add `require client ca' for proxy blocks refactor the code that calls validate_against_ca into an helper function to reuse it in both apply_require_ca and (optionally) in apply_reverse_proxy.

proxy: allow multiple proxy blocks, matching options and validations as a side effect the order of the content of a server block is relaxed: options, location or proxy blocks can be put in any order.

bump copyright year :)

allow to disable TLS when proxying requests

move %token USER to its own line

plug some memory leaks in config parsing I forgot to free some strings when they're no more used.

add `protocols' option to `proxy' rule

add `verifyname' option for `proxy' rule

simplify the proxying code it doesn't make any sense to keep the proxying info per-location: proxying only one per-vhost. It can't work differently, it doesn't make sense anyway.

support optional client certificate for proxy rule

move proxy sub-options to their own rule and allow grouping with { ... }

add ability to proxy requests Add to gmid the ability to forwad a request to another gemini server and thus acting like a reverse proxy. The current syntax for the config file is server "" { ... proxy relay-to host:port } Further options (like the use of custom certificates) are planned. cf. github issue #7

Implement OCSP stapling support Currently dogfooding this patch at To test, run the following command and look for the "OCSP response" header: openssl s_client -connect "" -status

two -n to dump the parsed configuration This adds a barebone dumping of the parsed configuration. It is not complete, but I'm interested in dumping the full path to `cert' and `key' in order to write some scripts that can inspect the configuration, extract the certificates and renew them when expired automatically. It's not easy to parse gmid configuration otherwise because the syntax is flexible and users can use macros. Instead, the idea is to run gmid and let it dump the configuration once it's been parsed in a static and predictable format. Now is possible to parse gmid configuration with, say, awk or perl.

don't yyerror if we can't open the file the global var file could still be NULL and yyerror would crash.