| Age | Commit message (Collapse) | Author |
|---|
|
ok claudio@ florian@
|
|
Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT
gmail, thanks!
chris@ pointed out that more than httpd(8) is effected.
OK gilles@
|
|
|
|
to be specified, rather than a single curve.
ok beck@
|
|
Thanks Nick Owens
OK florian@
|
|
are no longer limited by the 16KB maximum size of a single imsg.
Configuration data that is larger than a single message is now chunked and
sent via multiple imsgs.
Prompted by a diff from Jack Burton <jack at saosce dot com dot au>.
ok reyk@
|
|
instead of CLEANFILES += y.tab.h
okay millert@
|
|
mandoc -Tlint. While here, make macro usage more consistent.
|
|
From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks!
ok florian, claudio
|
|
"block return 401". Problem reported by Jurjen Oskam.
ok florian@
|
|
|
|
Pointed out by Anton Lindqvist (anton.lindqvist AT gmail), thanks!
|
|
the servers config for its rekeying handling. Without this no rekeying happens
and httpd stops working. Learned the hard way by me and beck@
OK reyk@
|
|
tls ticket lifetime default
to turn it on with a 2h ticket lifetime.
Rekeying happens after a quarter of that time.
OK reky@ and bob@
|
|
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
|
From Rivo Nurges Rivo.Nurges AT smit.ee, thanks!
OK reyk
|
|
Fix by Rivo Nurges, fixes a problem with Atlassian JIRA
OK benno@
|
|
|
|
Make sure that the beginning of a new request starts with an
alphabetic character. This is a quick way to detect non-ASCII
requests (eg. TLS on port 80). The full validation of the request
method is done once the input line is read.
Make sure that non-terminated lines do not exceed the
SERVER_MAXHEADERLENGTH which is 8k. As the current read watermark is
set to 64k, this means that the limit check is triggered after max.
64k of input, depending on the TCP read buffer.
OK benno@ jsing@
|
|
instead pull in <netinet/in.h> or <arpa/inet.h> when those are needed.
ok florian@ beck@ millert@
|
|
Tested & OK jung@
|
|
using keypair_ocsp..
ok reyk@
|
|
|
|
added associated to a keypair used for SNI, and are usable for more than
just the "main" certificate. Modify httpd to use this.
Bump libtls minor.
ok jsing@
|
|
The previous implementation loaded all the output into a single output
buffer and used its size to determine the Content-Length of the body.
The new implementation calculates the body length first and writes the
individual ranges in an async way using the bufferevent mechanism.
This prevents httpd from using too much memory and applies the
watermark and throttling mechanisms to range requests.
Problem reported by Pierre Kim (pierre.kim.sec at gmail.com)
OK benno@ sunil@
|
|
Introduce a new variable clt_headersdone in the async HTTP parser.
OK sunil@ benno@
|
|
Either libevent or the TLS callback can trigger an EOF when the
connection is closed.
OK sunil@ jung@ benno@
|
|
OK jsg@
|
|
ok jmc@
|
|
|
|
|
|
upon "inet". Adjust the 4 programs that care about this.
|
|
incoming socket, so userspace doesn't need to set it unless it has its
own reasons for tracking the size along with the sockaddr.
ok phessler@ deraadt@ florian@
|
|
steal code.
|
|
This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().
Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
|
|
TAILQ_FOREACH().
No intentional functional change.
ok reyk@
|
|
so it is safe calling log_* after an error without loosing the it.
|
|
modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
|
with more modern TAILQ_FOREACH(). This what symget() was already
doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
|
an int.
|
|
and this way we can give a separate specific error message.
ok beck@ reyk@
|
|
patch from grunk@; feedback and OK jmc@; OK florian@
|
|
ok florian@
|
|
ok jsing@
|
|
ok jsing@
|
|
|
|
ok jsing@ bcook@
|
|
additional actions before printing it. OK rzalamena@
|
|
sockets by sending the fd one-by-one. This allows to start httpd with
max 32 server instances and many server sockets without changing the
default rlimits in any way.
OK rzalamena@
|
|
start up. To achieve this proc_init() initiates only the necessary pipes
between child and parent, allocate and distribute fds in proc_connect().
In case of configuration checks ('-n') we do nothing in proc_init() and
proc_connect().
ok reyk@
|
