rework load_file to use pread() avoids issues since the same file is sent to multiple processes after being dup()'ed. Since these files are meant to be regular files, I don't expect short reads.

adjust how locations are received

simplify ocsp sending using config_send_file while here add an explicit flush to avoid a fd rampage.

change config_send_file to take the process id as argument i.e. not hardcode PROC_SERVER

don't have the config being a global

move hosts into the config struct

move fastcgi from global var to the config struct while here also make them a list rather than a fixed-size array.

readd proxy certs and `require client ca' support Was temporarly disabled during the transition to real privsep. While here, fix a memory leak when using `require client ca'. Also, avoid leaking info about the parent address space layout to server processes by not sending pointer values.

safety measure, explicitly memset config in config_init

keep cert/key/ocsp path as strings and don't send them via imsg

fix previous

move make_socket to config.c and make it private

rework the daemon to do fork+exec It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too.

move config-related code to config.c reuse it in ge too.