add gencert, a simple script to generate self-signed certs

tweak landlock comment

print the error too if we can't open a directory It's not intuitive to print open ... for domain xyz it doesn't convey that the open failed. now it appends the error string, at least the user can understand that something went wrong. reported by cage on irc, thanks!

add compat for sys/tree.h

Store clients inside a splay tree From day one we've been using a static array of client struct to hold the clients data. This has variuos drawbacks, among which: * reuse of the storage ("shades of heartbleed") * maximum fixed amount of clients connected at the same time * bugs are harder to debug The last point in particular is important because if we mess the client ids, or try to execute some functions (e.g. the various fcgi_*) after a client has been disconnected, it's harder to "see" this "use after free"-tier kind of bug. Now I'm using a splay tree to hold the data about the live connections. Each client' data is managed by malloc. If we try to access a client data after the disconnection we'll probably crash with a SIGSEGV and find the bug is more easy. Performance-wise the connection phase should be faster since we don't have to loop anymore to find an empty spot in the clients array, but some operations could be slightly slower (compare the O(1) access in an array with a SPLAY_FIND operation -- still be faster than O(n) thought.)

one FastCGI connection per client FastCGI is designed to multiplex requests over a single connection, so ideally the server can open only one connection per worker to the FastCGI application and that's that. Doing this kind of multiplexing makes the code harder to follow and easier to break/leak etc on the gmid side however. OpenBSD' httpd seems to open one connection per client, so why can't we too? One connection per request is still way better (lighter) than using CGI, and we can avoid all the pitfalls of the multiplexing (keeping track of "live ids", properly shut down etc...)

allow to run only a subset of the runtime tests with make TESTS='test_1 test_2 ...' regress now it's possible to run only that specified subset of tests. It's really useful during debugging :)

plug a memory leak c->req is set in client_read but never deallocated

fmt

add the upload target to ease publishing the site

[gemini] tweak the contrib page I find it more readable with some empty lines here and there

improve the service file usage instructions Thanks Martin for providing these information :)

add targets to serve the site locally

import the capsule/website

add .cirrus.yml Add a cirrus CI config file that runs the regression suite on linux amd64/aarch64 and on freebsd.