Thank you for reporting the issue.

What is the client that has issues with handling the response? Could you pinpoint us to where such behavior is prohibited?

I think that for a very long time we have been terminating 304 which is a popular status code using an empty DATA frame with END_STREAM flag, but have not have received complaints.

The deref is just picking the change done by @sharksforarms so it matches the other similar calls.

The leak was discussed with @sharksforarms as well. The idea is to free the buffer if it does not get assigned to *conn_ctx.responses.next. It seems to me that it's freed correctly once assigned.

@kazuho as requested.

fix deref in offload_resume when calling ASYNC_start_job

free buf when it is not assigned in daemon_conn_thread

Merge pull request #53 from robguima/robguima/leak_n_ref

fix small leak and deref in offload_resume

Thank you for the PR. Looks good.

Thank you for the PR, sorry for the delay.

Could you elaborate why we need this? We already use a file descriptor (close_notify_fd) to detect parent exit which is a portable approach.

stop polluting the source tree while building mruby

install the mruby executables being built inside the build directory, so as to not pollute srcdir

disable use of lockfiles in mruby

[CI] overlayfs is no longer needed

By default, mruby creates a lock file next to the configuration file (mruby_config.rb). This is a headache if your source tree is read-only.

This PR disables the generation of the lock file to avoid the issue.

extract https://github.com/h2o/neverbleed @ 8278008 () at deps/neverbleed

add config knob

extract https://github.com/h2o/neverbleed @ b5f9164 () at deps/neverbleed

extract https://github.com/h2o/neverbleed @ 3e98ef2 () at deps/neverbleed

update config knob to support "auto" mode

extract https://github.com/h2o/neverbleed @ 3d71a75 () at deps/neverbleed

Merge branch 'master' into kazuho/qat

extract https://github.com/h2o/neverbleed @ 1178987 () at deps/neverbleed

extract https://github.com/h2o/neverbleed @ d83fffe () at deps/neverbleed

Merge branch 'master' into kazuho/qat

extract https://github.com/h2o/neverbleed @ 2c81cad () at deps/neverbleed

Merge pull request #3213 from h2o/kazuho/qat

add support for QuickAssist accelerator

Integration PR of https://github.com/h2o/neverbleed/pull/48, see there for details.

recognize "-DEV"

generate gitrev.h in build directory

oops

In #394, we started generating version.h from CMakeLists.txt. version.h has been generated inside the source tree, overwriting the existing one, because, as explained in #388, we wanted to support users that directly compile the source tree.

However, we have seen multiple complaints from people using CMake, who have issues overwriting the file in the source tree.

This PR addresses the issue. We no longer generate version.h. Instead, inside CMakeLists.txt, we read the version number from version.h. In #388, we deemed that such an approach might be too complex, but maybe it is not.

Do not happend W/ to an already weak etag

The current code unconditionally adds W/ to existing etags, this PR only adds the weak attribute if the existing etag doesn't have it already.

This is a cosmetic fix, since W/W/W/ is a valid etag header value.

Fix a crash in the CONNECT handler after timeout with a write to client still pending.

If a write to the client is in progress when proxy.timeout.io expires, and there is data in the send buffer from the client to the origin, then close_readwrite will run the first time, close the origin socket, set self->sock to NULL, and it will schedule itself to run again.

When close_readwrite runs the second time, self->sock is already NULL, close_socket will not be called and send_inflight will not be determined correctly. As a result of that, close_readwrite will call h2o_send even though a write to the client is still pending.

The test t/50connect-inflight.t replicates the problem.

The fix in this commit is to determine send_inflight from the detached write buffer when self->sock is NULL.

[xcode] add files

use vars rather than symbols

write (2) does not return zero, therefore if the result is not 1 we will have errno set

tidy

no need to clear the var when exitting a block that declared the var

the var will be released when we exit the block right after

be consistent in dying upon setup failure

fold line before or + quasi-statement

the only test inside subtest does not need a name

non-tests can use diag to emit info

an object will always evaluate as true if defined

keep the rhythm

syswrite of a non-zero buffer never returns zero

Merge pull request #3212 from jhatala/tcp-connect-send-inflight

Fix a crash in the CONNECT handler after timeout with a write to client still pending.

[xcode] add files

modernize (use vars instead of symbols, three-arg open)

or die

no need to check port that you know that has been opened

offload to QAT using specified number of threads

it works with openssl

on/off as boolean

nanosleep on the async side as well

keep the event loop running until all the async jobs are complete

run ecdsa digestsign synchronously

rename for clarity

it works with boringssl too (but digestsign only yet)

enable QAT support only on linux & OpenSSL >= 1.1.0 (we use event-driven mode that is only supported on linux)

revert unnecessary change

make sure it compiles on boringssl wo QAT

no need to set key methods as we invoke QAT-backed ones explicitly

add comment

[boringssl][qat] offload RSA decrypt

[boringssl][qat] we do not need this also

"auto" mode

Revert "[boringssl][qat] we do not need this also"

This reverts commit fa4ee12910006b38dfd3db6fba20d60c77ccc6e9.

explain why QAT initialization failed

Merge branch 'master' into kazuho/qat

[boringssl][qat] generate PKCS1 padding

This PR adds the capability to offload RSA operations to the Intel QuickAssist accelerator.

ToDo:

• [x] offload RSA decryption on boringssl too (required by legacy TLS/1.2 cipher suites)
• [x] check qat_sw compatibility (confirmed compatibility when OpenSSL is used; cannot build crypto_mb which is a dependency of QAT_engine together with boringssl)
• [x] implemented "auto" mode

simplify: memory context ctx is only used once

if ctx was used more than once, it may worth allocating one to save on allocations.

if null, openssl will allocate/free one internally

Merge pull request #47 from sharksforarms/sharksforarms/simplify-bn-ctx

simplify: memory context bn_ctx is only used once

libressl 3.5 and above have opaque RSA struct

Merge pull request #51 from h2o/kazuho/libressl-3.5

libressl 3.5 and above have opaque RSA struct

Merge branch 'master' into kazuho/qat

clang-format

Do not happend W/ to an already weak etag

The current code unconditionally adds W/ to existing etags, this PR only adds the weak attribute if the existing etag doesn't have it already.

This is a cosmetic fix, since W/W/W/ is a valid etag header value.

[xcode] add files

modernize (use vars instead of symbols, three-arg open)

or die

no need to check port that you know that has been opened

my

join the lines

rename for consistency

use like

indent

fetch args at once

Merge branch 'master' into wetags

Merge pull request #3207 from deweerdt/wetags

Do not append W/ to an already weak etag

The current code unconditionally adds W/ to existing etags, this PR only adds the weak attribute if the existing etag doesn't have it already.

~This is a cosmetic fix, since W/W/W/ is a valid etag header value.~ Edit: this isn't cosmetic since we'll make previously quoted tags malformed: W/"tag" becomes W/W/"tag"