Commits
- Commit:
eac9287d295719131cbc346503dd2a0612e54b4b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
copyright years++
- Commit:
df6282815f8ffb0b967b818d15129a63c3b95058
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove unused global flag
- Commit:
aa30aaedc819776e80078811ba0fd896c7216405
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't match host if connecting from the wrong socket
limit how one given virtual host can be reached based on its `listen
on' lists
- Commit:
e50f85adcb432192b35cf7b878c9104d697ad1a3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
load the certs per listening address
- Commit:
a0a42860d214974f2706d2a47203af9bc884f512
- From:
- Omar Polo <op@omarpolo.com>
- Date:
send host addresses to the server process
- Commit:
509d0509a50883a6f8407b63774f40dd1e41dadf
- From:
- Omar Polo <op@omarpolo.com>
- Date:
implement `listen on'
Listening by default on all the addresses is so bad I don't know
why I haven't changed this before. Anyway.
Add a `listen on $hostname port $port' syntax to the config file
and deprecate the old "port" and "ipv6" global setting. Still try
to honour them when no "listen on" directive is used for backward
compatibily, but this will go away in the next next version hopefully.
At the moment the `listen on' in server context don't filter the
host, i.e. one can still reach a host from a address not specified
in the corresponding `liste on', this will be added later.
- Commit:
37df23d183de23b74f8a026977b8210dc22701a6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rename client->addr to raddr (remote address) and keep original length
- Commit:
ba290ef3affaad8a51b789eeadab269df1ffd0af
- From:
- Omar Polo <op@omarpolo.com>
- Date:
disable the privsep crypto engine on !OpenBSD
it fails bandly at runtime on various linux distros and on freebsd.
Until a fix is found, disable it so I can move forward.
- Commit:
237095fd9a40120ef4e4bb7b7525d45c89c6cfb0
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove has_siginfo
and wrap siginfo behind #ifdef SIGINFO. avoids some warnings in !BSD.
- Commit:
b8d68fc8e49b3eeac2ba3106e9694ef463a646e1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fixes for -Wpointer-sign
- Commit:
86693a33abd5e8c31530adb3045c9f4664d4d6c9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
- Commit:
f81a97b3569478a36e5cbe95229efd1b831b7a7b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop useless debug statement
- Commit:
af1dab18702cf135aa80bf15065f73050c915347
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't have the config being a global
- Commit:
e45334e6ae0b658a2d3d4f47bc3e9ddfdb83a44f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move hosts into the config struct
- Commit:
5d22294a59e7e9cbe6457b9e6244fff2ede09956
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move fastcgi from global var to the config struct
while here also make them a list rather than a fixed-size array.