gun.git/test, branch corral HTTP/1.1, HTTP/2 and Websocket client for Erlang/OTP. Catch post-handshake TLS 1.3 alerts 2025-04-09T15:18:53+00:00 Loïc Hoguin essen@ninenines.eu 2025-03-28T10:42:29+00:00 403a0af4cd8dd378c500e5ec7604bcc68c5ee5b8 When TLS 1.3 is used and `fail_if_no_peer_cert` (or equivalent) is configured on the server, such as in mTLS scenarios, and the client certificate is missing or invalid, the TLS 1.3 alert will be sent after the handshake has completed. The same is true for post-handshake authentication in TLS 1.3 which Erlang/OTP doesn't yet support, but will at some point in the future. Due to the asynchronous nature of some `ssl` socket operations, such as sending, the alert may not always be returned from a socket call. When the ssl socket is active we would receive it as a message instead, so when Gun gets `{error,closed}` it must look for the active message and see if an alert occurred. When the ssl socket is passive we don't, so we must query the socket for it (trying to set the socket active at that point gets us the alert in the return value). There is a span between handshake and the initial active mode set where the socket is passive and may send data (the HTTP/2 preface) so we must account for both cases. Because we sometimes have to wait for the alert as a message, and we don't want to wait for a very long time (200ms), we sometimes may lose the alert. Perhaps in the future this wait time can be made configurable for users that really require getting the alert. The tests are only enabled on Linux because other OSes have intermittent failures (likely due to timing). 
When TLS 1.3 is used and `fail_if_no_peer_cert` (or equivalent)
is configured on the server, such as in mTLS scenarios, and
the client certificate is missing or invalid, the TLS 1.3 alert
will be sent after the handshake has completed.

The same is true for post-handshake authentication in TLS 1.3
which Erlang/OTP doesn't yet support, but will at some point in
the future.

Due to the asynchronous nature of some `ssl` socket operations,
such as sending, the alert may not always be returned from a
socket call. When the ssl socket is active we would receive
it as a message instead, so when Gun gets `{error,closed}`
it must look for the active message and see if an alert
occurred. When the ssl socket is passive we don't, so we
must query the socket for it (trying to set the socket active
at that point gets us the alert in the return value). There
is a span between handshake and the initial active mode set
where the socket is passive and may send data (the HTTP/2
preface) so we must account for both cases.

Because we sometimes have to wait for the alert as a message,
and we don't want to wait for a very long time (200ms), we
sometimes may lose the alert. Perhaps in the future this wait
time can be made configurable for users that really require
getting the alert.

The tests are only enabled on Linux because other OSes have
intermittent failures (likely due to timing).
Reject Websocket frames sent over HTTP 2025-03-28T13:29:06+00:00 Loïc Hoguin essen@ninenines.eu 2025-03-28T13:29:06+00:00 694fed991b4611147f2da73a183d3b8768f4b45d 






Default the origin authority to "localhost" for unix sockets
2025-03-26T16:28:16+00:00

Loïc Hoguin
essen@ninenines.eu

2025-03-26T16:28:16+00:00

3eaa67dd8196821bbafe78daedaf86790fd123c6

Otherwise garbage gets sent.





Otherwise garbage gets sent.







Remove copyright years from all files except LICENSE
2025-03-26T14:13:34+00:00

Loïc Hoguin
essen@ninenines.eu

2025-03-26T14:13:34+00:00

5a8d0f5454b87ef021c26228e2b06e29074e9bf9












Better identify ping errors and test the HTTP/1.1 one
2025-03-26T13:37:41+00:00

Loïc Hoguin
essen@ninenines.eu

2025-03-26T13:24:01+00:00

6221b68dd3607ad6297199e7fd7f41c83a0e7738












Implement user pings for tunnels
2025-03-26T10:20:37+00:00

Loïc Hoguin
essen@ninenines.eu

2025-03-26T10:20:37+00:00

e5dc5fb6c245f218ba7f321b0a519ac8202c33ed












Add gun:ping/2,3 for user-initiated ping for HTTP/2
2025-03-21T14:24:55+00:00

Viktor Söderqvist
viktor.soderqvist@est.tech

2024-12-13T17:50:47+00:00

4054e917774df76072c2c47aa3d1c43ccbe0810e

Signed-off-by: Viktor Söderqvist <viktor.soderqvist@est.tech>





Signed-off-by: Viktor Söderqvist <viktor.soderqvist@est.tech>







Respect remote concurrency limit for headers/connect/ws_upgrade
2025-03-21T12:10:50+00:00

Loïc Hoguin
essen@ninenines.eu

2025-03-21T12:10:50+00:00

dd1a09d7c8395d8e77d40a8bc5e1e4537c3c15b3

In order to simplify the implementation the CookieStore is
given to the connect function now, even though it's not
currently used.





In order to simplify the implementation the CookieStore is
given to the connect function now, even though it's not
currently used.







HTTP/2: Respect remote MAX_CONCURRENT_STREAMS
2025-03-18T11:44:21+00:00

Viktor Söderqvist
viktor.soderqvist@est.tech

2022-10-24T15:36:59+00:00

04c3436586eb150225791f96692eeff78f4d27c1

If the limit has been reached, new requests are failed immediately,
so that the application can retry them on a different connection.

Co-authored-by: Björn Svensson <bjorn.a.svensson@est.tech>





If the limit has been reached, new requests are failed immediately,
so that the application can retry them on a different connection.

Co-authored-by: Björn Svensson <bjorn.a.svensson@est.tech>







Do not ignore data received immediately after switching to raw
2025-02-27T14:34:56+00:00

Denys Knertser
denys@avassa.io

2024-07-08T13:50:07+00:00

50491ae56fbb26dc108f5e7ebd7edb384a3fa295

LH: Minor tweaks.





LH: Minor tweaks.