pull all ssl.ca-file values into all SSL_CTXs, but use only the local
ssl.ca-file for verify-client; correct SNI name is no requirement,
so enforcing verification for a subset of SNI names doesn't actually
protect those.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
if ssl.empty-fragments is set to enabled, but the openssl version used
to compile lighttpd doesn't support empty fragments, a warning is
displayed (it might still work).
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2891 152afb58-edef-0310-8abb-c4023f1b3aa9
con->conf.is_ssl got removed and replaced by:
* con->conf.ssl_enabled for the config var "ssl.engine" - it is only
used to determine which server-sockets should use ssl. (usually not
needed as it is mandatory and enough to set ssl.pemfile anyway)
* con->srv_socket->is_ssl to detect the actual ssl status of the
bound socket, which is the same as the ssl status of the connection
* con->uri.scheme for the actual $HTTP["scheme"] value, also used for
the CGI "HTTPS=ON" variable. This defaults to "https" if the
connection uses ssl, but can be changed for example by mod_extforward
if X-Forwarded-Proto: is set to either "http" or "https" (other values
are ignored right now)
Also removed the broken srv_socket->is_proxy_ssl as it was a connection
value in a server_socket struct...
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2887 152afb58-edef-0310-8abb-c4023f1b3aa9
* Remove ssl_error_want_reuse_buffer for SSL_read:
Although the manual states we have to use the same arguments in the
next call after SSL_ERROR_WANT_*, it has been running without this
in 1.5 for a long time now.
* As POST-data chunks get copied to the next queue, we reuse chunks
there as well.
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2710 152afb58-edef-0310-8abb-c4023f1b3aa9
* This patch may "break" some configs, if they do stupid things. Like setting
ssl.pemfile to a not existing file in a "non-socket/non-ssl" block.
Fix them! :)
From: Peter Colberg <peter@colberg.org>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2648 152afb58-edef-0310-8abb-c4023f1b3aa9
* The breakage-log simply replaces stderr (the old stderr is moved away if needed for errorlog),
and stderr isn't closed after forking.
It defaults to stderr if started with -n (no daemonize), otherwise it defaults to /dev/null.
It is _not_ reopened in log_error_cycle, as there may be many long running childs which have it
still open anyway. Use a pipe-logger with cycle-support if you need it.
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2550 152afb58-edef-0310-8abb-c4023f1b3aa9
$HTTP["url"] =~ "" { cgi.assign = ... } fails if there is a module
loaded which is called before uri_clean is set (mod_exforward,
mod_rewrite, ...)
- merged [1792], [1798], [1807], [1810], [1811] from trunk
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1942 152afb58-edef-0310-8abb-c4023f1b3aa9
etag.use-size to customize the generation of ETags for
static files. (fixes #1209) (patch by <Yusufg@gmail.com>)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1874 152afb58-edef-0310-8abb-c4023f1b3aa9
References to FAM stat cache engine should be conditional
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1664 152afb58-edef-0310-8abb-c4023f1b3aa9
i hope it helps with merging stuff back to 1.5
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
- added the follow-symlink into the hash-key
- delete all versions if a file/dir is moved or deleted
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.11-ssl-fixes@1332 152afb58-edef-0310-8abb-c4023f1b3aa9
- reuse the last read-buffer after a SSL_ERROR_WANT_READ
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.11-ssl-fixes@1274 152afb58-edef-0310-8abb-c4023f1b3aa9
- use case-insensitive matches for mod_auth too if the FS is lower-case
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@939 152afb58-edef-0310-8abb-c4023f1b3aa9
- added checks for prctl to enable core files after setuid() <sandy@meebo.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@889 152afb58-edef-0310-8abb-c4023f1b3aa9
server.upload-dirs is the option in the configfile
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@812 152afb58-edef-0310-8abb-c4023f1b3aa9
which can buffer to tempfiles of the content is to large
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@741 152afb58-edef-0310-8abb-c4023f1b3aa9
Peter Colberg
