Commit Graph

21 Commits

Author SHA1 Message Date
klzgrad
97a64374d2 h2: Reduce warnings about RST on invalid streams
Per RFC 7540#6.4:

  However, after sending the RST_STREAM, the sending endpoint MUST be
  prepared to receive and process additional frames sent on the stream
  that might have been sent by the peer prior to the arrival of the
  RST_STREAM.
2023-08-17 07:30:19 +08:00
klzgrad
508a9fdaa0 socket: Force tunneling for all sockets
In the socket system, only WebSocket sockets are allowed to tunnel
through HTTP/1 proxies. "Raw" sockets in the normal socket pool don't
have it, and their CONNECT headers are not sent, instead the raw
payload is sent as-is to the HTTP/1 proxy, breaking the proxying.

The socket system works like this:

- HTTP sockets via HTTP/1 proxies: normal pool, no tunneling.
- HTTPS sockets via HTTP/1 proxies: normal pool, no tunneling,
  but does its own proxy encapsulation.
- WS sockets via HTTP/1 proxies: WS pool, tunneling.

In Naive, we need the normal pool because the WS pool has some extra
restrictions but we also need tunneling to produce a client socket
with proxy tunneling built in.

Therefore force tunneling for all sockets and have them always send
CONNECT headers. This will otherwise break regular HTTP client sockets
via HTTP/1 proxies, but as we don't use this combination, it is ok.
2023-08-17 07:30:19 +08:00
klzgrad
0e304f6c60 socket: Allow higher limits for proxies
As an intermediary proxy we should not enforce stricter connection
limits in addition to what the user is already enforcing.
2023-08-17 07:30:19 +08:00
klzgrad
01a624b782 socket: Add RawConnect method 2023-08-17 07:30:19 +08:00
klzgrad
56ba57e201 cert: Handle AIA response in PKCS#7 format 2023-08-17 07:30:19 +08:00
klzgrad
e0b4e80a2c cert: Use builtin verifier on Android and Linux 2023-08-17 07:30:18 +08:00
klzgrad
a11f84be92 cert: Add SystemTrustStoreStaticUnix
It reads CA certificates from:

* The file in environment variable SSL_CERT_FILE
* The first available file of

/etc/ssl/certs/ca-certificates.crt (Debian/Ubuntu/Gentoo etc.)
/etc/pki/tls/certs/ca-bundle.crt (Fedora/RHEL 6)
/etc/ssl/ca-bundle.pem (OpenSUSE)
/etc/pki/tls/cacert.pem (OpenELEC)
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (CentOS/RHEL 7)
/etc/ssl/cert.pem (Alpine Linux)

* Files in the directory of environment variable SSL_CERT_DIR
* Files in the first available directory of

/etc/ssl/certs (SLES10/SLES11, https://golang.org/issue/12139)
/etc/pki/tls/certs (Fedora/RHEL)
/system/etc/security/cacerts (Android)
2023-08-17 07:30:18 +08:00
klzgrad
7b71343278 libc++: Disable exceptions and RTTI
Except on Mac, where exceptions are required.
And except on Android, where rtti is required.
2023-08-17 07:30:18 +08:00
klzgrad
f3fd5e1d86 base: Disable trace event
This allows builds with enable_base_tracing=false.
2023-08-17 07:30:18 +08:00
klzgrad
0c71ac6d9b base: Fix iwyu in file_path.cc 2023-08-17 07:30:18 +08:00
klzgrad
ec36b9f6ea base: Don't fix Y2038 problem with icu 2023-08-17 07:30:18 +08:00
klzgrad
3c040152b5 net, url: Remove icu 2023-08-17 07:30:18 +08:00
klzgrad
2b3c183104 build: Force determinism in official build
Helps build with ccache.
2023-08-17 07:30:18 +08:00
klzgrad
3a0163c0c5 build: Disable Android java templates 2023-08-17 07:30:18 +08:00
klzgrad
4af36f1708 build: Disable build_with_chromium
The argument build_with_chromium mainly enables various tests,
data bundling, infra integration, and AFDO profiles.

AFDO can be added by other arguments.
2023-08-17 07:30:18 +08:00
klzgrad
40aa04aed4 base: Remove JNI function on Android 2023-08-17 07:30:18 +08:00
klzgrad
de605e114d base: Add Android stubs 2023-08-17 07:30:18 +08:00
klzgrad
788fa21146 net: Add Android stubs 2023-08-17 07:30:18 +08:00
klzgrad
0b695a805e build: Remove tests and minimize 2023-08-17 07:30:18 +08:00
klzgrad
127087ea77 Add .gitignore 2023-08-17 07:30:18 +08:00
importer
c8ae6818f1 Import chromium-116.0.5845.92 2023-08-17 07:30:18 +08:00