Commits
- Commit:
8f8d721301fb5d8cf248fc89b0a74616fc1aa1ee
- From:
- Omar Polo <op@omarpolo.com>
- Date:
enable privsep crypto on all systems
now that we have a bundled libtls we can actually do this. Retain
the knob to disable it "just in case".
- Commit:
f9ab77a898ec008a445b3842afc21bb4eac60657
- From:
- Omar Polo <op@omarpolo.com>
- Date:
bundle libtls
gmid (like all other daemons that want to do privsep crypto) has a
very close relationship with libtls and need to stay in sync with
it.
OpenBSD' libtls was recently changed to use OpenSSL' EC_KEY_METHOD
instead of the older ECDSA_METHOD, on the gmid side we have to do
the same otherwise failures happens at runtime. In a similar manner,
privsep crypto is silently broken in the current libretls (next
version should fix it.)
The proper solution would be to complete the signer APIs so that
applications don't need to dive into the library' internals, but
that's a mid-term goal, for the immediate bundling the 'little'
libtls is the lesser evil.
The configure script has gained a new (undocumented for the time
being) flag `--with-libtls=bundled|system' to control which libtls
to use. It defaults to `bundled' except for OpenBSD where it uses
the `system' one. Note that OpenBSD versions before 7.3 (inclusive)
ought to use --with-libtls=bundled too since they still do ECDSA_METHOD.
- Commit:
9019e55e7ef1369c37f5a7d4c7b0e441d55d6b44
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync DISTFILES
- Commit:
7ea87255935d436ecac33d347d5a750af69c969b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync have/* files
- Commit:
9cd81f93d7e904e67799f3ff0b9ceb8bd23d58d8
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync changelog
- Commit:
e872053b20d763005a398200c638c923aebd04e1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
send all the params as per RFC3875 (CGI) and sync documentation
- Commit:
f5dc7eddd7ac6cf06d7092e9526691b566850b50
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix INSTALL handling
Set a sane default for INSTALL, allow it to be changed either as
environment variable or configure argument, and propagate it correctly
to the generated config.mk.
Issue reported by xavi, thanks!
- Commit:
81634643dbb99f7270cbb5ba5f84adc28991018d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix comment (ge -> gemexp)
- Commit:
07ad49102564bf72092cc8080322852308490065
- From:
- Omar Polo <op@omarpolo.com>
- Date:
getcwd(NULL) is an extension; don't rely on it
also, while here, add some error checking too
- Commit:
95500a936a1b0e42d304315fd2f7ae20ca391042
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove not so useful starts_with()
replace its only usage with strncmp(). it's likely faster too.
- Commit:
8bb1b2363302a31c91ba921580d3227ccd3e878c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove a long, long unused function
- Commit:
cf2784df752095e7f81d4ea55ef6a7f1fb6224c4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove useless logging
- Commit:
390d312b22670d92dc6ee5afd7a116b7a2330881
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't call client_close() from fcgi/proxy bev handlers
We might end up calling client_close() from start_reply(), but that
will free the fcgi/proxy bufferevent while they're still used on the
stack.
Instead, start_reply() only sets REQUEST_DONE and exits, returning the
error eventually, so callers know when to stop.
- Commit:
01481c255ae837d80f00ffcf8493e5b13b329323
- From:
- Omar Polo <op@omarpolo.com>
- Date:
update changelog
- Commit:
a1e159c917d4cc0bf27e3faedf69e8d720162936
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix PATH_INFO / SCRIPT_NAME splitting