lighttpd1.4

lighttpd

lighttpd1.4

Author	SHA1	Message	Date
Gaël PORTAY	04d510af20	[mod_openssl] ignore client verification error if not enforced ignore client verification error if not enforced e.g. not ssl.verifyclient.enforce = "enable" github: closes #83 x-ref: "ignore client verification error if not enforced" https://github.com/lighttpd/lighttpd1.4/pull/83	6 years ago
Glenn Strauss	0399609ac2	[mod_openssl] ssl.ca-dn-file (fixes #2694 ) (original patch by mackyle) The ssl.ca-dn-file option provides independent control of the "certificate_authorities" field (see RFC 5246 section 7.4.4 Certificate Request) separate from the actual list of trusted certificate authorities used for client certificate verification. It may be necessary to send a hint that includes the DN of a non-root client CA in order to receive the correct certificate from the client, but such a non-root CA really does not belong in the trusted client root CA list. Signed-off-by: Kyle J. McKay mackyle@gmail.com github: closes #64 x-ref: "add support for ssl.cadn-file" https://redmine.lighttpd.net/issues/2694 https://github.com/lighttpd/lighttpd1.4/pull/64	6 years ago
Gaël PORTAY	e422ac128a	[mod_openssl] ssl.ca-crl-file for CRL (fixes #2319 ) (original patch by binbrain, and updated by flynn) github: closes #82 x-ref: "Support CRLs for client certificate verification" https://redmine.lighttpd.net/issues/2319 https://github.com/lighttpd/lighttpd1.4/pull/82	6 years ago
Glenn Strauss	86bb8be2c8	[core] perf: skip redundant strlen() if len known performance: skip redundant strlen() if length is already known introduce array_get_element_klen() to take key and klen params	6 years ago
Glenn Strauss	a434a3fab0	[mod_openssl] free local_send_buffer at exit	6 years ago
Glenn Strauss	78cc72726d	[mod_extforward] support HAProxy "PROXY" protocol (fixes #2804 ) experimental support to receive requests via HAProxy "PROXY" protocol x-ref: "The PROXY protocol - Versions 1 & 2" http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt "support (HAProxy) PROXY protocol for receiving requests" https://redmine.lighttpd.net/issues/2804	6 years ago
Glenn Strauss	e33ec75999	[core] save connection-level proto in con->proto The per-request scheme starts with con->proto (e.g. "http") and can later be changed per-request by mod_extforward or mod_magnet	6 years ago
Glenn Strauss	1485cb401b	[core] fix crash if invalid config file (fixes #2798 ) If lighttpd.conf is invalid, some modules may not have initialized their per-context config structures, but will have their free-functions called, which should not be run on uninitialized per-context configs. x-ref: "Segfault with simple-vhost.debug = "enable"" https://redmine.lighttpd.net/issues/2798	6 years ago
Glenn Strauss	82501d24f2	[mod_openssl] inherit ssl.* from global scope inherit ssl.* from global scope if $SERVER["socket"] contains ssl.engine = "enable" and no other ssl.* settings (In earlier versions of lighttpd, specifying ssl.engine = "enable" without specifying ssl.pemfile was a configuration error, so this change should not break any pre-existing and previously working configs) x-ref: https://github.com/pfsense/FreeBSD-ports/pull/284	6 years ago
Glenn Strauss	acc37c1cbc	[mod_openssl] use TLS SNI to set host-based certs and then allow HTTP Host header to set con->uri.authority remove con->tlsext_server_name	6 years ago
Glenn Strauss	20946a8b92	[mod_openssl] allow ssl.verifyclient on url paths (fixes #2245 ) re-patch mod_openssl config within the request so that per-request settings can be applied, such as activating client cert verification for specific URL paths. (This can be used in conjunction with auth.backend = "extern" to require auth to occur) x-ref: "SSL : authenticate only clients for a particular URL" https://redmine.lighttpd.net/issues/2245	6 years ago
Glenn Strauss	8960633dc7	[mod_openssl] move openssl config into mod_openssl move openssl data structures and config parsing into mod_openssl	6 years ago
Glenn Strauss	bdbea2aea8	[mod_openssl] move openssl code into mod_openssl large code move, but minimal changes made to code (besides whitespace), so that code builds next: need to isolate openssl data structures and config parsing	6 years ago
Glenn Strauss	cb9ebe9fa6	[mod_openssl] new module (preliminary layout)	6 years ago

14 Commits (04d510af20bdff46a99ac0f800aa497636d8a19b)