The release includes 20 changes made by 10 people. It is great to see that the development effort has become a joint work of such a community.
Below are some of the big changes that went into the beta release.
Case preservation of header names under HTTP/1 #1194
Since the release of H2O, we have always used lowercased header names. This is acceptable from the specifications' standpoint since header names are defined to be case-insensitive. Also, HTTP/2 only allows transmission of the names in lowercase.
However, in practice, there are applications that rely on the case of the header names being preserved by a reverse proxy. And it is technically possible to preserve the case of the characters in HTTP/1.
@deweerdt came up with a pull request that preserves the case of the header names whenever possible. As of this writing, case of the chacacters are preserved between the reverse proxy handler and HTTP/1 clients. Header names transmitted through HTTP/2 will continue to be in lower-case due to how they are encoded in HTTP/2.
Pull requests for preserving the headers communicated through other handlers are welcome.
Directives to modify request headers sent through the reverse proxy handler #1126
@zlm2012 has added configuration directives that can be used to tweak the request headers sent to the application server through the reverse proxy handler.
This has been implemented by refactoring and generalizing the headers handler that has been used to modify the response headers; so now it is possible to modify the request headers in any way that is possible to modify the response headers!
Support for TLS 1.3 draft-18 #1204
Our in-house implementation of TLS 1.3 (named picotls) has landed to master. Picotls provides an efficient (zero-copy) and clean-cut API (designed as a codec rather than an an I/O abstraction) for the upcoming version 1.3 of the TLS protocol.
Thanks to the library, H2O now implements all the features that is necessary to run TLS 1.3 in production and for performance; including support for session resumption, 0-RTT data, OCSP stapling.
Use of picotls is enabled by default; to disable it, set
max-versionproperty of the
sslconfiguration directive to
Bug fixes thanks to code analysis #1174 #1110
@hbowden worked on integrating Coverity to H2O. The static analysis tool has found several issues and they have been fixed.
@jfoote and @deweerdt worked on integrating Google's continuous fuzzing to H2O. As a result of the integration, several issues were found and fixed in H2O.