Commit Graph

3241 Commits (68d626fa9fe44dd08026727442210f3ba0a71e9f)

Author SHA1 Message Date
Glenn Strauss 68d626fa9f [mod_openssl] SSL_R_UNEXPECTED_EOF_WHILE_READING
report SSL_R_UNEXPECTED_EOF_WHILE_READING if debug.log-ssl-noise enabled

added in openssl 1.1.1e and reverted in 1.1.1f, but kept in 3.0 branch
2020-07-08 22:51:31 -04:00
Glenn Strauss b33b6f9121 [mod_openssl] do not log ECONNRESET unless debug
do not log ECONNRESET to errorlog unless debug.log-ssl-noise = "enable"
2020-07-08 22:51:31 -04:00
Glenn Strauss 446866333f [multiple] use *(unsigned char *) with ctypes 2020-07-08 22:51:31 -04:00
Glenn Strauss 455dc03778 [core] prefer getxattr() instead of get_attr()
(when lighttpd is built ./configure --with-attr)
2020-07-08 22:51:31 -04:00
Glenn Strauss cb753ec5b5 [mod_mbedtls] mbedTLS option for TLS

mod_mbedtls supports most ssl.* config options supported by mod_openssl

thx Ward Willats for the initial discussion and attempt in the comments
2020-07-08 22:51:31 -04:00
Glenn Strauss 7de51cc77b [core] add seed before openssl RAND_pseudo_bytes() 2020-07-08 19:54:30 -04:00
Glenn Strauss ce7840504d [mod_openssl] disable cert vrfy if ALPN acme-tls/1
disable client cert verification if ALPN "acme-tls/1"
2020-07-08 19:54:30 -04:00
Glenn Strauss f7bac374ee [mod_accesslog] process backslash-escapes in fmt
Process basic backslash-escapes in format string from lighttpd.conf
Supported sequences: \a \b \f \n \r \t \v
Other backslash-sequences are replaces with the char following backslash

(Apache mod_log_config supports \n and \t as special-cases)
2020-07-08 19:54:30 -04:00
Glenn Strauss f70912ee44 [mod_webdav] define PATH_MAX if not defined
(PATH_MAX does not appear to be defined on hurd-i386)
2020-07-08 19:54:30 -04:00
Glenn Strauss abe61d0445 [core] return EINVAL if stat_cache_get_entry w/o /
return EINVAL if stat_cache_get_entry() called on path w/o leading '/'
2020-07-08 19:54:30 -04:00
Glenn Strauss e6c47d6ecf [mod_cgi] remove redundant calls to set FD_CLOEXEC 2020-07-08 19:54:30 -04:00
Glenn Strauss 95b2774863 [core] skip excess close() when FD_CLOEXEC defined
do not run through close() loop after fork() and before execve()
when FD_CLOEXEC is defined
2020-07-08 19:54:30 -04:00
Glenn Strauss b28a3714c4 [multiple] ./configure --with-nettle to use Nettle
./configure --with-nettle to use Nettle crypto lib for algorithms,
instead of OpenSSL or wolfSSL.  Note: Nettle does not provide TLS.

  "How to use SHA-256 without OpenSSL?"
2020-07-08 19:54:30 -04:00
Glenn Strauss af836b94d3 [tests] fix skip count in mod-fastcgi w/o php-cgi
(fix test skip count when php-cgi is not available)
2020-07-08 19:54:30 -04:00
Glenn Strauss 0acb0f3604 [multiple] fix some cc warnings in 32-bit, powerpc 2020-07-08 19:54:30 -04:00
Glenn Strauss c752d4696e [multiple] correct misspellings in comments
  "Script for fixing spelling errors with codespell"
2020-07-08 19:54:30 -04:00
Glenn Strauss bcddbe186f [mod_proxy] stream request using HTTP/1.1 chunked (fixes #3006)
stream request body using HTTP/1.1 Transfer-Encoding: chunked

(Note: if backend proxy target does not support HTTP/1.1,
 then do not use = 1 or 2)

If not streaming to backend, collect request body
(now supporting Transfer-Encoding: chunked from client
 and then sending with Content-Length to backend)

  "Lighty returns HTTP 411 Length Required with proxy and streaming requests/reponses body"
2020-07-08 19:54:29 -04:00
Glenn Strauss 89082a12ca [config] blank server.tag if whitespace-only 2020-07-08 19:54:29 -04:00
Glenn Strauss e11f72b11d [doc] lighttpd.conf: lighttpd choose event-handler
comment out server.event-handler in sample lighttpd.conf
so that lighttpd chooses the recommended event-handler
for each OS
2020-07-08 19:54:29 -04:00
Glenn Strauss bc89b98acb [build] fix build on MacOS X Tiger
fixes for Tiger build, but can be applied generally to all builds
also requires legacysupport PortGroup for *at functions

2020-07-08 19:54:29 -04:00
Glenn Strauss e1188e770e [mod_auth] "nonce_secret" option to validate nonce (fixes #2976)
"nonce_secret" option to validate nonce was generated by the server

Marginally hardens HTTP Digest Auth.  Necessary piece, but not
sufficient, to restrict re-use of nonce (mitigations for replay
or limiting nonce count reuse via nc=... are not implemented)

  "Digest auth nonces are not validated"
2020-07-08 19:54:29 -04:00
Glenn Strauss 9fdf24468d [doc] src/t/README 2020-07-08 19:54:29 -04:00
Glenn Strauss 48e272b347 [doc] add link to wiki in doc/outdated/ssl.txt 2020-07-08 19:54:29 -04:00
Glenn Strauss 41a268b805 [core] parse header label before end of line
parse header label for colon before checking end of line for whitespace
2020-07-08 19:54:29 -04:00
Glenn Strauss b04f0311f9 [core] perf: tighten some code in some hot paths 2020-07-08 19:54:29 -04:00
Glenn Strauss a200e0c204 [core] use uint32_t in http_header.[ch]
headers should never approach anywhere remotely close to > 4 GB
2020-07-08 19:54:29 -04:00
Glenn Strauss 1d6003e575 [core] mark some chunk.c funcs as pure 2020-07-08 19:54:29 -04:00
Glenn Strauss eae84b6a69 [core] http_status_append() short-circuit 200 OK 2020-07-08 19:54:29 -04:00
Glenn Strauss 17e0b6fe30 [tests] use buffer_eq_slen() for str comparison
(substitute buffer_eq_slen() for buffer_is_equal_string())
2020-07-08 19:54:29 -04:00
Glenn Strauss dd91c1459c [core] http_response_config()
split from http_response_prepare()
2020-07-08 19:54:29 -04:00
Glenn Strauss 3f4f934485 [core] http_response_comeback()
group HANDLER_COMEBACK logic in http_response_comeback() and call it
from places that reset state in order to (sometimes partially) reprocess
a request.  This includes error handler (server.error-handler),
r->handler_module when cgi.local-redir, and looping in
http_response_prepare() when modules make changes to the request and
return HANDLER_COMEBACK (e.g. mod_rewrite, mod_magnet, mod_cml)

Also, set r->conditional_is_valid closer to where elements are set
(and become valid for use in condition checks), and parse target
in http_request_parse() instead of http_response_prepare()
2020-07-08 19:54:29 -04:00
Glenn Strauss a0029b21a1 [core] remove r->uri.path_raw; generate as needed
(r->uri.path_raw previously duplicated from r->target, minus query-part)
2020-07-08 19:54:29 -04:00
Glenn Strauss 9aa0b3409e [mod_magnet] modify r->target with "uri.path-raw" 2020-07-08 19:54:29 -04:00
Glenn Strauss d013d0abd3 [core] http_request_parse_target()
http_request_parse_target() split from http_response_prepare()
2020-07-08 19:54:29 -04:00
Glenn Strauss 34285ed0fa [core] dispatch handler in handle_request func
dispatch handler in connection_handle_request()
instead of in http_response_prepare()
2020-07-08 19:54:29 -04:00
Glenn Strauss c8a1cba0c1 [tests] t/test_mod_userdir
create t/test_mod_userdir to replace sparse tests in tests/mod-userdir.t
remove tests/mod-userdir.t
2020-07-08 19:54:29 -04:00
Glenn Strauss 8b7e110973 [tests] stub out config funcs in test_mod_* 2020-07-08 19:54:29 -04:00
Glenn Strauss 9914bb297b [core] C99 restrict on some base funcs
buffer.[ch], chunk.[ch], request.[ch], sock_addr.[ch]
2020-07-08 19:54:29 -04:00
Glenn Strauss c687e01c98 [core] r->uri.path always set, though might be ""
(might be "" if <backend>.server sets "fix-root-scriptname" => "enable")
2020-07-08 19:54:29 -04:00
Glenn Strauss 7c7f8c467c [multiple] split con, request (very large change)
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)

NB: request read and write chunkqueues currently point to connection
    chunkqueues; per-request and per-connection chunkqueues are
    not distinct from one another
      con->read_queue  == r->read_queue
      con->write_queue == r->write_queue

NB: in the future, a separate connection config may be needed for
    connection-level module hooks.  Similarly, might need to have
    per-request chunkqueues separate from per-connection chunkqueues.
    Should probably also have a request_reset() which is distinct from
2020-07-08 19:54:29 -04:00
Glenn Strauss cc2134c88b [multiple] copy small struct instead of memcpy()
when patching config
2020-07-08 19:54:29 -04:00
Glenn Strauss 31d9495330 [core] store subrequest_handler instead of mode
store pointer to module in handler_module instead of con->mode id
2020-07-08 19:54:29 -04:00
Glenn Strauss eea7cd3c2f [core] store (plugin *) in p->data
2020-07-08 19:54:29 -04:00
Glenn Strauss aca9d45adf [core] move request state into (request_st *)
NB: in the future, a separate connection state may be needed for
    connection-level state (different from request state)
2020-07-08 19:54:29 -04:00
Glenn Strauss a22cdca1cb [core] move addtl request-specific struct members 2020-07-08 19:54:29 -04:00
Glenn Strauss 100dfaa3f3 [core] move plugin_ctx into (request_st *)
NB: in the future, a separate plugin_ctx may be needed for
    connection-level plugins to keep state across multiple requests
2020-07-08 19:54:29 -04:00
Glenn Strauss 8131e4396d [core] move addtl request-specific struct members 2020-07-08 19:54:29 -04:00
Glenn Strauss 1474be7859 [core] move addtl request-specific struct members 2020-07-08 19:54:29 -04:00
Glenn Strauss 6fe031ef37 [core] move request start ts into (request_st *)
move request start timestamps into (request_st *)
2020-07-08 19:54:29 -04:00
Glenn Strauss b157ee8dfa [mod_accesslog] log_access_record() fmt log record
separate func to append log record to buffer
2020-07-08 19:54:29 -04:00