split into two processes: listener and executor this way, we can sandbox the listener with seccomp (todo) or capsicum (already done) and still have CGI scripts. When we want to exec, we tell the executor what to do, the executor executes the scripts and send the fd backt to the listener.

sandbox also on FreeBSD with capsicum

update README

typo

new README + wording in manpage

fix remote_user for CGI and add -6 flag to enable ipv6

switch to Bjoern Hoehrmann UTF-8 decoder It's correct, while my hacked valid_multibyte_utf8 would allow things that aren't technically UTF8.

reject %00

IRI support This extends the URI parser so it supports full IRI (Internationalized Resource Identifiers, RFC3987). Some areas of it can/may be improved, but here's a start. Note: we assume UTF-8 encoded IRI.

mention the %2F caveat

improve wording "concurrently" means at the same time, which can be confusing when we say that it's single-threaded on a single process.

logging reworked and daemonize by default The -l option was removed: now it logs on syslog if -f (foreground) is not passed.

clients certs support for CGI internally, gmid doesn’t care if the client issued a certificate, but now we pass that information to the CGI script in some new environment variables.

make port number configurable

[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed.