![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / httpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.162.4.2 / (download) - annotate - [select for diffs], Mon Nov 20 18:17:46 2023 UTC (6 months, 1 week ago) by bluhm
Branch: OPENBSD_7_3
Changes since 1.162.4.1: +2 -1 lines
Diff to previous 1.162.4.1 (colored) to branchpoint 1.162 (colored) next main 1.163 (colored)
Avoid a NULL dereference when handling a malformed fastcgi request. Rework the hack to avoid a use-after-free in the fastcgi code. Since server_fcgi() can be called by server_read_httpcontent() we can't set clt_fcgi_error to NULL. Instead, we implement a simple reference count to track when a fastcgi session is in progress to avoid closing the http session prematurely on fastcgi error. Based on a diff from and OK by tb@. Reported by Ben Kallus. from millert@ this is errata/7.3/020_httpd.patch.sig
Revision 1.163.2.1 / (download) - annotate - [select for diffs], Mon Nov 20 18:14:51 2023 UTC (6 months, 1 week ago) by bluhm
Branch: OPENBSD_7_4
Changes since 1.163: +2 -1 lines
Diff to previous 1.163 (colored) next main 1.164 (colored)
Avoid a NULL dereference when handling a malformed fastcgi request. Rework the hack to avoid a use-after-free in the fastcgi code. Since server_fcgi() can be called by server_read_httpcontent() we can't set clt_fcgi_error to NULL. Instead, we implement a simple reference count to track when a fastcgi session is in progress to avoid closing the http session prematurely on fastcgi error. Based on a diff from and OK by tb@. Reported by Ben Kallus. from millert@ this is errata/7.4/006_httpd.patch.sig
Revision 1.164 / (download) - annotate - [select for diffs], Wed Nov 8 19:19:10 2023 UTC (6 months, 3 weeks ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.163: +2 -1 lines
Diff to previous 1.163 (colored)
Avoid a NULL dereference when handling a malformed fastcgi request. Rework the hack to avoid a use-after-free in the fastcgi code. Since server_fcgi() can be called by server_read_httpcontent() we can't set clt_fcgi_error to NULL. Instead, we implement a simple reference count to track when a fastcgi session is in progress to avoid closing the http session prematurely on fastcgi error. Based on a diff from and OK by tb@. Reported by Ben Kallus.
Revision 1.161.2.1 / (download) - annotate - [select for diffs], Wed Jul 12 12:46:33 2023 UTC (10 months, 3 weeks ago) by tb
Branch: OPENBSD_7_2
Changes since 1.161: +2 -1 lines
Diff to previous 1.161 (colored) next main 1.162 (colored)
Work around use after free in httpd(8) A malformed HTTP request can cause httpd in fastcgi mode to crash due to a use-after-free. This is an awful hack, but it's good enough until someone figures out the correct way of dealing with server_close() here. Reported by Jesper Wallin <jesper () ifconfig.se> "this will do the trick for now" claudio ok beck deraadt This is errata/7.2/029_httpd.patch.sig
Revision 1.162.4.1 / (download) - annotate - [select for diffs], Wed Jul 12 12:46:01 2023 UTC (10 months, 3 weeks ago) by tb
Branch: OPENBSD_7_3
Changes since 1.162: +2 -1 lines
Diff to previous 1.162 (colored)
Work around use after free in httpd(8) A malformed HTTP request can cause httpd in fastcgi mode to crash due to a use-after-free. This is an awful hack, but it's good enough until someone figures out the correct way of dealing with server_close() here. Reported by Jesper Wallin <jesper () ifconfig.se> "this will do the trick for now" claudio ok beck deraadt
Revision 1.163 / (download) - annotate - [select for diffs], Wed Jul 12 12:37:27 2023 UTC (10 months, 3 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE
Branch point for: OPENBSD_7_4
Changes since 1.162: +2 -1 lines
Diff to previous 1.162 (colored)
Work around use after free in httpd(8) A malformed HTTP request can cause httpd in fastcgi mode to crash due to a use-after-free. This is an awful hack, but it's good enough until someone figures out the correct way of dealing with server_close() here. "this will do the trick for now" claudio ok beck deraadt
Revision 1.162 / (download) - annotate - [select for diffs], Mon Oct 24 15:02:01 2022 UTC (19 months, 1 week ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE
Branch point for: OPENBSD_7_3
Changes since 1.161: +1 -2 lines
Diff to previous 1.161 (colored)
remove unused references to httpd.sock; found by dante catalfamo ok florian
Revision 1.161 / (download) - annotate - [select for diffs], Mon Aug 15 12:29:17 2022 UTC (21 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE
Branch point for: OPENBSD_7_2
Changes since 1.160: +3 -3 lines
Diff to previous 1.160 (colored)
Neither clt_descreq nor clt_descresp in struct client need to be void *. They both are only used as struct http_descriptor. OK tb@
Revision 1.160 / (download) - annotate - [select for diffs], Wed Mar 2 11:10:43 2022 UTC (2 years, 3 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.159: +1 -5 lines
Diff to previous 1.159 (colored)
Nothing uses kv_flags. John (j AT bitminer.ca) pointed out that we didn't correctly initialize struct kv and might use slower KV_FLAG_GLOBBING path in kv_find depending on stack garbage. Instead of fixing the initialization just delete kv_flags from struct kv. OK claudio, tb
Revision 1.159 / (download) - annotate - [select for diffs], Sun Feb 27 20:30:30 2022 UTC (2 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.158: +2 -1 lines
Diff to previous 1.158 (colored)
Add gzip-static option to httpd. This allows to deliver precompressed files with content-encoding gzip. from prx at si3t dot ch; OK tracey@
Revision 1.158 / (download) - annotate - [select for diffs], Sun Oct 24 16:01:04 2021 UTC (2 years, 7 months ago) by ian
Branch: MAIN
Changes since 1.157: +9 -2 lines
Diff to previous 1.157 (colored)
Add httpd custom error page facility. Adapted by me from https://github.com/mpfr/httpd-plus. Improvements from & (earlier version) reads fine to tracey@; improvements & OK this version benno@, florian@. Thanks.
Revision 1.157 / (download) - annotate - [select for diffs], Mon May 17 09:26:52 2021 UTC (3 years ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.156: +2 -1 lines
Diff to previous 1.156 (colored)
Do not try to chunk encode an empty http body coming from an fcgi upstream. Found the hard way by Chris Narkiewicz who tracked failing uploads in the nextcloud mobile app down to httpd(8) trying to chunk encode a "204 No Content" resonse. Testing by Steve Williams Testing & OK stsp
Revision 1.156 / (download) - annotate - [select for diffs], Tue Apr 20 21:11:56 2021 UTC (3 years, 1 month ago) by dv
Branch: MAIN
Changes since 1.155: +1 -3 lines
Diff to previous 1.155 (colored)
Move TAILQ initialization to files where they are used. These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units. ok bluhm@, tb@
Revision 1.155 / (download) - annotate - [select for diffs], Sat Apr 10 10:10:07 2021 UTC (3 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.154: +2 -2 lines
Diff to previous 1.154 (colored)
Do not compare TLS config params for non-TLS servers. This allows to mix 'listen * port 80' and 'listen * tls port 443' in one server block. Also the last argument of server_tls_cmp - match_keypair - is always 0 so remove this code. OK florian@ tb@ some long time ago
Revision 1.154 / (download) - annotate - [select for diffs], Wed Jan 27 07:21:52 2021 UTC (3 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.153: +5 -4 lines
Diff to previous 1.153 (colored)
these programs (with common ancestry) had a -fno-common problem related to privsep_procid. ok mortimer
Revision 1.153 / (download) - annotate - [select for diffs], Thu Oct 29 12:30:52 2020 UTC (3 years, 7 months ago) by denis
Branch: MAIN
Changes since 1.152: +6 -2 lines
Diff to previous 1.152 (colored)
Add location (found|not found) option to test for resource path existence. Diff by Matthias Pressfreund <mpfr @ fn de>. Thanks.
Revision 1.152 / (download) - annotate - [select for diffs], Sat Aug 29 07:53:48 2020 UTC (3 years, 9 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.151: +2 -2 lines
Diff to previous 1.151 (colored)
typo; pointed out by Matthias (mpfr AT fn.de), thanks!
Revision 1.151 / (download) - annotate - [select for diffs], Wed Aug 26 06:50:20 2020 UTC (3 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.150: +2 -3 lines
Diff to previous 1.150 (colored)
Set fastcgi socket default on server and location. This allows "fastcgi" directly inside of a server directive without giving specifying socket. OK tracey
Revision 1.150 / (download) - annotate - [select for diffs], Mon Aug 24 15:49:10 2020 UTC (3 years, 9 months ago) by tracey
Branch: MAIN
Changes since 1.149: +4 -2 lines
Diff to previous 1.149 (colored)
Add support for non-localhost fastcgi sockets. Lots of review time kn@ Lots of review time, tweaks, and ok florian@
Revision 1.149 / (download) - annotate - [select for diffs], Mon Aug 3 11:05:24 2020 UTC (3 years, 9 months ago) by benno
Branch: MAIN
Changes since 1.148: +1 -4 lines
Diff to previous 1.148 (colored)
remove unused functions from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@
Revision 1.148 / (download) - annotate - [select for diffs], Thu Jul 30 21:06:19 2020 UTC (3 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.147: +1 -2 lines
Diff to previous 1.147 (colored)
Remove the unused function canonicalize_host(), it was copied from relayd. Found by Ross L Richardson, Thanks.
Revision 1.147 / (download) - annotate - [select for diffs], Sat Jul 25 21:12:49 2020 UTC (3 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.146: +1 -13 lines
Diff to previous 1.146 (colored)
remove unsused enum key_type, copied initialy from relays. found by Ross L Richardson, thanks! ok deraadt@
Revision 1.146 / (download) - annotate - [select for diffs], Sun Feb 9 09:44:04 2020 UTC (4 years, 3 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.145: +2 -1 lines
Diff to previous 1.145 (colored)
Implement "strip" option for fastcgi to be able to have multiple chroots under /var/www for FastCGI servers. From Nazar Zhuk (nazar AT zhuk DOT online), thanks! Ok benno
Revision 1.145 / (download) - annotate - [select for diffs], Wed May 8 19:57:45 2019 UTC (5 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.144: +2 -2 lines
Diff to previous 1.144 (colored)
spacing
Revision 1.144 / (download) - annotate - [select for diffs], Fri May 3 17:16:27 2019 UTC (5 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.143: +3 -2 lines
Diff to previous 1.143 (colored)
Add a "forwarded" log format that extends the "combined" log format by including the contents of the X-Forwarded-For and X-Forwarded-Port headers. If httpd(8) runs behind a proxy like relayd(8), this allows tracking the origin of the requests. The format is compatible with log analyzers such as GoAccess and Webalizer. Patch from Bruno Flueckiger ok benno, reyk
Revision 1.143 / (download) - annotate - [select for diffs], Tue Feb 19 11:37:26 2019 UTC (5 years, 3 months ago) by pirofti
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.142: +16 -1 lines
Diff to previous 1.142 (colored)
httpd(8): add support for setting custom FastCGI parameters. This commit extends the existing grammar by adding the param option to the fastcgi directive: fastcgi param name value. Example usage: fastcgi param VAR1 hello fastcgi param VAR2 world With help and OK florian@ Rogue manpage bits, feel free to modify them.
Revision 1.142 / (download) - annotate - [select for diffs], Thu Oct 11 09:52:22 2018 UTC (5 years, 7 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.141: +5 -6 lines
Diff to previous 1.141 (colored)
Backout my previous commit: date: 2018/10/01 19:24:09; author: benno; state: Exp; lines: +7 -1; commitid: 0O8fyHPNvPd8rvYU; Only send 408 Timeout responses when we have seen at least part of a request. Without a request, just close the connection when we hit request timeout. Prompted by a bug report from Nikola Kolev, thanks. ok reyk@ and some suggestions from claudio@ and bluhm@ Mark Patruck (mark AT wrapped DOT cx) found a problem with it, thanks for the report. ok reyk@ bluhm@ sthen@ deraadt@
Revision 1.141 / (download) - annotate - [select for diffs], Mon Oct 1 19:24:09 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.140: +6 -5 lines
Diff to previous 1.140 (colored)
Only send 408 Timeout responses when we have seen at least part of a request. Without a request, just close the connection when we hit request timeout. Prompted by a bug report from Nikola Kolev, thanks. ok reyk@ and some suggestions from claudio@ and bluhm@
Revision 1.140 / (download) - annotate - [select for diffs], Sun Sep 9 21:06:51 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.139: +2 -2 lines
Diff to previous 1.139 (colored)
During the fork+exec implementation, daemon(3) was moved after proc_init(). As a consequence httpd(8) and relayd(8) child processes did not detach from the terminal anymore. Dup /dev/null to the stdio file descriptors in the children. OK benno@
Revision 1.139 / (download) - annotate - [select for diffs], Sun Aug 19 18:03:35 2018 UTC (5 years, 9 months ago) by jasper
Branch: MAIN
Changes since 1.138: +2 -2 lines
Diff to previous 1.138 (colored)
double the allowed length for the 'tls ciphers' option for example now it can hold the recommended cipher list from the mozilla ssl config generator rather than failing with a "ciphers too long" error. ok benno@ sthen@ tb@
Revision 1.138 / (download) - annotate - [select for diffs], Wed Jun 20 16:43:05 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.137: +6 -3 lines
Diff to previous 1.137 (colored)
Add support for simple one-off internal rewrites.
For example:
location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}
Requested by many.
Ok benno@
Revision 1.137 / (download) - annotate - [select for diffs], Sat May 19 13:56:56 2018 UTC (6 years ago) by jsing
Branch: MAIN
Changes since 1.136: +17 -1 lines
Diff to previous 1.136 (colored)
Add support for client certificate authentication to httpd. From Jack Burton <jack at saosce dot com dot au> - thanks! Also tested by Jan Klemkow <j.klemkow at wemelug dot de>. ok beck@ reyk@
Revision 1.136 / (download) - annotate - [select for diffs], Wed Apr 11 15:50:46 2018 UTC (6 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.135: +2 -1 lines
Diff to previous 1.135 (colored)
Make httpd listen on all IPv4 and IPv6 addresses for "listen on * port 80". While here accept up to 16 addresses from DNS or interface groups. requested by & "lovely" deraadt@ OK kn@
Revision 1.135 / (download) - annotate - [select for diffs], Wed Feb 7 03:28:05 2018 UTC (6 years, 3 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.134: +13 -10 lines
Diff to previous 1.134 (colored)
NAME_MAX is the length of the thing between / / in a path *without* the terminating NUL. Do not use it for a "small string" or a "probably short path". Replace it with new defines or PATH_MAX. It also makes the life easier for people auditing the tree for real usage of NAME_MAX. OK deraadt, benno
Revision 1.134 / (download) - annotate - [select for diffs], Fri Aug 11 18:48:56 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.133: +3 -3 lines
Diff to previous 1.133 (colored)
Convert httpd to tls_config_set_ecdhecurves(), allowing a list of curves to be specified, rather than a single curve. ok beck@
Revision 1.133 / (download) - annotate - [select for diffs], Wed Jul 19 17:36:25 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.132: +14 -6 lines
Diff to previous 1.132 (colored)
Rework the way that TLS configuration is sent/received via imsgs, so that are no longer limited by the 16KB maximum size of a single imsg. Configuration data that is larger than a single message is now chunked and sent via multiple imsgs. Prompted by a diff from Jack Burton <jack at saosce dot com dot au>. ok reyk@
Revision 1.132 / (download) - annotate - [select for diffs], Sun May 28 10:37:26 2017 UTC (7 years ago) by benno
Branch: MAIN
Changes since 1.131: +4 -4 lines
Diff to previous 1.131 (colored)
use __func__ in log messages. From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks! ok florian, claudio
Revision 1.131 / (download) - annotate - [select for diffs], Sat Mar 25 17:25:34 2017 UTC (7 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.130: +18 -2 lines
Diff to previous 1.130 (colored)
Implement TLS ticket support in httpd. Off by default. Use tls ticket lifetime default to turn it on with a 2h ticket lifetime. Rekeying happens after a quarter of that time. OK reky@ and bob@
Revision 1.130 / (download) - annotate - [select for diffs], Tue Feb 7 12:27:42 2017 UTC (7 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.129: +3 -1 lines
Diff to previous 1.129 (colored)
/tmp/cvsspEkok
Revision 1.129 / (download) - annotate - [select for diffs], Fri Feb 3 08:23:46 2017 UTC (7 years, 3 months ago) by guenther
Branch: MAIN
Changes since 1.128: +2 -1 lines
Diff to previous 1.128 (colored)
Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> and
instead pull in <netinet/in.h> or <arpa/inet.h> when those are needed.
ok florian@ beck@ millert@
Revision 1.128 / (download) - annotate - [select for diffs], Thu Feb 2 22:19:59 2017 UTC (7 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.127: +2 -1 lines
Diff to previous 1.127 (colored)
Fix support for HTTP pipelining by handling all requests in the buffer. Tested & OK jung@
Revision 1.127 / (download) - annotate - [select for diffs], Tue Jan 31 14:39:47 2017 UTC (7 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.126: +23 -2 lines
Diff to previous 1.126 (colored)
Reimplement httpd's support for byte ranges. The previous implementation loaded all the output into a single output buffer and used its size to determine the Content-Length of the body. The new implementation calculates the body length first and writes the individual ranges in an async way using the bufferevent mechanism. This prevents httpd from using too much memory and applies the watermark and throttling mechanisms to range requests. Problem reported by Pierre Kim (pierre.kim.sec at gmail.com) OK benno@ sunil@
Revision 1.126 / (download) - annotate - [select for diffs], Tue Jan 31 12:21:27 2017 UTC (7 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.125: +2 -1 lines
Diff to previous 1.125 (colored)
The variable clt_done is used in too many places. Introduce a new variable clt_headersdone in the async HTTP parser. OK sunil@ benno@
Revision 1.125 / (download) - annotate - [select for diffs], Mon Jan 9 14:49:22 2017 UTC (7 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.124: +3 -2 lines
Diff to previous 1.124 (colored)
Stop accessing verbose and debug variables from log.c directly. This replaces log_verbose() and "extern int verbose" with the two functions log_setverbose() and log_getverbose(). Pointed out by benno@ OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
Revision 1.124 / (download) - annotate - [select for diffs], Thu Nov 17 14:52:48 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.123: +2 -1 lines
Diff to previous 1.123 (colored)
Move OCSP loading into a separate function - it is not part of the keypair and this way we can give a separate specific error message. ok beck@ reyk@
Revision 1.123 / (download) - annotate - [select for diffs], Sun Nov 6 10:49:38 2016 UTC (7 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.122: +5 -1 lines
Diff to previous 1.122 (colored)
Add OCSP stapling support to httpd ok jsing@ bcook@
Revision 1.122 / (download) - annotate - [select for diffs], Wed Oct 12 10:57:30 2016 UTC (7 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.121: +2 -1 lines
Diff to previous 1.121 (colored)
Prevent fd exhaustion in the parent when loading the listening server sockets by sending the fd one-by-one. This allows to start httpd with max 32 server instances and many server sockets without changing the default rlimits in any way. OK rzalamena@
Revision 1.121 / (download) - annotate - [select for diffs], Wed Oct 5 16:58:19 2016 UTC (7 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.120: +2 -1 lines
Diff to previous 1.120 (colored)
sync proc.c with vmd: add p_pw to specify a non-standard user for a process. OK rzalamena@
Revision 1.120 / (download) - annotate - [select for diffs], Wed Sep 28 12:01:04 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.119: +2 -3 lines
Diff to previous 1.119 (colored)
sync proc.c from switchd, includes minor cast qual fix and removal of p_env.
Revision 1.119 / (download) - annotate - [select for diffs], Sat Sep 3 14:44:21 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.118: +4 -7 lines
Diff to previous 1.118 (colored)
Replace [RELAY|SERVER]_MAXPROC with the new PROC_MAX_INSTANCES variable and limit it from 128 to 32 instances (the old value). While here, move a few PROC_ defines around. OK rzalamena@
Revision 1.118 / (download) - annotate - [select for diffs], Fri Sep 2 11:25:14 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.117: +2 -2 lines
Diff to previous 1.117 (colored)
proc.c tweaks: Rename proc_listento() to proc_accept() as it is the receiving side of proc_connect(). Move some code from main into proc_init(), the function is now called by parent and children, not just the parent and it is less copy + paste for other daemons. OK florian@
Revision 1.117 / (download) - annotate - [select for diffs], Thu Sep 1 11:13:18 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.116: +13 -9 lines
Diff to previous 1.116 (colored)
struct client starts to become the kitchen sink. Move fastcgi data to its own struct. Requested by and OK reyk@
Revision 1.116 / (download) - annotate - [select for diffs], Thu Sep 1 10:59:38 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.115: +3 -2 lines
Diff to previous 1.115 (colored)
spacing
Revision 1.115 / (download) - annotate - [select for diffs], Thu Sep 1 09:47:03 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.114: +17 -4 lines
Diff to previous 1.114 (colored)
Teach httpd/proc.c how to fork+exec. This commit implemented the basic functions to proc.c to make it not rely on global variables, malloc()ed memory and CLOEXEC pipes. Fix child proc titles from reyk@ ok reyk@, florian@
Revision 1.114 / (download) - annotate - [select for diffs], Tue Aug 30 14:31:53 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.113: +4 -5 lines
Diff to previous 1.113 (colored)
Kill (remove) the ps_pid from privsep struct since it is not being used anymore. Also fix the process initialization prototypes. ok reyk@
Revision 1.113 / (download) - annotate - [select for diffs], Tue Aug 30 13:37:10 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.112: +1 -4 lines
Diff to previous 1.112 (colored)
Remove duplicated prototypes from header. "Looks good to me" natano@
Revision 1.112 / (download) - annotate - [select for diffs], Tue Aug 30 10:54:42 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.111: +3 -1 lines
Diff to previous 1.111 (colored)
Do not assume that the full http response header is in the first fastcgi stdout record. Keep processing stdout records until we found the header / body separator and only then generate the header response. Problem reported by many. OK jung@
Revision 1.111 / (download) - annotate - [select for diffs], Sat Aug 27 11:13:16 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.110: +2 -3 lines
Diff to previous 1.110 (colored)
Kill p_instance from proc.c and remove static proc_id unused variables. To keep the debug functionality intact and correct we'll use the pid field in the imsg header to pass the instance number. Remember to always pass 'ps_instance + 1' otherwise libutil will fill imsg header pid field with the imsgbuf pid (which is the current process pid). ok reyk@
Revision 1.110 / (download) - annotate - [select for diffs], Fri Aug 26 12:24:21 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.109: +1 -2 lines
Diff to previous 1.109 (colored)
Kill the ps_ninstances from proc.c. We got the same information in ps_instances[proc] (more accurate) and we avoid allocating unnecessary memory for pipe storage. ok reyk@
Revision 1.109 / (download) - annotate - [select for diffs], Fri Aug 26 10:46:39 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.108: +4 -2 lines
Diff to previous 1.108 (colored)
Replace the static env variables with a single global variable. ok reyk@
Revision 1.108 / (download) - annotate - [select for diffs], Mon Aug 22 15:02:18 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.107: +2 -2 lines
Diff to previous 1.107 (colored)
Enable SNI support in httpd(8). ok reyk@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Aug 16 18:41:57 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.106: +5 -1 lines
Diff to previous 1.106 (colored)
stop including sys/param.h for nitems. define locally as needed. ok natano reyk
Revision 1.106 / (download) - annotate - [select for diffs], Mon Aug 15 16:12:34 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.105: +3 -1 lines
Diff to previous 1.105 (colored)
Move server_match() from parse.y to server.c; use env instead of conf, which is actually the same thing (cluebat from reyk@).
Revision 1.105 / (download) - annotate - [select for diffs], Mon Aug 15 13:48:24 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.104: +2 -1 lines
Diff to previous 1.104 (colored)
Make httpd stricter with respect to TLS configuration - in particular, do not allow TLS and non-TLS to be configured on the same port, do not allow TLS options to be specified without a TLS listener and ensure that the TLS options are the same when a server is specified on the same address/port. Currently, these configurations are permitted but do not work as intended. Also factor out and reuse the server matching code, which was previously duplicated. ok reyk@
Revision 1.104 / (download) - annotate - [select for diffs], Wed Jul 13 16:35:47 2016 UTC (7 years, 10 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.103: +2 -2 lines
Diff to previous 1.103 (colored)
Adjust existing tls_config_set_cipher() callers for TLS cipher group changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
Revision 1.103 / (download) - annotate - [select for diffs], Thu Apr 28 14:20:11 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.102: +1 -4 lines
Diff to previous 1.102 (colored)
Simplify TLS configuration handling. Instead of matching by address/port, match by configuration ID. This also prevents a memory leak when there are multiple certificates specified for the same server. ok beck@
Revision 1.102 / (download) - annotate - [select for diffs], Wed Dec 2 15:13:00 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.101: +7 -3 lines
Diff to previous 1.101 (colored)
sync with relayd, use proc_compose()
Revision 1.101 / (download) - annotate - [select for diffs], Mon Nov 23 20:56:14 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.100: +1 -7 lines
Diff to previous 1.100 (colored)
Retire socket_set_blockmode() in favor of the SOCK_NONBLOCK type flag. As done in iked and snmpd. OK jung@
Revision 1.100 / (download) - annotate - [select for diffs], Sun Nov 22 13:27:13 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.99: +7 -4 lines
Diff to previous 1.99 (colored)
Update log.c: change fatal() and fatalx() into variadic functions, include the process name, and replace all calls of fatal*(NULL) with fatal(__func__) for better debugging. OK benno@
Revision 1.99 / (download) - annotate - [select for diffs], Sat Nov 21 12:40:59 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.98: +17 -11 lines
Diff to previous 1.98 (colored)
Move local logging functions into httpd.c, and sync log.c with relayd - both daemons are now sharing the same file. No functional changes.
Revision 1.98 / (download) - annotate - [select for diffs], Mon Sep 7 14:46:24 2015 UTC (8 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)
Fix a regression that was introduced with server.c r1.64: Do NOT free srv_conf->auth in serverconfig_free() because it was not allocated in config_getserver() but assigned as a reference by id from a global list that is maintained independently. This fixes a potential double-free. This fix also makes srv_conf->auth "const" to emphasize that the read-only auth pointer was not allocated here. OK jsing@
Revision 1.97 / (download) - annotate - [select for diffs], Thu Aug 20 13:00:23 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.96: +63 -60 lines
Diff to previous 1.96 (colored)
Change httpd(8) to use C99-style fixed-width integers (uintN_t instead of u_intN_t) and replace u_int with unsigned int. Mixing both variants is a bad style and most contributors seem to prefer this style; it also helps us to get used to it, portability, and standardization. Theoretically no binary change, except one in practice: httpd.o has a different checksum because gcc with -O2 pads/optimizes "struct privsep" differently when using "unsigned int" instead "u_int" for the affected members. "u_int" is just a typedef of "unsigned int", -O0 doesn't build the difference and clang with -O2 doesn't do it either - it is just another curiosity from gcc-land. OK semarie@
Revision 1.96 / (download) - annotate - [select for diffs], Mon Aug 3 11:45:17 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.95: +2 -1 lines
Diff to previous 1.95 (colored)
Fix rev 1.70 of server.c by only re-enabling the bufferevent if we previously disabled it because we were reading to fast (from disk). Problem noted and tracked down to that commit by weerd@ and independently by stsp@. Tested by weerd@, stsp@, reyk@ OK bluhm@, reyk@
Revision 1.95 / (download) - annotate - [select for diffs], Fri Jul 31 00:10:51 2015 UTC (8 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.94: +3 -3 lines
Diff to previous 1.94 (colored)
repair hsts header output, wrong format strings caused broken Strict-Transport-Security headers. Add __format__ attribute to kv_set() and kv_setkey() to make it easier to spot such problems. Found by and fix from Donovan Watteau <tsoomi -AT- gmail -DOT- com>, thanks for your help. ok deraadt@
Revision 1.94 / (download) - annotate - [select for diffs], Wed Jul 29 22:03:41 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.93: +1 -11 lines
Diff to previous 1.93 (colored)
backout the previous: it broke wordpress somehow. we need more care to find a proper fix for the fastcgi headers. acknowledged by deraadt@
Revision 1.93 / (download) - annotate - [select for diffs], Wed Jul 29 20:03:14 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.92: +11 -1 lines
Diff to previous 1.92 (colored)
Read fcgi response records until we have the whole http header and can parse it. Otherwise http headers can leak into the body. Pointed out by Jean-Philippe Ouellet on bugs@ Thanks! OK reyk, commit ASAP deraadt@
Revision 1.92 / (download) - annotate - [select for diffs], Sun Jul 19 05:17:27 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.91: +6 -2 lines
Diff to previous 1.91 (colored)
For the completeness of HSTS, add the non-standard preload option. OK florian@
Revision 1.91 / (download) - annotate - [select for diffs], Sat Jul 18 22:19:50 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.90: +1 -3 lines
Diff to previous 1.90 (colored)
libtls has been changed to set SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default. This gives tls_write() a similar short write semantics as write(2) and a workaround in httpd to cope with the previous differences can be removed. Specifically, httpd can stop copying data into a local buffer that was used to keep it around for repeated writes. OK bluhm@
Revision 1.90 / (download) - annotate - [select for diffs], Sat Jul 18 06:00:43 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.89: +19 -12 lines
Diff to previous 1.89 (colored)
Allow to change the default media type globally or per-location, eg. default type text/html. OK florian@
Revision 1.89 / (download) - annotate - [select for diffs], Sat Jul 18 05:41:18 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.88: +7 -2 lines
Diff to previous 1.88 (colored)
Implement HTTP Strict Transport Security (HSTS). Input & OK reyk
Revision 1.88 / (download) - annotate - [select for diffs], Thu Jul 16 16:29:25 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.87: +3 -1 lines
Diff to previous 1.87 (colored)
If we can read faster from disk than send data to the client stop reading from disk when we hold a certain amount of data in RAM. Re-enable reading once we send enough data to the client. Otherwise we might end up with the whole file (which can be huge) in RAM. Reported by Matthew Martin ( matt.a.martin AT gmail ) on bugs@, thanks! OK reyk@, benno@
Revision 1.87 / (download) - annotate - [select for diffs], Thu Jul 16 04:46:07 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
VIS_QUOTE is not there yet, unbreak the tree. Noticed by semarie@
Revision 1.86 / (download) - annotate - [select for diffs], Wed Jul 15 23:16:38 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.85: +3 -1 lines
Diff to previous 1.85 (colored)
Escape the message in server_log() as well. OK benno@
Revision 1.85 / (download) - annotate - [select for diffs], Wed Jul 15 16:00:39 2015 UTC (8 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.84: +14 -1 lines
Diff to previous 1.84 (colored)
Send the TLS certificate and key via separate imsgs, rather than including them in the IMSG_CFG_SERVER imsg. This allows the certificate and key to each be almost 16KB (the maximum size for an imsg), rather than having a combined total of less than 16KB (which can be reached with large keys, certificate bundles or by including text versions of certificates). ok reyk@
Revision 1.84 / (download) - annotate - [select for diffs], Tue Jun 23 15:23:14 2015 UTC (8 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.83: +8 -2 lines
Diff to previous 1.83 (colored)
Add initial support for pattern matching using Lua's pattern matching code. With important help on the pattern matcher from semarie@ OK semarie@
Revision 1.83 / (download) - annotate - [select for diffs], Wed May 20 09:28:47 2015 UTC (9 years ago) by kettenis
Branch: MAIN
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored)
Use off_t instead of size_t to pass file size and print it using %lld when constructing the Content-Length header field. Should fix some, but probably not all, problems with serving files bigger than 2G on 32-bit architectures. ok reyk@, florian@
Revision 1.82 / (download) - annotate - [select for diffs], Sun Mar 15 22:08:45 2015 UTC (9 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.81: +1 -2 lines
Diff to previous 1.81 (colored)
Prevent use after free. While here unconditionally free clt and move declaration of server_inflight_dec() into server.c Found while investigating if (foo != NULL) free(foo) patterns pointed out by Markus Elfring. OK reyk
Revision 1.81 / (download) - annotate - [select for diffs], Mon Feb 23 18:43:18 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.80: +2 -1 lines
Diff to previous 1.80 (colored)
Allow to specify CGI variables as macros in redirection strings, eg. block return 301 "http://www.example.com/$REQUEST_URI" OK tedu@ florian@
Revision 1.80 / (download) - annotate - [select for diffs], Thu Feb 12 10:05:29 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored)
Rename escape_uri() to url_encode() because it is the opposite of url_decode(). No functional change.
Revision 1.79 / (download) - annotate - [select for diffs], Thu Feb 12 04:40:23 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.78: +2 -1 lines
Diff to previous 1.78 (colored)
Allow TLS protocols to be specified via a "tls protocols" configuration option. ok reyk@
Revision 1.78 / (download) - annotate - [select for diffs], Tue Feb 10 08:12:29 2015 UTC (9 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.77: +3 -1 lines
Diff to previous 1.77 (colored)
Encode directory listings. Problem pointed out by remco AT d-compu.dyndns.org some time ago. Input / OK reyk@
Revision 1.77 / (download) - annotate - [select for diffs], Sat Feb 7 23:56:02 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.76: +5 -5 lines
Diff to previous 1.76 (colored)
Remove server_load_file() in favor of tls_load_file(3)
Revision 1.76 / (download) - annotate - [select for diffs], Sat Feb 7 06:26:28 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.75: +5 -1 lines
Diff to previous 1.75 (colored)
Add httpd configuration options to allow the specification of DHE parameters and the ECDHE curve. This primarily allows for DHE cipher suites to be enabled. ok reyk@
Revision 1.75 / (download) - annotate - [select for diffs], Sat Feb 7 01:23:12 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.74: +8 -2 lines
Diff to previous 1.74 (colored)
Add support for blocking, dropping, and redirecting requests. OK florian@
Revision 1.74 / (download) - annotate - [select for diffs], Fri Feb 6 13:05:20 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.73: +2 -1 lines
Diff to previous 1.73 (colored)
Fix log options in locations. Reported and tested by Markus Bergkvist OK florian@
Revision 1.73 / (download) - annotate - [select for diffs], Wed Jan 21 22:23:24 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.72: +1 -2 lines
Diff to previous 1.72 (colored)
Ooops, no need to include sys/cdefs.h. Pointed out by florian@
Revision 1.72 / (download) - annotate - [select for diffs], Wed Jan 21 22:21:05 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.71: +10 -1 lines
Diff to previous 1.71 (colored)
httpd is based on relayd and had included many headers that are only needed by its ancestor. jsg@, include-what-you-use, and some manual review helped to cleanup the headers (take iwyu with a grain of salt). Based on common practice, httpd.h now also includes the necessary headers for itself. OK florian@
Revision 1.71 / (download) - annotate - [select for diffs], Mon Jan 19 20:00:07 2015 UTC (9 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored)
s/clt_fcgi_remote_user/clt_remote_user/ OK reyk@
Revision 1.70 / (download) - annotate - [select for diffs], Mon Jan 19 19:37:50 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.69: +23 -5 lines
Diff to previous 1.69 (colored)
Decouple auth parameters from struct server_config into struct auth. OK florian@
Revision 1.69 / (download) - annotate - [select for diffs], Sun Jan 18 14:01:17 2015 UTC (9 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.68: +7 -2 lines
Diff to previous 1.68 (colored)
First stab at implementing basic auth. Currently the htpasswd file needs to be in the chroot; will hopefully improved soonish. Based on a diff from Oscar Linderholm many months ago but turned into a complete rewrite. input/OK reyk@
Revision 1.68 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:17 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.67: +4 -5 lines
Diff to previous 1.67 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.67 / (download) - annotate - [select for diffs], Tue Jan 13 09:21:15 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored)
bump copyright year
Revision 1.66 / (download) - annotate - [select for diffs], Sun Jan 4 22:23:58 2015 UTC (9 years, 4 months ago) by chrisz
Branch: MAIN
Changes since 1.65: +4 -1 lines
Diff to previous 1.65 (colored)
add new url stripping option: strip number Strip number path components from the beginning of the request URI before looking up the stripped-down URI at the document root. reviewed with much patience and OK by reyk@
Revision 1.65 / (download) - annotate - [select for diffs], Fri Jan 2 19:09:52 2015 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.64: +18 -18 lines
Diff to previous 1.64 (colored)
Bump config flags field to 32bits. Makes room for future changes - but no functional change yet.
Revision 1.64 / (download) - annotate - [select for diffs], Fri Dec 12 14:45:59 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.63: +14 -14 lines
Diff to previous 1.63 (colored)
Like previously done in relayd, change the keyword "ssl" to "tls" to reflect reality. OK benno@
Revision 1.51.2.1 / (download) - annotate - [select for diffs], Thu Nov 20 07:48:45 2014 UTC (9 years, 6 months ago) by jasper
Branch: OPENBSD_5_6
Changes since 1.51: +19 -6 lines
Diff to previous 1.51 (colored) next main 1.52 (colored)
httpd was developed very rapidly in the weeks before 5.6 release, and it has a few flaws. It would be nice to get these flaws fully remediated before the next release, and that requires the community to want to use it. Therefore here is a "jumbo" patch that brings in the most important fixes. committing on behalf of reyk@
Revision 1.63 / (download) - annotate - [select for diffs], Tue Nov 11 15:54:45 2014 UTC (9 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.62: +2 -1 lines
Diff to previous 1.62 (colored)
Allow the log directory to be configurable in the config file, rather than fixed as /logs within the chroot. As this httpd is properly privesp'ed this has the nice property of allowing us to put the logs outside the chroot if we want to. ok reyk@
Revision 1.62 / (download) - annotate - [select for diffs], Mon Nov 3 18:43:24 2014 UTC (9 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.61: +2 -1 lines
Diff to previous 1.61 (colored)
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK deraadt@
Revision 1.61 / (download) - annotate - [select for diffs], Fri Oct 31 13:49:52 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.60: +5 -5 lines
Diff to previous 1.60 (colored)
Update httpd(8) to use libtls instead of libressl.
Revision 1.60 / (download) - annotate - [select for diffs], Wed Oct 22 09:48:03 2014 UTC (9 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.59: +2 -1 lines
Diff to previous 1.59 (colored)
URL-decode the request path. Tested by ajacoutot@ and others OK doug@
Revision 1.59 / (download) - annotate - [select for diffs], Wed Sep 10 15:39:57 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.58: +2 -1 lines
Diff to previous 1.58 (colored)
Handle different possible variations of the Host header (eg. www.example.com, www.example.com:80, [2001:db8::1], [2001:db8::1]:80). The port is optional and is typically used on non-default ports. If the server name is a plain IPv6 address, it is commonly specified in square brackets. Makes ajacoutot@ happy OK florian@
Revision 1.58 / (download) - annotate - [select for diffs], Fri Sep 5 10:04:20 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.57: +3 -1 lines
Diff to previous 1.57 (colored)
Remove a limitation that only allowed to specify a server name once. The key has been changed to server name + address + port and now it is possible to use the same server name for multiple servers with different addresses, eg. http://www.example.com and https://www.example.com/. OK doug@ florian@
Revision 1.57 / (download) - annotate - [select for diffs], Tue Sep 2 16:20:41 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.56: +5 -1 lines
Diff to previous 1.56 (colored)
FastCGI did not support persistent connections. Add initial support for persistent connections with FastCGI by implementing chunked Transfer-Encoding. This only works with HTTP/1.1. With input and help from florian@ who found some FastCGI edge cases. OK florian@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Sep 1 09:32:43 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.55: +2 -1 lines
Diff to previous 1.55 (colored)
Replace the code to get the FastCGI Status header with a proper way to parse and write the headers using the http response descriptor. This allows to add other tweaks, like support for chunked encoding, later. OK florian@
Revision 1.55 / (download) - annotate - [select for diffs], Fri Aug 29 13:01:46 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.54: +4 -3 lines
Diff to previous 1.54 (colored)
Use two instead of one http descriptor for request and response. OK chrisz@
Revision 1.54 / (download) - annotate - [select for diffs], Thu Aug 21 19:23:10 2014 UTC (9 years, 9 months ago) by chrisz
Branch: MAIN
Changes since 1.53: +3 -3 lines
Diff to previous 1.53 (colored)
Add Last-Modified: HTTP header. OK reyk@
Revision 1.53 / (download) - annotate - [select for diffs], Wed Aug 13 16:04:28 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
Provide a failsafe version of the path_info() function that doesn't need a temporary path variable. Based on an initial diff from chrisz@. "Commit any failsafe version and I'm ok with it" chrisz@
Revision 1.52 / (download) - annotate - [select for diffs], Fri Aug 8 18:29:42 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.51: +3 -1 lines
Diff to previous 1.51 (colored)
When opening directories, re-match the location after the index file has been appended. This allows to use a fastcgi target as the default index, for example index.php. OK florian@
Revision 1.51 / (download) - annotate - [select for diffs], Wed Aug 6 18:21:14 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE
Branch point for: OPENBSD_5_6
Changes since 1.50: +3 -1 lines
Diff to previous 1.50 (colored)
Limit the body size in client requests (eg. POST data) to 1M by default; add a configuration option to change the limit. ok florian@
Revision 1.50 / (download) - annotate - [select for diffs], Wed Aug 6 16:09:02 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.49: +4 -2 lines
Diff to previous 1.49 (colored)
Configure the default SSL ciphers as HIGH:!aNULL. ok deraadt@ reyk@
Revision 1.49 / (download) - annotate - [select for diffs], Wed Aug 6 15:08:04 2014 UTC (9 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.48: +4 -1 lines
Diff to previous 1.48 (colored)
http POST support with & OK reyk@
Revision 1.48 / (download) - annotate - [select for diffs], Wed Aug 6 09:36:31 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.47: +2 -1 lines
Diff to previous 1.47 (colored)
Adjust the read/write watermarks according to the TCP send buffer. This fixes sending of large files. Previously, httpd was reading the input file too quickly and could run out of memory when filling the input buffer. Found by jsg@ OK florian@
Revision 1.47 / (download) - annotate - [select for diffs], Wed Aug 6 02:04:42 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.46: +11 -3 lines
Diff to previous 1.46 (colored)
Load the SSL public/private keys in the parent process, then provide them to the privsep process via imsg. This allows the keys to be moved out of the chroot (now /etc/ssl/server.crt, /etc/ssl/private/server.key). ok reyk@
Revision 1.46 / (download) - annotate - [select for diffs], Tue Aug 5 18:01:10 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.45: +4 -3 lines
Diff to previous 1.45 (colored)
Add configuration options for the most-important connection limits: max requests (per connection) and timeout. We don't want to add too many button, and there are good defaults, but these ones are kind of mandatory.
Revision 1.45 / (download) - annotate - [select for diffs], Tue Aug 5 16:30:35 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.44: +2 -1 lines
Diff to previous 1.44 (colored)
Limit the number of (Keep-Alive) requests per connection to 100. (Same default as in nginx and Apache).
Revision 1.44 / (download) - annotate - [select for diffs], Tue Aug 5 15:36:59 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.43: +29 -10 lines
Diff to previous 1.43 (colored)
Improve logging to allow per- server/location log files. The log files can also be owned by root now: they're opened by the parent and send to the logger process with fd passing. This also works with reload. ok deraadt@
Revision 1.43 / (download) - annotate - [select for diffs], Tue Aug 5 09:24:21 2014 UTC (9 years, 9 months ago) by jsg
Branch: MAIN
Changes since 1.42: +2 -1 lines
Diff to previous 1.42 (colored)
add a config option to specify the chroot directory ok reyk@
Revision 1.42 / (download) - annotate - [select for diffs], Mon Aug 4 18:12:15 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.41: +3 -1 lines
Diff to previous 1.41 (colored)
Temporarily move the default location of the SSL/TLS server key and certificate from /var/www/ to /var/www/conf/. Don't get scared - this will be changed soon! They're currently located in the chroot directory but will be moved outside as soon as we adopted some of the key privsep from relayd in ressl/httpd.
Revision 1.41 / (download) - annotate - [select for diffs], Mon Aug 4 17:38:12 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.40: +9 -1 lines
Diff to previous 1.40 (colored)
Proxy commit for jsing@: "Add TLS/SSL support to httpd, based on the recent ressl commits." From jsing@ ok reyk@
Revision 1.40 / (download) - annotate - [select for diffs], Mon Aug 4 15:49:28 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.39: +24 -6 lines
Diff to previous 1.39 (colored)
Add initial support for log files in /var/www/logs/. Logging with syslog is still supported but disabled by default. ok deraadt@
Revision 1.39 / (download) - annotate - [select for diffs], Mon Aug 4 14:49:24 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
Implement PATH_INFO and add DOCUMENT_ROOT. PATH_INFO was requested by naddy@ who successfully tested it with "cvsweb". ok naddy@
Revision 1.38 / (download) - annotate - [select for diffs], Mon Aug 4 06:35:10 2014 UTC (9 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
whitespace
Revision 1.37 / (download) - annotate - [select for diffs], Sun Aug 3 20:39:40 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.36: +4 -3 lines
Diff to previous 1.36 (colored)
Dynamically pass HTTP request headers as protocol-specific HTTP_* CGI meta-variables. ok florian@
Revision 1.36 / (download) - annotate - [select for diffs], Sun Aug 3 12:26:19 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.35: +3 -3 lines
Diff to previous 1.35 (colored)
Add function to iterate all headers. No functional change.
Revision 1.35 / (download) - annotate - [select for diffs], Sun Aug 3 11:16:10 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.34: +15 -13 lines
Diff to previous 1.34 (colored)
Split fastcgi socket path and document root option and add the SCRIPT_FILENAME CGI param with a prepended root. This fixes php-fpm that expects SCRIPT_FILENAME and also works with slowcgi if you configure the root correctly. For example, if SCRIPT_NAME and REQUEST_URI are /php/index.php, root is /htdocs, SCRIPT_FILENAME will be /htdocs/php/index.php. As tested and discussed with florian@
Revision 1.34 / (download) - annotate - [select for diffs], Sun Aug 3 10:26:43 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.33: +4 -3 lines
Diff to previous 1.33 (colored)
Add another log mode "connection" for a relayd(8)-style log entry after each connection, not every request. The code was already there and enabled on debug, I just turned it into an alternative log format.
Revision 1.33 / (download) - annotate - [select for diffs], Sat Aug 2 21:21:47 2014 UTC (9 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.32: +15 -14 lines
Diff to previous 1.32 (colored)
Locations now inherit access log settings from the server. Add log to the server flags. input/"Looks ok" reyk@
Revision 1.32 / (download) - annotate - [select for diffs], Sat Aug 2 17:05:18 2014 UTC (9 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.31: +4 -2 lines
Diff to previous 1.31 (colored)
Padding of fcgi records is optional, but if we receive padding data we should read it.
Revision 1.31 / (download) - annotate - [select for diffs], Sat Aug 2 11:52:00 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.30: +3 -1 lines
Diff to previous 1.30 (colored)
Allow to specify a FastCGI TCP socket on localhost (eg. :9000). Used for debugging, you should prefer local UNIX sockets, but it helped to find an issue that will be fixed with the next commit. OK florian@
Revision 1.30 / (download) - annotate - [select for diffs], Fri Aug 1 22:24:05 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)
Use the log buffer to defer the logging until the connection is closed or the request completed. Turn the old log message into a debug message. ok doug@
Revision 1.29 / (download) - annotate - [select for diffs], Fri Aug 1 21:59:56 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.28: +1 -4 lines
Diff to previous 1.28 (colored)
remove the global "log updates/all" option that came from relayd.
Revision 1.28 / (download) - annotate - [select for diffs], Fri Aug 1 21:51:02 2014 UTC (9 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.27: +10 -1 lines
Diff to previous 1.27 (colored)
Add common and combined access logging to httpd. ok reyk@
Revision 1.27 / (download) - annotate - [select for diffs], Fri Aug 1 08:34:46 2014 UTC (9 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.26: +10 -1 lines
Diff to previous 1.26 (colored)
Correctly parse fcgi records if we don't get the whole record in one bufferevent_read(). Input/OK reyk@
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jul 31 18:07:11 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)
Only write the HTTP header for the first fastcgi chunk.
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jul 31 17:55:09 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.24: +3 -1 lines
Diff to previous 1.24 (colored)
some fastcgi improvements: - DPRINTF instead of log_info for internal debugging. - submit QUERY_STRING, if it exists - use a proper function to create an HTTP header. - use server_file_error() to detect EOF and fastcgi stream errors. - disable keep-alive/persist for now until we have a reliable way to get the content length from the cgi response or support chunked encoding. "Cool, jep" florian@
Revision 1.24 / (download) - annotate - [select for diffs], Thu Jul 31 14:25:14 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.23: +2 -3 lines
Diff to previous 1.23 (colored)
One bufferevent can be shared by file and fcgi.
Revision 1.23 / (download) - annotate - [select for diffs], Thu Jul 31 14:18:38 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
Allow to specify a non-default fastcgi socket.
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jul 31 13:28:15 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.21: +5 -5 lines
Diff to previous 1.21 (colored)
Rename the "docroot" variable to "path" because it will be used for either files or the fastcgi socket (and there's no need to use a union yet).
Revision 1.21 / (download) - annotate - [select for diffs], Thu Jul 31 09:34:57 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.20: +5 -2 lines
Diff to previous 1.20 (colored)
Add a configuration variable "fastcgi" to enable it per server or location.
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jul 31 09:23:53 2014 UTC (9 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.19: +5 -1 lines
Diff to previous 1.19 (colored)
Put in first stab at fastcgi. Very early work in progress. Putting it in now so that we can quickly work on it in tree. Requested by reyk@. deraadt@ is OK with this according to reyk@.
Revision 1.19 / (download) - annotate - [select for diffs], Wed Jul 30 13:49:48 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.18: +1 -3 lines
Diff to previous 1.18 (colored)
Make "location" work with name-based virtual servers.
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jul 30 10:05:14 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.17: +7 -2 lines
Diff to previous 1.17 (colored)
Add "location" keyword to specify path-specific configuration in servers, for example auto index for a sub-directory only. Internally, a "location" is just a special type of a "virtual" server.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Jul 29 16:17:28 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.16: +12 -2 lines
Diff to previous 1.16 (colored)
Add extended directory index options: "[no] index" and "[no] auto index". The option "directory auto index" implements basic directory listing and is turned off by default. ok deraadt@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jul 29 12:16:36 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.15: +21 -21 lines
Diff to previous 1.15 (colored)
Move configurable TCP options into struct server_config.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jul 25 23:30:58 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
Differentiate servers by address and port, not just by address.
Revision 1.14 / (download) - annotate - [select for diffs], Fri Jul 25 23:23:39 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.13: +4 -1 lines
Diff to previous 1.13 (colored)
It is recommended to use a URL in the Location header of 3xx responses. To accomplish this, add some semantics to retrieve the server host name of a connection: either IP, IP:PORT (if not 80) or [IP6]:PORT, or Host value (if valid).
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jul 25 21:29:58 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
Canonicalize the request path once without the docroot and prepend the docroot only only when it's needed. Suggested by deraadt@.
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jul 25 16:23:19 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.11: +12 -1 lines
Diff to previous 1.11 (colored)
Add support for "virtual hosts" aka. server blocks aka. multiple servers with the same or "overlapping" IP address but a different name. ok beck@
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jul 25 13:10:18 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)
Split server and server_config.
Revision 1.10 / (download) - annotate - [select for diffs], Fri Jul 25 12:46:23 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
Rename a field, needed later, no functional change.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jul 25 12:42:05 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)
Move the docroot into the server block.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Jul 24 08:11:27 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.7: +1 -5 lines
Diff to previous 1.7 (colored)
Remove unused fields from structure
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jul 23 19:03:56 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.6: +4 -1 lines
Diff to previous 1.6 (colored)
Add canonicalize_path() to canonicalize the requested URL path.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jul 23 13:26:39 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)
Correctly shutdown the servers when the process is terminating; prevents a crash on exit. With debugging help from blambert@.
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jul 23 12:01:27 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
always enable DPRINTF with compiled with DEBUG
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jul 16 10:25:28 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.3: +4 -2 lines
Diff to previous 1.3 (colored)
Implement file descriptor accounting. The concept was taken from relayd but had to be adjusted for httpd. It now handles single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests. With input from benno@
Revision 1.3 / (download) - annotate - [select for diffs], Mon Jul 14 00:19:48 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.2: +8 -3 lines
Diff to previous 1.2 (colored)
first step towards keep-alive/persistent connections support
Revision 1.2 / (download) - annotate - [select for diffs], Sun Jul 13 14:17:37 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.1: +28 -3 lines
Diff to previous 1.1 (colored)
Add support for media types (aka. MIME types): the types section is compatible to nginx' mime.types file which can be included directly. If not present, use a few built-in defaults for html, css, txt, jpeg, gif, png, and js.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jul 12 23:34:54 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Add httpd(8), an attempt to turn the relayd(8) codebase into a simple web server. It is not finished yet and I just started it today, but the goal is to provide an HTTP server that a) provides minimal features, b) serves static files, c) provides FastCGI support, and d) follows common coding practices of OpenBSD. It will neither support plugins, nor custom memory allocators, EBCDIC support, PCRE or any other things that can be found elsewhere. httpd(8) is not intended to provide a fully-featured replacement for nginx(8) or the Apache, but it will provide enough functionality that is needed in the OpenBSD base system. ok deraadt@