summaryrefslogtreecommitdiffstats
path: root/usr.sbin/httpd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Check the return value of tls_config_set_protocols(), now that it returnsjsing2016-11-171-4/+7
| | | | an int.
* Move OCSP loading into a separate function - it is not part of the keypairjsing2016-11-173-22/+42
| | | | | | and this way we can give a separate specific error message. ok beck@ reyk@
* specify ordering and precedence of location { } sections;schwarze2016-11-141-2/+7
| | | | patch from grunk@; feedback and OK jmc@; OK florian@
* Fix tcp ip ttl / minttl on IPv6 sockets.jca2016-11-101-7/+25
| | | | ok florian@
* conditionalize ocsp load properlybeck2016-11-061-8/+10
| | | | ok jsing@
* since ocsp stapling is optional, make sure we guard if we do not have it.beck2016-11-061-4/+6
| | | | ok jsing@
* tweak previous;jmc2016-11-061-4/+4
|
* Add OCSP stapling support to httpdbeck2016-11-065-10/+96
| | | | ok jsing@ bcook@
* copy updated log.c from vmd: for correctness, save errno when doingreyk2016-10-121-8/+11
| | | | additional actions before printing it. OK rzalamena@
* Prevent fd exhaustion in the parent when loading the listening serverreyk2016-10-123-8/+42
| | | | | | | | sockets by sending the fd one-by-one. This allows to start httpd with max 32 server instances and many server sockets without changing the default rlimits in any way. OK rzalamena@
* Modify httpd(8)'s proc.c to use less file descriptors during the daemonrzalamena2016-10-101-66/+73
| | | | | | | | | | start up. To achieve this proc_init() initiates only the necessary pipes between child and parent, allocate and distribute fds in proc_connect(). In case of configuration checks ('-n') we do nothing in proc_init() and proc_connect(). ok reyk@
* Fix msgbuf_write() usage idiom and modify the treatment for socket closerzalamena2016-10-101-2/+8
| | | | | | to exit gracefully instead of fatal()ing. ok reyk@
* Add more context to fatal*() messages so it makes easier to debug proc.crzalamena2016-10-101-12/+11
| | | | | | internals. ok phessler@
* The strchr() call either returns a NULL pointer, on which the code willpatrick2016-10-071-7/+4
| | | | | | | break out of the loop, or a pointer to ':'. Thus the extra check for ':' is unnecessary and can be removed. ok jung@
* Empty lines cause server_fcgi_getheaders() to immediately return.patrick2016-10-071-3/+6
| | | | | | | | Unfortunately in that case the line was not freed. This lead to a memleak on each request. Thus, save the return value prior to returning, free the line and return the saved value. ok jung@
* Check if oldd == newd before dup2(), if that is the case we need to removerzalamena2016-10-051-2/+8
| | | | | | the CLOEXEC flag ourselves. ok bluhm@, deraadt@
* Call setsid() to create a new session for the executed processes.reyk2016-10-051-1/+5
| | | | | From deraadt@ OK rzalamena@
* sync proc.c with vmd: add p_pw to specify a non-standard user for a process.reyk2016-10-052-4/+11
| | | | OK rzalamena@
* Add -Wcast-qual after syncing proc.c fixreyk2016-09-281-2/+2
|
* sync proc.c from switchd, includes minor cast qual fix and removal of p_env.reyk2016-09-283-9/+9
|
* add some Xr for acme-client(1);jmc2016-09-151-2/+3
|
* Replace [RELAY|SERVER]_MAXPROC with the new PROC_MAX_INSTANCESreyk2016-09-033-12/+9
| | | | | | | variable and limit it from 128 to 32 instances (the old value). While here, move a few PROC_ defines around. OK rzalamena@
* Use DPRINTF instead of #ifdef DEBUG + log_debug().reyk2016-09-031-4/+2
| | | | Pointed out by benno@
* proc.c tweaks: Rename proc_listento() to proc_accept() as it is thereyk2016-09-023-46/+50
| | | | | | | | receiving side of proc_connect(). Move some code from main into proc_init(), the function is now called by parent and children, not just the parent and it is less copy + paste for other daemons. OK florian@
* The fork+exec diff broke "what?!", the ps_what field determines thereyk2016-09-011-7/+6
| | | | | | | | configuration that has to be initialized in each process and was inherited from the parent instead of setting it everywhere. I'm surprised that it worked. OK florian
* Don't print "lost child" if the child process exited okay. This isreyk2016-09-011-3/+5
| | | | the old behaviour and unbreaks the regress tests.
* struct client starts to become the kitchen sink. Move fastcgi data toflorian2016-09-012-47/+51
| | | | its own struct. Requested by and OK reyk@
* spacingreyk2016-09-015-11/+14
|
* Adjust log message, use process title now that it works againreyk2016-09-011-4/+6
|
* Teach httpd/proc.c how to fork+exec.rzalamena2016-09-013-173/+334
| | | | | | | | This commit implemented the basic functions to proc.c to make it not rely on global variables, malloc()ed memory and CLOEXEC pipes. Fix child proc titles from reyk@ ok reyk@, florian@
* Kill (remove) the ps_pid from privsep struct since it is not being usedrzalamena2016-08-304-16/+12
| | | | | | anymore. Also fix the process initialization prototypes. ok reyk@
* Terminate daemon using the socket status instead of watching SIGCHLD orrzalamena2016-08-302-61/+27
| | | | | | | kill()ing child process. "Looks good to me" millert@ ok benno@
* Remove duplicated prototypes from header.rzalamena2016-08-301-4/+1
| | | | "Looks good to me" natano@
* Do not assume that the full http response header is in the firstflorian2016-08-302-11/+23
| | | | | | | | | fastcgi stdout record. Keep processing stdout records until we found the header / body separator and only then generate the header response. Problem reported by many. OK jung@
* Kill p_instance from proc.c and remove static proc_id unused variables.rzalamena2016-08-275-29/+15
| | | | | | | | | To keep the debug functionality intact and correct we'll use the pid field in the imsg header to pass the instance number. Remember to always pass 'ps_instance + 1' otherwise libutil will fill imsg header pid field with the imsgbuf pid (which is the current process pid). ok reyk@
* Kill the ps_ninstances from proc.c.rzalamena2016-08-263-14/+14
| | | | | | | We got the same information in ps_instances[proc] (more accurate) and we avoid allocating unnecessary memory for pipe storage. ok reyk@
* Replace the static env variables with a single global variable.rzalamena2016-08-264-43/+36
| | | | ok reyk@
* Enable SNI support in httpd(8).jsing2016-08-223-10/+31
| | | | ok reyk@
* stop including sys/param.h for nitems. define locally as needed.tedu2016-08-164-7/+8
| | | | ok natano reyk
* Turn "TLS handshake failed -" log message into a debug message - itreyk2016-08-161-2/+2
| | | | | | happens way too often and does not provide much information. OK jung@
* Rename server_handshake_tls() to server_tls_handshake() to align withreyk2016-08-161-6/+6
| | | | | the other server_tls_* functions (and I like the prefix notation better). No functional change.
* Move server_match() from parse.y to server.c; use env instead of conf,jsing2016-08-153-31/+32
| | | | which is actually the same thing (cluebat from reyk@).
* Use lowercase 'tls' in debug and log messages for consistency.jsing2016-08-152-11/+11
| | | | Requested by reyk@
* Make httpd stricter with respect to TLS configuration - in particular, dojsing2016-08-153-37/+101
| | | | | | | | | | | | not allow TLS and non-TLS to be configured on the same port, do not allow TLS options to be specified without a TLS listener and ensure that the TLS options are the same when a server is specified on the same address/port. Currently, these configurations are permitted but do not work as intended. Also factor out and reuse the server matching code, which was previously duplicated. ok reyk@
* sync http.h with relaydbenno2016-08-011-1/+2
| | | | ok reyk@
* According to RFC 7231 4.3.7, OPTIONS may have body. "Although thisreyk2016-07-271-2/+2
| | | | | | | | | specification does not define any use for such a payload, future extensions to HTTP might use the OPTIONS body to make more detailed queries about the target resource." The future has arrived. Found and tested by Michael Lechtermann OK benno@
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
| | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
* do not allow whitespace in macro names, i.e. "this is" = "a variable".benno2016-06-211-1/+9
| | | | | | | | change this in all config parsers in our tree that support macros. problem reported by sven falempin. feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
* grammar fix; from nick permyakovjmc2016-06-101-3/+3
|
* & expands to the maximum amount of needed space; fix comment.florian2016-06-101-2/+2
| | | | Pointed out by Frank Schoep, thanks!
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.