Commits
- Commit:
892f3a5cf80f2aa3d5d2745396bf3c52c418c435
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gencert: use secp384r1
prime256v1 should be perfectly fine for all I understand, but
OpenBSD' acme-client uses secp384r1 and who am I to disagree :)
- Commit:
7fff8aa6cb567a62113d9877af5bcb5bb4494111
- From:
- Omar Polo <op@omarpolo.com>
- Date:
parse the config file only once
Don't have all the processes read gmid.conf. The parent needs to do
that, and the will send the config to the children (already
happening.) The other processes were reading the config anyway to
figure out the user and the chroot (if enabled); make the parent pass
additional flag to propagate that info.
We dissociate a bit from the "usual" proc.c but it's a change worth
having.
- Commit:
5af19830c3bbec71b3db5c2c19335e5e0c7ff76f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move print_conf and make it take the config as argument
- Commit:
792f302acee3122ed0f9469d8676dbb271f60849
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use fatal/fatalx instead of err/errx in daemon code
- Commit:
68368f4c29e208c67724b04fd0142e233a247a2a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
parse_conf: don't die on error, return -1
this avoids having the daemon dieing on SIGHUP with a bad config
file.
- Commit:
af1dab18702cf135aa80bf15065f73050c915347
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't have the config being a global
- Commit:
e45334e6ae0b658a2d3d4f47bc3e9ddfdb83a44f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move hosts into the config struct
- Commit:
d273c0648d7bb1245d43d8d34ff75b62270155e2
- From:
- Omar Polo <op@omarpolo.com>
- Date:
ignore and clean fcgi.sock
- Commit:
fe7cdaa479c8dd9663f503db594c7fea33f667d9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fcgi-test: be less verbose
- Commit:
9adeb265792f0049321c34bf9e32674b0be65942
- From:
- Omar Polo <op@omarpolo.com>
- Date:
re-establish fastcgi test
- Commit:
5d22294a59e7e9cbe6457b9e6244fff2ede09956
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move fastcgi from global var to the config struct
while here also make them a list rather than a fixed-size array.
- Commit:
1962764c6292e845cec17393e1c46c1473ca1eeb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix sandbox_server_process
it does the unveil(2)ing based on the first config, which breaks
config-reloading.
- Commit:
cd1ede6dd3defbf2c9dedc0e1e5d733dcfde2d87
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rework fcgi-test so that it binds a local socket
still not re-enabled.
- Commit:
deadd9e1311204415754dcfa404bec4bf3cd557c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
readd proxy certs and `require client ca' support
Was temporarly disabled during the transition to real privsep.
While here, fix a memory leak when using `require client ca'.
Also, avoid leaking info about the parent address space layout to
server processes by not sending pointer values.
- Commit:
c144b1b6f831446f82e201db1ab7fadab4cf11f0
- From:
- Omar Polo <op@omarpolo.com>
- Date:
configure: look for WAIT_ANY