,10 +117,10 @@ AC_ARG_WITH([jemalloc],
                    [Use jemalloc [default=check]])],
    [request_jemalloc=$withval], [request_jemalloc=check])
-AC_ARG_WITH([systemd],
+AC_ARG_WITH([spdylay],
-    [AS_HELP_STRING([--with-systemd],
+    [AS_HELP_STRING([--with-spdylay],
-                    [Enable systemd support in nghttpx [default=check]])],
+                    [Use spdylay [default=check]])],
-    [request_systemd=$withval], [request_systemd=check])
+    [request_spdylay=$withval], [request_spdylay=check])
 AC_ARG_WITH([mruby],
    [AS_HELP_STRING([--with-mruby],
@@ -171,9 +171,19 @@ else
  AC_SUBST([CYTHON])
 fi
 #
 # If we're running GCC or clang define _U_ to be "__attribute__((unused))"
 # so we can use _U_ to flag unused function parameters and not get warnings
 # about them. Otherwise, define _U_ to be an empty string so that _U_ used
 # to flag an unused function parameters will compile with other compilers.
 #
 # XXX - similar hints for other compilers?
 #
 if test "x$GCC" = "xyes" -o "x$CC" = "xclang" ; then
  AC_DEFINE([_U_], [__attribute__((unused))], [Hint to the compiler that a function parameters is not used])
  AC_DEFINE([NGHTTP2_NORETURN], [__attribute__((noreturn))], [Hint to the compiler that a function never return])
 else
  AC_DEFINE([_U_], , [Hint to the compiler that a function parameter is not used])
  AC_DEFINE([NGHTTP2_NORETURN], , [Hint to the compiler that a function never return])
 fi
@@ -385,27 +395,8 @@ else
  AC_MSG_NOTICE($JANSSON_PKG_ERRORS)
 fi
 #  libsystemd (for src/nghttpx)
 have_libsystemd=no
 if test "x${request_systemd}" != "xno"; then
  PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 209], [have_libsystemd=yes],
                    [have_libsystemd=no])
  if test "x${have_libsystemd}" = "xyes"; then
    AC_DEFINE([HAVE_LIBSYSTEMD], [1],
              [Define to 1 if you have `libsystemd` library.])
  else
    AC_MSG_NOTICE($SYSTEMD_PKG_ERRORS)
  fi
 fi
 if test "x${request_systemd}" = "xyes" &&
   test "x${have_libsystemd}" != "xyes"; then
  AC_MSG_ERROR([systemd was requested (--with-systemd) but not found])
 fi
 # libxml2 (for src/nghttp)
-PKG_CHECK_MODULES([LIBXML2], [libxml-2.0 >= 2.6.26],
+PKG_CHECK_MODULES([LIBXML2], [libxml-2.0 >= 2.7.7],
                  [have_libxml2=yes], [have_libxml2=no])
 if test "x${have_libxml2}" = "xyes"; then
  AC_DEFINE([HAVE_LIBXML2], [1], [Define to 1 if you have `libxml2` library.])
@@ -453,6 +444,26 @@ if test "x${request_jemalloc}" = "xyes" &&
  AC_MSG_ERROR([jemalloc was requested (--with-jemalloc) but not found])
 fi
 # spdylay (for src/nghttpx and src/h2load)
 have_spdylay=no
 if test "x${request_spdylay}" != "xno"; then
  PKG_CHECK_MODULES([LIBSPDYLAY], [libspdylay >= 1.3.2],
                    [have_spdylay=yes], [have_spdylay=no])
  if test "x${have_spdylay}" = "xyes"; then
    AC_DEFINE([HAVE_SPDYLAY], [1], [Define to 1 if you have `spdylay` library.])
  else
    AC_MSG_NOTICE($LIBSPDYLAY_PKG_ERRORS)
    AC_MSG_NOTICE([The SPDY support in nghttpx and h2load will be disabled.])
  fi
 fi
 if test "x${request_spdylay}" = "xyes" &&
   test "x${have_spdylay}" != "xyes"; then
  AC_MSG_ERROR([spdylay was requested (--with-spdylay) but not found])
 fi
 AM_CONDITIONAL([HAVE_SPDYLAY], [ test "x${have_spdylay}" = "xyes" ])
 # Check Boost Asio library
 have_asio_lib=no
@@ -688,7 +699,6 @@ AC_CHECK_FUNCS([ \
  memchr \
  memmove \
  memset \
  mkostemp \
  socket \
  sqrt \
  strchr \
@@ -780,9 +790,6 @@ if test "x$werror" != "xno"; then
    AX_CHECK_COMPILE_FLAG([-Werror], [CXXFLAGS="$CXXFLAGS -Werror"])
    AX_CHECK_COMPILE_FLAG([-Wformat-security], [CXXFLAGS="$CXXFLAGS -Wformat-security"])
    AX_CHECK_COMPILE_FLAG([-Wsometimes-uninitialized], [CXXFLAGS="$CXXFLAGS -Wsometimes-uninitialized"])
    # Disable noexcept-type warning of g++-7.  This is not harmful as
    # long as all source files are compiled with the same compiler.
    AX_CHECK_COMPILE_FLAG([-Wno-noexcept-type], [CXXFLAGS="$CXXFLAGS -Wno-noexcept-type"])
    AC_LANG_POP()
 fi
@@ -903,10 +910,10 @@ AC_MSG_NOTICE([summary of build options:
      Libev:          ${have_libev} (CFLAGS='${LIBEV_CFLAGS}' LIBS='${LIBEV_LIBS}')
      Libc-ares       ${have_libcares} (CFLAGS='${LIBCARES_CFLAGS}' LIBS='${LIBCARES_LIBS}')
      Libevent(SSL):  ${have_libevent_openssl} (CFLAGS='${LIBEVENT_OPENSSL_CFLAGS}' LIBS='${LIBEVENT_OPENSSL_LIBS}')
      Spdylay:        ${have_spdylay} (CFLAGS='${LIBSPDYLAY_CFLAGS}' LIBS='${LIBSPDYLAY_LIBS}')
      Jansson:        ${have_jansson} (CFLAGS='${JANSSON_CFLAGS}' LIBS='${JANSSON_LIBS}')
      Jemalloc:       ${have_jemalloc} (LIBS='${JEMALLOC_LIBS}')
      Zlib:           ${have_zlib} (CFLAGS='${ZLIB_CFLAGS}' LIBS='${ZLIB_LIBS}')
      Systemd:        ${have_libsystemd} (CFLAGS='${SYSTEMD_CFLAGS}' LIBS='${SYSTEMD_LIBS}')
      Boost CPPFLAGS: ${BOOST_CPPFLAGS}
      Boost LDFLAGS:  ${BOOST_LDFLAGS}
      Boost::ASIO:    ${BOOST_ASIO_LIB}
--- a/contrib/nghttpx.service.in
+++ b/contrib/nghttpx.service.in
@@ -1,17 +1,10 @@
 [Unit]
 Description=HTTP/2 proxy
 Documentation=man:nghttpx
 After=network.target
 [Service]
-Type=notify
+Type=forking
-ExecStart=@bindir@/nghttpx --conf=/etc/nghttpx/nghttpx.conf
+ExecStart=@bindir@/nghttpx --conf=/etc/nghttpx/nghttpx.conf --pid-file=/run/nghttpx.pid --daemon
 ExecReload=/bin/kill --signal HUP $MAINPID
 KillSignal=SIGQUIT
 PrivateTmp=yes
 ProtectHome=yes
 ProtectSystem=full
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -49,7 +49,6 @@ set(APIDOCS
  nghttp2_rcbuf_decref.rst
  nghttp2_rcbuf_get_buf.rst
  nghttp2_rcbuf_incref.rst
  nghttp2_rcbuf_is_static.rst
  nghttp2_select_next_protocol.rst
  nghttp2_session_callbacks_del.rst
  nghttp2_session_callbacks_new.rst
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -62,7 +62,6 @@ APIDOCS= \
 	nghttp2_option_set_max_send_header_block_length.rst \
 	nghttp2_option_set_no_auto_ping_ack.rst \
 	nghttp2_option_set_no_auto_window_update.rst \
 	nghttp2_option_set_no_closed_streams.rst \
 	nghttp2_option_set_no_http_messaging.rst \
 	nghttp2_option_set_no_recv_client_magic.rst \
 	nghttp2_option_set_peer_max_concurrent_streams.rst \
@@ -74,14 +73,12 @@ APIDOCS= \
 	nghttp2_rcbuf_decref.rst \
 	nghttp2_rcbuf_get_buf.rst \
 	nghttp2_rcbuf_incref.rst \
 	nghttp2_rcbuf_is_static.rst \
 	nghttp2_select_next_protocol.rst \
 	nghttp2_session_callbacks_del.rst \
 	nghttp2_session_callbacks_new.rst \
 	nghttp2_session_callbacks_set_before_frame_send_callback.rst \
 	nghttp2_session_callbacks_set_data_source_read_length_callback.rst \
 	nghttp2_session_callbacks_set_error_callback.rst \
 	nghttp2_session_callbacks_set_error_callback2.rst \
 	nghttp2_session_callbacks_set_on_begin_frame_callback.rst \
 	nghttp2_session_callbacks_set_on_begin_headers_callback.rst \
 	nghttp2_session_callbacks_set_on_data_chunk_recv_callback.rst \
@@ -143,7 +140,6 @@ APIDOCS= \
 	nghttp2_session_set_local_window_size.rst \
 	nghttp2_session_set_next_stream_id.rst \
 	nghttp2_session_set_stream_user_data.rst \
 	nghttp2_session_set_user_data.rst \
 	nghttp2_session_terminate_session.rst \
 	nghttp2_session_terminate_session2.rst \
 	nghttp2_session_upgrade.rst \
@@ -270,7 +266,7 @@ apiref.rst: \
 $(APIDOCS): apiref.rst
 clean-local:
-	if [ $(srcdir) != $(builddir) ]; then for i in $(RST_FILES); do rm -f $(builddir)/$$i; done fi
+	[ $(srcdir) = $(builddir) ] || for i in $(RST_FILES); do [ -e $(builddir)/$$i ] && rm -f $(builddir)/$$i; done
 	-rm -f apiref.rst
 	-rm -f $(APIDOCS)
 	-rm -rf $(BUILDDIR)/*
--- a/doc/_exts/sphinxcontrib/rubydomain.py
+++ b/doc/_exts/sphinxcontrib/rubydomain.py
@@ -13,7 +13,6 @@ import re
 from docutils import nodes
 from docutils.parsers.rst import directives
 from docutils.parsers.rst import Directive
 from sphinx import addnodes
 from sphinx import version_info
@@ -22,8 +21,10 @@ from sphinx.locale import l_, _
 from sphinx.domains import Domain, ObjType, Index
 from sphinx.directives import ObjectDescription
 from sphinx.util.nodes import make_refnode
 from sphinx.util.compat import Directive
 from sphinx.util.docfields import Field, GroupedField, TypedField
 # REs for Ruby signatures
 rb_sig_re = re.compile(
    r'''^ ([\w.]*\.)?            # class name(s)
--- a/doc/bash_completion/h2load
+++ b/doc/bash_completion/h2load
@@ -8,7 +8,7 @@ _h2load()
    _get_comp_words_by_ref cur prev
    case $cur in
        -*)
-            COMPREPLY=( $( compgen -W '--connection-window-bits --clients --verbose --ciphers --rate --no-tls-proto --header-table-size --requests --base-uri --h1 --threads --npn-list --rate-period --data --version --connection-inactivity-timeout --timing-script-file --encoder-header-table-size --max-concurrent-streams --connection-active-timeout --input-file --help --window-bits --warm-up-time --duration --header ' -- "$cur" ) )
+            COMPREPLY=( $( compgen -W '--connection-window-bits --clients --verbose --ciphers --rate --no-tls-proto --header-table-size --requests --base-uri --h1 --threads --npn-list --rate-period --data --version --connection-inactivity-timeout --timing-script-file --encoder-header-table-size --max-concurrent-streams --connection-active-timeout --input-file --help --window-bits --header ' -- "$cur" ) )
            ;;
        *)
            _filedir
--- a/doc/bash_completion/nghttp
+++ b/doc/bash_completion/nghttp
@@ -8,7 +8,7 @@ _nghttp()
    _get_comp_words_by_ref cur prev
    case $cur in
        -*)
-            COMPREPLY=( $( compgen -W '--no-push --verbose --no-dep --get-assets --har --header-table-size --multiply --encoder-header-table-size --padding --hexdump --max-concurrent-streams --continuation --connection-window-bits --peer-max-concurrent-streams --timeout --data --no-content-length --version --color --cert --upgrade --remote-name --trailer --weight --help --key --null-out --window-bits --expect-continue --stat --no-verify-peer --header ' -- "$cur" ) )
+            COMPREPLY=( $( compgen -W '--no-push --verbose --no-dep --get-assets --har --header-table-size --multiply --encoder-header-table-size --padding --hexdump --max-concurrent-streams --continuation --connection-window-bits --peer-max-concurrent-streams --timeout --data --no-content-length --version --color --cert --upgrade --remote-name --trailer --weight --help --key --null-out --window-bits --expect-continue --stat --header ' -- "$cur" ) )
            ;;
        *)
            _filedir
--- a/doc/bash_completion/nghttpx
+++ b/doc/bash_completion/nghttpx
@@ -8,7 +8,7 @@ _nghttpx()
    _get_comp_words_by_ref cur prev
    case $cur in
        -*)
-            COMPREPLY=( $( compgen -W '--worker-read-rate --include --frontend-http2-dump-response-header --tls-ticket-key-file --verify-client-cacert --max-response-header-fields --backend-http2-window-size --frontend-keep-alive-timeout --backend-request-buffer --max-request-header-fields --backend-connect-timeout --tls-max-proto-version --conf --dns-lookup-timeout --backend-http2-max-concurrent-streams --worker-write-burst --npn-list --dns-max-try --fetch-ocsp-response-file --no-via --tls-session-cache-memcached-cert-file --no-http2-cipher-black-list --mruby-file --add-forwarded --client-no-http2-cipher-black-list --stream-read-timeout --client-ciphers --ocsp-update-interval --forwarded-for --accesslog-syslog --dns-cache-timeout --frontend-http2-read-timeout --listener-disable-timeout --ciphers --client-psk-secrets --strip-incoming-x-forwarded-for --no-server-rewrite --private-key-passwd-file --backend-keep-alive-timeout --backend-http-proxy-uri --frontend-max-requests --rlimit-nofile --no-strip-incoming-x-forwarded-proto --tls-ticket-key-memcached-cert-file --no-verify-ocsp --forwarded-by --tls-session-cache-memcached-private-key-file --error-page --ocsp-startup --backend-write-timeout --tls-dyn-rec-warmup-threshold --tls-ticket-key-memcached-max-retry --frontend-http2-window-size --http2-no-cookie-crumbling --worker-read-burst --dh-param-file --accesslog-format --errorlog-syslog --redirect-https-port --request-header-field-buffer --api-max-request-body --frontend-http2-decoder-dynamic-table-size --errorlog-file --frontend-http2-max-concurrent-streams --psk-secrets --frontend-write-timeout --tls-ticket-key-cipher --read-burst --no-add-x-forwarded-proto --backend --server-name --insecure --backend-max-backoff --log-level --host-rewrite --tls-ticket-key-memcached-interval --frontend-http2-setting-timeout --frontend-http2-connection-window-size --worker-frontend-connections --syslog-facility --fastopen --no-location-rewrite --single-thread --tls-session-cache-memcached --no-ocsp --backend-response-buffer --tls-min-proto-version --workers --add-x-forwarded-for --no-server-push --worker-write-rate --add-request-header --backend-http2-settings-timeout --subcert --ecdh-curves --no-kqueue --help --frontend-frame-debug --tls-sct-dir --pid-file --frontend-http2-dump-request-header --daemon --write-rate --altsvc --backend-http2-decoder-dynamic-table-size --user --verify-client-tolerate-expired --frontend-read-timeout --tls-ticket-key-memcached-max-fail --backlog --write-burst --backend-connections-per-host --response-header-field-buffer --tls-ticket-key-memcached-address-family --padding --tls-session-cache-memcached-address-family --stream-write-timeout --cacert --tls-ticket-key-memcached-private-key-file --accesslog-write-early --backend-address-family --backend-http2-connection-window-size --version --add-response-header --backend-read-timeout --frontend-http2-optimize-window-size --frontend --accesslog-file --http2-proxy --backend-http2-encoder-dynamic-table-size --client-private-key-file --single-process --client-cert-file --tls-ticket-key-memcached --tls-dyn-rec-idle-timeout --frontend-http2-optimize-write-buffer-size --verify-client --frontend-http2-encoder-dynamic-table-size --read-rate --backend-connections-per-frontend --strip-incoming-forwarded ' -- "$cur" ) )
+            COMPREPLY=( $( compgen -W '--worker-read-rate --include --frontend-http2-dump-response-header --tls-ticket-key-file --verify-client-cacert --max-response-header-fields --backend-http2-window-size --frontend-keep-alive-timeout --backend-request-buffer --max-request-header-fields --fastopen --backend-connect-timeout --conf --dns-lookup-timeout --backend-http2-max-concurrent-streams --worker-write-burst --npn-list --dns-max-try --fetch-ocsp-response-file --no-via --tls-session-cache-memcached-cert-file --no-http2-cipher-black-list --mruby-file --client-no-http2-cipher-black-list --stream-read-timeout --client-ciphers --forwarded-for --accesslog-syslog --dns-cache-timeout --frontend-http2-read-timeout --listener-disable-timeout --ciphers --client-psk-secrets --strip-incoming-x-forwarded-for --no-server-rewrite --private-key-passwd-file --backend-keep-alive-timeout --backend-http-proxy-uri --rlimit-nofile --tls-ticket-key-memcached-cert-file --ocsp-update-interval --forwarded-by --tls-session-cache-memcached-private-key-file --error-page --backend-write-timeout --tls-dyn-rec-warmup-threshold --tls-ticket-key-memcached-max-retry --frontend-http2-window-size --http2-no-cookie-crumbling --worker-read-burst --dh-param-file --accesslog-format --errorlog-syslog --request-header-field-buffer --api-max-request-body --frontend-http2-decoder-dynamic-table-size --errorlog-file --frontend-http2-max-concurrent-streams --psk-secrets --frontend-write-timeout --tls-ticket-key-cipher --read-burst --backend --server-name --insecure --backend-max-backoff --log-level --host-rewrite --tls-proto-list --tls-ticket-key-memcached-interval --frontend-http2-setting-timeout --frontend-http2-connection-window-size --worker-frontend-connections --syslog-facility --no-server-push --no-location-rewrite --tls-session-cache-memcached --no-ocsp --frontend-http2-encoder-dynamic-table-size --workers --add-forwarded --worker-write-rate --add-request-header --backend-http2-settings-timeout --subcert --ecdh-curves --no-kqueue --help --frontend-frame-debug --tls-sct-dir --pid-file --frontend-http2-dump-request-header --daemon --write-rate --altsvc --backend-http2-decoder-dynamic-table-size --user --add-x-forwarded-for --frontend-read-timeout --tls-ticket-key-memcached-max-fail --backlog --write-burst --backend-connections-per-host --response-header-field-buffer --tls-ticket-key-memcached-address-family --padding --tls-session-cache-memcached-address-family --stream-write-timeout --cacert --tls-ticket-key-memcached-private-key-file --accesslog-write-early --backend-address-family --backend-http2-connection-window-size --version --add-response-header --backend-read-timeout --frontend-http2-optimize-window-size --frontend --accesslog-file --http2-proxy --backend-http2-encoder-dynamic-table-size --client-private-key-file --client-cert-file --tls-ticket-key-memcached --tls-dyn-rec-idle-timeout --frontend-http2-optimize-write-buffer-size --verify-client --backend-response-buffer --read-rate --backend-connections-per-frontend --strip-incoming-forwarded ' -- "$cur" ) )
            ;;
        *)
            _filedir
--- a/doc/conf.py.in
+++ b/doc/conf.py.in
@@ -157,7 +157,7 @@ html_theme_path = ['@top_srcdir@/doc/_themes']
 # If true, SmartyPants will be used to convert quotes and dashes to
 # typographically correct entities.
-#html_use_smartypants = False
+html_use_smartypants = False
 # Custom sidebar templates, maps document names to template names.
 html_sidebars = {
--- a/doc/docutils.conf
+++ b/doc/docutils.conf
@@ -1,2 +0,0 @@
 [parsers]
 smart_quotes=no
--- a/doc/h2load.1
+++ b/doc/h2load.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "H2LOAD" "1" "Aug 25, 2018" "1.32.1" "nghttp2"
+.TH "H2LOAD" "1" "Jan 25, 2017" "1.19.0" "nghttp2"
 .SH NAME
 h2load \- HTTP/2 benchmarking tool
 .
@@ -35,7 +35,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 \fBh2load\fP [OPTIONS]... [URI]...
 .SH DESCRIPTION
 .sp
-benchmarking tool for HTTP/2 server
+benchmarking tool for HTTP/2 and SPDY server
 .INDENT 0.0
 .TP
 .B <URI>
@@ -54,9 +54,7 @@ scheme, host or port values.
 Number of  requests across all  clients.  If it  is used
 with \fI\%\-\-timing\-script\-file\fP option,  this option specifies
 the number of requests  each client performs rather than
-the number of requests  across all clients.  This option
+the number of requests across all clients.
 is ignored if timing\-based  benchmarking is enabled (see
 \fI\%\-\-duration\fP option).
 .sp
 Default: \fB1\fP
 .UNINDENT
@@ -101,6 +99,7 @@ Default: \fB1\fP
 .TP
 .B \-w, \-\-window\-bits=<N>
 Sets the stream level initial window size to (2**<N>)\-1.
 For SPDY, 2**<N> is used instead.
 .sp
 Default: \fB30\fP
 .UNINDENT
@@ -108,7 +107,9 @@ Default: \fB30\fP
 .TP
 .B \-W, \-\-connection\-window\-bits=<N>
 Sets  the  connection  level   initial  window  size  to
-(2**<N>)\-1.
+(2**<N>)\-1.  For SPDY, if <N>  is strictly less than 16,
 this option  is ignored.   Otherwise 2**<N> is  used for
 SPDY.
 .sp
 Default: \fB30\fP
 .UNINDENT
@@ -123,14 +124,15 @@ Add/Override a header to the requests.
 Set allowed  cipher list.  The  format of the  string is
 described in OpenSSL ciphers(1).
 .sp
-Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
+Default: \fBECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256:ECDHE\-ECDSA\-AES128\-SHA:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-RSA\-AES128\-SHA:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES256\-SHA:ECDHE\-RSA\-AES256\-SHA:DHE\-RSA\-AES128\-SHA256:DHE\-RSA\-AES128\-SHA:DHE\-RSA\-AES256\-SHA256:DHE\-RSA\-AES256\-SHA:ECDHE\-ECDSA\-DES\-CBC3\-SHA:ECDHE\-RSA\-DES\-CBC3\-SHA:EDH\-RSA\-DES\-CBC3\-SHA:AES128\-GCM\-SHA256:AES256\-GCM\-SHA384:AES128\-SHA256:AES256\-SHA256:AES128\-SHA:AES256\-SHA:DES\-CBC3\-SHA:!DSS\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-p, \-\-no\-tls\-proto=<PROTOID>
 Specify ALPN identifier of the  protocol to be used when
 accessing http URI without SSL/TLS.
-Available protocols: h2c and http/1.1
+Available protocols: spdy/2, spdy/3, spdy/3.1, h2c and
 http/1.1
 .sp
 Default: \fBh2c\fP
 .UNINDENT
@@ -155,7 +157,7 @@ example,  with   \fI\%\-t\fP2  and   \fI\%\-r\fP4,  each  thread   gets  2
 connections per period.  When the rate is 0, the program
 will run  as it  normally does, creating  connections at
 whatever variable rate it  wants.  The default value for
-this option is 0.  \fI\%\-r\fP and \fI\%\-D\fP are mutually exclusive.
+this option is 0.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -168,20 +170,6 @@ option is 1s.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-D, \-\-duration=<N>
 Specifies the main duration for the measurements in case
 of timing\-based  benchmarking.  \fI\%\-D\fP  and \fI\%\-r\fP  are mutually
 exclusive.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-warm\-up\-time=<DURATION>
 Specifies the  time  period  before  starting the actual
 measurements, in  case  of  timing\-based benchmarking.
 Needs to provided along with \fI\%\-D\fP option.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-T, \-\-connection\-active\-timeout=<DURATION>
 Specifies  the maximum  time that  h2load is  willing to
 keep a  connection open,  regardless of the  activity on
@@ -245,7 +233,7 @@ NPN.  The parameter must be  delimited by a single comma
 only  and any  white spaces  are  treated as  a part  of
 protocol string.
 .sp
-Default: \fBh2,h2\-16,h2\-14,http/1.1\fP
+Default: \fBh2,h2\-16,h2\-14,spdy/3.1,spdy/3,spdy/2,http/1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -347,7 +335,8 @@ compression.  Let \fBdecompressed(headers)\fP to the number of bytes
 used for header fields after decompression.  The \fBspace savings\fP
 is calculated  by (1 \- \fBheaders\fP  / \fBdecompressed(headers)\fP) *
 100.  For HTTP/1.1, this is usually  0.00%, since it does not have
-header compression.  For HTTP/2, it shows some insightful numbers.
+header compression.  For HTTP/2 and SPDY, it shows some insightful
 numbers.
 .TP
 .B data
 The number of response body bytes received from the server.
@@ -444,7 +433,7 @@ h2load sets large flow control window by default, and effectively
 disables flow control to avoid under utilization of server
 performance.  To set smaller flow control window, use \fI\%\-w\fP and
 \fI\%\-W\fP options.  For example, use \fB\-w16 \-W16\fP to set default
-window size described in HTTP/2 protocol specification.
+window size described in HTTP/2 and SPDY protocol specification.
 .SH SEE ALSO
 .sp
 \fBnghttp(1)\fP, \fBnghttpd(1)\fP, \fBnghttpx(1)\fP
--- a/doc/h2load.1.rst
+++ b/doc/h2load.1.rst
@@ -14,7 +14,7 @@ SYNOPSIS
 DESCRIPTION
 -----------
-benchmarking tool for HTTP/2 server
+benchmarking tool for HTTP/2 and SPDY server
 .. describe:: <URI>
@@ -34,9 +34,7 @@ OPTIONS
    Number of  requests across all  clients.  If it  is used
    with :option:`--timing-script-file` option,  this option specifies
    the number of requests  each client performs rather than
-    the number of requests  across all clients.  This option
+    the number of requests across all clients.
    is ignored if timing-based  benchmarking is enabled (see
    :option:`--duration` option).
    Default: ``1``
@@ -76,13 +74,16 @@ OPTIONS
 .. option:: -w, --window-bits=<N>
    Sets the stream level initial window size to (2\*\*<N>)-1.
    For SPDY, 2\*\*<N> is used instead.
    Default: ``30``
 .. option:: -W, --connection-window-bits=<N>
    Sets  the  connection  level   initial  window  size  to
-    (2\*\*<N>)-1.
+    (2\*\*<N>)-1.  For SPDY, if <N>  is strictly less than 16,
    this option  is ignored.   Otherwise 2\*\*<N> is  used for
    SPDY.
    Default: ``30``
@@ -95,13 +96,14 @@ OPTIONS
    Set allowed  cipher list.  The  format of the  string is
    described in OpenSSL ciphers(1).
-    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
+    Default: ``ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS``
 .. option:: -p, --no-tls-proto=<PROTOID>
    Specify ALPN identifier of the  protocol to be used when
    accessing http URI without SSL/TLS.
-    Available protocols: h2c and http/1.1
+    Available protocols: spdy/2, spdy/3, spdy/3.1, h2c and
    http/1.1
    Default: ``h2c``
@@ -124,7 +126,7 @@ OPTIONS
    connections per period.  When the rate is 0, the program
    will run  as it  normally does, creating  connections at
    whatever variable rate it  wants.  The default value for
-    this option is 0.  :option:`-r` and :option:`\-D` are mutually exclusive.
+    this option is 0.
 .. option:: --rate-period=<DURATION>
@@ -134,18 +136,6 @@ OPTIONS
    the rate option is not used.  The default value for this
    option is 1s.
 .. option:: -D, --duration=<N>
    Specifies the main duration for the measurements in case
    of timing-based  benchmarking.  :option:`-D`  and :option:`\-r`  are mutually
    exclusive.
 .. option:: --warm-up-time=<DURATION>
    Specifies the  time  period  before  starting the actual
    measurements, in  case  of  timing-based benchmarking.
    Needs to provided along with :option:`-D` option.
 .. option:: -T, --connection-active-timeout=<DURATION>
    Specifies  the maximum  time that  h2load is  willing to
@@ -206,7 +196,7 @@ OPTIONS
    only  and any  white spaces  are  treated as  a part  of
    protocol string.
-    Default: ``h2,h2-16,h2-14,http/1.1``
+    Default: ``h2,h2-16,h2-14,spdy/3.1,spdy/3,spdy/2,http/1.1``
 .. option:: --h1
@@ -294,7 +284,8 @@ traffic
    used for header fields after decompression.  The ``space savings``
    is calculated  by (1 - ``headers``  / ``decompressed(headers)``) *
    100.  For HTTP/1.1, this is usually  0.00%, since it does not have
-    header compression.  For HTTP/2, it shows some insightful numbers.
+    header compression.  For HTTP/2 and SPDY, it shows some insightful
    numbers.
  data
    The number of response body bytes received from the server.
@@ -362,7 +353,7 @@ h2load sets large flow control window by default, and effectively
 disables flow control to avoid under utilization of server
 performance.  To set smaller flow control window, use :option:`-w` and
 :option:`-W` options.  For example, use ``-w16 -W16`` to set default
-window size described in HTTP/2 protocol specification.
+window size described in HTTP/2 and SPDY protocol specification.
 SEE ALSO
 --------
--- a/doc/h2load.h2r
+++ b/doc/h2load.h2r
@@ -41,7 +41,8 @@ traffic
    used for header fields after decompression.  The ``space savings``
    is calculated  by (1 - ``headers``  / ``decompressed(headers)``) *
    100.  For HTTP/1.1, this is usually  0.00%, since it does not have
-    header compression.  For HTTP/2, it shows some insightful numbers.
+    header compression.  For HTTP/2 and SPDY, it shows some insightful
    numbers.
  data
    The number of response body bytes received from the server.
@@ -109,7 +110,7 @@ h2load sets large flow control window by default, and effectively
 disables flow control to avoid under utilization of server
 performance.  To set smaller flow control window, use :option:`-w` and
 :option:`-W` options.  For example, use ``-w16 -W16`` to set default
-window size described in HTTP/2 protocol specification.
+window size described in HTTP/2 and SPDY protocol specification.
 SEE ALSO
 --------
--- a/doc/nghttp.1
+++ b/doc/nghttp.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTP" "1" "Aug 25, 2018" "1.32.1" "nghttp2"
+.TH "NGHTTP" "1" "Jan 25, 2017" "1.19.0" "nghttp2"
 .SH NAME
 nghttp \- HTTP/2 client
 .
@@ -236,12 +236,6 @@ combined with the \fI\%\-d\fP option.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-y, \-\-no\-verify\-peer
 Suppress  warning  on  server  certificate  verification
 failure.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-version
 Display version information and exit.
 .UNINDENT
--- a/doc/nghttp.1.rst
+++ b/doc/nghttp.1.rst
@@ -186,11 +186,6 @@ OPTIONS
    Continue interim response. This option is ignored unless
    combined with the :option:`-d` option.
 .. option:: -y, --no-verify-peer
    Suppress  warning  on  server  certificate  verification
    failure.
 .. option:: --version
    Display version information and exit.
--- a/doc/nghttpd.1
+++ b/doc/nghttpd.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPD" "1" "Aug 25, 2018" "1.32.1" "nghttp2"
+.TH "NGHTTPD" "1" "Jan 25, 2017" "1.19.0" "nghttp2"
 .SH NAME
 nghttpd \- HTTP/2 server
 .
--- a/doc/nghttpx.1
+++ b/doc/nghttpx.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPX" "1" "Aug 25, 2018" "1.32.1" "nghttp2"
+.TH "NGHTTPX" "1" "Jan 25, 2017" "1.19.0" "nghttp2"
 .SH NAME
 nghttpx \- HTTP/2 proxy
 .
@@ -35,7 +35,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 \fBnghttpx\fP [OPTIONS]... [<PRIVATE_KEY> <CERT>]
 .SH DESCRIPTION
 .sp
-A reverse proxy for HTTP/2, and HTTP/1.
+A reverse proxy for HTTP/2, HTTP/1 and SPDY.
 .INDENT 0.0
 .TP
 .B <PRIVATE_KEY>
@@ -62,7 +62,8 @@ domain socket  can be  specified by prefixing  path name
 with "unix:" (e.g., unix:/var/run/backend.sock).
 .sp
 Optionally, if <PATTERN>s are given, the backend address
-is  only  used  if  request matches  the  pattern.   The
+is  only  used  if  request  matches  the  pattern.   If
 \fI\%\-\-http2\-proxy\fP  is  used,  <PATTERN>s are  ignored.   The
 pattern  matching is  closely  designed  to ServeMux  in
 net/http package of  Go programming language.  <PATTERN>
 consists of  path, host +  path or just host.   The path
@@ -73,16 +74,11 @@ path which ends  with "\fI/\fP" also matches  the request path
 which  only  lacks  trailing  \(aq\fI/\fP\(aq  (e.g.,  path  "\fI/foo/\fP"
 matches request path  "\fI/foo\fP").  If it does  not end with
 "\fI/\fP", it  performs exact match against  the request path.
-If  host  is given,  it  performs  a match  against  the
+If host  is given, it  performs exact match  against the
-request host.   For a  request received on  the frontend
+request host.  If  host alone is given,  "\fI/\fP" is appended
-listener with  "sni\-fwd" parameter enabled, SNI  host is
+to it,  so that it  matches all request paths  under the
-used instead of a request host.  If host alone is given,
+host   (e.g.,   specifying   "nghttp2.org"   equals   to
-"\fI/\fP" is  appended to it,  so that it matches  all request
+"nghttp2.org/").
 paths  under the  host  (e.g., specifying  "nghttp2.org"
 equals  to "nghttp2.org/").   CONNECT method  is treated
 specially.  It  does not have  path, and we  don\(aqt allow
 empty path.  To workaround  this, we assume that CONNECT
 method has "\fI/\fP" as path.
 .sp
 Patterns with  host take  precedence over  patterns with
 just path.   Then, longer patterns take  precedence over
@@ -96,18 +92,6 @@ host    pattern    "*.nghttp2.org"    matches    against
 match  against  "nghttp2.org".   The exact  hosts  match
 takes precedence over the wildcard hosts match.
 .sp
 If path  part ends with  "*", it is treated  as wildcard
 path.  The  wildcard path  behaves differently  from the
 normal path.  For normal path,  match is made around the
 boundary of path component  separator,"\fI/\fP".  On the other
 hand, the wildcard  path does not take  into account the
 path component  separator.  All paths which  include the
 wildcard  path  without  last  "*" as  prefix,  and  are
 strictly longer than wildcard  path without last "*" are
 matched.  "*"  must match  at least one  character.  For
 example,  the   pattern  "\fI/foo*\fP"  matches   "\fI/foo/\fP"  and
 "\fI/foobar\fP".  But it does not match "\fI/foo\fP", or "\fI/fo\fP".
 .sp
 If <PATTERN> is omitted or  empty string, "\fI/\fP" is used as
 pattern,  which  matches  all request  paths  (catch\-all
 pattern).  The catch\-all backend must be given.
@@ -137,12 +121,12 @@ Several parameters <PARAM> are accepted after <PATTERN>.
 The  parameters are  delimited  by  ";".  The  available
 parameters       are:      "proto=<PROTO>",       "tls",
 "sni=<SNI_HOST>",         "fall=<N>",        "rise=<N>",
-"affinity=<METHOD>",  "dns", and  "redirect\-if\-not\-tls".
+"affinity=<METHOD>", and "dns".   The parameter consists
-The  parameter  consists   of  keyword,  and  optionally
+of keyword,  and optionally  followed by "="  and value.
-followed by  "=" and value.  For  example, the parameter
+For example,  the parameter  "proto=h2" consists  of the
-"proto=h2"  consists of  the keyword  "proto" and  value
+keyword  "proto" and  value "h2".   The parameter  "tls"
-"h2".  The parameter "tls" consists of the keyword "tls"
+consists  of  the  keyword "tls"  without  value.   Each
-without value.  Each parameter is described as follows.
+parameter is described as follows.
 .sp
 The backend application protocol  can be specified using
 optional  "proto"   parameter,  and   in  the   form  of
@@ -180,32 +164,16 @@ state, and this is the default behaviour.
 The     session     affinity    is     enabled     using
 "affinity=<METHOD>"  parameter.   If  "ip" is  given  in
 <METHOD>, client  IP based session affinity  is enabled.
-If "cookie"  is given in <METHOD>,  cookie based session
+If  "none" is  given  in <METHOD>,  session affinity  is
-affinity is  enabled.  If  "none" is given  in <METHOD>,
+disabled, and this is the default.  The session affinity
-session affinity  is disabled, and this  is the default.
+is enabled per  <PATTERN>.  If at least  one backend has
-The session  affinity is  enabled per <PATTERN>.   If at
+"affinity" parameter,  and its  <METHOD> is  not "none",
-least  one backend  has  "affinity"  parameter, and  its
+session  affinity is  enabled  for  all backend  servers
-<METHOD> is not "none",  session affinity is enabled for
+sharing  the  same  <PATTERN>.   It is  advised  to  set
-all backend  servers sharing the same  <PATTERN>.  It is
+"affinity"  parameter  to   all  backend  explicitly  if
-advised  to  set  "affinity" parameter  to  all  backend
+session affinity  is desired.  The session  affinity may
-explicitly if session affinity  is desired.  The session
+break if one of the backend gets unreachable, or backend
-affinity  may   break  if   one  of  the   backend  gets
+settings are reloaded or replaced by API.
 unreachable,  or   backend  settings  are   reloaded  or
 replaced by API.
 .sp
 If   "affinity=cookie"    is   used,    the   additional
 configuration                is                required.
 "affinity\-cookie\-name=<NAME>" must be  used to specify a
 name     of     cookie      to     use.      Optionally,
 "affinity\-cookie\-path=<PATH>" can  be used to  specify a
 path   which   cookie    is   applied.    The   optional
 "affinity\-cookie\-secure=<SECURE>"  controls  the  Secure
 attribute of a cookie.  The default value is "auto", and
 the Secure attribute is  determined by a request scheme.
 If a request scheme is "https", then Secure attribute is
 set.  Otherwise, it  is not set.  If  <SECURE> is "yes",
 the  Secure attribute  is  always set.   If <SECURE>  is
 "no", the Secure attribute is always omitted.
 .sp
 By default, name resolution of backend host name is done
 at  start  up,  or reloading  configuration.   If  "dns"
@@ -215,26 +183,6 @@ frequently.   If  "dns"  is given,  name  resolution  of
 backend   host   name   at  start   up,   or   reloading
 configuration is skipped.
 .sp
 If "redirect\-if\-not\-tls" parameter  is used, the matched
 backend  requires   that  frontend  connection   is  TLS
 encrypted.  If it isn\(aqt, nghttpx responds to the request
 with 308  status code, and  https URI the  client should
 use instead  is included in Location  header field.  The
 port number in  redirect URI is 443 by  default, and can
 be  changed using  \fI\%\-\-redirect\-https\-port\fP option.   If at
 least one  backend has  "redirect\-if\-not\-tls" parameter,
 this feature is enabled  for all backend servers sharing
 the   same   <PATTERN>.    It    is   advised   to   set
 "redirect\-if\-no\-tls"    parameter   to    all   backends
 explicitly if this feature is desired.
 .sp
 If "upgrade\-scheme"  parameter is used along  with "tls"
 parameter, HTTP/2 :scheme pseudo header field is changed
 to "https" from "http" when forwarding a request to this
 particular backend.  This is  a workaround for a backend
 server  which  requires  "https" :scheme  pseudo  header
 field on TLS encrypted connection.
 .sp
 Since ";" and ":" are  used as delimiter, <PATTERN> must
 not  contain these  characters.  Since  ";" has  special
 meaning in shell, the option value must be quoted.
@@ -258,11 +206,6 @@ parameters are mutually exclusive.
 Optionally, TLS  can be disabled by  specifying "no\-tls"
 parameter.  TLS is enabled by default.
 .sp
 If "sni\-fwd" parameter is  used, when performing a match
 to select a backend server,  SNI host name received from
 the client  is used  instead of  the request  host.  See
 \fI\%\-\-backend\fP option about the pattern match.
 .sp
 To  make this  frontend as  API endpoint,  specify "api"
 parameter.   This   is  disabled  by  default.    It  is
 important  to  limit the  access  to  the API  frontend.
@@ -324,15 +267,6 @@ Default: \fB1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-single\-thread
 Run everything in one  thread inside the worker process.
 This   feature   is   provided  for   better   debugging
 experience,  or  for  the platforms  which  lack  thread
 support.   If  threading  is disabled,  this  option  is
 always enabled.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-read\-rate=<SIZE>
 Set maximum  average read  rate on  frontend connection.
 Setting 0 to this option means read rate is unlimited.
@@ -478,7 +412,8 @@ this option will be simply ignored.
 .INDENT 0.0
 .TP
 .B \-\-frontend\-http2\-read\-timeout=<DURATION>
-Specify read timeout for HTTP/2 frontend connection.
+Specify  read  timeout  for  HTTP/2  and  SPDY  frontend
 connection.
 .sp
 Default: \fB3m\fP
 .UNINDENT
@@ -507,18 +442,18 @@ Default: \fB1m\fP
 .INDENT 0.0
 .TP
 .B \-\-stream\-read\-timeout=<DURATION>
-Specify  read timeout  for HTTP/2  streams.  0  means no
+Specify  read timeout  for HTTP/2  and SPDY  streams.  0
-timeout.
+means no timeout.
 .sp
 Default: \fB0\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-stream\-write\-timeout=<DURATION>
-Specify write  timeout for  HTTP/2 streams.  0  means no
+Specify write  timeout for  HTTP/2 and SPDY  streams.  0
-timeout.
+means no timeout.
 .sp
-Default: \fB1m\fP
+Default: \fB0\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -596,7 +531,7 @@ Default: \fB2m\fP
 Set allowed  cipher list  for frontend  connection.  The
 format of the string is described in OpenSSL ciphers(1).
 .sp
-Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
+Default: \fBECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256:ECDHE\-ECDSA\-AES128\-SHA:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-RSA\-AES128\-SHA:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES256\-SHA:ECDHE\-RSA\-AES256\-SHA:DHE\-RSA\-AES128\-SHA256:DHE\-RSA\-AES128\-SHA:DHE\-RSA\-AES256\-SHA256:DHE\-RSA\-AES256\-SHA:ECDHE\-ECDSA\-DES\-CBC3\-SHA:ECDHE\-RSA\-DES\-CBC3\-SHA:EDH\-RSA\-DES\-CBC3\-SHA:AES128\-GCM\-SHA256:AES256\-GCM\-SHA384:AES128\-SHA256:AES256\-SHA256:AES128\-SHA:AES256\-SHA:DES\-CBC3\-SHA:!DSS\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -604,7 +539,7 @@ Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:EC
 Set  allowed cipher  list for  backend connection.   The
 format of the string is described in OpenSSL ciphers(1).
 .sp
-Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP
+Default: \fBECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256:ECDHE\-ECDSA\-AES128\-SHA:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-RSA\-AES128\-SHA:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES256\-SHA:ECDHE\-RSA\-AES256\-SHA:DHE\-RSA\-AES128\-SHA256:DHE\-RSA\-AES128\-SHA:DHE\-RSA\-AES256\-SHA256:DHE\-RSA\-AES256\-SHA:ECDHE\-ECDSA\-DES\-CBC3\-SHA:ECDHE\-RSA\-DES\-CBC3\-SHA:EDH\-RSA\-DES\-CBC3\-SHA:AES128\-GCM\-SHA256:AES256\-GCM\-SHA384:AES128\-SHA256:AES256\-SHA256:AES128\-SHA:AES256\-SHA:DES\-CBC3\-SHA:!DSS\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -626,14 +561,11 @@ enabled for backend connections.
 .INDENT 0.0
 .TP
 .B \-\-cacert=<PATH>
-Set path to trusted CA  certificate file.  It is used in
+Set path to trusted CA  certificate file used in backend
-backend  TLS connections  to verify  peer\(aqs certificate.
+TLS connections.   The file must  be in PEM  format.  It
-It is also used to  verify OCSP response from the script
+can  contain  multiple   certificates.   If  the  linked
-set by \fI\%\-\-fetch\-ocsp\-response\-file\fP\&.  The  file must be in
+OpenSSL is configured to  load system wide certificates,
-PEM format.   It can contain multiple  certificates.  If
+they are loaded at startup regardless of this option.
 the  linked OpenSSL  is configured  to load  system wide
 certificates, they  are loaded at startup  regardless of
 this option.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -647,14 +579,9 @@ password protected it\(aqll be requested interactively.
 .B \-\-subcert=<KEYPATH>:<CERTPATH>[[;<PARAM>]...]
 Specify  additional certificate  and  private key  file.
 nghttpx will  choose certificates based on  the hostname
-indicated by client using TLS SNI extension.  If nghttpx
+indicated  by  client  using TLS  SNI  extension.   This
-is  built with  OpenSSL  >= 1.0.2,  the shared  elliptic
+option  can  be  used  multiple  times.   To  make  OCSP
-curves (e.g., P\-256) between  client and server are also
+stapling work, <CERTPATH> must be absolute path.
 taken into  consideration.  This allows nghttpx  to send
 ECDSA certificate  to modern clients, while  sending RSA
 based certificate to older  clients.  This option can be
 used  multiple  times.   To  make  OCSP  stapling  work,
 <CERTPATH> must be absolute path.
 .sp
 Additional parameter  can be specified in  <PARAM>.  The
 available <PARAM> is "sct\-dir=<DIR>".
@@ -682,7 +609,7 @@ NPN.  The parameter must be  delimited by a single comma
 only  and any  white spaces  are  treated as  a part  of
 protocol string.
 .sp
-Default: \fBh2,h2\-16,h2\-14,http/1.1\fP
+Default: \fBh2,h2\-16,h2\-14,spdy/3.1,http/1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -698,14 +625,6 @@ can contain multiple certificates.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-verify\-client\-tolerate\-expired
 Accept  expired  client  certificate.   Operator  should
 handle  the expired  client  certificate  by some  means
 (e.g.,  mruby  script).   Otherwise, this  option  might
 cause a security risk.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-client\-private\-key\-file=<PATH>
 Path to  file that contains  client private key  used in
 backend client authentication.
@@ -718,33 +637,18 @@ backend client authentication.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-tls\-min\-proto\-version=<VER>
+.B \-\-tls\-proto\-list=<LIST>
-Specify minimum SSL/TLS protocol.   The name matching is
+Comma delimited list of  SSL/TLS protocol to be enabled.
-done in  case\-insensitive manner.  The  versions between
+The following protocols  are available: TLSv1.2, TLSv1.1
-\fI\%\-\-tls\-min\-proto\-version\fP and  \fI\%\-\-tls\-max\-proto\-version\fP are
+and   TLSv1.0.    The   name   matching   is   done   in
-enabled.  If the protocol list advertised by client does
+case\-insensitive   manner.    The  parameter   must   be
-not  overlap  this range,  you  will  receive the  error
+delimited by  a single comma  only and any  white spaces
-message "unknown protocol".  If a protocol version lower
+are  treated  as a  part  of  protocol string.   If  the
-than TLSv1.2 is specified, make sure that the compatible
+protocol list advertised by client does not overlap this
-ciphers are  included in \fI\%\-\-ciphers\fP option.   The default
+list,  you  will  receive  the  error  message  "unknown
-cipher  list  only   includes  ciphers  compatible  with
+protocol".
 TLSv1.2 or above.  The available versions are:
 TLSv1.2, TLSv1.1, and TLSv1.0
 .sp
-Default: \fBTLSv1.2\fP
+Default: \fBTLSv1.2,TLSv1.1\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-tls\-max\-proto\-version=<VER>
 Specify maximum SSL/TLS protocol.   The name matching is
 done in  case\-insensitive manner.  The  versions between
 \fI\%\-\-tls\-min\-proto\-version\fP and  \fI\%\-\-tls\-max\-proto\-version\fP are
 enabled.  If the protocol list advertised by client does
 not  overlap  this range,  you  will  receive the  error
 message "unknown protocol".  The available versions are:
 TLSv1.2, TLSv1.1, and TLSv1.0
 .sp
 Default: \fBTLSv1.2\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -861,20 +765,6 @@ Default: \fB4h\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-ocsp\-startup
 Start  accepting connections  after initial  attempts to
 get OCSP responses  finish.  It does not  matter some of
 the  attempts  fail.  This  feature  is  useful if  OCSP
 responses   must    be   available    before   accepting
 connections.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-no\-verify\-ocsp
 nghttpx does not verify OCSP response.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-no\-ocsp
 Disable OCSP stapling.
 .UNINDENT
@@ -997,14 +887,14 @@ HTTP/2.   To  use  those   cipher  suites  with  HTTP/2,
 consider   to  use   \fI\%\-\-client\-no\-http2\-cipher\-black\-list\fP
 option.  But be aware its implications.
 .UNINDENT
-.SS HTTP/2
+.SS HTTP/2 and SPDY
 .INDENT 0.0
 .TP
 .B \-c, \-\-frontend\-http2\-max\-concurrent\-streams=<N>
 Set the maximum number of  the concurrent streams in one
-frontend HTTP/2 session.
+frontend HTTP/2 and SPDY session.
 .sp
-Default: \fB100\fP
+Default: \(ga\(ga 100\(ga\(ga
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -1019,16 +909,17 @@ Default: \fB100\fP
 .INDENT 0.0
 .TP
 .B \-\-frontend\-http2\-window\-size=<SIZE>
-Sets  the  per\-stream  initial  window  size  of  HTTP/2
+Sets the  per\-stream initial  window size of  HTTP/2 and
-frontend connection.
+SPDY frontend connection.
 .sp
 Default: \fB65535\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-frontend\-http2\-connection\-window\-size=<SIZE>
-Sets the  per\-connection window size of  HTTP/2 frontend
+Sets the  per\-connection window size of  HTTP/2 and SPDY
-connection.
+frontend  connection.  For  SPDY  connection, the  value
 less than 64KiB is rounded up to 64KiB.
 .sp
 Default: \fB65535\fP
 .UNINDENT
@@ -1069,7 +960,8 @@ default mode and HTTP/2  frontend via Link header field.
 It is  also supported if  both frontend and  backend are
 HTTP/2 in default mode.  In  this case, server push from
 backend session is relayed  to frontend, and server push
-via Link header field is also supported.
+via Link header field  is also supported.  SPDY frontend
 does not support server push.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -1140,7 +1032,7 @@ Default: \fB4K\fP
 .INDENT 0.0
 .TP
 .B (default mode)
-Accept  HTTP/2,  and  HTTP/1.1 over  SSL/TLS.   "no\-tls"
+Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS.  "no\-tls"
 parameter is  used in  \fI\%\-\-frontend\fP option,  accept HTTP/2
 and HTTP/1.1 over cleartext  TCP.  The incoming HTTP/1.1
 connection  can  be  upgraded  to  HTTP/2  through  HTTP
@@ -1210,32 +1102,15 @@ $alpn: ALPN identifier of the protocol which generates
 the response.   For HTTP/1,  ALPN is  always http/1.1,
 regardless of minor version.
 .IP \(bu 2
-$tls_cipher: cipher used for SSL/TLS connection.
+$ssl_cipher: cipher used for SSL/TLS connection.
 .IP \(bu 2
-$tls_client_fingerprint_sha256: SHA\-256 fingerprint of
+$ssl_protocol: protocol for SSL/TLS connection.
 client certificate.
 .IP \(bu 2
-$tls_client_fingerprint_sha1:  SHA\-1   fingerprint  of
+$ssl_session_id: session ID for SSL/TLS connection.
 client certificate.
 .IP \(bu 2
-$tls_client_subject_name:   subject  name   in  client
+$ssl_session_reused:  "r"   if  SSL/TLS   session  was
 certificate.
 .IP \(bu 2
 $tls_client_issuer_name:   issuer   name   in   client
 certificate.
 .IP \(bu 2
 $tls_client_serial:    serial    number   in    client
 certificate.
 .IP \(bu 2
 $tls_protocol: protocol for SSL/TLS connection.
 .IP \(bu 2
 $tls_session_id: session ID for SSL/TLS connection.
 .IP \(bu 2
 $tls_session_reused:  "r"   if  SSL/TLS   session  was
 reused.  Otherwise, "."
 .IP \(bu 2
 $tls_sni: SNI server name for SSL/TLS connection.
 .IP \(bu 2
 $backend_host:  backend  host   used  to  fulfill  the
 request.  "\-" if backend host is not available.
 .IP \(bu 2
@@ -1292,21 +1167,6 @@ requests.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-no\-add\-x\-forwarded\-proto
 Don\(aqt append  additional X\-Forwarded\-Proto  header field
 to  the   backend  request.   If  inbound   client  sets
 X\-Forwarded\-Proto,                                   and
 \fI\%\-\-no\-strip\-incoming\-x\-forwarded\-proto\fP  option  is  used,
 they are passed to the backend.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-no\-strip\-incoming\-x\-forwarded\-proto
 Don\(aqt strip X\-Forwarded\-Proto  header field from inbound
 client requests.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-add\-forwarded=<LIST>
 Append RFC  7239 Forwarded header field  with parameters
 specified in comma delimited list <LIST>.  The supported
@@ -1453,7 +1313,7 @@ backend server, the custom error pages are not used.
 .B \-\-server\-name=<NAME>
 Change server response header field value to <NAME>.
 .sp
-Default: \fBnghttpx\fP
+Default: \fBnghttpx nghttp2/1.19.0\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -1462,22 +1322,13 @@ Don\(aqt rewrite server header field in default mode.  When
 \fI\%\-\-http2\-proxy\fP is used, these headers will not be altered
 regardless of this option.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-redirect\-https\-port=<PORT>
 Specify the port number which appears in Location header
 field  when  redirect  to  HTTPS  URI  is  made  due  to
 "redirect\-if\-not\-tls" parameter in \fI\%\-\-backend\fP option.
 .sp
 Default: \fB443\fP
 .UNINDENT
 .SS API
 .INDENT 0.0
 .TP
 .B \-\-api\-max\-request\-body=<SIZE>
 Set the maximum size of request body for API request.
 .sp
-Default: \fB32M\fP
+Default: \fB16K\fP
 .UNINDENT
 .SS DNS
 .INDENT 0.0
@@ -1506,16 +1357,6 @@ lookup.
 .sp
 Default: \fB2\fP
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-frontend\-max\-requests=<N>
 The number  of requests that single  frontend connection
 can process.  For HTTP/2, this  is the number of streams
 in  one  HTTP/2 connection.   For  HTTP/1,  this is  the
 number of keep alive requests.  This is hint to nghttpx,
 and it  may allow additional few  requests.  The default
 value is unlimited.
 .UNINDENT
 .SS Debug
 .INDENT 0.0
 .TP
@@ -1560,17 +1401,6 @@ Set path to save PID of this program.
 Run this program as <USER>.   This option is intended to
 be used to drop root privileges.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-single\-process
 Run this program in a  single process mode for debugging
 purpose.  Without this option,  nghttpx creates at least
 2  processes:  master  and worker  processes.   If  this
 option is  used, master  and worker  are unified  into a
 single process.  nghttpx still spawns additional process
 if neverbleed is used.  In  the single process mode, the
 signal handling feature is disabled.
 .UNINDENT
 .SS Scripting
 .INDENT 0.0
 .TP
@@ -1581,9 +1411,7 @@ Set mruby script file
 .INDENT 0.0
 .TP
 .B \-\-conf=<PATH>
-Load  configuration  from   <PATH>.   Please  note  that
+Load configuration from <PATH>.
 nghttpx always  tries to read the  default configuration
 file if \fI\%\-\-conf\fP is not given.
 .sp
 Default: \fB/etc/nghttpx/nghttpx.conf\fP
 .UNINDENT
@@ -1677,7 +1505,7 @@ follows:
 .INDENT 7.0
 .TP
 .B <datetime>
-It is a combination of date and time when the log is written.  It
+It is a conbination of date and time when the log is written.  It
 is in ISO 8601 format.
 .TP
 .B <master\-pid>
@@ -1710,23 +1538,16 @@ Reload configuration file given in \fI\%\-\-conf\fP\&.
 .TP
 .B SIGUSR1
 Reopen log files.
-.UNINDENT
+.TP
-.sp
+.B SIGUSR2
 SIGUSR2
 .INDENT 0.0
 .INDENT 3.5
 Fork and execute nghttpx.  It will execute the binary in the same
-path with same command\-line arguments and environment variables.  As
+path with same command\-line arguments and environment variables.
-of nghttpx version 1.20.0, the new master process sends SIGQUIT to
+After new process comes up, sending SIGQUIT to the original process
-the original master process when it is ready to serve requests.  For
+to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
-the earlier versions of nghttpx, user has to send SIGQUIT to the
+and SIGHUP is that former is usually used to execute new binary, and
-original master process.
+the master process is newly spawned.  On the other hand, the latter
-.sp
+just reloads configuration file, and the same master process
-The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
+continues to exist.
 is usually used to execute new binary, and the master process is
 newly spawned.  On the other hand, the latter just reloads
 configuration file, and the same master process continues to exist.
 .UNINDENT
 .UNINDENT
 .sp
 \fBNOTE:\fP
@@ -1806,22 +1627,6 @@ be customized using \fI\%\-\-fetch\-ocsp\-response\-file\fP option.
 .sp
 If OCSP query is failed, previous OCSP response, if any, is continued
 to be used.
 .sp
 \fI\%\-\-fetch\-ocsp\-response\-file\fP option provides wide range of
 possibility to manage OCSP response.  It can take an arbitrary script
 or executable.  The requirement is that it supports the command\-line
 interface of \fBfetch\-ocsp\-response\fP script, and it must return a
 valid DER encoded OCSP response on success.  It must return exit code
 0 on success, and 75 for temporary error, and the other error code for
 generic failure.  For large cluster of servers, it is not efficient
 for each server to perform OCSP query using \fBfetch\-ocsp\-response\fP\&.
 Instead, you can retrieve OCSP response in some way, and store it in a
 disk or a shared database.  Then specify a program in
 \fI\%\-\-fetch\-ocsp\-response\-file\fP to fetch it from those stores.
 This could provide a way to share the OCSP response between fleet of
 servers, and also any OCSP query strategy can be applied which may be
 beyond the ability of nghttpx itself or \fBfetch\-ocsp\-response\fP
 script.
 .SH TLS SESSION RESUMPTION
 .sp
 nghttpx supports TLS session resumption through both session ID and
@@ -1832,7 +1637,7 @@ By default, session ID is shared by all worker threads.
 .sp
 If \fI\%\-\-tls\-session\-cache\-memcached\fP is given, nghttpx will
 insert serialized session data to memcached with
-\fBnghttpx:tls\-session\-cache:\fP + lowercase hex string of session ID
+\fBnghttpx:tls\-session\-cache:\fP + lowercased hex string of session ID
 as a memcached entry key, with expiry time 12 hours.  Session timeout
 is set to 12 hours.
 .sp
@@ -1914,17 +1719,6 @@ API is subject to change in the future release.
 .UNINDENT
 .UNINDENT
 .sp
 \fBWARNING:\fP
 .INDENT 0.0
 .INDENT 3.5
 Almost all string value returned from method, or attribute is a
 fresh new mruby string, which involves memory allocation, and
 copies.  Therefore, it is strongly recommended to store a return
 value in a local variable, and use it, instead of calling method or
 accessing attribute repeatedly.
 .UNINDENT
 .UNINDENT
 .sp
 nghttpx allows users to extend its capability using mruby scripts.
 nghttpx has 2 hook points to execute mruby script: request phase and
 response phase.  The request phase hook is invoked after all request
@@ -1973,7 +1767,7 @@ Return \fI\%Response\fP object.
 .TP
 .B attribute [R] ctx
 Return Ruby hash object.  It persists until request finishes.
-So values set in request phase hook can be retrieved in
+So values set in request phase hoo can be retrieved in
 response phase hook.
 .UNINDENT
 .INDENT 7.0
@@ -2011,68 +1805,6 @@ Return true if TLS is used on the connection.
 .B attribute [R] tls_sni
 Return the TLS SNI value which client sent in this connection.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_client_fingerprint_sha256
 Return the SHA\-256 fingerprint of a client certificate.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_client_fingerprint_sha1
 Return the SHA\-1 fingerprint of a client certificate.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_client_issuer_name
 Return the issuer name of a client certificate.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_client_subject_name
 Return the subject name of a client certificate.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_client_serial
 Return the serial number of a client certificate.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_client_not_before
 Return the start date of a client certificate in seconds since
 the epoch.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_client_not_after
 Return the end date of a client certificate in seconds since
 the epoch.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_cipher
 Return a TLS cipher negotiated in this connection.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_protocol
 Return a TLS protocol version negotiated in this connection.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_session_id
 Return a session ID for this connection in hex string.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] tls_session_reused
 Return true if, and only if a SSL/TLS session is reused.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B attribute [R] alpn
 Return ALPN identifier negotiated in this connection.
 .UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -2236,19 +1968,6 @@ completely custom header fields, first call
 existing header fields, and then add required header fields.
 It is an error to call this method twice for a given request.
 .UNINDENT
 .INDENT 7.0
 .TP
 .B send_info(status, headers)
 Send non\-final (informational) response to a client.  \fIstatus\fP
 must be in the range [100, 199], inclusive.  \fIheaders\fP is a
 hash containing response header fields.  Its key must be a
 string, and the associated value must be either string or
 array of strings.  Since this is not a final response, even if
 this method is invoked, request is still forwarded to a
 backend unless \fI\%Nghttpx::Response#return\fP is called.
 This method can be called multiple times.  It cannot be called
 after \fI\%Nghttpx::Response#return\fP is called.
 .UNINDENT
 .UNINDENT
 .SS MRUBY EXAMPLES
 .sp
@@ -2324,18 +2043,15 @@ The request was failed.  No change has been made.
 HTTP status code
 .UNINDENT
 .sp
 Additionally, depending on the API endpoint, \fBdata\fP key may be
 present, and its value contains the API endpoint specific data.
 .sp
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
 .sp
 The following section describes available API endpoints.
-.SS POST /api/v1beta1/backendconfig
+.SS PUT /api/v1beta1/backendconfig
 .sp
 This API replaces the current backend server settings with the
-requested ones.  The request method should be POST, but PUT is also
+requested ones.  The request method should be PUT, but POST is also
 acceptable.  The request body must be nghttpx configuration file
 format.  For configuration file format, see \fI\%FILES\fP section.  The
 line separator inside the request body must be single LF (0x0A).
@@ -2350,28 +2066,10 @@ The replacement is done instantly without breaking existing
 connections or requests.  It also avoids any process creation as is
 the case with hot swapping with signals.
 .sp
-The one limitation is that only numeric IP address is allowed in
+The one limitation is that only numeric IP address is allowd in
 \fI\%backend\fP in request body unless "dns" parameter
 is used while non numeric hostname is allowed in command\-line or
 configuration file is read using \fI\%\-\-conf\fP\&.
 .SS GET /api/v1beta1/configrevision
 .sp
 This API returns configuration revision of the current nghttpx.  The
 configuration revision is opaque string, and it changes after each
 reloading by SIGHUP.  With this API, an external application knows
 that whether nghttpx has finished reloading its configuration by
 comparing the configuration revisions between before and after
 reloading.  It is recommended to disable persistent (keep\-alive)
 connection for this purpose in order to avoid to send a request using
 the reused connection which may bound to an old process.
 .sp
 This API returns response including \fBdata\fP key.  Its value is JSON
 object, and it contains at least the following key:
 .INDENT 0.0
 .TP
 .B configRevision
 The configuration revision of the current nghttpx
 .UNINDENT
 .SH SEE ALSO
 .sp
 \fBnghttp(1)\fP, \fBnghttpd(1)\fP, \fBh2load(1)\fP
--- a/doc/nghttpx.1.rst
+++ b/doc/nghttpx.1.rst
@@ -14,7 +14,7 @@ SYNOPSIS
 DESCRIPTION
 -----------
-A reverse proxy for HTTP/2, and HTTP/1.
+A reverse proxy for HTTP/2, HTTP/1 and SPDY.
 .. describe:: <PRIVATE_KEY>
@@ -46,7 +46,8 @@ Connections
    with "unix:" (e.g., unix:/var/run/backend.sock).
    Optionally, if <PATTERN>s are given, the backend address
-    is  only  used  if  request matches  the  pattern.   The
+    is  only  used  if  request  matches  the  pattern.   If
    :option:`--http2-proxy`  is  used,  <PATTERN>s are  ignored.   The
    pattern  matching is  closely  designed  to ServeMux  in
    net/http package of  Go programming language.  <PATTERN>
    consists of  path, host +  path or just host.   The path
@@ -57,16 +58,11 @@ Connections
    which  only  lacks  trailing  '*/*'  (e.g.,  path  "*/foo/*"
    matches request path  "*/foo*").  If it does  not end with
    "*/*", it  performs exact match against  the request path.
-    If  host  is given,  it  performs  a match  against  the
+    If host  is given, it  performs exact match  against the
-    request host.   For a  request received on  the frontend
+    request host.  If  host alone is given,  "*/*" is appended
-    listener with  "sni-fwd" parameter enabled, SNI  host is
+    to it,  so that it  matches all request paths  under the
-    used instead of a request host.  If host alone is given,
+    host   (e.g.,   specifying   "nghttp2.org"   equals   to
-    "*/*" is  appended to it,  so that it matches  all request
+    "nghttp2.org/").
    paths  under the  host  (e.g., specifying  "nghttp2.org"
    equals  to "nghttp2.org/").   CONNECT method  is treated
    specially.  It  does not have  path, and we  don't allow
    empty path.  To workaround  this, we assume that CONNECT
    method has "*/*" as path.
    Patterns with  host take  precedence over  patterns with
    just path.   Then, longer patterns take  precedence over
@@ -80,18 +76,6 @@ Connections
    match  against  "nghttp2.org".   The exact  hosts  match
    takes precedence over the wildcard hosts match.
    If path  part ends with  "\*", it is treated  as wildcard
    path.  The  wildcard path  behaves differently  from the
    normal path.  For normal path,  match is made around the
    boundary of path component  separator,"*/*".  On the other
    hand, the wildcard  path does not take  into account the
    path component  separator.  All paths which  include the
    wildcard  path  without  last  "\*" as  prefix,  and  are
    strictly longer than wildcard  path without last "\*" are
    matched.  "\*"  must match  at least one  character.  For
    example,  the   pattern  "*/foo\**"  matches   "*/foo/*"  and
    "*/foobar*".  But it does not match "*/foo*", or "*/fo*".
    If <PATTERN> is omitted or  empty string, "*/*" is used as
    pattern,  which  matches  all request  paths  (catch-all
    pattern).  The catch-all backend must be given.
@@ -121,12 +105,12 @@ Connections
    The  parameters are  delimited  by  ";".  The  available
    parameters       are:      "proto=<PROTO>",       "tls",
    "sni=<SNI_HOST>",         "fall=<N>",        "rise=<N>",
-    "affinity=<METHOD>",  "dns", and  "redirect-if-not-tls".
+    "affinity=<METHOD>", and "dns".   The parameter consists
-    The  parameter  consists   of  keyword,  and  optionally
+    of keyword,  and optionally  followed by "="  and value.
-    followed by  "=" and value.  For  example, the parameter
+    For example,  the parameter  "proto=h2" consists  of the
-    "proto=h2"  consists of  the keyword  "proto" and  value
+    keyword  "proto" and  value "h2".   The parameter  "tls"
-    "h2".  The parameter "tls" consists of the keyword "tls"
+    consists  of  the  keyword "tls"  without  value.   Each
-    without value.  Each parameter is described as follows.
+    parameter is described as follows.
    The backend application protocol  can be specified using
    optional  "proto"   parameter,  and   in  the   form  of
@@ -164,32 +148,16 @@ Connections
    The     session     affinity    is     enabled     using
    "affinity=<METHOD>"  parameter.   If  "ip" is  given  in
    <METHOD>, client  IP based session affinity  is enabled.
-    If "cookie"  is given in <METHOD>,  cookie based session
+    If  "none" is  given  in <METHOD>,  session affinity  is
-    affinity is  enabled.  If  "none" is given  in <METHOD>,
+    disabled, and this is the default.  The session affinity
-    session affinity  is disabled, and this  is the default.
+    is enabled per  <PATTERN>.  If at least  one backend has
-    The session  affinity is  enabled per <PATTERN>.   If at
+    "affinity" parameter,  and its  <METHOD> is  not "none",
-    least  one backend  has  "affinity"  parameter, and  its
+    session  affinity is  enabled  for  all backend  servers
-    <METHOD> is not "none",  session affinity is enabled for
+    sharing  the  same  <PATTERN>.   It is  advised  to  set
-    all backend  servers sharing the same  <PATTERN>.  It is
+    "affinity"  parameter  to   all  backend  explicitly  if
-    advised  to  set  "affinity" parameter  to  all  backend
+    session affinity  is desired.  The session  affinity may
-    explicitly if session affinity  is desired.  The session
+    break if one of the backend gets unreachable, or backend
-    affinity  may   break  if   one  of  the   backend  gets
+    settings are reloaded or replaced by API.
    unreachable,  or   backend  settings  are   reloaded  or
    replaced by API.
    If   "affinity=cookie"    is   used,    the   additional
    configuration                is                required.
    "affinity-cookie-name=<NAME>" must be  used to specify a
    name     of     cookie      to     use.      Optionally,
    "affinity-cookie-path=<PATH>" can  be used to  specify a
    path   which   cookie    is   applied.    The   optional
    "affinity-cookie-secure=<SECURE>"  controls  the  Secure
    attribute of a cookie.  The default value is "auto", and
    the Secure attribute is  determined by a request scheme.
    If a request scheme is "https", then Secure attribute is
    set.  Otherwise, it  is not set.  If  <SECURE> is "yes",
    the  Secure attribute  is  always set.   If <SECURE>  is
    "no", the Secure attribute is always omitted.
    By default, name resolution of backend host name is done
    at  start  up,  or reloading  configuration.   If  "dns"
@@ -199,26 +167,6 @@ Connections
    backend   host   name   at  start   up,   or   reloading
    configuration is skipped.
    If "redirect-if-not-tls" parameter  is used, the matched
    backend  requires   that  frontend  connection   is  TLS
    encrypted.  If it isn't, nghttpx responds to the request
    with 308  status code, and  https URI the  client should
    use instead  is included in Location  header field.  The
    port number in  redirect URI is 443 by  default, and can
    be  changed using  :option:`--redirect-https-port` option.   If at
    least one  backend has  "redirect-if-not-tls" parameter,
    this feature is enabled  for all backend servers sharing
    the   same   <PATTERN>.    It    is   advised   to   set
    "redirect-if-no-tls"    parameter   to    all   backends
    explicitly if this feature is desired.
    If "upgrade-scheme"  parameter is used along  with "tls"
    parameter, HTTP/2 :scheme pseudo header field is changed
    to "https" from "http" when forwarding a request to this
    particular backend.  This is  a workaround for a backend
    server  which  requires  "https" :scheme  pseudo  header
    field on TLS encrypted connection.
    Since ";" and ":" are  used as delimiter, <PATTERN> must
    not  contain these  characters.  Since  ";" has  special
    meaning in shell, the option value must be quoted.
@@ -242,11 +190,6 @@ Connections
    Optionally, TLS  can be disabled by  specifying "no-tls"
    parameter.  TLS is enabled by default.
    If "sni-fwd" parameter is  used, when performing a match
    to select a backend server,  SNI host name received from
    the client  is used  instead of  the request  host.  See
    :option:`--backend` option about the pattern match.
    To  make this  frontend as  API endpoint,  specify "api"
    parameter.   This   is  disabled  by  default.    It  is
    important  to  limit the  access  to  the API  frontend.
@@ -306,14 +249,6 @@ Performance
    Default: ``1``
 .. option:: --single-thread
    Run everything in one  thread inside the worker process.
    This   feature   is   provided  for   better   debugging
    experience,  or  for  the platforms  which  lack  thread
    support.   If  threading  is disabled,  this  option  is
    always enabled.
 .. option:: --read-rate=<SIZE>
    Set maximum  average read  rate on  frontend connection.
@@ -447,7 +382,8 @@ Timeout
 .. option:: --frontend-http2-read-timeout=<DURATION>
-    Specify read timeout for HTTP/2 frontend connection.
+    Specify  read  timeout  for  HTTP/2  and  SPDY  frontend
    connection.
    Default: ``3m``
@@ -472,17 +408,17 @@ Timeout
 .. option:: --stream-read-timeout=<DURATION>
-    Specify  read timeout  for HTTP/2  streams.  0  means no
+    Specify  read timeout  for HTTP/2  and SPDY  streams.  0
-    timeout.
+    means no timeout.
    Default: ``0``
 .. option:: --stream-write-timeout=<DURATION>
-    Specify write  timeout for  HTTP/2 streams.  0  means no
+    Specify write  timeout for  HTTP/2 and SPDY  streams.  0
-    timeout.
+    means no timeout.
-    Default: ``1m``
+    Default: ``0``
 .. option:: --backend-read-timeout=<DURATION>
@@ -554,14 +490,14 @@ SSL/TLS
    Set allowed  cipher list  for frontend  connection.  The
    format of the string is described in OpenSSL ciphers(1).
-    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
+    Default: ``ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS``
 .. option:: --client-ciphers=<SUITE>
    Set  allowed cipher  list for  backend connection.   The
    format of the string is described in OpenSSL ciphers(1).
-    Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256``
+    Default: ``ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS``
 .. option:: --ecdh-curves=<LIST>
@@ -580,14 +516,11 @@ SSL/TLS
 .. option:: --cacert=<PATH>
-    Set path to trusted CA  certificate file.  It is used in
+    Set path to trusted CA  certificate file used in backend
-    backend  TLS connections  to verify  peer's certificate.
+    TLS connections.   The file must  be in PEM  format.  It
-    It is also used to  verify OCSP response from the script
+    can  contain  multiple   certificates.   If  the  linked
-    set by :option:`--fetch-ocsp-response-file`\.  The  file must be in
+    OpenSSL is configured to  load system wide certificates,
-    PEM format.   It can contain multiple  certificates.  If
+    they are loaded at startup regardless of this option.
    the  linked OpenSSL  is configured  to load  system wide
    certificates, they  are loaded at startup  regardless of
    this option.
 .. option:: --private-key-passwd-file=<PATH>
@@ -599,14 +532,9 @@ SSL/TLS
    Specify  additional certificate  and  private key  file.
    nghttpx will  choose certificates based on  the hostname
-    indicated by client using TLS SNI extension.  If nghttpx
+    indicated  by  client  using TLS  SNI  extension.   This
-    is  built with  OpenSSL  >= 1.0.2,  the shared  elliptic
+    option  can  be  used  multiple  times.   To  make  OCSP
-    curves (e.g., P-256) between  client and server are also
+    stapling work, <CERTPATH> must be absolute path.
    taken into  consideration.  This allows nghttpx  to send
    ECDSA certificate  to modern clients, while  sending RSA
    based certificate to older  clients.  This option can be
    used  multiple  times.   To  make  OCSP  stapling  work,
    <CERTPATH> must be absolute path.
    Additional parameter  can be specified in  <PARAM>.  The
    available <PARAM> is "sct-dir=<DIR>".
@@ -632,7 +560,7 @@ SSL/TLS
    only  and any  white spaces  are  treated as  a part  of
    protocol string.
-    Default: ``h2,h2-16,h2-14,http/1.1``
+    Default: ``h2,h2-16,h2-14,spdy/3.1,http/1.1``
 .. option:: --verify-client
@@ -644,13 +572,6 @@ SSL/TLS
    client certificate.  The file must be in PEM format.  It
    can contain multiple certificates.
 .. option:: --verify-client-tolerate-expired
    Accept  expired  client  certificate.   Operator  should
    handle  the expired  client  certificate  by some  means
    (e.g.,  mruby  script).   Otherwise, this  option  might
    cause a security risk.
 .. option:: --client-private-key-file=<PATH>
    Path to  file that contains  client private key  used in
@@ -661,33 +582,19 @@ SSL/TLS
    Path to  file that  contains client certificate  used in
    backend client authentication.
-.. option:: --tls-min-proto-version=<VER>
+.. option:: --tls-proto-list=<LIST>
-    Specify minimum SSL/TLS protocol.   The name matching is
+    Comma delimited list of  SSL/TLS protocol to be enabled.
-    done in  case-insensitive manner.  The  versions between
+    The following protocols  are available: TLSv1.2, TLSv1.1
-    :option:`--tls-min-proto-version` and  :option:`\--tls-max-proto-version` are
+    and   TLSv1.0.    The   name   matching   is   done   in
-    enabled.  If the protocol list advertised by client does
+    case-insensitive   manner.    The  parameter   must   be
-    not  overlap  this range,  you  will  receive the  error
+    delimited by  a single comma  only and any  white spaces
-    message "unknown protocol".  If a protocol version lower
+    are  treated  as a  part  of  protocol string.   If  the
-    than TLSv1.2 is specified, make sure that the compatible
+    protocol list advertised by client does not overlap this
-    ciphers are  included in :option:`--ciphers` option.   The default
+    list,  you  will  receive  the  error  message  "unknown
-    cipher  list  only   includes  ciphers  compatible  with
+    protocol".
    TLSv1.2 or above.  The available versions are:
    TLSv1.2, TLSv1.1, and TLSv1.0
-    Default: ``TLSv1.2``
+    Default: ``TLSv1.2,TLSv1.1``
 .. option:: --tls-max-proto-version=<VER>
    Specify maximum SSL/TLS protocol.   The name matching is
    done in  case-insensitive manner.  The  versions between
    :option:`--tls-min-proto-version` and  :option:`\--tls-max-proto-version` are
    enabled.  If the protocol list advertised by client does
    not  overlap  this range,  you  will  receive the  error
    message "unknown protocol".  The available versions are:
    TLSv1.2, TLSv1.1, and TLSv1.0
    Default: ``TLSv1.2``
 .. option:: --tls-ticket-key-file=<PATH>
@@ -791,18 +698,6 @@ SSL/TLS
    Default: ``4h``
 .. option:: --ocsp-startup
    Start  accepting connections  after initial  attempts to
    get OCSP responses  finish.  It does not  matter some of
    the  attempts  fail.  This  feature  is  useful if  OCSP
    responses   must    be   available    before   accepting
    connections.
 .. option:: --no-verify-ocsp
    nghttpx does not verify OCSP response.
 .. option:: --no-ocsp
    Disable OCSP stapling.
@@ -916,13 +811,13 @@ SSL/TLS
    option.  But be aware its implications.
-HTTP/2
+HTTP/2 and SPDY
-~~~~~~
+~~~~~~~~~~~~~~~
 .. option:: -c, --frontend-http2-max-concurrent-streams=<N>
    Set the maximum number of  the concurrent streams in one
-    frontend HTTP/2 session.
+    frontend HTTP/2 and SPDY session.
    Default: `` 100``
@@ -937,15 +832,16 @@ HTTP/2
 .. option:: --frontend-http2-window-size=<SIZE>
-    Sets  the  per-stream  initial  window  size  of  HTTP/2
+    Sets the  per-stream initial  window size of  HTTP/2 and
-    frontend connection.
+    SPDY frontend connection.
    Default: ``65535``
 .. option:: --frontend-http2-connection-window-size=<SIZE>
-    Sets the  per-connection window size of  HTTP/2 frontend
+    Sets the  per-connection window size of  HTTP/2 and SPDY
-    connection.
+    frontend  connection.  For  SPDY  connection, the  value
    less than 64KiB is rounded up to 64KiB.
    Default: ``65535``
@@ -981,7 +877,8 @@ HTTP/2
    It is  also supported if  both frontend and  backend are
    HTTP/2 in default mode.  In  this case, server push from
    backend session is relayed  to frontend, and server push
-    via Link header field is also supported.
+    via Link header field  is also supported.  SPDY frontend
    does not support server push.
 .. option:: --frontend-http2-optimize-write-buffer-size
@@ -1049,7 +946,7 @@ Mode
 .. describe:: (default mode)
-    Accept  HTTP/2,  and  HTTP/1.1 over  SSL/TLS.   "no-tls"
+    Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS.  "no-tls"
    parameter is  used in  :option:`--frontend` option,  accept HTTP/2
    and HTTP/1.1 over cleartext  TCP.  The incoming HTTP/1.1
    connection  can  be  upgraded  to  HTTP/2  through  HTTP
@@ -1104,22 +1001,11 @@ Logging
    * $alpn: ALPN identifier of the protocol which generates
      the response.   For HTTP/1,  ALPN is  always http/1.1,
      regardless of minor version.
-    * $tls_cipher: cipher used for SSL/TLS connection.
+    * $ssl_cipher: cipher used for SSL/TLS connection.
-    * $tls_client_fingerprint_sha256: SHA-256 fingerprint of
+    * $ssl_protocol: protocol for SSL/TLS connection.
-      client certificate.
+    * $ssl_session_id: session ID for SSL/TLS connection.
-    * $tls_client_fingerprint_sha1:  SHA-1   fingerprint  of
+    * $ssl_session_reused:  "r"   if  SSL/TLS   session  was
      client certificate.
    * $tls_client_subject_name:   subject  name   in  client
      certificate.
    * $tls_client_issuer_name:   issuer   name   in   client
      certificate.
    * $tls_client_serial:    serial    number   in    client
      certificate.
    * $tls_protocol: protocol for SSL/TLS connection.
    * $tls_session_id: session ID for SSL/TLS connection.
    * $tls_session_reused:  "r"   if  SSL/TLS   session  was
      reused.  Otherwise, "."
    * $tls_sni: SNI server name for SSL/TLS connection.
    * $backend_host:  backend  host   used  to  fulfill  the
      request.  "-" if backend host is not available.
    * $backend_port:  backend  port   used  to  fulfill  the
@@ -1170,19 +1056,6 @@ HTTP
    Strip X-Forwarded-For  header field from  inbound client
    requests.
 .. option:: --no-add-x-forwarded-proto
    Don't append  additional X-Forwarded-Proto  header field
    to  the   backend  request.   If  inbound   client  sets
    X-Forwarded-Proto,                                   and
    :option:`--no-strip-incoming-x-forwarded-proto`  option  is  used,
    they are passed to the backend.
 .. option:: --no-strip-incoming-x-forwarded-proto
    Don't strip X-Forwarded-Proto  header field from inbound
    client requests.
 .. option:: --add-forwarded=<LIST>
    Append RFC  7239 Forwarded header field  with parameters
@@ -1315,7 +1188,7 @@ HTTP
    Change server response header field value to <NAME>.
-    Default: ``nghttpx``
+    Default: ``nghttpx nghttp2/1.19.0``
 .. option:: --no-server-rewrite
@@ -1323,14 +1196,6 @@ HTTP
    :option:`--http2-proxy` is used, these headers will not be altered
    regardless of this option.
 .. option:: --redirect-https-port=<PORT>
    Specify the port number which appears in Location header
    field  when  redirect  to  HTTPS  URI  is  made  due  to
    "redirect-if-not-tls" parameter in :option:`--backend` option.
    Default: ``443``
 API
 ~~~
@@ -1339,7 +1204,7 @@ API
    Set the maximum size of request body for API request.
-    Default: ``32M``
+    Default: ``16K``
 DNS
@@ -1368,15 +1233,6 @@ DNS
    Default: ``2``
 .. option:: --frontend-max-requests=<N>
    The number  of requests that single  frontend connection
    can process.  For HTTP/2, this  is the number of streams
    in  one  HTTP/2 connection.   For  HTTP/1,  this is  the
    number of keep alive requests.  This is hint to nghttpx,
    and it  may allow additional few  requests.  The default
    value is unlimited.
 Debug
 ~~~~~
@@ -1421,16 +1277,6 @@ Process
    Run this program as <USER>.   This option is intended to
    be used to drop root privileges.
 .. option:: --single-process
    Run this program in a  single process mode for debugging
    purpose.  Without this option,  nghttpx creates at least
    2  processes:  master  and worker  processes.   If  this
    option is  used, master  and worker  are unified  into a
    single process.  nghttpx still spawns additional process
    if neverbleed is used.  In  the single process mode, the
    signal handling feature is disabled.
 Scripting
 ~~~~~~~~~
@@ -1445,9 +1291,7 @@ Misc
 .. option:: --conf=<PATH>
-    Load  configuration  from   <PATH>.   Please  note  that
+    Load configuration from <PATH>.
    nghttpx always  tries to read the  default configuration
    file if :option:`--conf` is not given.
    Default: ``/etc/nghttpx/nghttpx.conf``
@@ -1527,7 +1371,7 @@ Error log
  <datetime> <master-pid> <current-pid> <thread-id> <level> (<filename>:<line>) <msg>
  <datetime>
-    It is a combination of date and time when the log is written.  It
+    It is a conbination of date and time when the log is written.  It
    is in ISO 8601 format.
  <master-pid>
@@ -1561,18 +1405,14 @@ SIGUSR1
  Reopen log files.
 SIGUSR2
  Fork and execute nghttpx.  It will execute the binary in the same
-  path with same command-line arguments and environment variables.  As
+  path with same command-line arguments and environment variables.
-  of nghttpx version 1.20.0, the new master process sends SIGQUIT to
+  After new process comes up, sending SIGQUIT to the original process
-  the original master process when it is ready to serve requests.  For
+  to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
-  the earlier versions of nghttpx, user has to send SIGQUIT to the
+  and SIGHUP is that former is usually used to execute new binary, and
-  original master process.
+  the master process is newly spawned.  On the other hand, the latter
-
+  just reloads configuration file, and the same master process
-  The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
+  continues to exist.
  is usually used to execute new binary, and the master process is
  newly spawned.  On the other hand, the latter just reloads
  configuration file, and the same master process continues to exist.
 .. note::
@@ -1649,22 +1489,6 @@ be customized using :option:`--fetch-ocsp-response-file` option.
 If OCSP query is failed, previous OCSP response, if any, is continued
 to be used.
 :option:`--fetch-ocsp-response-file` option provides wide range of
 possibility to manage OCSP response.  It can take an arbitrary script
 or executable.  The requirement is that it supports the command-line
 interface of ``fetch-ocsp-response`` script, and it must return a
 valid DER encoded OCSP response on success.  It must return exit code
 0 on success, and 75 for temporary error, and the other error code for
 generic failure.  For large cluster of servers, it is not efficient
 for each server to perform OCSP query using ``fetch-ocsp-response``.
 Instead, you can retrieve OCSP response in some way, and store it in a
 disk or a shared database.  Then specify a program in
 :option:`--fetch-ocsp-response-file` to fetch it from those stores.
 This could provide a way to share the OCSP response between fleet of
 servers, and also any OCSP query strategy can be applied which may be
 beyond the ability of nghttpx itself or ``fetch-ocsp-response``
 script.
 TLS SESSION RESUMPTION
 ----------------------
@@ -1678,7 +1502,7 @@ By default, session ID is shared by all worker threads.
 If :option:`--tls-session-cache-memcached` is given, nghttpx will
 insert serialized session data to memcached with
-``nghttpx:tls-session-cache:`` + lowercase hex string of session ID
+``nghttpx:tls-session-cache:`` + lowercased hex string of session ID
 as a memcached entry key, with expiry time 12 hours.  Session timeout
 is set to 12 hours.
@@ -1760,14 +1584,6 @@ MRUBY SCRIPTING
  The current mruby extension API is experimental and not frozen.  The
  API is subject to change in the future release.
 .. warning::
  Almost all string value returned from method, or attribute is a
  fresh new mruby string, which involves memory allocation, and
  copies.  Therefore, it is strongly recommended to store a return
  value in a local variable, and use it, instead of calling method or
  accessing attribute repeatedly.
 nghttpx allows users to extend its capability using mruby scripts.
 nghttpx has 2 hook points to execute mruby script: request phase and
 response phase.  The request phase hook is invoked after all request
@@ -1814,7 +1630,7 @@ respectively.
    .. rb:attr_reader:: ctx
        Return Ruby hash object.  It persists until request finishes.
-        So values set in request phase hook can be retrieved in
+        So values set in request phase hoo can be retrieved in
        response phase hook.
    .. rb:attr_reader:: phase
@@ -1846,56 +1662,6 @@ respectively.
        Return the TLS SNI value which client sent in this connection.
    .. rb:attr_reader:: tls_client_fingerprint_sha256
        Return the SHA-256 fingerprint of a client certificate.
    .. rb:attr_reader:: tls_client_fingerprint_sha1
        Return the SHA-1 fingerprint of a client certificate.
    .. rb:attr_reader:: tls_client_issuer_name
        Return the issuer name of a client certificate.
    .. rb:attr_reader:: tls_client_subject_name
        Return the subject name of a client certificate.
    .. rb:attr_reader:: tls_client_serial
        Return the serial number of a client certificate.
    .. rb:attr_reader:: tls_client_not_before
        Return the start date of a client certificate in seconds since
        the epoch.
    .. rb:attr_reader:: tls_client_not_after
        Return the end date of a client certificate in seconds since
        the epoch.
    .. rb:attr_reader:: tls_cipher
        Return a TLS cipher negotiated in this connection.
    .. rb:attr_reader:: tls_protocol
        Return a TLS protocol version negotiated in this connection.
    .. rb:attr_reader:: tls_session_id
        Return a session ID for this connection in hex string.
    .. rb:attr_reader:: tls_session_reused
        Return true if, and only if a SSL/TLS session is reused.
    .. rb:attr_reader:: alpn
        Return ALPN identifier negotiated in this connection.
 .. rb:class:: Request
    Object to represent request from client.  The modification to
@@ -2038,18 +1804,6 @@ respectively.
        existing header fields, and then add required header fields.
        It is an error to call this method twice for a given request.
    .. rb:method:: send_info(status, headers)
        Send non-final (informational) response to a client.  *status*
        must be in the range [100, 199], inclusive.  *headers* is a
        hash containing response header fields.  Its key must be a
        string, and the associated value must be either string or
        array of strings.  Since this is not a final response, even if
        this method is invoked, request is still forwarded to a
        backend unless :rb:meth:`Nghttpx::Response#return` is called.
        This method can be called multiple times.  It cannot be called
        after :rb:meth:`Nghttpx::Response#return` is called.
 MRUBY EXAMPLES
 ~~~~~~~~~~~~~~
@@ -2111,20 +1865,17 @@ status
 code
  HTTP status code
 Additionally, depending on the API endpoint, ``data`` key may be
 present, and its value contains the API endpoint specific data.
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
 The following section describes available API endpoints.
-POST /api/v1beta1/backendconfig
+PUT /api/v1beta1/backendconfig
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 This API replaces the current backend server settings with the
-requested ones.  The request method should be POST, but PUT is also
+requested ones.  The request method should be PUT, but POST is also
 acceptable.  The request body must be nghttpx configuration file
 format.  For configuration file format, see `FILES`_ section.  The
 line separator inside the request body must be single LF (0x0A).
@@ -2140,30 +1891,11 @@ The replacement is done instantly without breaking existing
 connections or requests.  It also avoids any process creation as is
 the case with hot swapping with signals.
-The one limitation is that only numeric IP address is allowed in
+The one limitation is that only numeric IP address is allowd in
 :option:`backend <--backend>` in request body unless "dns" parameter
 is used while non numeric hostname is allowed in command-line or
 configuration file is read using :option:`--conf`.
 GET /api/v1beta1/configrevision
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 This API returns configuration revision of the current nghttpx.  The
 configuration revision is opaque string, and it changes after each
 reloading by SIGHUP.  With this API, an external application knows
 that whether nghttpx has finished reloading its configuration by
 comparing the configuration revisions between before and after
 reloading.  It is recommended to disable persistent (keep-alive)
 connection for this purpose in order to avoid to send a request using
 the reused connection which may bound to an old process.
 This API returns response including ``data`` key.  Its value is JSON
 object, and it contains at least the following key:
 configRevision
  The configuration revision of the current nghttpx
 SEE ALSO
 --------
--- a/doc/nghttpx.h2r
+++ b/doc/nghttpx.h2r
@@ -49,7 +49,7 @@ Error log
  <datetime> <master-pid> <current-pid> <thread-id> <level> (<filename>:<line>) <msg>
  <datetime>
-    It is a combination of date and time when the log is written.  It
+    It is a conbination of date and time when the log is written.  It
    is in ISO 8601 format.
  <master-pid>
@@ -83,18 +83,14 @@ SIGUSR1
  Reopen log files.
 SIGUSR2
  Fork and execute nghttpx.  It will execute the binary in the same
-  path with same command-line arguments and environment variables.  As
+  path with same command-line arguments and environment variables.
-  of nghttpx version 1.20.0, the new master process sends SIGQUIT to
+  After new process comes up, sending SIGQUIT to the original process
-  the original master process when it is ready to serve requests.  For
+  to perform hot swapping.  The difference between SIGUSR2 + SIGQUIT
-  the earlier versions of nghttpx, user has to send SIGQUIT to the
+  and SIGHUP is that former is usually used to execute new binary, and
-  original master process.
+  the master process is newly spawned.  On the other hand, the latter
-
+  just reloads configuration file, and the same master process
-  The difference between SIGUSR2 (+ SIGQUIT) and SIGHUP is that former
+  continues to exist.
  is usually used to execute new binary, and the master process is
  newly spawned.  On the other hand, the latter just reloads
  configuration file, and the same master process continues to exist.
 .. note::
@@ -171,22 +167,6 @@ be customized using :option:`--fetch-ocsp-response-file` option.
 If OCSP query is failed, previous OCSP response, if any, is continued
 to be used.
 :option:`--fetch-ocsp-response-file` option provides wide range of
 possibility to manage OCSP response.  It can take an arbitrary script
 or executable.  The requirement is that it supports the command-line
 interface of ``fetch-ocsp-response`` script, and it must return a
 valid DER encoded OCSP response on success.  It must return exit code
 0 on success, and 75 for temporary error, and the other error code for
 generic failure.  For large cluster of servers, it is not efficient
 for each server to perform OCSP query using ``fetch-ocsp-response``.
 Instead, you can retrieve OCSP response in some way, and store it in a
 disk or a shared database.  Then specify a program in
 :option:`--fetch-ocsp-response-file` to fetch it from those stores.
 This could provide a way to share the OCSP response between fleet of
 servers, and also any OCSP query strategy can be applied which may be
 beyond the ability of nghttpx itself or ``fetch-ocsp-response``
 script.
 TLS SESSION RESUMPTION
 ----------------------
@@ -200,7 +180,7 @@ By default, session ID is shared by all worker threads.
 If :option:`--tls-session-cache-memcached` is given, nghttpx will
 insert serialized session data to memcached with
-``nghttpx:tls-session-cache:`` + lowercase hex string of session ID
+``nghttpx:tls-session-cache:`` + lowercased hex string of session ID
 as a memcached entry key, with expiry time 12 hours.  Session timeout
 is set to 12 hours.
@@ -282,14 +262,6 @@ MRUBY SCRIPTING
  The current mruby extension API is experimental and not frozen.  The
  API is subject to change in the future release.
 .. warning::
  Almost all string value returned from method, or attribute is a
  fresh new mruby string, which involves memory allocation, and
  copies.  Therefore, it is strongly recommended to store a return
  value in a local variable, and use it, instead of calling method or
  accessing attribute repeatedly.
 nghttpx allows users to extend its capability using mruby scripts.
 nghttpx has 2 hook points to execute mruby script: request phase and
 response phase.  The request phase hook is invoked after all request
@@ -336,7 +308,7 @@ respectively.
    .. rb:attr_reader:: ctx
        Return Ruby hash object.  It persists until request finishes.
-        So values set in request phase hook can be retrieved in
+        So values set in request phase hoo can be retrieved in
        response phase hook.
    .. rb:attr_reader:: phase
@@ -368,56 +340,6 @@ respectively.
        Return the TLS SNI value which client sent in this connection.
    .. rb:attr_reader:: tls_client_fingerprint_sha256
        Return the SHA-256 fingerprint of a client certificate.
    .. rb:attr_reader:: tls_client_fingerprint_sha1
        Return the SHA-1 fingerprint of a client certificate.
    .. rb:attr_reader:: tls_client_issuer_name
        Return the issuer name of a client certificate.
    .. rb:attr_reader:: tls_client_subject_name
        Return the subject name of a client certificate.
    .. rb:attr_reader:: tls_client_serial
        Return the serial number of a client certificate.
    .. rb:attr_reader:: tls_client_not_before
        Return the start date of a client certificate in seconds since
        the epoch.
    .. rb:attr_reader:: tls_client_not_after
        Return the end date of a client certificate in seconds since
        the epoch.
    .. rb:attr_reader:: tls_cipher
        Return a TLS cipher negotiated in this connection.
    .. rb:attr_reader:: tls_protocol
        Return a TLS protocol version negotiated in this connection.
    .. rb:attr_reader:: tls_session_id
        Return a session ID for this connection in hex string.
    .. rb:attr_reader:: tls_session_reused
        Return true if, and only if a SSL/TLS session is reused.
    .. rb:attr_reader:: alpn
        Return ALPN identifier negotiated in this connection.
 .. rb:class:: Request
    Object to represent request from client.  The modification to
@@ -560,18 +482,6 @@ respectively.
        existing header fields, and then add required header fields.
        It is an error to call this method twice for a given request.
    .. rb:method:: send_info(status, headers)
        Send non-final (informational) response to a client.  *status*
        must be in the range [100, 199], inclusive.  *headers* is a
        hash containing response header fields.  Its key must be a
        string, and the associated value must be either string or
        array of strings.  Since this is not a final response, even if
        this method is invoked, request is still forwarded to a
        backend unless :rb:meth:`Nghttpx::Response#return` is called.
        This method can be called multiple times.  It cannot be called
        after :rb:meth:`Nghttpx::Response#return` is called.
 MRUBY EXAMPLES
 ~~~~~~~~~~~~~~
@@ -633,9 +543,6 @@ status
 code
  HTTP status code
 Additionally, depending on the API endpoint, ``data`` key may be
 present, and its value contains the API endpoint specific data.
 We wrote "normally", since nghttpx may return ordinal HTML response in
 some cases where the error has occurred before reaching API endpoint
 (e.g., header field is too large).
@@ -662,30 +569,11 @@ The replacement is done instantly without breaking existing
 connections or requests.  It also avoids any process creation as is
 the case with hot swapping with signals.
-The one limitation is that only numeric IP address is allowed in
+The one limitation is that only numeric IP address is allowd in
 :option:`backend <--backend>` in request body unless "dns" parameter
 is used while non numeric hostname is allowed in command-line or
 configuration file is read using :option:`--conf`.
 GET /api/v1beta1/configrevision
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 This API returns configuration revision of the current nghttpx.  The
 configuration revision is opaque string, and it changes after each
 reloading by SIGHUP.  With this API, an external application knows
 that whether nghttpx has finished reloading its configuration by
 comparing the configuration revisions between before and after
 reloading.  It is recommended to disable persistent (keep-alive)
 connection for this purpose in order to avoid to send a request using
 the reused connection which may bound to an old process.
 This API returns response including ``data`` key.  Its value is JSON
 object, and it contains at least the following key:
 configRevision
  The configuration revision of the current nghttpx
 SEE ALSO
 --------
--- a/doc/programmers-guide.rst
+++ b/doc/programmers-guide.rst
@@ -116,10 +116,7 @@ briefly describe what the library does in this area.  In the following
 description, without loss of generality we omit CONTINUATION frame
 since they must follow HEADERS frame and are processed atomically.  In
 other words, they are just one big HEADERS frame.  To disable these
-validations, use `nghttp2_option_set_no_http_messaging()`.  Please
+validations, use `nghttp2_option_set_no_http_messaging()`.
 note that disabling this feature does not change the fundamental
 client and server model of HTTP.  That is, even if the validation is
 disabled, only client can send requests.
 For HTTP request, including those carried by PUSH_PROMISE, HTTP
 message starts with one HEADERS frame containing request headers.  It
@@ -152,11 +149,13 @@ header fields must not appear: "Connection", "Keep-Alive",
 Each header field name and value must obey the field-name and
 field-value production rules described in `RFC 7230, section
 3.2. <https://tools.ietf.org/html/rfc7230#section-3.2>`_.
-Additionally, all field name must be lower cased.  The invalid header
+Additionally, all field name must be lower cased.  While the pseudo
-fields are treated as stream error, and that stream is reset.  If
+header fields must satisfy these rules, we just ignore illegal regular
-application wants to treat these headers in their own way, use
+headers (this means that these header fields are not passed to
-`nghttp2_on_invalid_header_callback
+application callback).  This is because these illegal header fields
-<https://nghttp2.org/documentation/types.html#c.nghttp2_on_invalid_header_callback>`_.
+are floating around in existing internet and resetting stream just
 because of this may break many web sites.  This is especially true if
 we forward to or translate from HTTP/1 traffic.
 For "http" or "https" URIs, ":path" pseudo header fields must start
 with "/".  The only exception is OPTIONS request, in that case, "*" is
--- a/doc/sources/building-android-binary.rst
+++ b/doc/sources/building-android-binary.rst
@@ -2,7 +2,7 @@ Building Android binary
 =======================
 In this article, we briefly describe how to build Android binary using
-`Android NDK <https://developer.android.com/ndk/index.html>`_
+`Android NDK <http://developer.android.com/tools/sdk/ndk/index.html>`_
 cross-compiler on Debian Linux.
 The easiest way to build android binary is use Dockerfile.android.
@@ -38,6 +38,9 @@ Although zlib comes with Android NDK, it seems not to be a part of
 public API, so we have to built it for our own.  That also provides us
 proper .pc file as a bonus.
 If SPDY support is required for nghttpx and h2load, build and install
 spdylay as well.
 Before running ``android-config`` and ``android-make``,
 ``ANDROID_HOME`` environment variable must be set to point to the
 correct path.  Also add ``$ANDROID_HOME/toolchain/bin`` to ``PATH``:
@@ -143,6 +146,34 @@ To configure zlib, use the following script:
 And run ``make install`` to build and install.
 To configure spdylay, use the following script:
 .. code-block:: sh
    #!/bin/sh -e
    if [ -z "$ANDROID_HOME" ]; then
        echo 'No $ANDROID_HOME specified.'
        exit 1
    fi
    PREFIX=$ANDROID_HOME/usr/local
    TOOLCHAIN=$ANDROID_HOME/toolchain
    PATH=$TOOLCHAIN/bin:$PATH
    ./configure \
        --disable-shared \
        --host=arm-linux-androideabi \
        --build=`dpkg-architecture -qDEB_BUILD_GNU_TYPE` \
        --prefix=$PREFIX \
        --without-libxml2 \
        --disable-src \
        --disable-examples \
        CPPFLAGS="-I$PREFIX/include" \
        PKG_CONFIG_LIBDIR="$PREFIX/lib/pkgconfig" \
        LDFLAGS="-L$PREFIX/lib"
 And run ``make install`` to build and install.
 After prerequisite libraries are prepared, run ``android-config`` and
 then ``android-make`` to compile nghttp2 source files.
--- a/doc/sources/contribute.rst
+++ b/doc/sources/contribute.rst
@@ -26,7 +26,8 @@ Coding style
 We use clang-format to format source code consistently.  The
 clang-format configuration file .clang-format is located at the root
 directory.  Since clang-format produces slightly different results
-between versions, we currently use clang-format-5.0.
+between versions, we currently use clang-format which comes with
 clang-3.9.
 To detect any violation to the coding style, we recommend to setup git
 pre-commit hook to check coding style of the changes you introduced.
@@ -34,7 +35,7 @@ The pre-commit file is located at the root directory.  Copy it under
 .git/hooks and make sure that it is executable.  The pre-commit script
 uses clang-format-diff.py to detect any style errors.  If it is not in
 your PATH or it exists under different name (e.g.,
-clang-format-diff-5.0 in debian), either add it to PATH variable or
+clang-format-diff-3.9 in debian), either add it to PATH variable or
 add git option ``clangformatdiff.binary`` to point to the script.
 For emacs users, integrating clang-format to emacs is very easy.
--- a/doc/sources/h2load-howto.rst
+++ b/doc/sources/h2load-howto.rst
@@ -3,14 +3,16 @@
 h2load - HTTP/2 benchmarking tool - HOW-TO
 ==========================================
-:doc:`h2load.1` is benchmarking tool for HTTP/2 and HTTP/1.1.  It
+:doc:`h2load.1` is benchmarking tool for HTTP/2 and HTTP/1.1.  If
-supports SSL/TLS and clear text for all supported protocols.
+built with spdylay (http://tatsuhiro-t.github.io/spdylay/) library, it
 also supports SPDY protocol.  It supports SSL/TLS and clear text for
 all supported protocols.
 Compiling from source
 ---------------------
 h2load is compiled alongside nghttp2 and requires that the
-``--enable-app`` flag is passed to ``./configure`` and `required
+``--enable-apps`` flag is passed to ``./configure`` and `required
 dependencies <https://github.com/nghttp2/nghttp2#requirements>`_ are
 available during compilation. For details on compiling, see `nghttp2:
 Building from Git
@@ -62,40 +64,23 @@ The benchmarking result looks like this:
 See the h2load manual page :ref:`h2load-1-output` section for the
 explanation of the above numbers.
 Timing-based load-testing
 -------------------------
 As of v1.26.0, h2load supports timing-based load-testing.  This method
 performs load-testing in terms of a given duration instead of a
 pre-defined number of requests. The new option :option:`--duration`
 specifies how long the load-testing takes. For example,
 ``--duration=10`` makes h2load perform load-testing against a server
 for 10 seconds. You can also specify a “warming-up” period with
 :option:`--warm-up-time`. If :option:`--duration` is used,
 :option:`-n` option is ignored.
 The following command performs load-testing for 10 seconds after 5
 seconds warming up period:
 .. code-block:: text
    $ h2load -c100 -m100 --duration=10 --warm-up-time=5 https://localhost
 Flow Control
 ------------
-HTTP/2 has flow control and it may affect benchmarking results.  By
+HTTP/2 and SPDY/3 or later employ flow control and it may affect
-default, h2load uses large enough flow control window, which
+benchmarking results.  By default, h2load uses large enough flow
-effectively disables flow control.  To adjust receiver flow control
+control window, which effectively disables flow control.  To adjust
-window size, there are following options:
+receiver flow control window size, there are following options:
 :option:`-w`
   Sets  the stream  level  initial  window size  to
-   (2**<N>)-1.
+   (2**<N>)-1.  For SPDY, 2**<N> is used instead.
 :option:`-W`
   Sets the connection level  initial window size to
-   (2**<N>)-1.
+   (2**<N>)-1.  For  SPDY, if  <N> is  strictly less
   than  16,  this  option  is  ignored.   Otherwise
   2**<N> is used for SPDY.
 Multi-Threading
 ---------------
--- a/doc/sources/libnghttp2_asio.rst
+++ b/doc/sources/libnghttp2_asio.rst
@@ -290,7 +290,7 @@ Normally, client does not stop even after all requests are done unless
 connection is lost.  To stop client, call
 ``nghttp2::asio_http2::server::session::shutdown()``.
-Receive server push and enable SSL/TLS
+Recieve server push and enable SSL/TLS
 ++++++++++++++++++++++++++++++++++++++
 .. code-block:: cpp
--- a/doc/sources/nghttpx-howto.rst
+++ b/doc/sources/nghttpx-howto.rst
@@ -4,10 +4,10 @@ nghttpx - HTTP/2 proxy - HOW-TO
 ===============================
 :doc:`nghttpx.1` is a proxy translating protocols between HTTP/2 and
-other protocols (e.g., HTTP/1).  It operates in several modes and each
+other protocols (e.g., HTTP/1, SPDY).  It operates in several modes
-mode may require additional programs to work with.  This article
+and each mode may require additional programs to work with.  This
-describes each operation mode and explains the intended use-cases.  It
+article describes each operation mode and explains the intended
-also covers some useful options later.
+use-cases.  It also covers some useful options later.
 Default mode
 ------------
@@ -15,7 +15,9 @@ Default mode
 If nghttpx is invoked without :option:`--http2-proxy`, it operates in
 default mode.  In this mode, it works as reverse proxy (gateway) for
 both HTTP/2 and HTTP/1 clients to backend servers.  This is also known
-as "HTTP/2 router".
+as "HTTP/2 router".  If nghttpx is linked with spdylay library and
 frontend connection is SSL/TLS, the frontend also supports SPDY
 protocol.
 By default, frontend connection is encrypted using SSL/TLS.  So
 server's private key and certificate must be supplied to the command
@@ -23,10 +25,11 @@ line (or through configuration file).  In this case, the frontend
 protocol selection will be done via ALPN or NPN.
 To turn off encryption on frontend connection, use ``no-tls`` keyword
-in :option:`--frontend` option.  HTTP/2 and HTTP/1 are available on
+in :option:`--frontend` option.  In this case, SPDY protocol is not
-the frontend, and an HTTP/1 connection can be upgraded to HTTP/2 using
+available even if spdylay library is liked to nghttpx.  HTTP/2 and
-HTTP Upgrade.  Starting HTTP/2 connection by sending HTTP/2 connection
+HTTP/1 are available on the frontend, and an HTTP/1 connection can be
-preface is also supported.
+upgraded to HTTP/2 using HTTP Upgrade.  Starting HTTP/2 connection by
 sending HTTP/2 connection preface is also supported.
 nghttpx can listen on multiple frontend addresses.  This is achieved
 by using multiple :option:`--frontend` options.  For each frontend
@@ -42,17 +45,17 @@ that default backend protocol is HTTP/1.1.  To use HTTP/2 in backend,
 you have to specify ``h2`` in ``proto`` keyword in :option:`--backend`
 explicitly.
-The backend is supposed to be a Web server.  For example, to make
+The backend is supposed to be Web server.  For example, to make
 nghttpx listen to encrypted HTTP/2 requests at port 8443, and a
-backend Web server is configured to listen to HTTP requests at port
+backend Web server is configured to listen to HTTP request at port
-8080 on the same host, run nghttpx command-line like this:
+8080 in the same host, run nghttpx command-line like this:
 .. code-block:: text
    $ nghttpx -f0.0.0.0,8443 -b127.0.0.1,8080 /path/to/server.key /path/to/server.crt
-Then an HTTP/2 enabled client can access the nghttpx server using HTTP/2.  For
+Then HTTP/2 enabled client can access to the nghttpx in HTTP/2.  For
-example, you can send a GET request using nghttp:
+example, you can send GET request to the server using nghttp:
 .. code-block:: text
@@ -63,18 +66,19 @@ HTTP/2 proxy mode
 If nghttpx is invoked with :option:`--http2-proxy` (or its shorthand
 :option:`-s`) option, it operates in HTTP/2 proxy mode.  The supported
-protocols in frontend and backend connections are the same as in `default
+protocols in frontend and backend connections are the same in `default
-mode`_.  The difference is that this mode acts like a forward proxy and
+mode`_.  The difference is that this mode acts like forward proxy and
-assumes the backend is an HTTP proxy server (e.g., Squid, Apache Traffic
+assumes the backend is HTTP proxy server (e.g., Squid, Apache Traffic
-Server).  HTTP/1 requests must include an absolute URI in request line.
+Server).  HTTP/1 request must include absolute URI in request line.
-By default, the frontend connection is encrypted.  So this mode is
+By default, frontend connection is encrypted.  So this mode is also
-also called secure proxy.
+called secure proxy.  If nghttpx is linked with spdylay, it supports
 SPDY protocols and it works as so called SPDY proxy.
-To turn off encryption on the frontend connection, use ``no-tls`` keyword
+To turn off encryption on frontend connection, use ``no-tls`` keyword
 in :option:`--frontend` option.
-The backend must be an HTTP proxy server.  nghttpx supports multiple
+The backend must be HTTP proxy server.  nghttpx supports multiple
 backend server addresses.  It translates incoming requests to HTTP
 request to backend server.  The backend server performs real proxy
 work for each request, for example, dispatching requests to the origin
@@ -88,7 +92,7 @@ connection, use :option:`--backend` option, and specify ``h2`` in
 For example, to make nghttpx listen to encrypted HTTP/2 requests at
 port 8443, and a backend HTTP proxy server is configured to listen to
-HTTP/1 requests at port 8080 on the same host, run nghttpx command-line
+HTTP/1 request at port 8080 in the same host, run nghttpx command-line
 like this:
 .. code-block:: text
@@ -98,8 +102,8 @@ like this:
 At the time of this writing, Firefox 41 and Chromium v46 can use
 nghttpx as HTTP/2 proxy.
-To make Firefox or Chromium use nghttpx as HTTP/2 proxy, user has to
+To make Firefox or Chromium use nghttpx as HTTP/2 or SPDY proxy, user
-create proxy.pac script file like this:
+has to create proxy.pac script file like this:
 .. code-block:: javascript
@@ -225,18 +229,12 @@ Hot swapping
 nghttpx supports hot swapping using signals.  The hot swapping in
 nghttpx is multi step process.  First send USR2 signal to nghttpx
 process.  It will do fork and execute new executable, using same
-command-line arguments and environment variables.
+command-line arguments and environment variables.  At this point, both
-
+current and new processes can accept requests.  To gracefully shutdown
-As of nghttpx version 1.20.0, that is all you have to do.  The new
+current process, send QUIT signal to current nghttpx process.  When
-master process sends QUIT signal to the original process, when it is
+all existing frontend connections are done, the current process will
-ready to serve requests, to shut it down gracefully.
+exit.  At this point, only new nghttpx process exists and serves
-
+incoming requests.
 For earlier versions of nghttpx, you have to do one more thing.  At
 this point, both current and new processes can accept requests.  To
 gracefully shutdown current process, send QUIT signal to current
 nghttpx process.  When all existing frontend connections are done, the
 current process will exit.  At this point, only new nghttpx process
 exists and serves incoming requests.
 If you want to just reload configuration file without executing new
 binary, send SIGHUP to nghttpx master process.
@@ -293,31 +291,13 @@ When you write this option in command-line, you should enclose
 argument with single or double quotes, since the character ``;`` has a
 special meaning in shell.
-To route, request to request path ``/foo`` to backend server
+To route, request to request path whose prefix is ``/foo`` to backend
-``[::1]:8080``, you can write like so:
+server ``[::1]:8080``, you can write like so:
 .. code-block:: text
   backend=::1,8080;/foo
 If the last character of path pattern is ``/``, all request paths
 which start with that pattern match:
 .. code-block:: text
   backend=::1,8080;/bar/
 The request path ``/bar/buzz`` matches the ``/bar/``.
 You can use ``*`` at the end of the path pattern to make it wildcard
 pattern.  ``*`` must match at least one character:
 .. code-block:: text
   backend=::1,8080;/sample*
 The request path ``/sample1/foo`` matches the ``/sample*`` pattern.
 Of course, you can specify both host and request path at the same
 time:
@@ -385,7 +365,7 @@ parameter in :option:`--backend` option, like so:
 .. code-block:: text
-   backend=foo.example.com,80;;dns
+   backend=foo.example.com;;dns
 nghttpx will cache resolved addresses for certain period of time.  To
 change this cache period, use :option:`--dns-cache-timeout`.
@@ -401,28 +381,6 @@ like so:
   frontend=*,443;proxyproto
 Session affinity
 ----------------
 Two kinds of session affinity are available: client IP, and HTTP
 Cookie.
 To enable client IP based affinity, specify ``affinity=ip`` parameter
 in :option:`--backend` option.  If PROXY protocol is enabled, then an
 address obtained from PROXY protocol is taken into consideration.
 To enable HTTP Cookie based affinity, specify ``affinity=cookie``
 parameter, and specify a name of cookie in ``affinity-cookie-name``
 parameter.  Optionally, a Path attribute can be specified in
 ``affinity-cookie-path`` parameter:
 .. code-block:: text
   backend=127.0.0.1,3000;;affinity=cookie;affinity-cookie-name=nghttpxlb;affinity-cookie-path=/
 Secure attribute of cookie is set if client connection is protected by
 TLS.
 PSK cipher suites
 -----------------
--- a/doc/sources/tutorial-client.rst
+++ b/doc/sources/tutorial-client.rst
@@ -124,7 +124,6 @@ remote server. It's defined as::
      bev = bufferevent_openssl_socket_new(
          evbase, -1, ssl, BUFFEREVENT_SSL_CONNECTING,
          BEV_OPT_DEFER_CALLBACKS | BEV_OPT_CLOSE_ON_FREE);
      bufferevent_enable(bev, EV_READ | EV_WRITE);
      bufferevent_setcb(bev, readcb, writecb, eventcb, session_data);
      rv = bufferevent_socket_connect_hostname(bev, session_data->dnsbase,
                                               AF_UNSPEC, host, port);
--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -7,8 +7,11 @@ if(ENABLE_EXAMPLES)
    COMPILE_FLAGS "${WARNCXXFLAGS} ${CXX1XCXXFLAGS}")
  include_directories(
-    ${CMAKE_CURRENT_SOURCE_DIR}
+    ${CMAKE_SOURCE_DIR}
-    "${CMAKE_CURRENT_SOURCE_DIR}/../third-party"
+    ${CMAKE_SOURCE_DIR}/lib/includes
    ${CMAKE_BINARY_DIR}/lib/includes
    ${CMAKE_SOURCE_DIR}/src/includes
    ${CMAKE_SOURCE_DIR}/third-party
    ${LIBEVENT_INCLUDE_DIRS}
    ${OPENSSL_INCLUDE_DIRS}
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -62,11 +62,11 @@ ASIOCPPFLAGS = ${AM_CPPFLAGS} ${BOOST_CPPFLAGS}
 ASIOLDADD = $(top_builddir)/lib/libnghttp2.la \
 	$(top_builddir)/src/libnghttp2_asio.la @JEMALLOC_LIBS@ \
 	$(top_builddir)/third-party/libhttp-parser.la \
 	@OPENSSL_LIBS@ \
 	${BOOST_LDFLAGS} \
 	${BOOST_ASIO_LIB} \
 	${BOOST_THREAD_LIB} \
 	${BOOST_SYSTEM_LIB} \
 	@OPENSSL_LIBS@ \
 	@APPLDFLAGS@
 asio_sv_SOURCES = asio-sv.cc
--- a/examples/asio-cl.cc
+++ b/examples/asio-cl.cc
@@ -67,14 +67,14 @@ int main(int argc, char *argv[]) {
        return;
      }
-      req->on_response([](const response &res) {
+      req->on_response([&sess](const response &res) {
        std::cerr << "HTTP/2 " << res.status_code() << std::endl;
        for (auto &kv : res.header()) {
          std::cerr << kv.first << ": " << kv.second.value << "\n";
        }
        std::cerr << std::endl;
-        res.on_data([](const uint8_t *data, std::size_t len) {
+        res.on_data([&sess](const uint8_t *data, std::size_t len) {
          std::cerr.write(reinterpret_cast<const char *>(data), len);
          std::cerr << std::endl;
        });
--- a/examples/asio-cl2.cc
+++ b/examples/asio-cl2.cc
@@ -91,17 +91,17 @@ int main(int argc, char *argv[]) {
        return;
      }
-      req->on_response([](const response &res) {
+      req->on_response([&sess, req](const response &res) {
        std::cerr << "response header was received" << std::endl;
        print_header(res);
-        res.on_data([](const uint8_t *data, std::size_t len) {
+        res.on_data([&sess](const uint8_t *data, std::size_t len) {
          std::cerr.write(reinterpret_cast<const char *>(data), len);
          std::cerr << std::endl;
        });
      });
-      req->on_close([](uint32_t error_code) {
+      req->on_close([&sess](uint32_t error_code) {
        std::cerr << "request done with error_code=" << error_code << std::endl;
      });
--- a/examples/asio-sv.cc
+++ b/examples/asio-sv.cc
@@ -36,12 +36,25 @@
 #include <iostream>
 #include <string>
 #include <thread>
 #include <nghttp2/asio_http2_server.h>
 using namespace nghttp2::asio_http2;
 using namespace nghttp2::asio_http2::server;
 namespace {
 void run_forever(boost::asio::io_service &io_service, size_t num_threads) {
  std::vector<std::thread> ts;
  for (size_t i = 0; i < num_threads; ++i) {
    ts.emplace_back([&io_service]() { io_service.run(); });
  }
  for (auto &t : ts) {
    t.join();
  }
 }
 } // namespace
 int main(int argc, char *argv[]) {
  try {
    // Check command line arguments.
@@ -58,9 +71,9 @@ int main(int argc, char *argv[]) {
    std::string port = argv[2];
    std::size_t num_threads = std::stoi(argv[3]);
-    http2 server;
+    boost::asio::io_service io_service;
-    server.num_threads(num_threads);
+    http2 server(io_service);
    server.handle("/", [](const request &req, const response &res) {
      res.write_head(200, {{"foo", {"bar"}}});
@@ -136,11 +149,16 @@ int main(int argc, char *argv[]) {
      if (server.listen_and_serve(ec, tls, addr, port)) {
        std::cerr << "error: " << ec.message() << std::endl;
      }
      run_forever(io_service, num_threads);
    } else {
      if (server.listen_and_serve(ec, addr, port)) {
        std::cerr << "error: " << ec.message() << std::endl;
      }
      run_forever(io_service, num_threads);
    }
  } catch (std::exception &e) {
    std::cerr << "exception: " << e.what() << "\n";
  }
--- a/examples/asio-sv2.cc
+++ b/examples/asio-sv2.cc
@@ -43,12 +43,25 @@
 #endif // HAVE_FCNTL_H
 #include <iostream>
 #include <string>
 #include <thread>
 #include <nghttp2/asio_http2_server.h>
 using namespace nghttp2::asio_http2;
 using namespace nghttp2::asio_http2::server;
 namespace {
 void run_forever(boost::asio::io_service &io_service, size_t num_threads) {
  std::vector<std::thread> ts;
  for (size_t i = 0; i < num_threads; ++i) {
    ts.emplace_back([&io_service]() { io_service.run(); });
  }
  for (auto &t : ts) {
    t.join();
  }
 }
 } // namespace
 int main(int argc, char *argv[]) {
  try {
    // Check command line arguments.
@@ -65,9 +78,9 @@ int main(int argc, char *argv[]) {
    std::size_t num_threads = std::stoi(argv[3]);
    std::string docroot = argv[4];
-    http2 server;
+    boost::asio::io_service io_service;
-    server.num_threads(num_threads);
+    http2 server(io_service);
    server.handle("/", [&docroot](const request &req, const response &res) {
      auto path = percent_decode(req.uri().path);
@@ -112,10 +125,14 @@ int main(int argc, char *argv[]) {
      if (server.listen_and_serve(ec, tls, addr, port)) {
        std::cerr << "error: " << ec.message() << std::endl;
      }
      run_forever(io_service, num_threads);
    } else {
      if (server.listen_and_serve(ec, addr, port)) {
        std::cerr << "error: " << ec.message() << std::endl;
      }
      run_forever(io_service, num_threads);
    }
  } catch (std::exception &e) {
    std::cerr << "exception: " << e.what() << "\n";
--- a/examples/client.c
+++ b/examples/client.c
@@ -159,13 +159,10 @@ static void diec(const char *func, int error_code) {
 * bytes actually written. See the documentation of
 * nghttp2_send_callback for the details.
 */
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+                             size_t length, int flags _U_, void *user_data) {
  struct Connection *connection;
  int rv;
  (void)session;
  (void)flags;
  connection = (struct Connection *)user_data;
  connection->want_io = IO_NONE;
  ERR_clear_error();
@@ -189,13 +186,10 @@ static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
 * |length| bytes. Returns the number of bytes stored in |buf|. See
 * the documentation of nghttp2_recv_callback for the details.
 */
-static ssize_t recv_callback(nghttp2_session *session, uint8_t *buf,
+static ssize_t recv_callback(nghttp2_session *session _U_, uint8_t *buf,
-                             size_t length, int flags, void *user_data) {
+                             size_t length, int flags _U_, void *user_data) {
  struct Connection *connection;
  int rv;
  (void)session;
  (void)flags;
  connection = (struct Connection *)user_data;
  connection->want_io = IO_NONE;
  ERR_clear_error();
@@ -216,10 +210,9 @@ static ssize_t recv_callback(nghttp2_session *session, uint8_t *buf,
 }
 static int on_frame_send_callback(nghttp2_session *session,
-                                  const nghttp2_frame *frame, void *user_data) {
+                                  const nghttp2_frame *frame,
                                  void *user_data _U_) {
  size_t i;
  (void)user_data;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (nghttp2_session_get_stream_user_data(session, frame->hd.stream_id)) {
@@ -244,10 +237,9 @@ static int on_frame_send_callback(nghttp2_session *session,
 }
 static int on_frame_recv_callback(nghttp2_session *session,
-                                  const nghttp2_frame *frame, void *user_data) {
+                                  const nghttp2_frame *frame,
                                  void *user_data _U_) {
  size_t i;
  (void)user_data;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE) {
@@ -282,11 +274,9 @@ static int on_frame_recv_callback(nghttp2_session *session,
 * we submit GOAWAY and close the session.
 */
 static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
-                                    uint32_t error_code, void *user_data) {
+                                    uint32_t error_code _U_,
                                    void *user_data _U_) {
  struct Request *req;
  (void)error_code;
  (void)user_data;
  req = nghttp2_session_get_stream_user_data(session, stream_id);
  if (req) {
    int rv;
@@ -303,13 +293,11 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
 * The implementation of nghttp2_on_data_chunk_recv_callback type. We
 * use this function to print the received response body.
 */
-static int on_data_chunk_recv_callback(nghttp2_session *session, uint8_t flags,
+static int on_data_chunk_recv_callback(nghttp2_session *session,
-                                       int32_t stream_id, const uint8_t *data,
+                                       uint8_t flags _U_, int32_t stream_id,
-                                       size_t len, void *user_data) {
+                                       const uint8_t *data, size_t len,
                                       void *user_data _U_) {
  struct Request *req;
  (void)flags;
  (void)user_data;
  req = nghttp2_session_get_stream_user_data(session, stream_id);
  if (req) {
    printf("[INFO] C <---------------------------- S (DATA chunk)\n"
@@ -345,19 +333,15 @@ static void setup_nghttp2_callbacks(nghttp2_session_callbacks *callbacks) {
      callbacks, on_data_chunk_recv_callback);
 }
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /*
 * Callback function for TLS NPN. Since this program only supports
 * HTTP/2 protocol, if server does not offer HTTP/2 the nghttp2
 * library supports, we terminate program.
 */
-static int select_next_proto_cb(SSL *ssl, unsigned char **out,
+static int select_next_proto_cb(SSL *ssl _U_, unsigned char **out,
                                unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
+                                unsigned int inlen, void *arg _U_) {
  int rv;
  (void)ssl;
  (void)arg;
  /* nghttp2_select_next_protocol() selects HTTP/2 protocol the
     nghttp2 library supports. */
  rv = nghttp2_select_next_protocol(out, outlen, in, inlen);
@@ -366,7 +350,6 @@ static int select_next_proto_cb(SSL *ssl, unsigned char **out,
  }
  return SSL_TLSEXT_ERR_OK;
 }
 #endif /* !OPENSSL_NO_NEXTPROTONEG */
 /*
 * Setup SSL/TLS context.
@@ -377,9 +360,7 @@ static void init_ssl_ctx(SSL_CTX *ssl_ctx) {
  SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
  SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
  /* Set NPN callback */
 #ifndef OPENSSL_NO_NEXTPROTONEG
  SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
 #endif /* !OPENSSL_NO_NEXTPROTONEG */
 }
 static void ssl_handshake(SSL *ssl, int fd) {
--- a/examples/deflate.c
+++ b/examples/deflate.c
@@ -44,7 +44,7 @@ static void deflate(nghttp2_hd_deflater *deflater,
 static int inflate_header_block(nghttp2_hd_inflater *inflater, uint8_t *in,
                                size_t inlen, int final);
-int main() {
+int main(int argc _U_, char **argv _U_) {
  int rv;
  nghttp2_hd_deflater *deflater;
  nghttp2_hd_inflater *inflater;
--- a/examples/libevent-client.c
+++ b/examples/libevent-client.c
@@ -199,27 +199,22 @@ static void print_headers(FILE *f, nghttp2_nv *nva, size_t nvlen) {
 /* nghttp2_send_callback. Here we transmit the |data|, |length| bytes,
   to the network. Because we are using libevent bufferevent, we just
   write those bytes into bufferevent buffer. */
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+                             size_t length, int flags _U_, void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  struct bufferevent *bev = session_data->bev;
  (void)session;
  (void)flags;
  bufferevent_write(bev, data, length);
  return (ssize_t)length;
 }
 /* nghttp2_on_header_callback: Called when nghttp2 library emits
   single header name/value pair. */
-static int on_header_callback(nghttp2_session *session,
+static int on_header_callback(nghttp2_session *session _U_,
                              const nghttp2_frame *frame, const uint8_t *name,
                              size_t namelen, const uint8_t *value,
-                              size_t valuelen, uint8_t flags, void *user_data) {
+                              size_t valuelen, uint8_t flags _U_,
                              void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  (void)session;
  (void)flags;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -234,12 +229,10 @@ static int on_header_callback(nghttp2_session *session,
 /* nghttp2_on_begin_headers_callback: Called when nghttp2 library gets
   started to receive header block. */
-static int on_begin_headers_callback(nghttp2_session *session,
+static int on_begin_headers_callback(nghttp2_session *session _U_,
                                     const nghttp2_frame *frame,
                                     void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  (void)session;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -254,11 +247,9 @@ static int on_begin_headers_callback(nghttp2_session *session,
 /* nghttp2_on_frame_recv_callback: Called when nghttp2 library
   received a complete frame from the remote peer. */
-static int on_frame_recv_callback(nghttp2_session *session,
+static int on_frame_recv_callback(nghttp2_session *session _U_,
                                  const nghttp2_frame *frame, void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  (void)session;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat == NGHTTP2_HCAT_RESPONSE &&
@@ -275,13 +266,11 @@ static int on_frame_recv_callback(nghttp2_session *session,
   is meant to the stream we initiated, print the received data in
   stdout, so that the user can redirect its output to the file
   easily. */
-static int on_data_chunk_recv_callback(nghttp2_session *session, uint8_t flags,
+static int on_data_chunk_recv_callback(nghttp2_session *session _U_,
-                                       int32_t stream_id, const uint8_t *data,
+                                       uint8_t flags _U_, int32_t stream_id,
-                                       size_t len, void *user_data) {
+                                       const uint8_t *data, size_t len,
                                       void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  (void)session;
  (void)flags;
  if (session_data->stream_data->stream_id == stream_id) {
    fwrite(data, 1, len, stdout);
  }
@@ -308,22 +297,17 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
  return 0;
 }
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* NPN TLS extension client callback. We check that server advertised
   the HTTP/2 protocol the nghttp2 library supports. If not, exit
   the program. */
-static int select_next_proto_cb(SSL *ssl, unsigned char **out,
+static int select_next_proto_cb(SSL *ssl _U_, unsigned char **out,
                                unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
+                                unsigned int inlen, void *arg _U_) {
  (void)ssl;
  (void)arg;
  if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) {
    errx(1, "Server did not advertise " NGHTTP2_PROTO_VERSION_ID);
  }
  return SSL_TLSEXT_ERR_OK;
 }
 #endif /* !OPENSSL_NO_NEXTPROTONEG */
 /* Create SSL_CTX. */
 static SSL_CTX *create_ssl_ctx(void) {
@@ -337,13 +321,11 @@ static SSL_CTX *create_ssl_ctx(void) {
                      SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
                          SSL_OP_NO_COMPRESSION |
                          SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 #ifndef OPENSSL_NO_NEXTPROTONEG
  SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
 #endif /* !OPENSSL_NO_NEXTPROTONEG */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
  SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
  return ssl_ctx;
 }
@@ -479,10 +461,8 @@ static void readcb(struct bufferevent *bev, void *ptr) {
   receiving GOAWAY, we check the some conditions on the nghttp2
   library and output buffer of bufferevent. If it indicates we have
   no business to this session, tear down the connection. */
-static void writecb(struct bufferevent *bev, void *ptr) {
+static void writecb(struct bufferevent *bev _U_, void *ptr) {
  http2_session_data *session_data = (http2_session_data *)ptr;
  (void)bev;
  if (nghttp2_session_want_read(session_data->session) == 0 &&
      nghttp2_session_want_write(session_data->session) == 0 &&
      evbuffer_get_length(bufferevent_get_output(session_data->bev)) == 0) {
@@ -508,14 +488,12 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
    ssl = bufferevent_openssl_get_ssl(session_data->bev);
 #ifndef OPENSSL_NO_NEXTPROTONEG
    SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
 #endif /* !OPENSSL_NO_NEXTPROTONEG */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
    if (alpn == NULL) {
      SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
    }
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
    if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
      fprintf(stderr, "h2 is not negotiated\n");
@@ -554,7 +532,6 @@ static void initiate_connection(struct event_base *evbase, SSL_CTX *ssl_ctx,
  bev = bufferevent_openssl_socket_new(
      evbase, -1, ssl, BUFFEREVENT_SSL_CONNECTING,
      BEV_OPT_DEFER_CALLBACKS | BEV_OPT_CLOSE_ON_FREE);
  bufferevent_enable(bev, EV_READ | EV_WRITE);
  bufferevent_setcb(bev, readcb, writecb, eventcb, session_data);
  rv = bufferevent_socket_connect_hostname(bev, session_data->dnsbase,
                                           AF_UNSPEC, host, port);
--- a/examples/libevent-server.c
+++ b/examples/libevent-server.c
@@ -109,25 +109,18 @@ struct app_context {
 static unsigned char next_proto_list[256];
 static size_t next_proto_list_len;
-#ifndef OPENSSL_NO_NEXTPROTONEG
+static int next_proto_cb(SSL *s _U_, const unsigned char **data,
-static int next_proto_cb(SSL *ssl, const unsigned char **data,
+                         unsigned int *len, void *arg _U_) {
                         unsigned int *len, void *arg) {
  (void)ssl;
  (void)arg;
  *data = next_proto_list;
  *len = (unsigned int)next_proto_list_len;
  return SSL_TLSEXT_ERR_OK;
 }
 #endif /* !OPENSSL_NO_NEXTPROTONEG */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
-static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
+static int alpn_select_proto_cb(SSL *ssl _U_, const unsigned char **out,
                                unsigned char *outlen, const unsigned char *in,
-                                unsigned int inlen, void *arg) {
+                                unsigned int inlen, void *arg _U_) {
  int rv;
  (void)ssl;
  (void)arg;
  rv = nghttp2_select_next_protocol((unsigned char **)out, outlen, in, inlen);
@@ -137,7 +130,7 @@ static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
  return SSL_TLSEXT_ERR_OK;
 }
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 /* Create SSL_CTX. */
 static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
@@ -174,13 +167,11 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
         NGHTTP2_PROTO_VERSION_ID_LEN);
  next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN;
 #ifndef OPENSSL_NO_NEXTPROTONEG
  SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
 #endif /* !OPENSSL_NO_NEXTPROTONEG */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
  SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
  return ssl_ctx;
 }
@@ -206,10 +197,8 @@ static void add_stream(http2_session_data *session_data,
  }
 }
-static void remove_stream(http2_session_data *session_data,
+static void remove_stream(http2_session_data *session_data _U_,
                          http2_stream_data *stream_data) {
  (void)session_data;
  stream_data->prev->next = stream_data->next;
  if (stream_data->next) {
    stream_data->next->prev = stream_data->prev;
@@ -254,7 +243,6 @@ static http2_session_data *create_http2_session_data(app_context *app_ctx,
  session_data->bev = bufferevent_openssl_socket_new(
      app_ctx->evbase, fd, ssl, BUFFEREVENT_SSL_ACCEPTING,
      BEV_OPT_CLOSE_ON_FREE | BEV_OPT_DEFER_CALLBACKS);
  bufferevent_enable(session_data->bev, EV_READ | EV_WRITE);
  rv = getnameinfo(addr, (socklen_t)addrlen, host, sizeof(host), NULL, 0,
                   NI_NUMERICHOST);
  if (rv != 0) {
@@ -321,13 +309,10 @@ static int session_recv(http2_session_data *session_data) {
  return 0;
 }
-static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
+static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
-                             size_t length, int flags, void *user_data) {
+                             size_t length, int flags _U_, void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  struct bufferevent *bev = session_data->bev;
  (void)session;
  (void)flags;
  /* Avoid excessive buffering in server side. */
  if (evbuffer_get_length(bufferevent_get_output(session_data->bev)) >=
      OUTPUT_WOULDBLOCK_THRESHOLD) {
@@ -390,17 +375,13 @@ static char *percent_decode(const uint8_t *value, size_t valuelen) {
  return res;
 }
-static ssize_t file_read_callback(nghttp2_session *session, int32_t stream_id,
+static ssize_t file_read_callback(nghttp2_session *session _U_,
-                                  uint8_t *buf, size_t length,
+                                  int32_t stream_id _U_, uint8_t *buf,
-                                  uint32_t *data_flags,
+                                  size_t length, uint32_t *data_flags,
                                  nghttp2_data_source *source,
-                                  void *user_data) {
+                                  void *user_data _U_) {
  int fd = source->fd;
  ssize_t r;
  (void)session;
  (void)stream_id;
  (void)user_data;
  while ((r = read(fd, buf, length)) == -1 && errno == EINTR)
    ;
  if (r == -1) {
@@ -473,12 +454,10 @@ static int error_reply(nghttp2_session *session,
 static int on_header_callback(nghttp2_session *session,
                              const nghttp2_frame *frame, const uint8_t *name,
                              size_t namelen, const uint8_t *value,
-                              size_t valuelen, uint8_t flags, void *user_data) {
+                              size_t valuelen, uint8_t flags _U_,
                              void *user_data _U_) {
  http2_stream_data *stream_data;
  const char PATH[] = ":path";
  (void)flags;
  (void)user_data;
  switch (frame->hd.type) {
  case NGHTTP2_HEADERS:
    if (frame->headers.cat != NGHTTP2_HCAT_REQUEST) {
@@ -591,10 +570,9 @@ static int on_frame_recv_callback(nghttp2_session *session,
 }
 static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
-                                    uint32_t error_code, void *user_data) {
+                                    uint32_t error_code _U_, void *user_data) {
  http2_session_data *session_data = (http2_session_data *)user_data;
  http2_stream_data *stream_data;
  (void)error_code;
  stream_data = nghttp2_session_get_stream_user_data(session, stream_id);
  if (!stream_data) {
@@ -647,10 +625,8 @@ static int send_server_connection_header(http2_session_data *session_data) {
 /* readcb for bufferevent after client connection header was
   checked. */
-static void readcb(struct bufferevent *bev, void *ptr) {
+static void readcb(struct bufferevent *bev _U_, void *ptr) {
  http2_session_data *session_data = (http2_session_data *)ptr;
  (void)bev;
  if (session_recv(session_data) != 0) {
    delete_http2_session_data(session_data);
    return;
@@ -682,26 +658,23 @@ static void writecb(struct bufferevent *bev, void *ptr) {
 }
 /* eventcb for bufferevent */
-static void eventcb(struct bufferevent *bev, short events, void *ptr) {
+static void eventcb(struct bufferevent *bev _U_, short events, void *ptr) {
  http2_session_data *session_data = (http2_session_data *)ptr;
  if (events & BEV_EVENT_CONNECTED) {
    const unsigned char *alpn = NULL;
    unsigned int alpnlen = 0;
    SSL *ssl;
    (void)bev;
    fprintf(stderr, "%s connected\n", session_data->client_addr);
    ssl = bufferevent_openssl_get_ssl(session_data->bev);
 #ifndef OPENSSL_NO_NEXTPROTONEG
    SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
 #endif /* !OPENSSL_NO_NEXTPROTONEG */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
    if (alpn == NULL) {
      SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
    }
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
    if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
      fprintf(stderr, "%s h2 is not negotiated\n", session_data->client_addr);
@@ -730,11 +703,10 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
 }
 /* callback for evconnlistener */
-static void acceptcb(struct evconnlistener *listener, int fd,
+static void acceptcb(struct evconnlistener *listener _U_, int fd,
                     struct sockaddr *addr, int addrlen, void *arg) {
  app_context *app_ctx = (app_context *)arg;
  http2_session_data *session_data;
  (void)listener;
  session_data = create_http2_session_data(app_ctx, fd, addr, addrlen);
--- a/fuzz/README.rst
+++ b/fuzz/README.rst
@@ -1,33 +0,0 @@
 Fuzzer
 ======
 This directory contains fuzzer target mainly written to integrate
 nghttp2 into `oss-fuzz <https://github.com/google/oss-fuzz>`_.
 fuzz_target.cc contains an entry point of fuzzer.  corpus directory
 contains initial data for fuzzer.
 The file name of initial data under corpus is the lower-cased hex
 string of SHA-256 hash of its own content.
 corpus/h2spec contains input data which was recorded when we ran
 `h2spec <https://github.com/summerwind/h2spec>`_ against nghttpd.
 corpus/nghttp contains input data which was recorded when we ran
 nghttp against nghttpd with some varying command line options of
 nghttp.
 To build fuzz_target.cc, make sure that libnghttp2 is built with
 following compiler/linker flags:
 .. code-block:: text
    CPPFLAGS="-fsanitize-coverage=edge -fsanitize=address"
    LDFLAGS="-fsanitize-coverage=edge -fsanitize=address"
 Then, fuzz_target.cc can be built using the following command:
 .. code-block:: text
    $ clang++ -fsanitize-coverage=edge -fsanitize=address -I../lib/includes -std=c++11 fuzz_target.cc ../lib/.libs/libnghttp2.a  /usr/lib/llvm-3.9/lib/libFuzzer.a -o nghttp2_fuzzer
--- a/fuzz/corpus/h2spec/025ca25c8427361ea5498e4c3ba49d20eac5b4332f7b75b8f74bfba5e43f59f8
+++ b/fuzz/corpus/h2spec/025ca25c8427361ea5498e4c3ba49d20eac5b4332f7b75b8f74bfba5e43f59f8
--- a/fuzz/corpus/h2spec/0276779c73bddcebc63b863c23a338b4c827bf6164640ff20a2d64d45a6b3f5a
+++ b/fuzz/corpus/h2spec/0276779c73bddcebc63b863c23a338b4c827bf6164640ff20a2d64d45a6b3f5a
--- a/fuzz/corpus/h2spec/0428d1e3b2364efcc93ffd8fcfff43b378a92c7da44268b9dda2bf32a1178c66
+++ b/fuzz/corpus/h2spec/0428d1e3b2364efcc93ffd8fcfff43b378a92c7da44268b9dda2bf32a1178c66
--- a/fuzz/corpus/h2spec/06bc5f79b7e68e005bd4382bd3a6c6b1b6005c5f7d5783e99baf2f8f7432d71a
+++ b/fuzz/corpus/h2spec/06bc5f79b7e68e005bd4382bd3a6c6b1b6005c5f7d5783e99baf2f8f7432d71a
--- a/fuzz/corpus/h2spec/09f76550ec065944a5d1d52f5d07b1dd87de1f651f80ef82c2815b0248b7dccd
+++ b/fuzz/corpus/h2spec/09f76550ec065944a5d1d52f5d07b1dd87de1f651f80ef82c2815b0248b7dccd
--- a/fuzz/corpus/h2spec/0b39d9df6e1721030667980a41547272ad42377149edcf130b2bf0b76804c61f
+++ b/fuzz/corpus/h2spec/0b39d9df6e1721030667980a41547272ad42377149edcf130b2bf0b76804c61f
@@ -1,2 +0,0 @@
 INVALID CONNECTION PREFACE
--- a/fuzz/corpus/h2spec/0bb4365b02c05540936f9606ca725770a731e73c2144c7b81953dcc4b4f73c32
+++ b/fuzz/corpus/h2spec/0bb4365b02c05540936f9606ca725770a731e73c2144c7b81953dcc4b4f73c32
--- a/fuzz/corpus/h2spec/0d577f6eb853e987b8fdab6ca4615a351ab74bfc75eb0d227acbef6a35bcae39
+++ b/fuzz/corpus/h2spec/0d577f6eb853e987b8fdab6ca4615a351ab74bfc75eb0d227acbef6a35bcae39
--- a/fuzz/corpus/h2spec/0df702020c019dd33d0643c5a2b9a9637d325c8f38b4cc6d3f808b5b2a4169a9
+++ b/fuzz/corpus/h2spec/0df702020c019dd33d0643c5a2b9a9637d325c8f38b4cc6d3f808b5b2a4169a9
--- a/fuzz/corpus/h2spec/0f8054152149c73e64c9f3e83f97e6585c8a51ec2413e7a2e8dfcc444082a5c5
+++ b/fuzz/corpus/h2spec/0f8054152149c73e64c9f3e83f97e6585c8a51ec2413e7a2e8dfcc444082a5c5
--- a/fuzz/corpus/h2spec/105f72bc9184bf47a857ed84e8c2f917946ec7ef3f4720535478b41e097a798a
+++ b/fuzz/corpus/h2spec/105f72bc9184bf47a857ed84e8c2f917946ec7ef3f4720535478b41e097a798a
--- a/fuzz/corpus/h2spec/1368ed7160cc4115e31a8a158af429421570e7363a3b75441edc5d740513b0dc
+++ b/fuzz/corpus/h2spec/1368ed7160cc4115e31a8a158af429421570e7363a3b75441edc5d740513b0dc
--- a/fuzz/corpus/h2spec/1402c49b963994284b0d429edfac603133e0144dba08836f90b1ae164b328800
+++ b/fuzz/corpus/h2spec/1402c49b963994284b0d429edfac603133e0144dba08836f90b1ae164b328800
--- a/fuzz/corpus/h2spec/1468c2cddae629788f6957847b76c09921e984796f6dc482859b119cf4879300
+++ b/fuzz/corpus/h2spec/1468c2cddae629788f6957847b76c09921e984796f6dc482859b119cf4879300
--- a/fuzz/corpus/h2spec/14f66ce296f03e52f039f4fad189d3d70aebe70ecb14ffb1ffe2cd5fc5d1e5f0
+++ b/fuzz/corpus/h2spec/14f66ce296f03e52f039f4fad189d3d70aebe70ecb14ffb1ffe2cd5fc5d1e5f0
--- a/fuzz/corpus/h2spec/17caaf734401d2d25d09a65432789b45aff588c606536e93824b89739a6d07ab
+++ b/fuzz/corpus/h2spec/17caaf734401d2d25d09a65432789b45aff588c606536e93824b89739a6d07ab
--- a/fuzz/corpus/h2spec/195b4a74a62fabc877052454d935ebc543f4d1305e318ccd2ff407517636bed8
+++ b/fuzz/corpus/h2spec/195b4a74a62fabc877052454d935ebc543f4d1305e318ccd2ff407517636bed8
--- a/fuzz/corpus/h2spec/1960fc215485486f3e8ab97f853954e6f11c1f4754ccd83b1603b808878cfa76
+++ b/fuzz/corpus/h2spec/1960fc215485486f3e8ab97f853954e6f11c1f4754ccd83b1603b808878cfa76
--- a/fuzz/corpus/h2spec/1a56272611761f0687dfb0ea37c900f13f429b750c87e6175b234b881bda6248
+++ b/fuzz/corpus/h2spec/1a56272611761f0687dfb0ea37c900f13f429b750c87e6175b234b881bda6248
--- a/fuzz/corpus/h2spec/1d31cd88fae35f2329e201983d11256d2432fcdeb55bfba9634aa88e3794adc6
+++ b/fuzz/corpus/h2spec/1d31cd88fae35f2329e201983d11256d2432fcdeb55bfba9634aa88e3794adc6
--- a/fuzz/corpus/h2spec/1e27187b10c02fe7e151818ddd0722f69830ac04975ddb5a9d83cdc406cbb678
+++ b/fuzz/corpus/h2spec/1e27187b10c02fe7e151818ddd0722f69830ac04975ddb5a9d83cdc406cbb678
--- a/fuzz/corpus/h2spec/1ecace234d8542fbaab35c7c55330e80d8121a0cff19633a56eba8f2182a59df
+++ b/fuzz/corpus/h2spec/1ecace234d8542fbaab35c7c55330e80d8121a0cff19633a56eba8f2182a59df
--- a/fuzz/corpus/h2spec/1f4f3a16f5ad0425e0b38601339096b80a382afa1083a19c4deab11be847502f
+++ b/fuzz/corpus/h2spec/1f4f3a16f5ad0425e0b38601339096b80a382afa1083a19c4deab11be847502f
--- a/fuzz/corpus/h2spec/203a798d4b658be744fe34042038692eaede4d2c1f9e05a27f2410a6e0230132
+++ b/fuzz/corpus/h2spec/203a798d4b658be744fe34042038692eaede4d2c1f9e05a27f2410a6e0230132
--- a/fuzz/corpus/h2spec/21904e842e90becb56ff9748ae962bb543dd5ca188dabc30897726f87403fbce
+++ b/fuzz/corpus/h2spec/21904e842e90becb56ff9748ae962bb543dd5ca188dabc30897726f87403fbce
--- a/fuzz/corpus/h2spec/23df7e0419240a9709b55af68a89c9750332ae5063e36401eae150ce63188fe0
+++ b/fuzz/corpus/h2spec/23df7e0419240a9709b55af68a89c9750332ae5063e36401eae150ce63188fe0
--- a/fuzz/corpus/h2spec/245ba702520fa32cf41d994f5d37e4111fe6203bac35b220d50362d5e986aa91
+++ b/fuzz/corpus/h2spec/245ba702520fa32cf41d994f5d37e4111fe6203bac35b220d50362d5e986aa91
--- a/fuzz/corpus/h2spec/274faf343feb9cb44079316401fee50c647552c99c0550ebfd7a3b736e8db9e5
+++ b/fuzz/corpus/h2spec/274faf343feb9cb44079316401fee50c647552c99c0550ebfd7a3b736e8db9e5
--- a/fuzz/corpus/h2spec/2b042a1dfa3aeed6af58c58a4336f1386633bac75dea2c4b64c02541e7320933
+++ b/fuzz/corpus/h2spec/2b042a1dfa3aeed6af58c58a4336f1386633bac75dea2c4b64c02541e7320933
--- a/fuzz/corpus/h2spec/2d8ec606661a9f12960893aab9a74dd392cbdae104307e8512e5e4113739e93a
+++ b/fuzz/corpus/h2spec/2d8ec606661a9f12960893aab9a74dd392cbdae104307e8512e5e4113739e93a
--- a/fuzz/corpus/h2spec/2e0c8a3ce53e8e3711f781b480efaf9e2526f4ae87c5f5a585d68d6f7f7da13c
+++ b/fuzz/corpus/h2spec/2e0c8a3ce53e8e3711f781b480efaf9e2526f4ae87c5f5a585d68d6f7f7da13c
--- a/fuzz/corpus/h2spec/315e6acba7d715333d0865a8dfc0cd0e7aef8a1f5f420eae3d39067ad78df17d
+++ b/fuzz/corpus/h2spec/315e6acba7d715333d0865a8dfc0cd0e7aef8a1f5f420eae3d39067ad78df17d
--- a/fuzz/corpus/h2spec/3376a2cdde0b98759f14490881328f80b5d3c942de3b1304a0382923ce896f8f
+++ b/fuzz/corpus/h2spec/3376a2cdde0b98759f14490881328f80b5d3c942de3b1304a0382923ce896f8f
--- a/fuzz/corpus/h2spec/35c2719913a19f197fb6484a34c3574da63554ff06f52377b73a9cfc24eb02ca
+++ b/fuzz/corpus/h2spec/35c2719913a19f197fb6484a34c3574da63554ff06f52377b73a9cfc24eb02ca
--- a/fuzz/corpus/h2spec/35ddf0611cd98d025f6a625e7e4a102ba74721a04dfa1811e0968e9a4966d92c
+++ b/fuzz/corpus/h2spec/35ddf0611cd98d025f6a625e7e4a102ba74721a04dfa1811e0968e9a4966d92c
--- a/fuzz/corpus/h2spec/37e9eab291d6bca69510354e1d029cbbbb6113071b2bb13fc9646b5a0447d2cf
+++ b/fuzz/corpus/h2spec/37e9eab291d6bca69510354e1d029cbbbb6113071b2bb13fc9646b5a0447d2cf
--- a/fuzz/corpus/h2spec/381c81f5e4d1b02de39c4f99f21e9793f6ffc82ae0ef6917a8611e8879e05941
+++ b/fuzz/corpus/h2spec/381c81f5e4d1b02de39c4f99f21e9793f6ffc82ae0ef6917a8611e8879e05941
--- a/fuzz/corpus/h2spec/38ac32c81952cc832ade7aea13b0740f76898ccbb1da25f2281da76e50c1d04a
+++ b/fuzz/corpus/h2spec/38ac32c81952cc832ade7aea13b0740f76898ccbb1da25f2281da76e50c1d04a
--- a/fuzz/corpus/h2spec/3e297dd8fcdb50a751c397a505d84e76374b064aa5c71aab33bd9650c9a9d801
+++ b/fuzz/corpus/h2spec/3e297dd8fcdb50a751c397a505d84e76374b064aa5c71aab33bd9650c9a9d801
--- a/fuzz/corpus/h2spec/3e5a57c30a97d3f06a3181f4baf3996053b8572da5f2deee3a636c3bc8dfcc60
+++ b/fuzz/corpus/h2spec/3e5a57c30a97d3f06a3181f4baf3996053b8572da5f2deee3a636c3bc8dfcc60
--- a/fuzz/corpus/h2spec/420b9790375f59a6e8c326391023a0981789c2351817996e0c253bfed708ad82
+++ b/fuzz/corpus/h2spec/420b9790375f59a6e8c326391023a0981789c2351817996e0c253bfed708ad82
--- a/fuzz/corpus/h2spec/43df3c3af62ddd1393269ffcf964f1897063e81da79c971e8af8c1fefa3e3cab
+++ b/fuzz/corpus/h2spec/43df3c3af62ddd1393269ffcf964f1897063e81da79c971e8af8c1fefa3e3cab
--- a/fuzz/corpus/h2spec/443f39c99e1c9ca1908b54153c480754054a57777f22a00d377d745d78e9d193
+++ b/fuzz/corpus/h2spec/443f39c99e1c9ca1908b54153c480754054a57777f22a00d377d745d78e9d193
--- a/fuzz/corpus/h2spec/44f3fc1504a14e693fde420da94f77bf4a44e4e741420291491343f7ae4ecc16
+++ b/fuzz/corpus/h2spec/44f3fc1504a14e693fde420da94f77bf4a44e4e741420291491343f7ae4ecc16
--- a/fuzz/corpus/h2spec/4528e6beb34f695f4df8ddbb7ac85f76a91229d9ba675fc9e09fe12f4a497937
+++ b/fuzz/corpus/h2spec/4528e6beb34f695f4df8ddbb7ac85f76a91229d9ba675fc9e09fe12f4a497937
--- a/fuzz/corpus/h2spec/4534032d57020d2910641561a9f9da021f0fe52ebdbb148ee776ced87bac9b13
+++ b/fuzz/corpus/h2spec/4534032d57020d2910641561a9f9da021f0fe52ebdbb148ee776ced87bac9b13
--- a/fuzz/corpus/h2spec/47c5e9b339f9e7f1dccad5c9f51f211183795660ec81a6bdb5614031d39ebe3a
+++ b/fuzz/corpus/h2spec/47c5e9b339f9e7f1dccad5c9f51f211183795660ec81a6bdb5614031d39ebe3a
--- a/fuzz/corpus/h2spec/48ca2b3f63206aa8f774c3cb33958a806a1debf3d9ccf7b09c2d31256498cda6
+++ b/fuzz/corpus/h2spec/48ca2b3f63206aa8f774c3cb33958a806a1debf3d9ccf7b09c2d31256498cda6
--- a/fuzz/corpus/h2spec/4ddbb54259df7ee7ecbdf9f8b4a0e8f7756b9846f2e2add8dd0df825296d993e
+++ b/fuzz/corpus/h2spec/4ddbb54259df7ee7ecbdf9f8b4a0e8f7756b9846f2e2add8dd0df825296d993e
--- a/fuzz/corpus/h2spec/4e612f3c1dfa468d94bbc3bde202c732b06a9b5f6bc5471c879fa56ec2daa4aa
+++ b/fuzz/corpus/h2spec/4e612f3c1dfa468d94bbc3bde202c732b06a9b5f6bc5471c879fa56ec2daa4aa
--- a/fuzz/corpus/h2spec/55860c89ef796d41b06b3c0fe60a3e6f90709c6a0e7063a8b4057dafa57c878a
+++ b/fuzz/corpus/h2spec/55860c89ef796d41b06b3c0fe60a3e6f90709c6a0e7063a8b4057dafa57c878a
--- a/fuzz/corpus/h2spec/5748e7a24e8d9ecb43de7d1e14519f10d8c669a5a2602fc948bc9a80e6114b63
+++ b/fuzz/corpus/h2spec/5748e7a24e8d9ecb43de7d1e14519f10d8c669a5a2602fc948bc9a80e6114b63
--- a/fuzz/corpus/h2spec/5a13c8e09802e07fd3ceee625307fe48ef29bc66641c4f80ed4593bf8b773f88
+++ b/fuzz/corpus/h2spec/5a13c8e09802e07fd3ceee625307fe48ef29bc66641c4f80ed4593bf8b773f88
--- a/fuzz/corpus/h2spec/5aa30337198b482522a55c90554c93278034ebacc24792509a32aeba466df4e8
+++ b/fuzz/corpus/h2spec/5aa30337198b482522a55c90554c93278034ebacc24792509a32aeba466df4e8
--- a/fuzz/corpus/h2spec/5f3ff3c345ade163ba1ba889d60c1995b7fab68ded6ab052814008d990862c23
+++ b/fuzz/corpus/h2spec/5f3ff3c345ade163ba1ba889d60c1995b7fab68ded6ab052814008d990862c23
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tatsuhiro Tsujikawa	d1f4dafd73	Merge pull request #803 from clemahieu/asio_threading Holding more shared_ptrs instead of raw ptrs	2017-02-09 20:55:23 +09:00
clemahieu	13fc54c6a9	Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted.	2017-02-08 23:01:37 -06:00
Tatsuhiro Tsujikawa	36a2023310	examples: Fix compile errors for asio server examples	2017-02-05 18:08:31 +09:00
Tatsuhiro Tsujikawa	51e474c097	src: Remove deleted source files	2017-02-05 18:08:01 +09:00
Tatsuhiro Tsujikawa	0df13452aa	Merge branch 'asio_threading' of https://github.com/clemahieu/nghttp2 into clemahieu-asio_threading	2017-02-05 17:45:01 +09:00
clemahieu	2d9be885ec	Using io_service passed in to server rather than managing our own.	2017-02-03 15:56:23 -06:00