lighttpd1.4

lighttpd

lighttpd1.4

Author	SHA1	Message	Date
Glenn Strauss	bf4054f8ec	[mod_gnutls] GnuTLS option for TLS (fixes #109 ) (experimental) mod_gnutls supports most ssl.* config options supported by mod_openssl x-ref: "GnuTLS support for the mod_ssl" https://redmine.lighttpd.net/issues/109	3 years ago
Glenn Strauss	cb753ec5b5	[mod_mbedtls] mbedTLS option for TLS (experimental) mod_mbedtls supports most ssl.* config options supported by mod_openssl thx Ward Willats for the initial discussion and attempt in the comments https://redmine.lighttpd.net/boards/3/topics/7029	3 years ago
Glenn Strauss	7de51cc77b	[core] add seed before openssl RAND_pseudo_bytes()	3 years ago
Glenn Strauss	b28a3714c4	[multiple] ./configure --with-nettle to use Nettle ./configure --with-nettle to use Nettle crypto lib for algorithms, instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS. x-ref: "How to use SHA-256 without OpenSSL?" https://redmine.lighttpd.net/boards/2/topics/8903	3 years ago
Glenn Strauss	2c18090216	[core] remove include base.h where unused	3 years ago
Glenn Strauss	37bd124ae4	[core] pass conf.follow_symlink in more places	4 years ago
Rosen Penev	bc91bbd0c6	[core] Don't call RAND_cleanup with OpenSSL 1.1.x RAND_cleanup is deprecated and does nothing with 1.1.x. It also breaks with OpenSSL compiled with no deprecated APIs. (-DOPENSSL_API_COMPAT=<version>) github: closes #93	4 years ago
Glenn Strauss	368630d925	[TLS] sys-crypto.h abstraction	4 years ago
Glenn Strauss	6e171bd4b9	[core] adjust li_rand_pseudo* interfaces	5 years ago
Glenn Strauss	26dce93086	[core] attempt to quiet compiler warning in LEDE	5 years ago
Glenn Strauss	6f88c28c44	[core] fix compiler warnings on Mac OS X (thx wardw)	6 years ago
Glenn Strauss	a53f662a30	[core] remove some unused header includes remove exposure of stdio.h in buffer.h for print_backtrace(), now static	6 years ago
Glenn Strauss	5b81201be9	[TLS] include <openssl/opensslv.h> in rand.c include <openssl/opensslv.h> in rand.c for OPENSSL_VERSION_NUMBER (openssl 1.1.0 deprecates RAND_pseudo_bytes())	6 years ago
Glenn Strauss	a801ef55a0	[TLS] mark code that uses -lcrypto but not -lssl mark code that uses openssl -lcrypto with USE_OPENSSL_CRYPTO to note that it does not depend on openssl -lssl (USE_OPENSSL)	6 years ago
Glenn Strauss	28c8fec42b	[core] defer li_rand_init() until first use defer li_rand_init() until first use of li_rand_pseudo_bytes() li_rand_init() is now deferred until first use so that installations that do not use modules which use these routines do need to potentially block at startup. Current use by core lighttpd modules is in mod_auth HTTP Digest auth and in mod_usertrack. Deferring collection of random data until first use may allow sufficient entropy to be collected by kernel before first use, helping reduce or avoid situations in low-entropy-generating embedded devices which might otherwise block lighttpd for minutes at device startup. Further discussion in https://redmine.lighttpd.net/boards/2/topics/6981	6 years ago
Glenn Strauss	c64c2173ce	[core] rename li_rand() to li_rand_pseudo_bytes() to be more explicit that the result is pseudo-random data and not cryptographically random.	6 years ago
Glenn Strauss	64a7b64c2b	RAND_pseudo_bytes() is deprecated in openssl 1.1.0	6 years ago
Glenn Strauss	df61f19daf	[core] compile fix for Mac OS X 10.6 (old) (fixes #2773 ) Mac OS X 10.7 Lion introduces arc4random_buf() (thx ryandesign) x-ref: "Mac OS X build issue Undefined symbols" https://redmine.lighttpd.net/issues/2773	6 years ago
Glenn Strauss	032772ab6c	add random() to list of rand() fallbacks (but prefer better mechanisms)	6 years ago
Glenn Strauss	7f4e156e5f	[core] rand.[ch] to use better RNGs when available prefer RAND_pseudo_bytes() (openssl), arc4random() or jrand48(), if available, over rand() These are not necessarily cryptographically secure, but should be better than rand()	6 years ago

20 Commits (10dbe38a92cc278170213a6f50b0d3d5288113ac)