augment configure.ac msgs to remove FAM on linux and *bsd
x-ref:
"stat-cache-fam feature appears disabled since 1.4.56"
https://redmine.lighttpd.net/issues/3068
- rewrite fcgi-responder as standalone app
fcgi-responder is now a minimal, standalone FastCGI server for tests
- remove dependency on fcgi-devel package
- merge fcgi-auth into fcgi-responder
crippled functionality if wolfssl library not built --enable-opensslall
* SNI not handled since SNI callbacks are disabled in wolfSSL library
unless the wolfSSL library is built with --enable-openssall
This means that there is only one certificate per listening socket --
no certificate selection based on server name indication (SNI)
and is additionally a violation of the HTTP/2 specification,
which requires SNI.
slightly reduced functionality if wolfssl not built --enable-opensslall
* disable client certificate verification (error out if in lighttpd.conf)
* omit SSL_CIPHER_USEKEYSIZE, SSL_CIPHER_ALGKEYSIZE env vars
use NSS crypto if no other crypto avail, but NSS crypto is available
"NSS crypto support" is not included in tests/LightyTest.pm:has_crypto()
due to NSS libraries (freebl3) lacking public export for HMAC funcs
define LSHPACK_DEC_HTTP1X_OUTPUT 0
lighttpd does not require HTTP/1.1 output compat from HPACK decoder
("field-name: value\r\n")
define NDEBUG (in ls-hpack/lshpack.c)
lighttpd spends upwards of 20% total lighttpd CPU time in HPACK
encode/decode in h2load test on static file over cleartext (not TLS)
Defining NDEBUG eliminates some asserts() and results in a small
but measurable reduction in CPU usage
LiteSpeed ls-hpack v2.2.1
XXX: might be better to include this as a git submodule
but minor code changes were made here for portability:
- C99 flexible array members defined as a[] instead of a[0])
- pedantic compiler warnings (excess ';' and missing declarations)
- deletion of large tables from ls-hpack/huff-tables.h (code size)
./configure --with-bzip2 to enable
(autoconf build previously had bzip2 enabled by default, but bzip2
already disabled by default in CMake, SCONS, and meson build configs)
(experimental)
mod_gnutls supports most ssl.* config options supported by mod_openssl
x-ref:
"GnuTLS support for the mod_ssl"
https://redmine.lighttpd.net/issues/109
(experimental)
mod_mbedtls supports most ssl.* config options supported by mod_openssl
thx Ward Willats for the initial discussion and attempt in the comments
https://redmine.lighttpd.net/boards/3/topics/7029
./configure --with-nettle to use Nettle crypto lib for algorithms,
instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS.
x-ref:
"How to use SHA-256 without OpenSSL?"
https://redmine.lighttpd.net/boards/2/topics/8903
Niclas Rosenvik
