add ability to proxy requests Add to gmid the ability to forwad a request to another gemini server and thus acting like a reverse proxy. The current syntax for the config file is server "example.com" { ... proxy relay-to host:port } Further options (like the use of custom certificates) are planned. cf. github issue #7

free OCSP path when clearing the config was forgotten in ff05125eb81e5bbf2cf05b8434d03bce584936e0

fmt

Implement OCSP stapling support Currently dogfooding this patch at gemini.sgregoratto.me. To test, run the following command and look for the "OCSP response" header: openssl s_client -connect "gemini.sgregoratto.me:1965" -status

two -n to dump the parsed configuration This adds a barebone dumping of the parsed configuration. It is not complete, but I'm interested in dumping the full path to `cert' and `key' in order to write some scripts that can inspect the configuration, extract the certificates and renew them when expired automatically. It's not easy to parse gmid configuration otherwise because the syntax is flexible and users can use macros. Instead, the idea is to run gmid and let it dump the configuration once it's been parsed in a static and predictable format. Now is possible to parse gmid configuration with, say, awk or perl.

print the error too if we can't open a directory It's not intuitive to print open ... for domain xyz it doesn't convey that the open failed. now it appends the error string, at least the user can understand that something went wrong. reported by cage on irc, thanks!

one FastCGI connection per client FastCGI is designed to multiplex requests over a single connection, so ideally the server can open only one connection per worker to the FastCGI application and that's that. Doing this kind of multiplexing makes the code harder to follow and easier to break/leak etc on the gmid side however. OpenBSD' httpd seems to open one connection per client, so why can't we too? One connection per request is still way better (lighter) than using CGI, and we can avoid all the pitfalls of the multiplexing (keeping track of "live ids", properly shut down etc...)

fmt

use memset(3) rather than bzero(3) There's no difference, but bzero(3) says STANDARDS The bzero() function conforms to the X/Open System Interfaces option of the IEEE Std 1003.1-2004 (“POSIX.1”) specification. It was removed from the standard in IEEE Std 1003.1-2008 (“POSIX.1”), which recommends using memset(3) instead. so here we are.

don't crash if -n is given without -c If -n is given without -c, config_path is still NULL and it would crash due to a NULL deference.

unbreak configless mode An un-initialized field in the configless code path leads to a crash on the first request.

move parse_portno to gmid.c it's used only to parse the -p flag. While there add check_port_num to check the range for the port.

style(9)-ify

initialize the logger early Initialize the logger as soon as possible and log by default to stderr. With this, some (common?) errors are printed early instead of ending up in syslog. # NB: this is in configless mode % ./gmid -p 80 [2021-07-07 11:05:57] bind: Address already in use % ./gmid -p 81 [2021-07-07 11:13:53] bind: Permission denied %

gracefully shut down fastcgi backends we need to delete the events associated with the backends, otherwise the server process won't ever quit. Here, we add a pending counter to every backend and shut down immediately if they aren't handling any client; otherwise we try to close them as soon as possible (i.e. when they close the connection to the last connected client.)