lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
3,746 Commits 9 Branches 87 Tags 16 MiB
Commit Graph

3746 Commits

Author SHA1 Message Date
Glenn Strauss 471ab4dd5b [core] fix 100% CPU spin if traffic limit hit 
(thx Dirk) (reported on FreeBSD)

HTTP/1.1 requests might end up spinning if traffic limits are configured
  (connection.kbytes-per-second)
  (server.kbytes-per-second)
 2021-01-19 12:02:12 -05:00
Glenn Strauss fcbfc08352 [core] check more carefully after SSL_WANT_WRITE 
con->is_readable and con->is_writable might be set to -1 by TLS modules
which encounter SSL_WANT_READ or SSL_WANT_WRITE.  Either might occur
during read or write, and so -1 was used to flag this.

However, code which used con->is_readable and con->is_writable now needs
to check for value > 0 rather than treating value as a boolean.
 2021-01-19 12:01:10 -05:00
Glenn Strauss b757e738fd [mod_gnutls] fix alt code for coverity 2021-01-17 16:17:01 -05:00
Glenn Strauss 915b4ef3fc [multiple] fix TLS config string parsing 
flagged by coverity

(incomplete fix a few commits back)
 2021-01-17 15:50:28 -05:00
Glenn Strauss 9d8d559e1f [mod_wolfssl] fix syntax errors 2021-01-17 15:06:24 -05:00
Glenn Strauss 755f895b79 [mod_wolfssl] wipe ssl_pemfile_pkey before free() 2021-01-17 14:52:12 -05:00
Glenn Strauss a16488269d [mod_gnutls] fix ssl.ca_dn_file data access 
identified by coverity

If ssl.ca_dn_file is set, then its contents were not properly matched
against the provided client certificate
 2021-01-17 14:45:10 -05:00
Glenn Strauss d5b166c04d [multiple] fix TLS config string parsing 
flagged by coverity

final segment of colon (':') separated string was being ignored
in some TLS config strings in mod_gnutls and mod_mbedtls

workaround: add ':' at end of config string (or apply this patch)
 2021-01-17 14:33:19 -05:00
Glenn Strauss 0e2a14921e [multiple] fix coverity warnings 2021-01-17 14:32:46 -05:00
Glenn Strauss 5b0aed8c32 [mod_deflate] compat with zstd < v1.4.0 
ZSTD_compressStream2() was an "advanced API" (experimental; unstable)
in v1.3.x
 2021-01-17 08:33:02 -05:00
Glenn Strauss f8792bfb5a [mod_deflate] use zstd typedefs (minor cleanup) 2021-01-17 08:32:38 -05:00
Glenn Strauss 625d57b2d9 build] scripts/ci-build.sh remove --with-maxminddb 
remove --with-maxminddb;
  maxminddb libs not currently part of our FreeBSD build images
 2021-01-16 23:07:06 -05:00
Glenn Strauss 02c83d735c [build] scripts/ci-build.sh add --with-maxminddb 2021-01-16 22:52:32 -05:00
Glenn Strauss 62a874df32 [mod_alias] modify r->physical.path in place 
(reduce string copying)

split out func mod_alias_remap() from handler func for unit testing
 2021-01-16 22:33:47 -05:00
Glenn Strauss 43cc87dd67 [build] adjust crypto vars in src/CMakeLists.txt 2021-01-16 20:11:48 -05:00
Glenn Strauss 073f57e51a [core] avoid multiple definition of SHA512_CTX 
avoid multiple definition of SHA512_CTX when using Nettle
 2021-01-16 20:11:12 -05:00
Glenn Strauss f680e1b234 [build] adjust crypto vars in src/CMakeLists.txt 
use different vars for different crypto libs
 2021-01-16 17:14:11 -05:00
Glenn Strauss f23be1a116 [build] scripts/ci-build.sh adjustments 
remove --with-mbedtls; mbedlts not currently part of our FreeBSD bld img
 2021-01-16 16:53:02 -05:00
Glenn Strauss 2c875a649d [build] adjust mbedtls vars in src/CMakeLists.txt 2021-01-16 16:52:27 -05:00
Glenn Strauss 7ec08905b9 [build] fix typo in src/CMakeLists.txt 2021-01-16 16:27:47 -05:00
Glenn Strauss f0b74faa45 [build] scripts/ci-build.sh adjustments 
remove --with-nss; nss libs not currently part of our FreeBSD build img
remove with_zstd=yes from SCons build, due to dependency on libpthread
 2021-01-16 16:09:08 -05:00
Glenn Strauss 73cace9401 [build] scripts/ci-build.sh w/o --with-wolfssl 
WolfSSL is not generally available in *BSD due to WolfSSL limitations.
(Might be revisited with the Dec 2020 release of WolfSSL 4.6.0)
 2021-01-16 15:59:57 -05:00
Glenn Strauss 4d5405f0a1 [mod_openssl] update LIBRESSL_VERSION_NUMBER check 2021-01-16 15:58:25 -05:00
Glenn Strauss f6c79fff94 [build] scripts/ci-build.sh --with-nettle 2021-01-16 15:53:11 -05:00
Glenn Strauss fdf45433c8 [core] check ifdef WOLFSSL_SHA512 for SHA512 avail 2021-01-16 15:51:49 -05:00
Glenn Strauss 2d94d56fe5 [build] update scripts/ci-build.sh 
* remove use of deprecated or obsolete packages on Linux, *BSD builds
  --with-attr --with-fam --with-geoip
* add zstd
  --with-zstd
* add multiple TLS options to build
  --with-gnutls --with-mbedtls --with-nss --with-openssl --with-wolfssl
  (leave one TLS option (openssl) for SCons static build)
 2021-01-16 15:30:53 -05:00
Glenn Strauss db1ca2a60f [core] add decls in connections.h 2021-01-13 16:14:48 -05:00
Glenn Strauss f0074a7ded [mod_access] mark mod_access_check attribute pure 2021-01-13 16:10:16 -05:00
Glenn Strauss 947d36941d [doc] add --with-zstd to INSTALL 2021-01-13 14:39:01 -05:00
Glenn Strauss c0e73fd1d8 [mod_dirlisting] hide unused variable on MacOS 
(quiet compiler warning)
 2021-01-12 23:01:26 -05:00
Glenn Strauss 8ae6807654 [mod_deflate] use zstd streaming API 2021-01-12 22:39:28 -05:00
Glenn Strauss 9211fb3d86 [mod_deflate] support Accept-Encoding: zstd 2021-01-12 18:29:20 -05:00
Glenn Strauss ef28cce5e5 [mod_dirlisting] use fdopendir(), fstatat() 
use fdopendir(), fstatat(), if available
 2021-01-11 16:55:23 -05:00
Glenn Strauss 14f8f9b21c [mod_openssl] set Ciphersuites once API available 
set Ciphersuites once API is available (SSL_CTX_set_ciphersuites())
in LibreSSL.

x-ref:
  "Add support for TLS 1.3"
  https://github.com/libressl-portable/portable/issues/228
 2021-01-11 14:37:00 -05:00
Glenn Strauss cb24e1c70b [multiple] fix: honor CipherString for alt TLS lib 
fix typo: honor user-defined CipherString for alternative TLS libraries
(LibreSSL, BoringSSL, wolfSSL)
 2021-01-11 14:36:41 -05:00
Glenn Strauss 3adbb3e3fa [mod_openssl] update LIBRESSL_VERSION_NUMBER check 2021-01-11 12:40:41 -05:00
Glenn Strauss 0b4733f244 [doc] create-mime.conf.pl -v silent for mult vnd 
Do not issue trace if multiple */vnd.* register the same extension

(silently mark mime-type for extension as application/octet-stream)
 2021-01-09 12:39:45 -05:00
Glenn Strauss 8faa456fc8 [core] fix crash in error trace if backend is down (fixes #3052) 
(thx hamelg)

x-ref:
  "segfault with mod_scgi on backend server with unix socket domain"
  https://redmine.lighttpd.net/issues/3052
 2021-01-08 17:43:52 -05:00
Glenn Strauss be8909833b [doc] create-mime.conf.pl -v for warnings 
Do not issue warnings about duplicated entries unless called with -v

/etc/mime.types is not typically edited by the end user,
so the warning trace is noise to most end users.
 2021-01-08 07:10:31 -05:00
Glenn Strauss a89e94e0bf [autoconf] fix LT_INIT syntax 2021-01-08 01:27:19 -05:00
Glenn Strauss 35675284a2 [doc] create-mime.conf.pl improve case handling 
make create-mime.conf.pl more resilient to questionable edits
to /etc/mime.types

non-vnd.* subtype takes precedence over vnd.* subtype
  (type/subtype, e.g. text/plain)

x-ref:
  "lighttpd: does not start with media-types 1.1.0"
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979232
 2021-01-07 10:45:24 -05:00
Glenn Strauss 65521537a8 [mod_dirlisting] quiet coverity false positive 2021-01-07 10:22:14 -05:00
Glenn Strauss 21f0dabef4 [multiple] replace buffer_is_equal_caseless_string 
buffer_is_equal_caseless_string() -> buffer_eq_icase_slen()
 2021-01-07 09:08:53 -05:00
Glenn Strauss 891007fb6a [multiple] use HTTP_HEADER_* enum before strcmp 
When known, use HTTP_HEADER_* enum before string comparisons
 2021-01-07 08:58:30 -05:00
Glenn Strauss b6892fb242 [mod_extforward] fix extforward.headers defaults (fixes #3051) 
(thx glen)

Regression in lighttpd 1.4.56 - 1.4.58 when extforward.headers is
not set in lighttpd.conf.

Workaround: extforward.headers = ("X-Forwarded-For")
  (or appropriate value depending on header sent by upstream proxy)

x-ref:
  "mod_extforward regression 1.4.56"
  https://redmine.lighttpd.net/issues/3051
 2021-01-07 08:51:42 -05:00
Glenn Strauss a99550d76c [mod_extforward] config warning for module order 
expand config warning for module load order to include other TLS modules
 2021-01-06 07:52:20 -05:00
Glenn Strauss bdb58c245a [mod_openssl] extend ssl.openssl.ssl-conf-cmd 
extend ssl.openssl.ssl-conf-cmd to accept "SecurityLevel"
(lighttpd extension) and use the (string) value to call the
openssl-specific SSL_CTX_set_security_level()
 2021-01-05 15:03:22 -05:00
Glenn Strauss a282a57148 [doc] create-mime.conf.pl improve case handling 
make create-mime.conf.pl more resilient to questionable edits
to /etc/mime.types

x-ref:
  "lighttpd: does not start with media-types 1.1.0"
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979232
 2021-01-05 12:52:14 -05:00
Glenn Strauss 6a28bd79b3 [mod_wolfssl] minor updates for wolfSSL v4.6.0 2021-01-05 12:52:14 -05:00
Glenn Strauss 5b1b9f7824 [tests] use ephemeral ports in tests 
avoid spurious test failures due to conflicts with ports in use by
other processes, which might occur when tests use hard-coded ports
 2021-01-05 12:52:11 -05:00