Commits
- Commit:
71b02f6390ca350eee6c13259140143e34e0dd25
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rename do_accept() -> server_accept()
- Commit:
2c3810687f0c8b7c14897618c5a3147f949df408
- From:
- Omar Polo <op@omarpolo.com>
- Date:
change log_request to take the code and meta unpacked
don't know what i was smoking when I wrote log_request() like that...
- Commit:
0f7fdd21050e3795db896b99e542523c84e075d7
- From:
- Omar Polo <op@omarpolo.com>
- Date:
parse (and log) the header from fastcgi
- Commit:
e2003e7e305adabd1ee575e401a55e6d7e050297
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify request handling
get rid of check_path(), it's overly complicated. Instead, inline
open_file() in client_read() and rework open_dir() to just use
openat() instead of the complicate dance it was doing.
Simplify open_dir() too in the process: if the directory entry for the
index is not a regular file, pretend it doesn't exist.
- Commit:
ed164e7221f75d3d7f48351e9427f2ce53ab284a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
call getnameinfo() only once per request
- Commit:
eac9287d295719131cbc346503dd2a0612e54b4b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
copyright years++
- Commit:
e50f85adcb432192b35cf7b878c9104d697ad1a3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
load the certs per listening address
- Commit:
a0a42860d214974f2706d2a47203af9bc884f512
- From:
- Omar Polo <op@omarpolo.com>
- Date:
send host addresses to the server process
- Commit:
509d0509a50883a6f8407b63774f40dd1e41dadf
- From:
- Omar Polo <op@omarpolo.com>
- Date:
implement `listen on'
Listening by default on all the addresses is so bad I don't know
why I haven't changed this before. Anyway.
Add a `listen on $hostname port $port' syntax to the config file
and deprecate the old "port" and "ipv6" global setting. Still try
to honour them when no "listen on" directive is used for backward
compatibily, but this will go away in the next next version hopefully.
At the moment the `listen on' in server context don't filter the
host, i.e. one can still reach a host from a address not specified
in the corresponding `liste on', this will be added later.
- Commit:
37df23d183de23b74f8a026977b8210dc22701a6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rename client->addr to raddr (remote address) and keep original length
- Commit:
2cef5cf42a98f8b9c8c4f1a4d4da40b389de770a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
load_ca: get a buffer instead of a fd
We dup(1) the ca fd and send it to various processes, so they fail
loading it. Instead, use load_file to get a buffer with the file
content and pass that to load_ca which then loads via BIO.
- Commit:
ba290ef3affaad8a51b789eeadab269df1ffd0af
- From:
- Omar Polo <op@omarpolo.com>
- Date:
disable the privsep crypto engine on !OpenBSD
it fails bandly at runtime on various linux distros and on freebsd.
Until a fix is found, disable it so I can move forward.
- Commit:
b8d68fc8e49b3eeac2ba3106e9694ef463a646e1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fixes for -Wpointer-sign
- Commit:
86693a33abd5e8c31530adb3045c9f4664d4d6c9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
- Commit:
5af19830c3bbec71b3db5c2c19335e5e0c7ff76f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move print_conf and make it take the config as argument