75 Commits (d85bdab43ff115763deb6f5cb292f650397fe5f4)

Author SHA1 Message Date
Glenn Strauss d85bdab43f [core] more careful parse of $SERVER["socket"] config str (prepare #2204) 6 years ago
Stefan Bühler c033a1966e [core] improve conditional enabling (thx Gwenlliana, #2598) 6 years ago
Stefan Bühler 566cf8decb add force_assert for more allocation results 7 years ago
Stefan Bühler 593599f14a rewrite network (write) backends 7 years ago
Stefan Bühler 6afad87d2e fix buffer, chunk and http_chunk API 8 years ago
Stefan Bühler b0a632f253 [network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609) 8 years ago
Stefan Bühler efc41b2bb1 check length of unix domain socket filenames 9 years ago
Stefan Bühler 9f2be4882d force assertion: setting FD_CLOEXEC must work (if available) 9 years ago
Stefan Bühler fba7dd6f43 fix resource leaks in error cases on config parsing and other initializations 9 years ago
Stefan Bühler bcd35cc264 remove logical dead code 9 years ago
Stefan Bühler a7396296da [network/ssl] fix build error if TLSEXT is disabled 9 years ago
Stefan Bühler c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) 9 years ago
Stefan Bühler 6f208cfde1 fix/silence bugs reported by ccc-analyzer (clang) 9 years ago
Stefan Bühler 1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508) 9 years ago
Stefan Bühler 3ce548c8d0 remove unused members from struct server_socket 9 years ago
Stefan Bühler 93fd9ea7a4 [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492) 9 years ago
Stefan Bühler 6d4d2118c3 [ssl] accept ssl renegotiations if they are not disabled (fixes #2491) 9 years ago
Stefan Bühler 05858f6cf2 [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) 9 years ago
Stefan Bühler 6cdb46587c [ssl] use DH only if openssl supports it (fixes #2479) 9 years ago
Stefan Bühler c3a9948c75 network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel) 10 years ago
Stefan Bühler 35875cd515 [ssl] include more headers explicitly 11 years ago
Stefan Bühler 456d7f4790 fix compile error when ssl is not enabled 11 years ago
Stefan Bühler 0f96222e7e [ssl] add option to honor server cipher order, true by default (fixes #2364) 11 years ago
Stefan Bühler 8c482a496d remove copy/paste remainings from previous commit 11 years ago
Stefan Bühler a94bdd07df [ssl] count renegotiations to prevent client renegotiations 11 years ago
Stefan Bühler cbf1baacc9 [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled 11 years ago
Stefan Bühler f434d514ad Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. 11 years ago
Stefan Bühler 55e1dc1825 [ssl/build] some minor fixes; fix compile without ssl, cleanup ssl config buffers 11 years ago
Stefan Bühler f610f894a3 ssl: Support for Diffie-Hellman and Elliptic-Curve Diffie-Hellman key exchange (fixes #2301, #2246, #2239) 11 years ago
Stefan Bühler 7e5b0fe9ab Rename fdevent_event_add to _set to reflect what the function does. Fix some handlers. 12 years ago
Stefan Bühler e23e999089 bind to IPV6-only if ipv6 address was specified (http://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config) 12 years ago
Stefan Bühler 4ae13c32b1 only require FDEVENT_IN bit to be set for listening connections (fixes #2227) 12 years ago
Stefan Bühler 38f2d1ddd7 cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls 12 years ago
Stefan Bühler b3892c1410 Reset uri.authority before TLS servername handling, reset all "keep-alive" data in connection_del (fixes #2125) 12 years ago
Stefan Bühler 34fb1258e4 Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech) 13 years ago
Stefan Bühler 1d5d55a484 Don't print ssl error if client didn't support TLS SNI 13 years ago
Stefan Bühler b987643307 Add SSL Client Certificate verification (#1288) 13 years ago
Stefan Bühler 97cec38a3b Fix compile error if TLS SNI isn't supported 13 years ago
Stefan Bühler 7322d53684 Fix some warnings in previous commit (TLS SNI) 13 years ago
Peter Colberg 8b6dae4139 Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg <peter@colberg.org>) 13 years ago
Stefan Bühler 22e8b456a9 Fix header inclusion order, always include "config.h" before any system header 13 years ago
Stefan Bühler f9e65e8500 Fixed some small non-critical leaks reported by cppcheck 13 years ago
Stefan Bühler 4df22f2a32 Fix issues found with clang analyzer 13 years ago
Stefan Bühler 8a24665a81 Allow all comparisons for $SERVER["socket"] - only bind for "==" 13 years ago
Stefan Bühler e1645ed287 Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026) 13 years ago
Stefan Bühler 0226d4bf36 Add option to enable TCP_DEFER_ACCEPT (fixes #1447) 13 years ago
Stefan Bühler 63f785a2f8 Added some extra warning options in cmake and fix the resulting warnings (unused/static functions) 14 years ago
Stefan Bühler 52861d77df Replace buffer_{append,copy}_string with the _len variant where possible (#1732, thx crypt) 14 years ago
Marcus Rückert 8cd1471cb3 - white space cleanup part 2 this time 1.4 ;) 16 years ago
Jan Kneschke 7b4097f7ee oops, use SSL_CTX_* if you modify the ssl_ctx 16 years ago