Commits
- Commit:
226f13ece0b309abeee0ae8a4d8c9f049fe896a7
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add ability to log to files with log access <path>
- Commit:
45c946b37bd2e22f095af6ac290fbf865eb595a1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
avoid use-after-free
- Commit:
a1ba9650a9f0cc0d9e70800d71769d32f927b939
- From:
- Omar Polo <op@omarpolo.com>
- Date:
revamp fastcgi configuration: make it per-location
this revamps the syntax in the configuration to better match httpd(8)
(and in general be less weird) and to allow per-location fastcgi
configurations.
the bare `param' is now deprecated, but for compatibility it acts
like `fastcgi param' would do now. Same story for `fastcgi <pathÂ>'.
- Commit:
71b02f6390ca350eee6c13259140143e34e0dd25
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rename do_accept() -> server_accept()
- Commit:
35dd3fc8ce5c195b5b56d1711798da718cbb50e7
- From:
- Omar Polo <op@omarpolo.com>
- Date:
typo
- Commit:
e50f85adcb432192b35cf7b878c9104d697ad1a3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
load the certs per listening address
- Commit:
a0a42860d214974f2706d2a47203af9bc884f512
- From:
- Omar Polo <op@omarpolo.com>
- Date:
send host addresses to the server process
- Commit:
9fda962861db6c2322384e64fc737f25d4314d66
- From:
- Omar Polo <op@omarpolo.com>
- Date:
better fd rampage avoidance
flush imsg right in config_send_file()
- Commit:
509d0509a50883a6f8407b63774f40dd1e41dadf
- From:
- Omar Polo <op@omarpolo.com>
- Date:
implement `listen on'
Listening by default on all the addresses is so bad I don't know
why I haven't changed this before. Anyway.
Add a `listen on $hostname port $port' syntax to the config file
and deprecate the old "port" and "ipv6" global setting. Still try
to honour them when no "listen on" directive is used for backward
compatibily, but this will go away in the next next version hopefully.
At the moment the `listen on' in server context don't filter the
host, i.e. one can still reach a host from a address not specified
in the corresponding `liste on', this will be added later.
- Commit:
2cef5cf42a98f8b9c8c4f1a4d4da40b389de770a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
load_ca: get a buffer instead of a fd
We dup(1) the ca fd and send it to various processes, so they fail
loading it. Instead, use load_file to get a buffer with the file
content and pass that to load_ca which then loads via BIO.
- Commit:
89cfcb456921ed65a812b6e960de390553ac0ae5
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify config_send_kp: use config_send_file
- Commit:
ba290ef3affaad8a51b789eeadab269df1ffd0af
- From:
- Omar Polo <op@omarpolo.com>
- Date:
disable the privsep crypto engine on !OpenBSD
it fails bandly at runtime on various linux distros and on freebsd.
Until a fix is found, disable it so I can move forward.
- Commit:
86693a33abd5e8c31530adb3045c9f4664d4d6c9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
- Commit:
4ad573d0d5675212b0b5719a0a5c1de22974dd0e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rework load_file to use pread()
avoids issues since the same file is sent to multiple processes
after being dup()'ed. Since these files are meant to be regular
files, I don't expect short reads.
- Commit:
1a99859b357957715fb62ced6ddef871ca9ab3a0
- From:
- Omar Polo <op@omarpolo.com>
- Date:
adjust how locations are received