Commit Graph

22 Commits

Author SHA1 Message Date
klzgrad
b96a3c98fc h2: Reduce warnings about RST on invalid streams
Per RFC 7540#6.4:

  However, after sending the RST_STREAM, the sending endpoint MUST be
  prepared to receive and process additional frames sent on the stream
  that might have been sent by the peer prior to the arrival of the
  RST_STREAM.
2022-12-03 16:22:08 +08:00
klzgrad
ca01c27db9 socket: Force tunneling for all sockets
In the socket system, only WebSocket sockets are allowed to tunnel
through HTTP/1 proxies. "Raw" sockets in the normal socket pool don't
have it, and their CONNECT headers are not sent, instead the raw
payload is sent as-is to the HTTP/1 proxy, breaking the proxying.

The socket system works like this:

- HTTP sockets via HTTP/1 proxies: normal pool, no tunneling.
- HTTPS sockets via HTTP/1 proxies: normal pool, no tunneling,
  but does its own proxy encapsulation.
- WS sockets via HTTP/1 proxies: WS pool, tunneling.

In Naive, we need the normal pool because the WS pool has some extra
restrictions but we also need tunneling to produce a client socket
with proxy tunneling built in.

Therefore force tunneling for all sockets and have them always send
CONNECT headers. This will otherwise break regular HTTP client sockets
via HTTP/1 proxies, but as we don't use this combination, it is ok.
2022-12-03 16:22:08 +08:00
klzgrad
eb5e228a43 socket: Allow higher limits for proxies
As an intermediary proxy we should not enforce stricter connection
limits in addition to what the user is already enforcing.
2022-12-03 16:22:08 +08:00
klzgrad
9513f88fdc socket: Add RawConnect method 2022-12-03 16:22:08 +08:00
klzgrad
d34742571b cert: Handle AIA response in PKCS#7 format 2022-12-03 16:22:08 +08:00
klzgrad
7a13164b40 cert: Use builtin verifier on Android and Linux 2022-12-03 16:22:06 +08:00
klzgrad
9258ae9ef9 cert: Add SystemTrustStoreStaticUnix
It reads CA certificates from:

* The file in environment variable SSL_CERT_FILE
* The first available file of

/etc/ssl/certs/ca-certificates.crt (Debian/Ubuntu/Gentoo etc.)
/etc/pki/tls/certs/ca-bundle.crt (Fedora/RHEL 6)
/etc/ssl/ca-bundle.pem (OpenSUSE)
/etc/pki/tls/cacert.pem (OpenELEC)
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (CentOS/RHEL 7)
/etc/ssl/cert.pem (Alpine Linux)

* Files in the directory of environment variable SSL_CERT_DIR
* Files in the first available directory of

/etc/ssl/certs (SLES10/SLES11, https://golang.org/issue/12139)
/etc/pki/tls/certs (Fedora/RHEL)
/system/etc/security/cacerts (Android)
2022-12-03 16:13:11 +08:00
klzgrad
6a3d656f3b libc++: Disable exceptions and RTTI
Except on Mac, where exceptions are required.
And except on Android, where rtti is required.
2022-12-03 16:13:11 +08:00
klzgrad
91f84f2b68 url: Remove perfetto tracing 2022-12-03 16:13:11 +08:00
klzgrad
a00628f48d base: Disable trace event
This allows builds with enable_base_tracing=false.
2022-12-03 16:13:11 +08:00
klzgrad
6ad6d8cf9f lss: Avoid naming conflict in fstatat64
Supports OpenWrt builds.
2022-12-03 16:13:11 +08:00
klzgrad
cbf88a90ee base: Fix iwyu in file_path.cc 2022-12-03 16:13:10 +08:00
klzgrad
67b8c97f85 base: Don't fix Y2038 problem with icu 2022-12-03 16:13:10 +08:00
klzgrad
daa4f46178 net, url: Remove icu 2022-12-03 16:13:10 +08:00
klzgrad
6aa14d128d build: Force determinism in official build
Helps build with ccache.
2022-12-03 16:13:10 +08:00
klzgrad
0607b155e1 build: Disable Android java templates 2022-12-03 16:13:10 +08:00
klzgrad
c0e9f8dad1 build: Disable build_with_chromium
The argument build_with_chromium mainly enables various tests,
data bundling, infra integration, and AFDO profiles.

AFDO can be added by other arguments.
2022-12-03 16:13:10 +08:00
klzgrad
4e3ad2e10f base: Remove JNI function on Android 2022-12-03 16:13:10 +08:00
klzgrad
987c099b5c base: Add Android stubs 2022-12-03 16:13:10 +08:00
klzgrad
79e29d1c3d net: Add Android stubs 2022-12-03 16:13:10 +08:00
klzgrad
d447a732d6 build: Remove tests and minimize 2022-12-03 16:13:09 +08:00
importer
58d0eb0da6 Import chromium-108.0.5359.94 2022-12-03 16:11:17 +08:00