Commit Graph

3849 Commits (4eeff345b1a4a25ac39f698f945c70cafb3a2962)

Author SHA1 Message Date
Glenn Strauss 33e400b429 [multiple] avoid duplicate parsing in trigger func (#3056)
  "OCSP Stapling reload seems not to work"
2021-01-29 03:10:21 -05:00
Glenn Strauss 81e4f4c4a7 [TLS] detect expired stapling file at startup (fixes #3056)
also adjust time_t comparison to (pc_stapling_nextts > cur_ts + 256)
(time_t is expected to be signed integral type, but might be unsigned)

  "OCSP Stapling reload seems not to work"
2021-01-29 03:10:11 -05:00
Glenn Strauss 3a2ddc6cf8 [core] skip interest in POLLRDHUP after POLLRDHUP (#3059)
  "Connections stuck in Close_Wait causing 100% cpu usage"
2021-01-20 00:46:41 -05:00
Glenn Strauss 471ab4dd5b [core] fix 100% CPU spin if traffic limit hit
(thx Dirk) (reported on FreeBSD)

HTTP/1.1 requests might end up spinning if traffic limits are configured
2021-01-19 12:02:12 -05:00
Glenn Strauss fcbfc08352 [core] check more carefully after SSL_WANT_WRITE
con->is_readable and con->is_writable might be set to -1 by TLS modules
which encounter SSL_WANT_READ or SSL_WANT_WRITE.  Either might occur
during read or write, and so -1 was used to flag this.

However, code which used con->is_readable and con->is_writable now needs
to check for value > 0 rather than treating value as a boolean.
2021-01-19 12:01:10 -05:00
Glenn Strauss b757e738fd [mod_gnutls] fix alt code for coverity 2021-01-17 16:17:01 -05:00
Glenn Strauss 915b4ef3fc [multiple] fix TLS config string parsing
flagged by coverity

(incomplete fix a few commits back)
2021-01-17 15:50:28 -05:00
Glenn Strauss 9d8d559e1f [mod_wolfssl] fix syntax errors 2021-01-17 15:06:24 -05:00
Glenn Strauss 755f895b79 [mod_wolfssl] wipe ssl_pemfile_pkey before free() 2021-01-17 14:52:12 -05:00
Glenn Strauss a16488269d [mod_gnutls] fix ssl.ca_dn_file data access
identified by coverity

If ssl.ca_dn_file is set, then its contents were not properly matched
against the provided client certificate
2021-01-17 14:45:10 -05:00
Glenn Strauss d5b166c04d [multiple] fix TLS config string parsing
flagged by coverity

final segment of colon (':') separated string was being ignored
in some TLS config strings in mod_gnutls and mod_mbedtls

workaround: add ':' at end of config string (or apply this patch)
2021-01-17 14:33:19 -05:00
Glenn Strauss 0e2a14921e [multiple] fix coverity warnings 2021-01-17 14:32:46 -05:00
Glenn Strauss 5b0aed8c32 [mod_deflate] compat with zstd < v1.4.0
ZSTD_compressStream2() was an "advanced API" (experimental; unstable)
in v1.3.x
2021-01-17 08:33:02 -05:00
Glenn Strauss f8792bfb5a [mod_deflate] use zstd typedefs (minor cleanup) 2021-01-17 08:32:38 -05:00
Glenn Strauss 625d57b2d9 build] scripts/ remove --with-maxminddb
remove --with-maxminddb;
  maxminddb libs not currently part of our FreeBSD build images
2021-01-16 23:07:06 -05:00
Glenn Strauss 02c83d735c [build] scripts/ add --with-maxminddb 2021-01-16 22:52:32 -05:00
Glenn Strauss 62a874df32 [mod_alias] modify r->physical.path in place
(reduce string copying)

split out func mod_alias_remap() from handler func for unit testing
2021-01-16 22:33:47 -05:00
Glenn Strauss 43cc87dd67 [build] adjust crypto vars in src/CMakeLists.txt 2021-01-16 20:11:48 -05:00
Glenn Strauss 073f57e51a [core] avoid multiple definition of SHA512_CTX
avoid multiple definition of SHA512_CTX when using Nettle
2021-01-16 20:11:12 -05:00
Glenn Strauss f680e1b234 [build] adjust crypto vars in src/CMakeLists.txt
use different vars for different crypto libs
2021-01-16 17:14:11 -05:00
Glenn Strauss f23be1a116 [build] scripts/ adjustments
remove --with-mbedtls; mbedlts not currently part of our FreeBSD bld img
2021-01-16 16:53:02 -05:00
Glenn Strauss 2c875a649d [build] adjust mbedtls vars in src/CMakeLists.txt 2021-01-16 16:52:27 -05:00
Glenn Strauss 7ec08905b9 [build] fix typo in src/CMakeLists.txt 2021-01-16 16:27:47 -05:00
Glenn Strauss f0b74faa45 [build] scripts/ adjustments
remove --with-nss; nss libs not currently part of our FreeBSD build img
remove with_zstd=yes from SCons build, due to dependency on libpthread
2021-01-16 16:09:08 -05:00
Glenn Strauss 73cace9401 [build] scripts/ w/o --with-wolfssl
WolfSSL is not generally available in *BSD due to WolfSSL limitations.
(Might be revisited with the Dec 2020 release of WolfSSL 4.6.0)
2021-01-16 15:59:57 -05:00
Glenn Strauss 4d5405f0a1 [mod_openssl] update LIBRESSL_VERSION_NUMBER check 2021-01-16 15:58:25 -05:00
Glenn Strauss f6c79fff94 [build] scripts/ --with-nettle 2021-01-16 15:53:11 -05:00
Glenn Strauss fdf45433c8 [core] check ifdef WOLFSSL_SHA512 for SHA512 avail 2021-01-16 15:51:49 -05:00
Glenn Strauss 2d94d56fe5 [build] update scripts/
* remove use of deprecated or obsolete packages on Linux, *BSD builds
  --with-attr --with-fam --with-geoip
* add zstd
* add multiple TLS options to build
  --with-gnutls --with-mbedtls --with-nss --with-openssl --with-wolfssl
  (leave one TLS option (openssl) for SCons static build)
2021-01-16 15:30:53 -05:00
Glenn Strauss db1ca2a60f [core] add decls in connections.h 2021-01-13 16:14:48 -05:00
Glenn Strauss f0074a7ded [mod_access] mark mod_access_check attribute pure 2021-01-13 16:10:16 -05:00
Glenn Strauss 947d36941d [doc] add --with-zstd to INSTALL 2021-01-13 14:39:01 -05:00
Glenn Strauss c0e73fd1d8 [mod_dirlisting] hide unused variable on MacOS
(quiet compiler warning)
2021-01-12 23:01:26 -05:00
Glenn Strauss 8ae6807654 [mod_deflate] use zstd streaming API 2021-01-12 22:39:28 -05:00
Glenn Strauss 9211fb3d86 [mod_deflate] support Accept-Encoding: zstd 2021-01-12 18:29:20 -05:00
Glenn Strauss ef28cce5e5 [mod_dirlisting] use fdopendir(), fstatat()
use fdopendir(), fstatat(), if available
2021-01-11 16:55:23 -05:00
Glenn Strauss 14f8f9b21c [mod_openssl] set Ciphersuites once API available
set Ciphersuites once API is available (SSL_CTX_set_ciphersuites())
in LibreSSL.

  "Add support for TLS 1.3"
2021-01-11 14:37:00 -05:00
Glenn Strauss cb24e1c70b [multiple] fix: honor CipherString for alt TLS lib
fix typo: honor user-defined CipherString for alternative TLS libraries
(LibreSSL, BoringSSL, wolfSSL)
2021-01-11 14:36:41 -05:00
Glenn Strauss 3adbb3e3fa [mod_openssl] update LIBRESSL_VERSION_NUMBER check 2021-01-11 12:40:41 -05:00
Glenn Strauss 0b4733f244 [doc] -v silent for mult vnd
Do not issue trace if multiple */vnd.* register the same extension

(silently mark mime-type for extension as application/octet-stream)
2021-01-09 12:39:45 -05:00
Glenn Strauss 8faa456fc8 [core] fix crash in error trace if backend is down (fixes #3052)
(thx hamelg)

  "segfault with mod_scgi on backend server with unix socket domain"
2021-01-08 17:43:52 -05:00
Glenn Strauss be8909833b [doc] -v for warnings
Do not issue warnings about duplicated entries unless called with -v

/etc/mime.types is not typically edited by the end user,
so the warning trace is noise to most end users.
2021-01-08 07:10:31 -05:00
Glenn Strauss a89e94e0bf [autoconf] fix LT_INIT syntax 2021-01-08 01:27:19 -05:00
Glenn Strauss 35675284a2 [doc] improve case handling
make more resilient to questionable edits
to /etc/mime.types

non-vnd.* subtype takes precedence over vnd.* subtype
  (type/subtype, e.g. text/plain)

  "lighttpd: does not start with media-types 1.1.0"
2021-01-07 10:45:24 -05:00
Glenn Strauss 65521537a8 [mod_dirlisting] quiet coverity false positive 2021-01-07 10:22:14 -05:00
Glenn Strauss 21f0dabef4 [multiple] replace buffer_is_equal_caseless_string
buffer_is_equal_caseless_string() -> buffer_eq_icase_slen()
2021-01-07 09:08:53 -05:00
Glenn Strauss 891007fb6a [multiple] use HTTP_HEADER_* enum before strcmp
When known, use HTTP_HEADER_* enum before string comparisons
2021-01-07 08:58:30 -05:00
Glenn Strauss b6892fb242 [mod_extforward] fix extforward.headers defaults (fixes #3051)
(thx glen)

Regression in lighttpd 1.4.56 - 1.4.58 when extforward.headers is
not set in lighttpd.conf.

Workaround: extforward.headers = ("X-Forwarded-For")
  (or appropriate value depending on header sent by upstream proxy)

  "mod_extforward regression 1.4.56"
2021-01-07 08:51:42 -05:00
Glenn Strauss a99550d76c [mod_extforward] config warning for module order
expand config warning for module load order to include other TLS modules
2021-01-06 07:52:20 -05:00
Glenn Strauss bdb58c245a [mod_openssl] extend ssl.openssl.ssl-conf-cmd
extend ssl.openssl.ssl-conf-cmd to accept "SecurityLevel"
(lighttpd extension) and use the (string) value to call the
openssl-specific SSL_CTX_set_security_level()
2021-01-05 15:03:22 -05:00