Commit Briefs
Implement OCSP stapling support
Currently dogfooding this patch at gemini.sgregoratto.me. To test, run the following command and look for the "OCSP response" header: openssl s_client -connect "gemini.sgregoratto.me:1965" -status
move bufferevent initialization early in handle_handshake
the error path needs an initialized bufferevent too, otherwise it'll crash when trying to write the response. This moves the initialisation early, right after the tls_handshake. Another option would be to initialise it in do_accept, but that may be too early.
don't die on ECONNABORTED
ECONNABORTED is returned if a connections gets aborted after being queued before the accept(2). I had some cases of accept: Software caused connection abort on FreeBSD, this should avoid that.
two -n to dump the parsed configuration
This adds a barebone dumping of the parsed configuration. It is not complete, but I'm interested in dumping the full path to `cert' and `key' in order to write some scripts that can inspect the configuration, extract the certificates and renew them when expired automatically. It's not easy to parse gmid configuration otherwise because the syntax is flexible and users can use macros. Instead, the idea is to run gmid and let it dump the configuration once it's been parsed in a static and predictable format. Now is possible to parse gmid configuration with, say, awk or perl.
don't work around a missing -Wno-unused-parameter
It's been there for a long time, and it's frankly annoying to pretend to use parameters. Most of the time, they're there to satisfy an interface and nothings more.