Commit Briefs
readd proxy certs and `require client ca' support
Was temporarly disabled during the transition to real privsep. While here, fix a memory leak when using `require client ca'. Also, avoid leaking info about the parent address space layout to server processes by not sending pointer values.
rework the daemon to do fork+exec
It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too.
provide a more usual fatal
fatal usually appends the error string. Add 'fatalx' that doesn't. Fix callers and move the prototypes to log.h
make the various strings in the config fixed-length
will help in future restructuring to have fixed-size objects.
retire fcgi' prog field
spawning programs was a hidden feature used only for testing. It's gross and when got removed, I forgot to remove the field as well.