![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / httpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.126.10.2 / (download) - annotate - [select for diffs], Mon Nov 20 18:17:46 2023 UTC (6 months, 1 week ago) by bluhm
Branch: OPENBSD_7_3
Changes since 1.126.10.1: +2 -2 lines
Diff to previous 1.126.10.1 (colored) to branchpoint 1.126 (colored) next main 1.127 (colored)
Avoid a NULL dereference when handling a malformed fastcgi request. Rework the hack to avoid a use-after-free in the fastcgi code. Since server_fcgi() can be called by server_read_httpcontent() we can't set clt_fcgi_error to NULL. Instead, we implement a simple reference count to track when a fastcgi session is in progress to avoid closing the http session prematurely on fastcgi error. Based on a diff from and OK by tb@. Reported by Ben Kallus. from millert@ this is errata/7.3/020_httpd.patch.sig
Revision 1.128.2.1 / (download) - annotate - [select for diffs], Mon Nov 20 18:14:51 2023 UTC (6 months, 1 week ago) by bluhm
Branch: OPENBSD_7_4
Changes since 1.128: +2 -2 lines
Diff to previous 1.128 (colored) next main 1.129 (colored)
Avoid a NULL dereference when handling a malformed fastcgi request. Rework the hack to avoid a use-after-free in the fastcgi code. Since server_fcgi() can be called by server_read_httpcontent() we can't set clt_fcgi_error to NULL. Instead, we implement a simple reference count to track when a fastcgi session is in progress to avoid closing the http session prematurely on fastcgi error. Based on a diff from and OK by tb@. Reported by Ben Kallus. from millert@ this is errata/7.4/006_httpd.patch.sig
Revision 1.129 / (download) - annotate - [select for diffs], Wed Nov 8 19:19:10 2023 UTC (6 months, 3 weeks ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.128: +2 -2 lines
Diff to previous 1.128 (colored)
Avoid a NULL dereference when handling a malformed fastcgi request. Rework the hack to avoid a use-after-free in the fastcgi code. Since server_fcgi() can be called by server_read_httpcontent() we can't set clt_fcgi_error to NULL. Instead, we implement a simple reference count to track when a fastcgi session is in progress to avoid closing the http session prematurely on fastcgi error. Based on a diff from and OK by tb@. Reported by Ben Kallus.
Revision 1.128 / (download) - annotate - [select for diffs], Sun Sep 3 10:18:18 2023 UTC (8 months, 4 weeks ago) by nicm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE
Branch point for: OPENBSD_7_4
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored)
Use EVBUFFER_DATA instead of reaching into struct evbuffer. ok tb
Revision 1.126.6.1 / (download) - annotate - [select for diffs], Wed Jul 12 12:46:33 2023 UTC (10 months, 3 weeks ago) by tb
Branch: OPENBSD_7_2
Changes since 1.126: +6 -1 lines
Diff to previous 1.126 (colored) next main 1.127 (colored)
Work around use after free in httpd(8) A malformed HTTP request can cause httpd in fastcgi mode to crash due to a use-after-free. This is an awful hack, but it's good enough until someone figures out the correct way of dealing with server_close() here. Reported by Jesper Wallin <jesper () ifconfig.se> "this will do the trick for now" claudio ok beck deraadt This is errata/7.2/029_httpd.patch.sig
Revision 1.126.10.1 / (download) - annotate - [select for diffs], Wed Jul 12 12:46:01 2023 UTC (10 months, 3 weeks ago) by tb
Branch: OPENBSD_7_3
Changes since 1.126: +6 -1 lines
Diff to previous 1.126 (colored)
Work around use after free in httpd(8) A malformed HTTP request can cause httpd in fastcgi mode to crash due to a use-after-free. This is an awful hack, but it's good enough until someone figures out the correct way of dealing with server_close() here. Reported by Jesper Wallin <jesper () ifconfig.se> "this will do the trick for now" claudio ok beck deraadt
Revision 1.127 / (download) - annotate - [select for diffs], Wed Jul 12 12:37:27 2023 UTC (10 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.126: +6 -1 lines
Diff to previous 1.126 (colored)
Work around use after free in httpd(8) A malformed HTTP request can cause httpd in fastcgi mode to crash due to a use-after-free. This is an awful hack, but it's good enough until someone figures out the correct way of dealing with server_close() here. "this will do the trick for now" claudio ok beck deraadt
Revision 1.126 / (download) - annotate - [select for diffs], Wed Jul 14 13:33:57 2021 UTC (2 years, 10 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_2_BASE,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Branch point for: OPENBSD_7_3,
OPENBSD_7_2
Changes since 1.125: +1 -5 lines
Diff to previous 1.125 (colored)
Remove unneeded calls to tls_init(3) As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions. Remove explicit tls_init() calls from base to not give the impression of it being needed. Feedback tb OK Tests mestre
Revision 1.125 / (download) - annotate - [select for diffs], Sat Apr 10 10:10:07 2021 UTC (3 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.124: +2 -9 lines
Diff to previous 1.124 (colored)
Do not compare TLS config params for non-TLS servers. This allows to mix 'listen * port 80' and 'listen * tls port 443' in one server block. Also the last argument of server_tls_cmp - match_keypair - is always 0 so remove this code. OK florian@ tb@ some long time ago
Revision 1.124 / (download) - annotate - [select for diffs], Sat Jan 2 18:35:07 2021 UTC (3 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.123: +6 -6 lines
Diff to previous 1.123 (colored)
Pull tls_close() and tls_free() further up, so tls_free() will already be in the right spot once tls_close() is handled by libevent. suggested by jsing
Revision 1.123 / (download) - annotate - [select for diffs], Sat Jan 2 18:31:06 2021 UTC (3 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.122: +7 -5 lines
Diff to previous 1.122 (colored)
Call tls_close() before closing the underlying socket In order to end a TLS connection regularly, an implementation MUST send a close_notify alert. libtls does this in tls_close() via SSL_shutdown(), so the socket had better still be open. The incorrect order in server_close() caused a leak on each tls connection due to a bug in libssl (fixed in tls_record_layer.c r1.56). As pointed out by claudio, tls_close() should really be handled from the main event loop. This will be addressed in a later commit. ok claudio florian jsing
Revision 1.122 / (download) - annotate - [select for diffs], Thu Dec 31 14:17:12 2020 UTC (3 years, 5 months ago) by tb
Branch: MAIN
Changes since 1.121: +4 -2 lines
Diff to previous 1.121 (colored)
Don't leak the log message in server_sendlog While there, use the length calculated by vasprintf() instead of using strlen needlessly. ok claudio florian
Revision 1.121 / (download) - annotate - [select for diffs], Sun Oct 11 03:21:44 2020 UTC (3 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.120: +2 -13 lines
Diff to previous 1.120 (colored)
Handle absence of TLS certs while parsing the config There is a soft fail mechanism to handle missing certs for seamless interaction with acme-client. Move this to the config parser. This is simpler than server.c r1.117 and avoids a crash due to listening on port 443 without having set up the TLS context first. More precisely, the crash happens if a server with missing certificate is visited via https in a configuration where there is a second server with valid certificate and key. From Joshua Sing (joshua at hypera dot dev) ok benno
Revision 1.120 / (download) - annotate - [select for diffs], Mon Oct 14 11:07:08 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.119: +5 -2 lines
Diff to previous 1.119 (colored)
httpd(8) sent a 408 response every time a connection request timeout was reached. This is not what other servers are doing, it leads to ugly log messages and might confuse some clients. benno@ analyzed that the correct behavior is (probably) to send a 408 when we are in the middle of receiving headers and time out there and just close the connection in all other cases. In particular, if a connection gets opened and no request is received at all just close the connection. If a connection is set to keep-alive and a request was handled and no further request is coming in just close the connection. The later is the usual cause for spurious log messages and client confusion. Reported over the years by many. Input, explanations and OK benno
Revision 1.119 / (download) - annotate - [select for diffs], Fri Jun 28 13:32:47 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.118: +3 -3 lines
Diff to previous 1.118 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.118 / (download) - annotate - [select for diffs], Tue Feb 19 11:37:26 2019 UTC (5 years, 3 months ago) by pirofti
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.117: +10 -1 lines
Diff to previous 1.117 (colored)
httpd(8): add support for setting custom FastCGI parameters. This commit extends the existing grammar by adding the param option to the fastcgi directive: fastcgi param name value. Example usage: fastcgi param VAR1 hello fastcgi param VAR2 world With help and OK florian@ Rogue manpage bits, feel free to modify them.
Revision 1.117 / (download) - annotate - [select for diffs], Tue Jan 8 18:35:27 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.116: +12 -1 lines
Diff to previous 1.116 (colored)
Allow httpd(8) to start when TLS is configured but a cert is not yet available. Assuming a httpd.conf based on /etc/examples/httpd.conf, httpd(8) will only listen on port 80 and serve the acme-challenge directory for acme-client(1). The workflow to get a certificate then becomes acme-client -vAD example.com && rcctl reload httpd Without the need to edit the httpd.conf yet again. Once the cert is in place and httpd is reloaded it starts to serve on port 443. Idea, tweaks & OK deraadt, OK benno
Revision 1.116 / (download) - annotate - [select for diffs], Thu Oct 11 09:52:22 2018 UTC (5 years, 7 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.115: +3 -5 lines
Diff to previous 1.115 (colored)
Backout my previous commit: date: 2018/10/01 19:24:09; author: benno; state: Exp; lines: +7 -1; commitid: 0O8fyHPNvPd8rvYU; Only send 408 Timeout responses when we have seen at least part of a request. Without a request, just close the connection when we hit request timeout. Prompted by a bug report from Nikola Kolev, thanks. ok reyk@ and some suggestions from claudio@ and bluhm@ Mark Patruck (mark AT wrapped DOT cx) found a problem with it, thanks for the report. ok reyk@ bluhm@ sthen@ deraadt@
Revision 1.115 / (download) - annotate - [select for diffs], Mon Oct 1 19:24:09 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.114: +5 -3 lines
Diff to previous 1.114 (colored)
Only send 408 Timeout responses when we have seen at least part of a request. Without a request, just close the connection when we hit request timeout. Prompted by a bug report from Nikola Kolev, thanks. ok reyk@ and some suggestions from claudio@ and bluhm@
Revision 1.114 / (download) - annotate - [select for diffs], Sat May 19 13:56:56 2018 UTC (6 years ago) by jsing
Branch: MAIN
Changes since 1.113: +69 -2 lines
Diff to previous 1.113 (colored)
Add support for client certificate authentication to httpd. From Jack Burton <jack at saosce dot com dot au> - thanks! Also tested by Jan Klemkow <j.klemkow at wemelug dot de>. ok beck@ reyk@
Revision 1.113 / (download) - annotate - [select for diffs], Wed Nov 29 16:55:08 2017 UTC (6 years, 6 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.112: +3 -3 lines
Diff to previous 1.112 (colored)
Don't do OCSP stapling only if the staple file is 0 length. This allows something external (like ocspcheck) to disable the stapling deliberatly if it can not retreive a valid staple by truncating the staple file to indicate "do not provide a staple", while the file not existin will still be treated as a configuration error ok claudio@ florian@, and prompted by @jsing
Revision 1.112 / (download) - annotate - [select for diffs], Tue Nov 28 01:21:30 2017 UTC (6 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.111: +13 -3 lines
Diff to previous 1.111 (colored)
Disable oscp stapling on invalid staple, rather than failing to start. ok claudio@ florian@
Revision 1.111 / (download) - annotate - [select for diffs], Fri Aug 11 18:48:56 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.110: +5 -5 lines
Diff to previous 1.110 (colored)
Convert httpd to tls_config_set_ecdhecurves(), allowing a list of curves to be specified, rather than a single curve. ok beck@
Revision 1.110 / (download) - annotate - [select for diffs], Wed Jul 19 17:36:25 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.109: +2 -2 lines
Diff to previous 1.109 (colored)
Rework the way that TLS configuration is sent/received via imsgs, so that are no longer limited by the 16KB maximum size of a single imsg. Configuration data that is larger than a single message is now chunked and sent via multiple imsgs. Prompted by a diff from Jack Burton <jack at saosce dot com dot au>. ok reyk@
Revision 1.109 / (download) - annotate - [select for diffs], Mon Apr 17 21:58:27 2017 UTC (7 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.108: +5 -15 lines
Diff to previous 1.108 (colored)
some freezero() calls
Revision 1.108 / (download) - annotate - [select for diffs], Sat Mar 25 17:25:34 2017 UTC (7 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.107: +64 -1 lines
Diff to previous 1.107 (colored)
Implement TLS ticket support in httpd. Off by default. Use tls ticket lifetime default to turn it on with a 2h ticket lifetime. Rekeying happens after a quarter of that time. OK reky@ and bob@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Feb 7 12:27:42 2017 UTC (7 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.106: +3 -3 lines
Diff to previous 1.106 (colored)
/tmp/cvsspEkok
Revision 1.106 / (download) - annotate - [select for diffs], Thu Feb 2 22:19:59 2017 UTC (7 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.105: +1 -3 lines
Diff to previous 1.105 (colored)
Fix support for HTTP pipelining by handling all requests in the buffer. Tested & OK jung@
Revision 1.105 / (download) - annotate - [select for diffs], Tue Jan 31 20:08:13 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.104: +1 -10 lines
Diff to previous 1.104 (colored)
remove extra call setting OCSP staple now that it is done above using keypair_ocsp.. ok reyk@
Revision 1.104 / (download) - annotate - [select for diffs], Tue Jan 31 17:25:05 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.103: +3 -2 lines
Diff to previous 1.103 (colored)
Correct mistake I made when converting this to new funciton
Revision 1.103 / (download) - annotate - [select for diffs], Tue Jan 31 16:18:57 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.102: +8 -15 lines
Diff to previous 1.102 (colored)
Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may be added associated to a keypair used for SNI, and are usable for more than just the "main" certificate. Modify httpd to use this. Bump libtls minor. ok jsing@
Revision 1.102 / (download) - annotate - [select for diffs], Tue Jan 31 12:20:05 2017 UTC (7 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.101: +8 -4 lines
Diff to previous 1.101 (colored)
Do not set EVBUFFER_EOF on read/write errors and handle EOF correctly. Either libevent or the TLS callback can trigger an EOF when the connection is closed. OK sunil@ jung@ benno@
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jan 9 14:49:22 2017 UTC (7 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.100: +2 -3 lines
Diff to previous 1.100 (colored)
Stop accessing verbose and debug variables from log.c directly. This replaces log_verbose() and "extern int verbose" with the two functions log_setverbose() and log_getverbose(). Pointed out by benno@ OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
Revision 1.100 / (download) - annotate - [select for diffs], Thu Nov 17 14:58:37 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.99: +7 -4 lines
Diff to previous 1.99 (colored)
Check the return value of tls_config_set_protocols(), now that it returns an int.
Revision 1.99 / (download) - annotate - [select for diffs], Thu Nov 17 14:52:48 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.98: +23 -16 lines
Diff to previous 1.98 (colored)
Move OCSP loading into a separate function - it is not part of the keypair and this way we can give a separate specific error message. ok beck@ reyk@
Revision 1.98 / (download) - annotate - [select for diffs], Thu Nov 10 13:21:58 2016 UTC (7 years, 6 months ago) by jca
Branch: MAIN
Changes since 1.97: +25 -7 lines
Diff to previous 1.97 (colored)
Fix tcp ip ttl / minttl on IPv6 sockets. ok florian@
Revision 1.97 / (download) - annotate - [select for diffs], Sun Nov 6 16:05:02 2016 UTC (7 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.96: +10 -8 lines
Diff to previous 1.96 (colored)
conditionalize ocsp load properly ok jsing@
Revision 1.96 / (download) - annotate - [select for diffs], Sun Nov 6 10:49:38 2016 UTC (7 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.95: +32 -1 lines
Diff to previous 1.95 (colored)
Add OCSP stapling support to httpd ok jsing@ bcook@
Revision 1.95 / (download) - annotate - [select for diffs], Tue Aug 30 14:31:53 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.94: +3 -5 lines
Diff to previous 1.94 (colored)
Kill (remove) the ps_pid from privsep struct since it is not being used anymore. Also fix the process initialization prototypes. ok reyk@
Revision 1.94 / (download) - annotate - [select for diffs], Sat Aug 27 11:13:16 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.93: +1 -9 lines
Diff to previous 1.93 (colored)
Kill p_instance from proc.c and remove static proc_id unused variables. To keep the debug functionality intact and correct we'll use the pid field in the imsg header to pass the instance number. Remember to always pass 'ps_instance + 1' otherwise libutil will fill imsg header pid field with the imsgbuf pid (which is the current process pid). ok reyk@
Revision 1.93 / (download) - annotate - [select for diffs], Fri Aug 26 10:46:39 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.92: +21 -23 lines
Diff to previous 1.92 (colored)
Replace the static env variables with a single global variable. ok reyk@
Revision 1.92 / (download) - annotate - [select for diffs], Mon Aug 22 15:02:18 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.91: +27 -6 lines
Diff to previous 1.91 (colored)
Enable SNI support in httpd(8). ok reyk@
Revision 1.91 / (download) - annotate - [select for diffs], Tue Aug 16 18:41:57 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.90: +1 -2 lines
Diff to previous 1.90 (colored)
stop including sys/param.h for nitems. define locally as needed. ok natano reyk
Revision 1.90 / (download) - annotate - [select for diffs], Tue Aug 16 17:10:01 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
Turn "TLS handshake failed -" log message into a debug message - it happens way too often and does not provide much information. OK jung@
Revision 1.89 / (download) - annotate - [select for diffs], Tue Aug 16 08:36:29 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.88: +6 -6 lines
Diff to previous 1.88 (colored)
Rename server_handshake_tls() to server_tls_handshake() to align with the other server_tls_* functions (and I like the prefix notation better). No functional change.
Revision 1.88 / (download) - annotate - [select for diffs], Mon Aug 15 16:12:34 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.87: +28 -1 lines
Diff to previous 1.87 (colored)
Move server_match() from parse.y to server.c; use env instead of conf, which is actually the same thing (cluebat from reyk@).
Revision 1.87 / (download) - annotate - [select for diffs], Mon Aug 15 14:14:55 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.86: +6 -6 lines
Diff to previous 1.86 (colored)
Use lowercase 'tls' in debug and log messages for consistency. Requested by reyk@
Revision 1.86 / (download) - annotate - [select for diffs], Mon Aug 15 13:48:24 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.85: +25 -1 lines
Diff to previous 1.85 (colored)
Make httpd stricter with respect to TLS configuration - in particular, do not allow TLS and non-TLS to be configured on the same port, do not allow TLS options to be specified without a TLS listener and ensure that the TLS options are the same when a server is specified on the same address/port. Currently, these configurations are permitted but do not work as intended. Also factor out and reuse the server matching code, which was previously duplicated. ok reyk@
Revision 1.85 / (download) - annotate - [select for diffs], Thu Apr 28 17:18:06 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.84: +11 -11 lines
Diff to previous 1.84 (colored)
Include the TLS configuration errors in log messages. Also set the certificate and private key at the same time.
Revision 1.84 / (download) - annotate - [select for diffs], Tue Apr 19 16:22:34 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.83: +10 -10 lines
Diff to previous 1.83 (colored)
Use log_warnx() instead of log_warn() when the failure will not have resulted in errno being set. ok reyk@
Revision 1.83 / (download) - annotate - [select for diffs], Wed Dec 2 15:13:00 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.82: +2 -3 lines
Diff to previous 1.82 (colored)
sync with relayd, use proc_compose()
Revision 1.82 / (download) - annotate - [select for diffs], Mon Nov 23 20:56:14 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.81: +3 -7 lines
Diff to previous 1.81 (colored)
Retire socket_set_blockmode() in favor of the SOCK_NONBLOCK type flag. As done in iked and snmpd. OK jung@
Revision 1.81 / (download) - annotate - [select for diffs], Thu Nov 5 18:00:43 2015 UTC (8 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.80: +4 -1 lines
Diff to previous 1.80 (colored)
pledge(2) for httpd. 1) The main process listens on sockets and accepts connections. It creates and opens log files, creates and kills child processes. On start up and on receiving a HUP signal it parses the configuration. It passes on file descriptors for logging or requests to it's children. 2) The logger process writes log messages to a file descriptor passed in from the main process. 3) The server process reads the request from a file descriptor passed in from the main process. It reads a file or creates a directory index to send a response. Additionally this process handles fastcgi requests. It connects to AF_UNIX, AF_INET or AF_INET6 sockets. A re-factoring might make it possible to drop the additional fastcgi privileges when only static files are served. with deraadt@ some time ago prodding & OK deraadt@ tweaks and OK reyk@
Revision 1.80 / (download) - annotate - [select for diffs], Fri Sep 11 13:21:09 2015 UTC (8 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.79: +6 -8 lines
Diff to previous 1.79 (colored)
Fix server_handshake_tls() - we should only call server_input() in the case where the handshake has successfully completed. ok beck@
Revision 1.79 / (download) - annotate - [select for diffs], Thu Sep 10 13:53:13 2015 UTC (8 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.78: +3 -3 lines
Diff to previous 1.78 (colored)
fix return type for tls_read/write jointly with jsing@
Revision 1.78 / (download) - annotate - [select for diffs], Thu Sep 10 10:42:40 2015 UTC (8 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.77: +12 -12 lines
Diff to previous 1.77 (colored)
fix after libtls api changes ok jsing@
Revision 1.77 / (download) - annotate - [select for diffs], Thu Sep 10 10:15:46 2015 UTC (8 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.76: +16 -12 lines
Diff to previous 1.76 (colored)
Update httpd to call tls_handshake() after tls_accept_socket(). ok beck@
Revision 1.76 / (download) - annotate - [select for diffs], Mon Sep 7 14:46:24 2015 UTC (8 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.75: +1 -2 lines
Diff to previous 1.75 (colored)
Fix a regression that was introduced with server.c r1.64: Do NOT free srv_conf->auth in serverconfig_free() because it was not allocated in config_getserver() but assigned as a reference by id from a global list that is maintained independently. This fixes a potential double-free. This fix also makes srv_conf->auth "const" to emphasize that the read-only auth pointer was not allocated here. OK jsing@
Revision 1.75 / (download) - annotate - [select for diffs], Thu Aug 20 13:00:23 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.74: +3 -3 lines
Diff to previous 1.74 (colored)
Change httpd(8) to use C99-style fixed-width integers (uintN_t instead of u_intN_t) and replace u_int with unsigned int. Mixing both variants is a bad style and most contributors seem to prefer this style; it also helps us to get used to it, portability, and standardization. Theoretically no binary change, except one in practice: httpd.o has a different checksum because gcc with -O2 pads/optimizes "struct privsep" differently when using "unsigned int" instead "u_int" for the affected members. "u_int" is just a typedef of "unsigned int", -O0 doesn't build the difference and clang with -O2 doesn't do it either - it is just another curiosity from gcc-land. OK semarie@
Revision 1.74 / (download) - annotate - [select for diffs], Mon Aug 3 11:45:17 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.73: +8 -4 lines
Diff to previous 1.73 (colored)
Fix rev 1.70 of server.c by only re-enabling the bufferevent if we previously disabled it because we were reading to fast (from disk). Problem noted and tracked down to that commit by weerd@ and independently by stsp@. Tested by weerd@, stsp@, reyk@ OK bluhm@, reyk@
Revision 1.73 / (download) - annotate - [select for diffs], Wed Jul 29 22:03:41 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.72: +1 -3 lines
Diff to previous 1.72 (colored)
backout the previous: it broke wordpress somehow. we need more care to find a proper fix for the fastcgi headers. acknowledged by deraadt@
Revision 1.72 / (download) - annotate - [select for diffs], Wed Jul 29 20:03:14 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.71: +3 -1 lines
Diff to previous 1.71 (colored)
Read fcgi response records until we have the whole http header and can parse it. Otherwise http headers can leak into the body. Pointed out by Jean-Philippe Ouellet on bugs@ Thanks! OK reyk, commit ASAP deraadt@
Revision 1.71 / (download) - annotate - [select for diffs], Sat Jul 18 22:19:50 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.70: +5 -24 lines
Diff to previous 1.70 (colored)
libtls has been changed to set SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default. This gives tls_write() a similar short write semantics as write(2) and a workaround in httpd to cope with the previous differences can be removed. Specifically, httpd can stop copying data into a local buffer that was used to keep it around for repeated writes. OK bluhm@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Jul 16 16:29:25 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.69: +11 -2 lines
Diff to previous 1.69 (colored)
If we can read faster from disk than send data to the client stop reading from disk when we hold a certain amount of data in RAM. Re-enable reading once we send enough data to the client. Otherwise we might end up with the whole file (which can be huge) in RAM. Reported by Matthew Martin ( matt.a.martin AT gmail ) on bugs@, thanks! OK reyk@, benno@
Revision 1.69 / (download) - annotate - [select for diffs], Wed Jul 15 23:16:38 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.68: +7 -5 lines
Diff to previous 1.68 (colored)
Escape the message in server_log() as well. OK benno@
Revision 1.68 / (download) - annotate - [select for diffs], Wed Jul 15 17:29:11 2015 UTC (8 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.67: +2 -1 lines
Diff to previous 1.67 (colored)
Close connections that fail to complete a TLS handshake. Based on a diff from Jack Burton <jack at saosce dot com dot au>. ok reyk@
Revision 1.67 / (download) - annotate - [select for diffs], Wed Jul 15 17:11:14 2015 UTC (8 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored)
Fix typo in comment.
Revision 1.66 / (download) - annotate - [select for diffs], Wed Jul 15 16:00:39 2015 UTC (8 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.65: +4 -1 lines
Diff to previous 1.65 (colored)
Send the TLS certificate and key via separate imsgs, rather than including them in the IMSG_CFG_SERVER imsg. This allows the certificate and key to each be almost 16KB (the maximum size for an imsg), rather than having a combined total of less than 16KB (which can be reached with large keys, certificate bundles or by including text versions of certificates). ok reyk@
Revision 1.65 / (download) - annotate - [select for diffs], Wed Jul 15 14:49:42 2015 UTC (8 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.64: +6 -1 lines
Diff to previous 1.64 (colored)
Explicitly check for and handle EOF on a TLS connection. ok reyk@
Revision 1.64 / (download) - annotate - [select for diffs], Wed Jul 15 14:39:13 2015 UTC (8 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.63: +17 -6 lines
Diff to previous 1.63 (colored)
Fix memory leaks that can occur when config_getserver() fails. config.c r1.34 and r1.30 introduced potential memory leaks for auth and return_uri when config_getserver fails. Fix this by switching to serverconfig_free() and adding the missing free for srv_conf->auth. While here, make serverconfig_free() a little more bulletproof by explicit_bzero()ing key material. ok reyk@
Revision 1.39.2.2 / (download) - annotate - [select for diffs], Thu Apr 30 22:19:15 2015 UTC (9 years, 1 month ago) by sthen
Branch: OPENBSD_5_6
Changes since 1.39.2.1: +6 -8 lines
Diff to previous 1.39.2.1 (colored) to branchpoint 1.39 (colored) next main 1.40 (colored)
MFC usr.sbin/httpd/server.c:1.62->1.63, req by florian@ We cannot log errors with server_close() before allocating clt_log evbuffer. server_close() calls server_log() which uses ctl_log. Crash reported by Daniel Jakots <vigdis AT chown DOT me>, thanks! OK benno
Revision 1.60.2.1 / (download) - annotate - [select for diffs], Thu Apr 30 22:18:41 2015 UTC (9 years, 1 month ago) by sthen
Branch: OPENBSD_5_7
Changes since 1.60: +6 -8 lines
Diff to previous 1.60 (colored) next main 1.61 (colored)
MFC usr.sbin/httpd/server.c:1.62->1.63, req by florian@ We cannot log errors with server_close() before allocating clt_log evbuffer. server_close() calls server_log() which uses ctl_log. Crash reported by Daniel Jakots <vigdis AT chown DOT me>, thanks! OK benno
Revision 1.63 / (download) - annotate - [select for diffs], Thu Apr 23 16:59:28 2015 UTC (9 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.62: +6 -8 lines
Diff to previous 1.62 (colored)
We cannot log errors with server_close() before allocating clt_log evbuffer. server_close() calls server_log() which uses ctl_log. Crash reported by Daniel Jakots <vigdis AT chown DOT me>, thanks! OK benno
Revision 1.62 / (download) - annotate - [select for diffs], Sat Apr 11 14:52:49 2015 UTC (9 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.61: +6 -2 lines
Diff to previous 1.61 (colored)
Always check the return value of proc_composev_imsg() and handle failures appropriately. Otherwise imsg construction can silently fail, resulting in non-obvious problems. Found the hard way by Theodore Wynnychenko. ok doug@ florian@
Revision 1.61 / (download) - annotate - [select for diffs], Sun Mar 15 22:08:45 2015 UTC (9 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.60: +4 -4 lines
Diff to previous 1.60 (colored)
Prevent use after free. While here unconditionally free clt and move declaration of server_inflight_dec() into server.c Found while investigating if (foo != NULL) free(foo) patterns pointed out by Markus Elfring. OK reyk
Revision 1.60 / (download) - annotate - [select for diffs], Mon Feb 23 09:52:28 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE
Branch point for: OPENBSD_5_7
Changes since 1.59: +2 -1 lines
Diff to previous 1.59 (colored)
Add return_uri to serverconfig_reset() to avoid using garbage from the imsg buffer. Debugging & OK halex@
Revision 1.59 / (download) - annotate - [select for diffs], Thu Feb 12 04:40:23 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.58: +3 -2 lines
Diff to previous 1.58 (colored)
Allow TLS protocols to be specified via a "tls protocols" configuration option. ok reyk@
Revision 1.58 / (download) - annotate - [select for diffs], Thu Feb 12 04:23:17 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.57: +3 -1 lines
Diff to previous 1.57 (colored)
Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALL that includes all currently supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they maintain existing behaviour. Discussed with tedu@ and reyk@.
Revision 1.57 / (download) - annotate - [select for diffs], Sat Feb 7 23:56:02 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.56: +10 -37 lines
Diff to previous 1.56 (colored)
Remove server_load_file() in favor of tls_load_file(3)
Revision 1.56 / (download) - annotate - [select for diffs], Sat Feb 7 06:26:28 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.55: +12 -1 lines
Diff to previous 1.55 (colored)
Add httpd configuration options to allow the specification of DHE parameters and the ECDHE curve. This primarily allows for DHE cipher suites to be enabled. ok reyk@
Revision 1.55 / (download) - annotate - [select for diffs], Sat Feb 7 01:23:12 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)
Add support for blocking, dropping, and redirecting requests. OK florian@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Jan 21 22:21:05 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.53: +7 -9 lines
Diff to previous 1.53 (colored)
httpd is based on relayd and had included many headers that are only needed by its ancestor. jsg@, include-what-you-use, and some manual review helped to cleanup the headers (take iwyu with a grain of salt). Based on common practice, httpd.h now also includes the necessary headers for itself. OK florian@
Revision 1.53 / (download) - annotate - [select for diffs], Mon Jan 19 19:37:50 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.52: +5 -1 lines
Diff to previous 1.52 (colored)
Decouple auth parameters from struct server_config into struct auth. OK florian@
Revision 1.52 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:17 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.51: +6 -3 lines
Diff to previous 1.51 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.51 / (download) - annotate - [select for diffs], Tue Jan 13 09:21:15 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
bump copyright year
Revision 1.50 / (download) - annotate - [select for diffs], Tue Jan 6 14:07:48 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.49: +19 -2 lines
Diff to previous 1.49 (colored)
Only open a socket once for each unique "listen on" statement. This prevents running out of file descriptors when loading a configuration with many aliases. OK florian@
Revision 1.49 / (download) - annotate - [select for diffs], Sun Dec 21 00:54:49 2014 UTC (9 years, 5 months ago) by guenther
Branch: MAIN
Changes since 1.48: +1 -2 lines
Diff to previous 1.48 (colored)
Stop pulling in <arpa/inet.h> or <arpa/nameser.h> when unnecessary.
*Do* pull it in when in_{port,addr}_h is needed and <netinet/in.h> isn't.
ok reyk@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Dec 12 14:45:59 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.47: +47 -47 lines
Diff to previous 1.47 (colored)
Like previously done in relayd, change the keyword "ssl" to "tls" to reflect reality. OK benno@
Revision 1.47 / (download) - annotate - [select for diffs], Thu Dec 4 02:44:42 2014 UTC (9 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.46: +1 -2 lines
Diff to previous 1.46 (colored)
stop viral header propagation. none of this code uses sys/hash.h from Max Fillinger
Revision 1.39.2.1 / (download) - annotate - [select for diffs], Thu Nov 20 07:48:45 2014 UTC (9 years, 6 months ago) by jasper
Branch: OPENBSD_5_6
Changes since 1.39: +54 -6 lines
Diff to previous 1.39 (colored)
httpd was developed very rapidly in the weeks before 5.6 release, and it has a few flaws. It would be nice to get these flaws fully remediated before the next release, and that requires the community to want to use it. Therefore here is a "jumbo" patch that brings in the most important fixes. committing on behalf of reyk@
Revision 1.46 / (download) - annotate - [select for diffs], Fri Oct 31 13:49:52 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.45: +34 -34 lines
Diff to previous 1.45 (colored)
Update httpd(8) to use libtls instead of libressl.
Revision 1.45 / (download) - annotate - [select for diffs], Sat Oct 25 03:23:49 2014 UTC (9 years, 7 months ago) by lteo
Branch: MAIN
Changes since 1.44: +1 -2 lines
Diff to previous 1.44 (colored)
Remove unnecessary netinet/in_systm.h include. ok millert@
Revision 1.44 / (download) - annotate - [select for diffs], Fri Oct 3 13:41:03 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.43: +17 -7 lines
Diff to previous 1.43 (colored)
Update ressl configuration to handle recent changes in the library. ok tedu@
Revision 1.43 / (download) - annotate - [select for diffs], Thu Oct 2 19:22:43 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.42: +10 -6 lines
Diff to previous 1.42 (colored)
Fix an error case that was never handled ending up in an endless event loop that could eat all CPU. I thought that the previous (correct) commit fixed it which wasn't the case. But this one is obvious. ok florian@
Revision 1.42 / (download) - annotate - [select for diffs], Fri Sep 5 10:04:20 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.41: +18 -3 lines
Diff to previous 1.41 (colored)
Remove a limitation that only allowed to specify a server name once. The key has been changed to server name + address + port and now it is possible to use the same server name for multiple servers with different addresses, eg. http://www.example.com and https://www.example.com/. OK doug@ florian@
Revision 1.41 / (download) - annotate - [select for diffs], Tue Sep 2 16:20:41 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.40: +21 -1 lines
Diff to previous 1.40 (colored)
FastCGI did not support persistent connections. Add initial support for persistent connections with FastCGI by implementing chunked Transfer-Encoding. This only works with HTTP/1.1. With input and help from florian@ who found some FastCGI edge cases. OK florian@
Revision 1.40 / (download) - annotate - [select for diffs], Wed Aug 27 09:51:53 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.39: +14 -5 lines
Diff to previous 1.39 (colored)
Write all data before closing the server socket if the output buffer is not empty. This fixes a bug of short responses that could happen with large files or fcgi data on connections with a higher latency. OK florian@
Revision 1.39 / (download) - annotate - [select for diffs], Wed Aug 6 18:38:11 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE
Branch point for: OPENBSD_5_6
Changes since 1.38: +3 -3 lines
Diff to previous 1.38 (colored)
Use memset(buf instead of memset(&buf. Pointed out by deraadt@
Revision 1.38 / (download) - annotate - [select for diffs], Wed Aug 6 16:10:02 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.37: +5 -1 lines
Diff to previous 1.37 (colored)
Also clean up the public key when it is no longer needed. ok deraadt@ reyk@
Revision 1.37 / (download) - annotate - [select for diffs], Wed Aug 6 16:09:02 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.36: +3 -1 lines
Diff to previous 1.36 (colored)
Configure the default SSL ciphers as HIGH:!aNULL. ok deraadt@ reyk@
Revision 1.36 / (download) - annotate - [select for diffs], Wed Aug 6 15:08:04 2014 UTC (9 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.35: +3 -1 lines
Diff to previous 1.35 (colored)
http POST support with & OK reyk@
Revision 1.35 / (download) - annotate - [select for diffs], Wed Aug 6 12:56:58 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.34: +5 -5 lines
Diff to previous 1.34 (colored)
spacing
Revision 1.34 / (download) - annotate - [select for diffs], Wed Aug 6 11:24:12 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.33: +5 -4 lines
Diff to previous 1.33 (colored)
The watermark exposed a bug in server_write that broke keep-alive support. Instead of calling server_close from server_write, we have to proceed to the next connection by calling the error handler. OK jsg@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Aug 6 09:40:04 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored)
Bring back the last read (done) / last write (done) messages instead of just "done" to simplify connection debugging.
Revision 1.32 / (download) - annotate - [select for diffs], Wed Aug 6 09:36:31 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.31: +13 -1 lines
Diff to previous 1.31 (colored)
Adjust the read/write watermarks according to the TCP send buffer. This fixes sending of large files. Previously, httpd was reading the input file too quickly and could run out of memory when filling the input buffer. Found by jsg@ OK florian@
Revision 1.31 / (download) - annotate - [select for diffs], Wed Aug 6 04:39:50 2014 UTC (9 years, 9 months ago) by jsg
Branch: MAIN
Changes since 1.30: +3 -1 lines
Diff to previous 1.30 (colored)
add missing va_start/va_end calls ok deraadt@ guenther@
Revision 1.30 / (download) - annotate - [select for diffs], Wed Aug 6 02:04:42 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.29: +66 -8 lines
Diff to previous 1.29 (colored)
Load the SSL public/private keys in the parent process, then provide them to the privsep process via imsg. This allows the keys to be moved out of the chroot (now /etc/ssl/server.crt, /etc/ssl/private/server.key). ok reyk@
Revision 1.29 / (download) - annotate - [select for diffs], Tue Aug 5 15:36:59 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.28: +64 -39 lines
Diff to previous 1.28 (colored)
Improve logging to allow per- server/location log files. The log files can also be owned by root now: they're opened by the parent and send to the logger process with fd passing. This also works with reload. ok deraadt@
Revision 1.28 / (download) - annotate - [select for diffs], Mon Aug 4 18:12:15 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.27: +7 -4 lines
Diff to previous 1.27 (colored)
Temporarily move the default location of the SSL/TLS server key and certificate from /var/www/ to /var/www/conf/. Don't get scared - this will be changed soon! They're currently located in the chroot directory but will be moved outside as soon as we adopted some of the key privsep from relayd in ressl/httpd.
Revision 1.27 / (download) - annotate - [select for diffs], Mon Aug 4 17:38:12 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.26: +221 -7 lines
Diff to previous 1.26 (colored)
Proxy commit for jsing@: "Add TLS/SSL support to httpd, based on the recent ressl commits." From jsing@ ok reyk@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Aug 4 15:49:28 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.25: +71 -10 lines
Diff to previous 1.25 (colored)
Add initial support for log files in /var/www/logs/. Logging with syslog is still supported but disabled by default. ok deraadt@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Aug 4 11:09:25 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.24: +1 -4 lines
Diff to previous 1.24 (colored)
httpd doesn't support SSL/TLS yet, remove the remaining bits. The secrect plan is to add it later using the ressl wrapper library.
Revision 1.24 / (download) - annotate - [select for diffs], Sun Aug 3 20:43:03 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
spacing
Revision 1.23 / (download) - annotate - [select for diffs], Sun Aug 3 10:26:44 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.22: +39 -23 lines
Diff to previous 1.22 (colored)
Add another log mode "connection" for a relayd(8)-style log entry after each connection, not every request. The code was already there and enabled on debug, I just turned it into an alternative log format.
Revision 1.22 / (download) - annotate - [select for diffs], Sat Aug 2 11:52:01 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.21: +22 -1 lines
Diff to previous 1.21 (colored)
Allow to specify a FastCGI TCP socket on localhost (eg. :9000). Used for debugging, you should prefer local UNIX sockets, but it helped to find an issue that will be fixed with the next commit. OK florian@
Revision 1.21 / (download) - annotate - [select for diffs], Fri Aug 1 22:24:05 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.20: +22 -12 lines
Diff to previous 1.20 (colored)
Use the log buffer to defer the logging until the connection is closed or the request completed. Turn the old log message into a debug message. ok doug@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Aug 1 21:59:56 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
remove the global "log updates/all" option that came from relayd.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Aug 1 08:34:46 2014 UTC (9 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.18: +3 -1 lines
Diff to previous 1.18 (colored)
Correctly parse fcgi records if we don't get the whole record in one bufferevent_read(). Input/OK reyk@
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jul 31 14:25:14 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.17: +5 -5 lines
Diff to previous 1.17 (colored)
One bufferevent can be shared by file and fcgi.
Revision 1.17 / (download) - annotate - [select for diffs], Wed Jul 30 13:49:48 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.16: +1 -14 lines
Diff to previous 1.16 (colored)
Make "location" work with name-based virtual servers.
Revision 1.16 / (download) - annotate - [select for diffs], Wed Jul 30 10:05:14 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.15: +17 -1 lines
Diff to previous 1.15 (colored)
Add "location" keyword to specify path-specific configuration in servers, for example auto index for a sub-directory only. Internally, a "location" is just a special type of a "virtual" server.
Revision 1.15 / (download) - annotate - [select for diffs], Tue Jul 29 16:38:34 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
The inflight decremented message should only be printed with DEBUG.
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jul 29 12:16:36 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.13: +19 -19 lines
Diff to previous 1.13 (colored)
Move configurable TCP options into struct server_config.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jul 25 23:30:58 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.12: +4 -3 lines
Diff to previous 1.12 (colored)
Differentiate servers by address and port, not just by address.
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jul 25 23:23:39 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.11: +19 -6 lines
Diff to previous 1.11 (colored)
It is recommended to use a URL in the Location header of 3xx responses. To accomplish this, add some semantics to retrieve the server host name of a connection: either IP, IP:PORT (if not 80) or [IP6]:PORT, or Host value (if valid).
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jul 25 16:23:19 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.10: +27 -2 lines
Diff to previous 1.10 (colored)
Add support for "virtual hosts" aka. server blocks aka. multiple servers with the same or "overlapping" IP address but a different name. ok beck@
Revision 1.10 / (download) - annotate - [select for diffs], Fri Jul 25 13:10:18 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.9: +11 -9 lines
Diff to previous 1.9 (colored)
Split server and server_config.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jul 25 12:46:23 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.8: +5 -5 lines
Diff to previous 1.8 (colored)
Rename a field, needed later, no functional change.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Jul 24 08:32:36 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.7: +5 -2 lines
Diff to previous 1.7 (colored)
Plug a memleak by correctly free'ing the HTTP descriptor that contains all the headers etc. of a connection.
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jul 23 13:26:39 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.6: +23 -1 lines
Diff to previous 1.6 (colored)
Correctly shutdown the servers when the process is terminating; prevents a crash on exit. With debugging help from blambert@.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jul 16 10:25:28 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.5: +23 -31 lines
Diff to previous 1.5 (colored)
Implement file descriptor accounting. The concept was taken from relayd but had to be adjusted for httpd. It now handles single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests. With input from benno@
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jul 14 00:19:48 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.4: +12 -2 lines
Diff to previous 1.4 (colored)
first step towards keep-alive/persistent connections support
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jul 13 15:07:50 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.3: +10 -2 lines
Diff to previous 1.3 (colored)
Finish writing the output before closing the connection (adopted from relayd).
Revision 1.3 / (download) - annotate - [select for diffs], Sun Jul 13 14:46:52 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
Close the connection after the response is completed (no Keepalive yet).
Revision 1.2 / (download) - annotate - [select for diffs], Sun Jul 13 14:17:37 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.1: +4 -1 lines
Diff to previous 1.1 (colored)
Add support for media types (aka. MIME types): the types section is compatible to nginx' mime.types file which can be included directly. If not present, use a few built-in defaults for html, css, txt, jpeg, gif, png, and js.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jul 12 23:34:54 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Add httpd(8), an attempt to turn the relayd(8) codebase into a simple web server. It is not finished yet and I just started it today, but the goal is to provide an HTTP server that a) provides minimal features, b) serves static files, c) provides FastCGI support, and d) follows common coding practices of OpenBSD. It will neither support plugins, nor custom memory allocators, EBCDIC support, PCRE or any other things that can be found elsewhere. httpd(8) is not intended to provide a fully-featured replacement for nginx(8) or the Apache, but it will provide enough functionality that is needed in the OpenBSD base system. ok deraadt@