blob: 3cacc9eb46b2754b01279bc508e7ab47d0f50bb7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
[appendix]
== Migrating from Gun 2.1 to 2.2
Gun 2.2 contains many features and fixes, including
an experimental HTTP/3 implementation.
Gun 2.2 requires Erlang/OTP 24.0 or greater.
=== Features added
* Gun will now do wildcard certificate matching by
default, as required by the HTTP protocol, by
setting the `customize_hostname_check` ssl option.
* User pings are now supported for HTTP/2. User pings
are PING frames sent by the user, with the
corresponding PING_ACK resulting in a `gun_notify`
message being sent to the user process. They can
be used to measure latency or do other checks.
* The `reply_to` request option has been extended to
accept a fun or an MFA that will be called when a
reply must be sent to the user process.
* The `state_name`, `event_handler` and `event_handler_state`
fields were added to `gun:info/1`.
* Update Cowlib to 2.15.0.
=== Experimental features added
* Experimental support for HTTP/3 has been added.
Websocket over HTTP/3 is not currently implemented.
HTTP/3 support is disabled by default; to enable,
the environment variable GUN_QUICER must be set at
compile-time.
=== Bugs fixed
* TLS 1.3 performs certificate validation independently
from the handshake, which means that certificate errors
can arrive after the handshake has completed. This is
in part to support post-handshake authentication. Gun
will now replace `{error, closed}` and similar socket
errors with the TLS alert when possible, including for
TLS over TLS and TLS over HTTP/2 scenarios.
* HTTP/2 tunneling has been improved: WINDOW_UPDATE
frames are now properly sent, and flow control is
handled. In addition closing the stream is better
handled. This impacts both proxying scenarios as
well as Websocket over HTTP/2.
* HTTP/2 will now properly send a NO_ERROR "error"
code when initiating graceful shutdown.
* HTTP/2 will now properly track the number of
streams currently running and immediately fail
when the user tries to open a stream too many
compared to what the server allows.
* Sometimes stray HTTP/2 timeout messages could
be received, producing a log message. This was
because they were not cleaned up on disconnect.
Now they are.
* Socket errors were not properly handled when
sending Websocket PONG frames. This has been
corrected.
* Trying to send a Websocket frame over an HTTP
connection (before the Websocket upgrade) will
now result in an error sent to the user process.
* When connecting to HTTP via a Unix domain socket,
Gun will now set the host header to "localhost"
by default. Previously an invalid host header
was sent.
* Data could be lost when switching to the raw
protocol. This has been corrected.
* Documentation has been updated to describe the
`notify_settings_changed` option; as well as
to recommend disabling automatic reconnect when
Websocket is used; and to provide context around
potential security risks due to HTTP/2 compressed
headers.
|