| Age | Commit message (Collapse) | Author |
|---|
|
commit doing the same.
|
|
|
|
|
|
|
|
|
|
From Jan Schreiber
|
|
from Gregor Best, discussed with florian
|
|
|
|
As done in iked and snmpd.
OK jung@
|
|
|
|
include the process name, and replace all calls of fatal*(NULL) with
fatal(__func__) for better debugging.
OK benno@
|
|
get rid of the "LOSS OF MIND" joke. Haha. We keep on removing it and
it shows up again because it accidentally gets synced from somewhere
else. bgpd and ospfd don't have it anymore, but their offsprings
still carry it. If you see it, remove it, and, in the OpenBSD ISC
case, use the original text from /usr/share/misc/license.template.
All authors agree.
|
|
both daemons are now sharing the same file. No functional changes.
|
|
strndup().
ok millert@
|
|
1) The main process listens on sockets and accepts connections. It
creates and opens log files, creates and kills child processes. On
start up and on receiving a HUP signal it parses the configuration. It
passes on file descriptors for logging or requests to it's children.
2) The logger process writes log messages to a file descriptor passed
in from the main process.
3) The server process reads the request from a file descriptor passed
in from the main process. It reads a file or creates a directory index
to send a response.
Additionally this process handles fastcgi requests. It connects to
AF_UNIX, AF_INET or AF_INET6 sockets. A re-factoring might make it
possible to drop the additional fastcgi privileges when only static
files are served.
with deraadt@ some time ago
prodding & OK deraadt@
tweaks and OK reyk@
|
|
|
|
|
|
|
|
diff from Denis Fondras
ok reyk
|
|
|
|
Ok gilles@, reyk@
|
|
From Michael McConville
|
|
ok reyk@
|
|
|
|
where the handshake has successfully completed.
ok beck@
|
|
jointly with jsing@
|
|
ok jsing@
|
|
ok beck@
|
|
srv_conf->auth in serverconfig_free() because it was not allocated in
config_getserver() but assigned as a reference by id from a global
list that is maintained independently. This fixes a potential
double-free. This fix also makes srv_conf->auth "const" to emphasize
that the read-only auth pointer was not allocated here.
OK jsing@
|
|
handling the HTTP methods in server_http.c which resulted in a 405
method not allowed error when trying to use it.
Fix by jaminh on github
|
|
ok millert krw
|
|
of u_intN_t) and replace u_int with unsigned int. Mixing both
variants is a bad style and most contributors seem to prefer this
style; it also helps us to get used to it, portability, and
standardization.
Theoretically no binary change, except one in practice: httpd.o has a
different checksum because gcc with -O2 pads/optimizes "struct
privsep" differently when using "unsigned int" instead "u_int" for the
affected members. "u_int" is just a typedef of "unsigned int", -O0
doesn't build the difference and clang with -O2 doesn't do it either -
it is just another curiosity from gcc-land.
OK semarie@
|
|
|
|
might return a negative number; the return value of match_error()
which returns (-1). This was technically a bug, and it exists in 5.8,
but there is no impact because the error is correctly catched with the
returned non-NULL error string.
Found by Leandro Pereira
|
|
previously disabled it because we were reading to fast (from disk).
Problem noted and tracked down to that commit by weerd@ and
independently by stsp@.
Tested by weerd@, stsp@, reyk@
OK bluhm@, reyk@
|
|
Strict-Transport-Security headers. Add __format__ attribute to
kv_set() and kv_setkey() to make it easier to spot such problems.
Found by and fix from Donovan Watteau <tsoomi -AT- gmail -DOT- com>,
thanks for your help.
ok deraadt@
|
|
we need more care to find a proper fix for the fastcgi headers.
acknowledged by deraadt@
|
|
parse it. Otherwise http headers can leak into the body.
Pointed out by Jean-Philippe Ouellet on bugs@ Thanks!
OK reyk, commit ASAP deraadt@
|
|
OK reyk
|
|
The diff corrects this problem by using VIS_DQ.
ok reyk@ florian@
|
|
OK reyk@
|
|
ok florian@
|
|
OK florian@
|
|
ok florian@
|
|
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default. This gives
tls_write() a similar short write semantics as write(2) and a
workaround in httpd to cope with the previous differences can be
removed. Specifically, httpd can stop copying data into a local
buffer that was used to keep it around for repeated writes.
OK bluhm@
|
|
ok florian@
|
|
ok reyk@
|
|
|
|
eg. default type text/html.
OK florian@
|
|
Input & OK reyk
|
