Commits
- Commit:
ba290ef3affaad8a51b789eeadab269df1ffd0af
- From:
- Omar Polo <op@omarpolo.com>
- Date:
disable the privsep crypto engine on !OpenBSD
it fails bandly at runtime on various linux distros and on freebsd.
Until a fix is found, disable it so I can move forward.
- Commit:
86693a33abd5e8c31530adb3045c9f4664d4d6c9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
- Commit:
4ad573d0d5675212b0b5719a0a5c1de22974dd0e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rework load_file to use pread()
avoids issues since the same file is sent to multiple processes
after being dup()'ed. Since these files are meant to be regular
files, I don't expect short reads.
- Commit:
1a99859b357957715fb62ced6ddef871ca9ab3a0
- From:
- Omar Polo <op@omarpolo.com>
- Date:
adjust how locations are received
- Commit:
15e60fdf0c1dadf79b319635c4b6fe6786f1d3d4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify ocsp sending using config_send_file
while here add an explicit flush to avoid a fd rampage.
- Commit:
2e880a57f8bd6f9e8b10f9fbdb9feea35523226d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
change config_send_file to take the process id as argument
i.e. not hardcode PROC_SERVER
- Commit:
af1dab18702cf135aa80bf15065f73050c915347
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't have the config being a global
- Commit:
e45334e6ae0b658a2d3d4f47bc3e9ddfdb83a44f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move hosts into the config struct
- Commit:
5d22294a59e7e9cbe6457b9e6244fff2ede09956
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move fastcgi from global var to the config struct
while here also make them a list rather than a fixed-size array.
- Commit:
deadd9e1311204415754dcfa404bec4bf3cd557c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
readd proxy certs and `require client ca' support
Was temporarly disabled during the transition to real privsep.
While here, fix a memory leak when using `require client ca'.
Also, avoid leaking info about the parent address space layout to
server processes by not sending pointer values.
- Commit:
9b2587bb33052c4564987990d281c9f8c25c7024
- From:
- Omar Polo <op@omarpolo.com>
- Date:
safety measure, explicitly memset config in config_init
- Commit:
1c6967b33a31b4c24881a72dc0ab95286ece8f62
- From:
- Omar Polo <op@omarpolo.com>
- Date:
keep cert/key/ocsp path as strings and don't send them via imsg
- Commit:
f5c8360ade5e07f80671e53789f8f9d5315bd92a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix previous
- Commit:
4f4937f06a536661ffafa589d1cfb5d91ca27bf3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move make_socket to config.c and make it private
- Commit:
c26f2460e42aa0822c283c805958989f339e7d8b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rework the daemon to do fork+exec
It uses the 'common' proc.c from various OpenBSD-daemons.
gmid grew organically bit by bit and it was also the first place where I
tried to implement privsep. It wasn't done very well, in fact the
parent process (that retains root privileges) just fork()s a generation
of servers, all sharing *exactly* the same address space. No good!
Now, we fork() and re-exec() ourselves, so that each process has a fresh
address space.
Some features (require client ca for example) are temporarly disabled,
will be fixed in subsequent commits. The "ge" program is also
temporarly disabled as it needs tweaks to do privsep too.