prefer RAND_pseudo_bytes() (openssl), arc4random() or jrand48(),
if available, over rand()
These are not necessarily cryptographically secure, but should be better
than rand()
module status: experimental; more testing and review needed
Kerberos library calls have been preserved from original patch set
and should be reviewed.
module has been quickly tested with Basic auth (Use over TLS!)
SPNEGO -has not- been tested. Again, kerberos library calls have
been preserved from original patch set. YMMV. (Use over TLS!)
x-ref:
"Kerberos/GSSAPI Delegation Support"
https://redmine.lighttpd.net/issues/1899
lots of fixes and improvements
limitations: see comments at top of mod_deflate.c
missing functionality: encode streaming response
(module currently requires response be collected before being sent)
potential functionality: addition of compressed file cache would
allow mod_deflate to fully supplant mod_compress in lighttpd 1.4.x
x-ref:
"Adding mod_deflate to 1.4.xx"
https://redmine.lighttpd.net/issues/1824
"mod_deflate backport compile error if ENABLE_MMAP not defined"
https://redmine.lighttpd.net/issues/2753
github: closes #67
create new, extensible interface for (additional) auth backends
attempt to handle HANDLER_WAIT_FOR_EVENT returned by auth backends
to allow for async auth backends (e.g. to mysql database)
separate auth backends from mod_auth and http_auth
mod_authn_file.c htdigest, htpasswd, plain auth backends
mod_authn_ldap.c ldap auth backend
add http_auth.c to common_sources for auth backend registration
(mod_authn_file could be three separate modules, but no need for now)
clock_gettime() needs -lrt with glibc < 2.17,
and possibly other platforms
This commit contains fixes for CMake and SCONS
See also commit:4d920466 which updated configure.ac for same
x-ref:
"1.4.40 compiling issuses on Debian Wheezy"
https://redmine.lighttpd.net/issues/2737
add instructions in INSTALL to build using CMake and Xcode on Mac OS X
along with MacPorts
update CMake to link test_configfile with pcre
x-ref:
"loadable-module naming on macosx + cmake"
https://redmine.lighttpd.net/issues/1761
allow double-quotes, single-quotes or no quote on SSI param values
remove use of PCRE from mod_ssi
fix misspelling of 'unknow' to be 'unknown'
x-ref:
"mod_ssi doesn't accept single quotes"
https://redmine.lighttpd.net/issues/1768
libressl defines SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 as 0x0
(thx Christian Heckendorf)
libressl matches ERR_remove_thread_state() signature from openssl 1.0.2
(libressl pretends that libressl is openssl version 2.0.0,
but openssl 1.1.0 changes signature of ERR_remove_thread_state())
libressl does not yet provide compatibility interfaces for the new
prototypes introduced in openssl 1.1.0, including
DH_set0_pqg() and DH_set_length()
remove OPENSSL_NO_KRB5 from build config (added in 5fab991b in 2005)
(define USE_OPENSSL_KERBEROS if required)
(Note: OPENSSL_NO_KRB5 removed in openssl 1.1.0)
The FreeBSD version of sendfile is already supported. Starting
with OS X 10.5, Darwin also supports sendfile, but using a
slightly different argument list even though much of the
implementation is likely taken from FreeBSD just like the man
page is.
Add support for darwin's sendfile by introducing a new
network_darwin_sendfile.c file that's just a copy of the
network_freebsd_sendfile.c file except with the arguments
adjusted to compensate for the minor API difference (FreeBSD
has separate in and out byte count arguments whereas Darwin
has a combined in/out byte count argument).
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3060 152afb58-edef-0310-8abb-c4023f1b3aa9
- a lot of code tried to handle manually adding terminating zeroes and
keeping track of the correct "used" count.
Replaced all "external" usages with simple wrapper functions:
* buffer_string_is_empty (used <= 1), buffer_is_empty (used == 0);
prefer buffer_string_is_empty
* buffer_string_set_length
* buffer_string_length
* CONST_BUF_LEN() macro
- removed "static" buffer hacks (buffers pointing to constant/stack
memory instead of malloc()ed data)
- buffer_append_strftime(): refactor buffer+strftime uses
- li_tohex(): no need for a buffer for binary-to-hex conversion:
the output data length is easy to predict
- remove "-Winline" from extra warnings: the "inline" keyword just
supresses the warning about unused but defined (static) functions;
don't care whether it actually gets inlined or not.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2979 152afb58-edef-0310-8abb-c4023f1b3aa9
Stefan Bühler
