| Age | Commit message (Collapse) | Author |
|---|
|
from Hiltjo Posthuma (hiltjo(at)codemadness.org)
|
|
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
|
ok florian@
|
|
date: 2018/10/01 19:24:09; author: benno; state: Exp; lines: +7 -1;
commitid: 0O8fyHPNvPd8rvYU;
Only send 408 Timeout responses when we have seen at least part of a
request. Without a request, just close the connection when we hit
request timeout.
Prompted by a bug report from Nikola Kolev, thanks.
ok reyk@ and some suggestions from claudio@ and bluhm@
Mark Patruck (mark AT wrapped DOT cx) found a problem with it, thanks
for the report.
ok reyk@ bluhm@ sthen@ deraadt@
|
|
request. Without a request, just close the connection when we hit
request timeout.
Prompted by a bug report from Nikola Kolev, thanks.
ok reyk@ and some suggestions from claudio@ and bluhm@
|
|
proc_init(). As a consequence httpd(8) and relayd(8) child processes
did not detach from the terminal anymore. Dup /dev/null to the
stdio file descriptors in the children.
OK benno@
|
|
RFC 7230 states that a server MUST NOT do so.
At least relayd chokes on this.
Pointed out & diff by Carlin Bingham (cb AT walcyrge.org), thanks!
OK benno
|
|
"looks good" gilles@ halex@
|
|
for example now it can hold the recommended cipher list from the mozilla
ssl config generator rather than failing with a "ciphers too long" error.
ok benno@ sthen@ tb@
|
|
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
|
|
calloc or strdup), we just need to log that we ran out of memory in a
particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
|
For example:
location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}
Requested by many.
Ok benno@
|
|
use a more general text for the sections, and avoid the catchup issue
that was trying to document how many there were;
ok benno rob
|
|
Found by Mischa Peters, thanks
|
|
Reported by Hidvegi Gabor gaborca websivision hu
Fix found by anton@
OK anton@
|
|
|
|
"root strip" was semantically incorrect and did cause some confusion
as it never stripped the root but the client's request path.
Discussed with many. Heads up: this is a grammar change that also
affects acme-client(1) configurations (see current.html).
OK claudio@
|
|
This fixes a bug in the macros and log file handler that
double-encoded the query. This does not change FCGI as it was already
handling the query correctly.
Additional verification of the QUERY_STRING should be implemented as well.
OK claudio@
|
|
Spotted by benno@
|
|
Thanks to otto@ for the initial diff.
OK benno@
|
|
Otherwise the default port for http or https may used depending on
uninitialized memory. Fixes regress on i386.
OK reyk@
|
|
Pointed out by jmc@
|
|
From Jack Burton <jack at saosce dot com dot au> - thanks!
Also tested by Jan Klemkow <j.klemkow at wemelug dot de>.
ok beck@ reyk@
|
|
No functional change, but it makes it easier to deal with the grammar.
|
|
|
|
|
|
OK florian@ jmc@
|
|
ok benno@
|
|
"listen on * port 80".
While here accept up to 16 addresses from DNS or interface groups.
requested by & "lovely" deraadt@
OK kn@
|
|
connection and eventually stop answering queries because of file
descriptor starvation.
Problem reported by, minimal testcase provided and testing by trondd
_AT_ kagu-tsuchi.com, thanks!
Testing Nick Holland and millert
OK deraadt
|
|
the terminating NUL.
Do not use it for a "small string" or a "probably short path". Replace
it with new defines or PATH_MAX.
It also makes the life easier for people auditing the tree for real
usage of NAME_MAX.
OK deraadt, benno
|
|
that the path to "file" is not relative to the chroot;
|
|
|
|
ok sthen@ phessler@
|
|
This allows something external (like ocspcheck) to disable the stapling
deliberatly if it can not retreive a valid staple by truncating the
staple file to indicate "do not provide a staple", while the file not
existin will still be treated as a configuration error
ok claudio@ florian@, and prompted by @jsing
|
|
|
|
ok claudio@ florian@
|
|
Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT
gmail, thanks!
chris@ pointed out that more than httpd(8) is effected.
OK gilles@
|
|
|
|
to be specified, rather than a single curve.
ok beck@
|
|
Thanks Nick Owens
OK florian@
|
|
are no longer limited by the 16KB maximum size of a single imsg.
Configuration data that is larger than a single message is now chunked and
sent via multiple imsgs.
Prompted by a diff from Jack Burton <jack at saosce dot com dot au>.
ok reyk@
|
|
instead of CLEANFILES += y.tab.h
okay millert@
|
|
mandoc -Tlint. While here, make macro usage more consistent.
|
|
From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks!
ok florian, claudio
|
|
"block return 401". Problem reported by Jurjen Oskam.
ok florian@
|
|
|
|
Pointed out by Anton Lindqvist (anton.lindqvist AT gmail), thanks!
|
|
the servers config for its rekeying handling. Without this no rekeying happens
and httpd stops working. Learned the hard way by me and beck@
OK reyk@
|
|
tls ticket lifetime default
to turn it on with a 2h ticket lifetime.
Rekeying happens after a quarter of that time.
OK reky@ and bob@
|
