ChangeLog from yhbt.net/kgio-monkey.git

commit 01f13e69c5ef12fb03a2753a9f55bb8897af1a45
Author: Eric Wong <normalperson@yhbt.net>
Date:   Sun Apr 29 05:49:00 2012 +0000

    kgio-monkey 0.4.0 - minor updates and improvements

    Do not consider this release (or previous releases) of
    kgio-monkey remotely production-ready.  It has not been
    reviewed by anybody with any security/crypto background.

    * shutdown() is now called before close() after the
      SSL shutdown sequence.  This prevents forked processes
      from holding onto a TCP connection.

    * various test fixes for OpenSSL 1.0.0

    * documentation updates and fixes (thanks to Iñaki Baz Castillo)

    * Errno::ETIMEDOUT exceptions are now raised without a backtrace

    * kgio_trysendfile() now uses pread() instead of mmap() when
      emulating sendfile(), this avoids the possibility of SIGBUS
      if an mmap()-ed file is truncated.

commit 6f0234beb49182cbde3b4b54079fd71c7ab3e675
Author: Eric Wong <normalperson@yhbt.net>
Date:   Sat Apr 28 01:23:34 2012 +0000

    test_tdb_session_cache: fix Ruby 1.8.7 syntax errors

    Yes, we still support Ruby 1.8.7 for now...

commit a2bbb88359f94cb810c870ef2309bc26d980bec0
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Apr 27 18:21:05 2012 -0700

    replace mmap with pread in mock sendfile implementation

    mmap() opens us up to SIGBUS errors if a file we're attempting
    to read gets truncated by another process after mmap().

commit 43347e61f3096206fc1ad813f69d0cae60f7a249
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Apr 26 17:34:38 2012 -0700

    test/external_session_cache: force SSLv3 for tests

    TLS 1.2 seems to enforce caching, or I'm doing something
    wrong...

commit a406d0e1d4dcc4740ecf944cd09a95a6b06a9a30
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Apr 27 00:14:02 2012 +0000

    call shutdown() on close for descriptors shared across fork()

    This prevents forked processes from holding onto a socket for
    too long if another process already completed the SSL_shutdown()
    sequence.

commit 62b1d31b3ebe2175659109a90f06806c51d31f1c
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Apr 12 17:25:49 2012 -0700

    test/test_client_auth: allow TLSv1.2 as a protocol

    This was added in OpenSSL 1.0.1

commit 4959cc9d5f29dd4e1c0618855a50d414a7836d07
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Apr 12 17:25:19 2012 -0700

    script/sslgen: use larger keys for tests

    This seems required for TLSv1.2 under OpenSSL 1.0.1

commit 6c17cafdfeb3c154d46847db8efa34f0a2f486cf
Author: Iñaki Baz Castillo <ibc@aliax.net>
Date:   Tue Apr 10 23:45:25 2012 +0200

    Fixed some typos in Kgio::SSLConnector documentation

    Signed-off-by: Eric Wong <normalperson@yhbt.net>

commit 02a3f6556cdce372b91f7a42bbf610b19ed591ec
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Dec 9 13:39:22 2011 -0800

    flipper: enable SO_KEEPALIVE on all TCP sockets

    Otherwise we may never be notified of catastrophic
    failures on the remote end.

commit a465915ae91284fce31cb819c4e81a2ab8d9b8dd
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Oct 3 20:05:36 2011 +0000

    raise empty backtrace for Errno::ETIMEDOUT

    Timed-out connections are of the control of the application
    experiencing it, so there's no reason for it to generate a
    backtrace for these errors.

commit f8e809c2310f97caae1558daddef7bfcc399ac53
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 25 14:22:48 2011 -0700

    doc: fixup OP_NO_COMPRESSION documentation

    Oops, forgot to update before the last release

commit 02dbe9ec44fa780c3cf656cdbf18d533f182afa7
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 25 14:10:27 2011 -0700

    kgio-monkey 0.3.0 - small improvements

    Add external session cache support for:
    * tdb - http://yhbt.net/ruby-tdb/
    * dalli - http://rubygems.org/gems/dalli
    * memcached - http://rubygems.org/gems/memcached

    For newer versions of OpenSSL, this adds a
    Kgio::SSL::OP_NO_COMPRESSION flag to disable compression support
    on a per-context basis.  This is interchangeable with the
    OpenSSL::SSL::OP_NO_COMPRESSION flag (to be) introduced in Ruby
    1.9.3

commit 2036b8520e90ce61d136992065a74a976dcc0e84
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Aug 24 18:23:24 2011 -0700

    doc: :nodoc: some Flipper internals

    stable APIs considered hard.

commit 6efcb1f248013db79e6a25b152231de27206a19d
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Aug 24 18:20:35 2011 -0700

    .wrongdoc.yml: update with email addresses

    We want feedback!

commit 1cb0ddbad900e1e26eb9790dad0c74905a6388ff
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 18 01:24:12 2011 -0700

    tdb_session_cache: better defaults, default to murmur2

    We use murmur2 internally anyways.  Ruby tdb doesn't (yet)
    support murmur3

commit 6dd7affdc4578898d768189a5db6100306d48137
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 18 01:23:38 2011 -0700

    {dalli,memcached}_session_cache: add some rdoc

commit b75822913a0fed4d7ad0eec6c5b0c7a5b52c7c56
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 18 07:35:24 2011 +0000

    flipper: refactor external cache configuration a bit

    It's ugly :<

commit d9961d320997b9205aa40a4bf6656ca346f75286
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Aug 16 06:19:54 2011 +0000

    test: disable external cache tests for old OpenSSL

    They're broken on Debian squeeze with openssl 0.9.8o-4squeeze1.

commit fe0a9b20398d79f4a3334fb74e9439ec1c486795
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Aug 15 19:31:16 2011 -0700

    flipper: hard-code default SSL context ID

    This is needed for memcached users on different machines;
    otherwise the per-PID SSL context ID disables the point
    of using memcached.

commit 15aa9cee34298303e1465c6540fc3e5521339926
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Aug 15 19:22:14 2011 +0000

    add support for external session caches

    We now support "tdb" (trivial database) for a shared local
    cache as well as two memcached clients: "memcached" and "dalli"

    Configuration of the builtin OpenSSL session cache is based
    on the nginx syntax and these caches are chainable.

    External caches are only supported with Ruby 1.9.3+ since the
    OpenSSL extension did not properly support external caches
    in previous versions.

commit 1dd2f5b1e36074bb709f4bd6ff5926a98bf93e78
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Aug 12 18:38:01 2011 -0700

    discourage Kgio::SSL.compression= if OP_NO_COMPRESSION exists

    Tread lightly!

commit fea3c7cdd54b876fc232d1319b11d571b9f8b02e
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Aug 12 08:08:40 2011 +0000

    Flipper.ssl_context sets a session_id_context

    This appears to be required when used with curl...

commit 622752e94b977eac4ec648167c41f56a0759f641
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 11 23:59:23 2011 +0000

    README: rdoc formatting fix

    Oops

commit 680b96d2dd7c5002fd5488bbba89e22b4361ba2f
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Aug 10 16:30:23 2011 -0700

    flipper: create use SSL_OP_ALL by default

    It's safe with recent OpenSSL versions, and people running
    broken OpenSSL deserve to be attacked :P

commit 6184d1a0c32b05db31a698e2bbbf00d3b502d120
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Aug 10 16:22:25 2011 -0700

    add Kgio::SSL::OP_NO_COMPRESSION flag

    Recent versions of OpenSSL support disabling compression
    on a per-context basis.

    Support for this flag is proposed for future versions
    of Ruby: http://redmine.ruby-lang.org/issues/5183

commit 4bc49f853830356314aa6363b3f32e54c610d585
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Aug 10 16:06:29 2011 -0700

    test_session_cache: workaround differences in older openssl(1)

    Ugh...

commit 8de157e8da337509f454edb39c2a1f0d97227fba
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Aug 10 16:02:33 2011 -0700

    use proper argument to -CAfile for openssl(1)

    Older versions may have been more strict with this

commit bc31966ee6ac2e43a76827cf8736aa9352e0a2a2
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Aug 10 15:39:17 2011 -0700

    disable ECDH support for older OpenSSL

    EC_KEY may not be a defined type on some older versions.

commit 6659f7ee6c335d43d6b2a12c0c871d73cb1b23f1
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Aug 9 14:10:05 2011 -0700

    add support for Kgio::SSL.compression = nil

    This probably makes more sense than "false" if/when we
    eventually support extra compression methods, but we'll
    support both since "false" was in 0.2.0...

commit 6b9a618b49042b73193aca6a545b1d4207cc838a
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Aug 9 12:36:36 2011 -0700

    kgio-monkey 0.2.0 - minor updates

    There are small Flipper updates and also the ability to
    (globally) disable OpenSSL compression with:

       Kgio::SSL.compression = false

    Flipper still lacks documentation and tests, but
    is reasonably usable.

commit 76474566b2b2d896e502f43fd4297da6cdebafdf
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Aug 9 12:46:51 2011 -0700

    remove Flipper::SNI.default

    It is /not/ Flipper's place to manage global state for
    applications.

commit 6a0d15359dc6e47a9c698b478e423c53b0d99d56
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Aug 9 12:17:14 2011 -0700

    add support for Kgio::SSL.compression = false

    This disables compression globally across the process.  This
    also allows us to add support for custom compression methods
    in the future.

commit 5ee485b4ac03eac27928bbfb54d617319d7f63f4
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 4 19:34:42 2011 -0700

    remove old reference to flipper/ssl_server

    Kgio::SSLServer is all we needed

commit b6b434964e2407c8cf60562b211d6a7f05f99f38
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Aug 5 01:56:24 2011 +0000

    test/: fix some test failures under 1.8.7

    We won't support 1.8.7, much...

commit 6a4f565c8a4728a9147485b6e2e04ac916d1b654
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Aug 5 01:51:08 2011 +0000

    configurator: replace "map" directive with ssl_server/ssl_client

    This should be more obvious to the user...

commit 46fcf3849d265b36fd952bc9e93d1719a81e8ebd
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Aug 5 01:51:07 2011 +0000

    examples/flipper.conf.rb: "client" must be specified for client mode

commit 02cf16d1a2179f3636ca2331934c0bd66e02b2c8
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Aug 5 01:51:06 2011 +0000

    bin/flipper: daemonize + drop perms when/if possible

    Absolutely no reason to keep permissions.

commit b8b6d22c19b8c86ca3c0ac449312e9d2b97a2b28
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 4 15:44:38 2011 -0700

    kgio-monkey 0.1.0 - initial release

    Uh-oh...

commit 44c48b55f468b88e87b80140a421cd9d6eed59b1
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 4 15:34:33 2011 -0700

    Kgio::SSL: add RDoc for new methods

commit 636ddc1cb949be4640ea4787c2d1ad02150fd3ff
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 4 15:06:38 2011 -0700

    split out kgio/ssl.rb into its own file

commit 14b6168c3d84cb96a9faf8ea42963baeae3e5bb0
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 4 14:40:52 2011 -0700

    remove unused variable

    I opened http://redmine.ruby-lang.org/issues/5157
    just for this!

commit 5186c6ea1207803dcf2c8a68da67ae1da349a4ed
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 4 14:23:05 2011 -0700

    enable caching of peer_cert and constant strings

    This reduces the amount of generated garbage

commit 4c48431e1eb3ceeec49a0527420ba5750201171a
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Aug 4 12:53:20 2011 -0700

    Kgio::SSL: flesh out nginx-compatibility variables/accessors

commit 14250563a053c30c4fb31b0fd614a466c2767211
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Aug 3 19:20:29 2011 -0700

    add Kgio::SSL#ssl_cipher and Kgio::SSL#ssl_client_serial support

    For compatibility with nginx, more to come!

commit f4c37d89921b59741814b7c9966c5c503095fc01
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Aug 1 17:33:19 2011 -0700

    support and tests for SSL client authentication

    This means we can have zero sign-on!

    This also makes the existence of a client certificate
    insufficient for detecting whether a Flipper proxy context
    is a client or not, so we'll add "client" boolean directive.

commit a88e00d258f79ec335d7d83e6558468ee15530dc
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Jul 29 14:24:01 2011 -0700

    add support for ECDHE

    Flipper.ssl_context and Kgio::Monkey parameter is: :ssl_ecdh_curve
    and the default is "prime256v1" which matches the nginx default.

commit 9cd69a03458a01645e58746fa6be2fcb88bde759
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Jul 28 20:34:29 2011 -0700

    Flipper.ssl_context supports ssl_dhparam like nginx

    We can read a file just like nginx allows.

commit f38f5dac8e35b393c2f82d2d04108f60e227dadd
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Jul 28 15:47:04 2011 -0700

    bin/flipper: fixup bad commit, oops :x

commit 6f9c33a7842a34e11e4de5356c09361155f56321
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Jul 28 12:32:49 2011 -0700

    rework flipper to use Kgio::SSLConnector

    Also cleans up some code in various places...

commit ac4b3b85753f33f32c4934bc2ad484eb087c9d50
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Jul 28 10:26:35 2011 -0700

    flipper/socket: small cleanup/unindent

commit b908618ab590c81180756cd04f030b35b677914d
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Jul 27 22:57:26 2011 -0700

    add Kgio::SSLConnector class

    This is a replacement for Kgio::SSL for client-side
    (SSL_connect) usage that enforces hostname checking
    on post-connect.

commit 2b2aa70714c7fda403f4a0f16a2b4b7fb860d44c
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 26 18:54:47 2011 -0700

    add Kgio::SSL#peer_cert method and @hostname ivar

    This can allow hostname verification in subclasses, if needed.

commit 82e1a1f2027410b49922805fdb838cd408969ea4
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 26 18:44:07 2011 -0700

    flipper: ssl_context handles :ssl_crl like nginx

    At least we hope it does...

commit 10ded527e899219b67647032ce0171b508634f71
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 26 20:35:19 2011 +0000

    test_servername_cb: close SSL connection on error

    SSL_connect() on the client may wait indefinitely and
    not detect the error, otherwise.

commit 94629f1d4214d65d4137b5bf4781ae1e9ba91f63
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 26 13:23:33 2011 -0700

    doc: trim down documentation

    Flipper is mostly undocumented at the moment..

commit acf4883e5d77c231efbb097c1bea12f121642040
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 26 13:23:16 2011 -0700

    doc: rdoc for Kgio::SSL#session

commit 84c9b5aa72d485b8e2dd8da2cfe79f985a007714
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 26 13:21:53 2011 -0700

    kgio_write returns nil on success

    kgio_write (in kgio itself) always succeeds if it can and
    it'll raise an exception on partial writes.  We match the
    regular kgio behavior: monkey see, monkey do :>

commit 4639e444ac19f40b7ca2b6ba511435777ee5b31f
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 26 10:42:57 2011 -0700

    ssl_method => ssl_version

    This matches both the OpenSSL C API and the "openssl" Ruby extension
    API, no need to introduce incompatibilties.

commit 7b286678888eac5ef019ab93b82666a8a93d0727
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 23:15:35 2011 -0700

    kgio/ssl_server: force non-blocking and close-on-exec

    Future versions of Ruby will default to close-on-exec,
    and kgio (and the "openssl") are both reliant on non-blocking
    I/O anyways (OpenSSL itself needs special callbacks for locking
    which neither Ruby nor kgio-monkey set up).

commit d68ff365b1ef3c4dd721ae2792c85c4c9856ead4
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 23:10:09 2011 -0700

    fix warnings generated from the "check-warnings" target

    Error-free coding is hard :<

commit 93913618ca05f47a079c175ab3206496f95071e5
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 22:58:50 2011 -0700

    fix bad return value

    Ruby doesn't add -Wall to gcc flags by default :<

commit 813bfc621db4df96ac628d2f12baaebd9fb8a0ff
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 22:52:42 2011 -0700

    add server-side support for SNI

    Virtual hosting lives on, yay!

commit a6067d7557f160924e40c8453a81d27b139015f2
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 18:04:47 2011 -0700

    gemspec: add flipper executable

commit 04b008e914e99f56861c56069972763bff890e60
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 17:54:31 2011 -0700

    flipper: add configuration interface and CLI

commit 656415832b188ba1eb0a2c40f32de74eadc40655
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 17:53:39 2011 -0700

    flipper: wire up tlsext_hostname setting

    This means our clients are now SNI-aware

commit c258119a12969c30f78ccf256f6706ce9a8ab672
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 17:43:53 2011 -0700

    enable specifying client hostname for SNI

    This allows using servers that do virtual hosting off one port.

commit 35f134d6e1f08d917f738d2f2d51d3d288b9cab4
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 25 17:43:21 2011 -0700

    poller: properly close on errors

commit a10c2ccf3e06f5ad78f50dbe7c441851b8491cee
Author: Eric Wong <normalperson@yhbt.net>
Date:   Sun Jul 24 23:26:36 2011 -0700

    add Flipper.ssl_context method for setting up SSL contexts

    This is the beginning of an nginx-like configuration syntax

commit b2a7c77e80f51d2c2d8bc44a5d856517dac04d1d
Author: Eric Wong <normalperson@yhbt.net>
Date:   Thu Jul 21 14:11:28 2011 -0700

    call SSL_connect() explicitly in client mode

    Seems to be required for OpenSSL 1.0.0d on Debian testing.
    (Debian package version 1.0.0d-3)

commit 1ff669de9ed2db84854b45e81f95a4ad5a25e749
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Jul 15 04:25:50 2011 +0000

    flipper (stunnel-workalike) is basically working

    No threads are used at all.

commit 5333303edf1b1260b526fa5c2685f11c5efc1d44
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Jul 15 20:57:04 2011 +0000

    gemspec: bump kgio dependency to 2.6+

    It gives us the Kgio::SOCK_NONBLOCK and Kgio::SOCK_CLOEXEC
    constants which are useful since we specialize in non-blocking
    I/O right now.

commit 6df3527c5bd640bb65ce18fbe8120b689b40f332
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Jul 15 20:18:08 2011 +0000

    add client session cache support

    Can't be a good SSL citizen otherwise :>

commit 271d771725cd7eca425296577e5537ff762137e0
Author: Eric Wong <normalperson@yhbt.net>
Date:   Fri Jul 15 01:48:41 2011 +0000

    raise IOError on closed SSL stream instead of asserting

    We free and remove the reference to the SSL object when
    closing, so attempting to kgio_try{read,write,peek} shouldn't
    hit assertions.

commit 50f8e95e6dca0cd7e7a3ac45508f397e95084023
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Jul 13 20:56:42 2011 +0000

    require an already-setup SSLContext for Kgio::SSL#new

    Otherwise the SSLContext won't work right and we
    can have non-verified SSL connections slipping through.

commit 901f87c74197e1fe9631184f7054ccf6dcd5ebe1
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Jul 13 02:08:08 2011 +0000

    cleanup some warnings and tests

    Unused variable warnings were found by "make check-warnings"
    with Ruby 1.9.3dev.

    We can't afford to close some descriptors ourselves :<

commit e942abeb047114e1f61bcb29cf26380a37aa419f
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Jul 13 01:58:50 2011 +0000

    kgio_trywrite tries harder to write.

    Socket (and SSL) buffers may grow internally or be drained by
    the receiving end, so we'll retry the SSL_write until we really
    can't write anymore.  This allows us to avoid unnecessary String
    allocations and method dispatches in Ruby-land.

    kgio itself has always implemented this logic, as has our
    implementation of kgio_trysendfile.

commit 59a2f02c53983c509e6d204bfcb1f9863ac1b9f3
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 12 23:29:25 2011 +0000

    test_session_cache: avoid race condition in test

    We'll just let the GC deal with closing descriptors
    since it's hard to avoid the race.

commit 791d5a35ec91e2e39b1d0e7926af9fb17761c843
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 12 23:16:58 2011 +0000

    assertions to avoid dereferencing null pointers

    We're still screwed if somebody calls Kgio::SSL#alloc without
    initializing and starts doing stuff with it, but nobody does
    this in real code.

commit 61fbf0365d48b17c2d0789d8c5ee15d59a3520b5
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 12 23:01:21 2011 +0000

    test_comp: fix typo :<

    Oops, I'm trigger-happy today.

commit 8a3d5cc43cb6ccc8b1fbc682e57e1f11020ff662
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 12 23:00:47 2011 +0000

    fix kgio_sendfile GVL-release removal screwup

    Blah

commit 6483b706060bcc222cb67017221e7017d4949192
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 12 22:29:26 2011 +0000

    keep the GVL for all methods

    We can't safely release the GVL for SSL operations since OpenSSL
    isn't thread-safe by default and setting up the appropriate
    callbacks is more effort than we're willing to put up.

commit 3b6916e3da975433f9a39f5fa20d3cd68c2eb88a
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 12 22:58:16 2011 +0000

    test_comp: fixes for OpenSSL 0.9.8

    Ugh...

commit 97b84cd0b487bcfa40a435925ac71685bb0bdd85
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 12 09:04:36 2011 +0000

    doc: make call-seq lines more consistent

commit f17654f3dac7a448e02e0ed4d7b85047248d767d
Author: Eric Wong <normalperson@yhbt.net>
Date:   Tue Jul 12 08:55:55 2011 +0000

    add methods for compression/expansion detection

    This allows servers to detect and avoid unnecessary double
    compression at the application layer (e.g. HTTP gzip).

commit 805d780798b1a4dbd09f1502d5d47e520b4e761c
Author: Eric Wong <normalperson@yhbt.net>
Date:   Mon Jul 11 23:12:14 2011 +0000

    whitespace fixes

    Oops...

commit 21d7e17a9ca57794990834994ac1506501a6e121
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Jul 6 23:42:01 2011 -0700

    doc: fix URL

commit 48190f42f9c882af10e641ada6a5aa3aa4c5c249
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Jul 6 23:01:23 2011 -0700

    implement kgio_trypeek and kgio_peek

    SSL_peek() lacks a manpage but nevertheless appears to
    be used in curl among other places..

commit e37237b634d013ff6edbde1bb1383120a5742171
Author: Eric Wong <normalperson@yhbt.net>
Date:   Wed Jul 6 16:54:35 2011 -0700

    initial

Originally generated with the Darkfish Rdoc Generator 2, modified by wrongdoc.

We love to hear from you!
Email patches (with git send-email), pull requests, questions, bug reports, suggestions, etc. to us publically at kgio@librelist.org.
To subscribe, just send any email to kgio@librelist.org, and respond to the automated confirmation message.
Do not waste bandwidth with HTML, HTML mail will not be read.
Quote only parts you're responding to and do not top post.
For sensitive topics, email us privately at kgio@yhbt.net.