Make Digest authentication more compliant with RFC.
Excerpt from https://www.rfc-editor.org/rfc/rfc7616.txt Section 5.13:
The bottom line is that any compliant implementation will be
relatively weak by cryptographic standards, but any compliant
implementation will be far superior to Basic Authentication.
x-ref:
"Serious security problem in Digest Authentication"
https://redmine.lighttpd.net/issues/1844
inherit server.use-ipv6 and server.set-v6only from global scope
into $SERVER["socket"] blocks
(This potential behavior change was announced with lighttpd 1.4.40)
x-ref:
"$SERVER["socket"] to bind to IPv6 by default"
https://redmine.lighttpd.net/issues/678
url.access-allow is list of allowed url suffixes (e.g. file extensions)
If url.access-allow has been set, then deny any URL that does not match
the explicitly listed suffixes.
(thx japc)
x-ref:
"access_allow directive for lighttpd"
https://redmine.lighttpd.net/issues/1421
error out if duplicated unix socket path and different bin-path is
used by lighttpd to start the backend. This is an error.
Updates commits 97556d99 and b67ff2aa
x-ref:
"Should warn if two FastCGI servers point to same socket file"
https://redmine.lighttpd.net/issues/319
silently use same 'host' if unix socket path is duplicated
(instead of erroring out). Updates commit 97556d99
(It is possible for use of += in config to result in duplicated
fastcgi.server and scgi.server entries)
x-ref:
"Should warn if two FastCGI servers point to same socket file"
https://redmine.lighttpd.net/issues/319
fix memory leak
reduce code redundancy
convert code to use newer buffer.h APIs
proper cleanup if upload cancelled or client disconnected
change "starting" message to "not in progress" if upload not in progress
openssl interfaces typically return 1 to indicate success,
with varying return values to indicate failure
(sometimes 0, sometimes 'not 1')
(thx mackyle)
do not expose server info server_tag is configured by admin
default con->conf.server_tag is still PACKAGE_DESC, those
admin can configure server.tag otherwise.
(these changes reduce recompilation and relinking when switching
brances in source control)
cygwin does not support ioctl on sockets, returning EOPTNOTSUPP
(would be better if cygwin used Windows ioctlsocket() instead)
Windows uses signed (socklen_t), so add some casts to quiet warnings
Windows path handling is convoluted, so disable one tests in mod_fastcgi
since trailing spaces are removed from URL for _WIN32 and __CYGWIN__ in
response.c
buffer.c:itostr() undefined behavior taking modulus of negative number
additional minor code changes made to quiet other coverity warnings
(false positives)
fd leak in mod_dirlisting.c
use after free in error condition in mod_proxy.c
NULL pointer dereference in error message in chunk.c
additional minor code changes made to quiet other coverity warnings
asynchronous, bidirectional streaming support for request and response
Merge branch 'bug-949-streaming-request-response' into gmaster
github: closes #66
fbrosson
