Commit Graph

3074 Commits

Author SHA1 Message Date
Glenn Strauss 48a8e893a7 [core] specialized strptime() for HTTP date fmts 2020-12-24 16:13:20 -05:00
Glenn Strauss f8cc9fb915 [core] http_date.[ch] encapsulate HTTP-date parse
http_date.[ch] encapsulate HTTP-date parse/compare

(import from one of my development branches from 2015)
2020-12-24 16:13:20 -05:00
Glenn Strauss f928f6d827 [core] sys-time.h - localtime_r,gmtime_r macros
sys-time.h - localtime_r,gmtime_r macros if needed

provide rudimentary localtime_r() and gmtime_r() if not present
(wraps localtime() and gmtime() funtions, but are not thread-safe since
 they do not take a lock around access to localtime() and gmtime())

(import from one of my development branches from 2015)
2020-12-24 16:13:20 -05:00
Glenn Strauss 29f50bdeb0 [multiple] fdevent_waitpid() wrapper 2020-12-24 16:13:17 -05:00
Glenn Strauss 2ecbe5948d [mod_proxy] fix sending of initial reqbody chunked
fix sending of initial reqbody chunked to backend
2020-12-24 01:15:55 -05:00
Glenn Strauss ceab1e700d [core] add comment for FastCGI mem use in hctx->rb (#3033)
  "Memory Growth with PUT and full buffered streams"
2020-12-24 01:02:36 -05:00
Glenn Strauss 7ba521ffb4 [core] reuse large mem chunks (fix mem usage) (fixes #3033)
(thx flynn)

fix large memory usage for large file downloads from dynamic backends

reuse or release large memory chunks

  "Memory Growth with PUT and full buffered streams"
2020-12-24 00:20:27 -05:00
Glenn Strauss 89a3987ce7 [core] prefer IPv6+IPv4 func vs IPv4-specific func 2020-12-23 03:50:13 -05:00
Glenn Strauss fc01b820ec [tests] remove FastCGI test dependency on libfcgi
- rewrite fcgi-responder as standalone app
  fcgi-responder is now a minimal, standalone FastCGI server for tests
- remove dependency on fcgi-devel package
- merge fcgi-auth into fcgi-responder
2020-12-23 03:49:43 -05:00
Glenn Strauss 0bff6d58bc [mod_wolfssl] compile with earlier wolfSSL vers
compatibility to compile with earlier wolfSSL versions

compile-tested back to wolfSSL tag v3.14.0-stable
configured with (possibly extra flags)
  ./configure --enable-opensslextra --enable-opensslall --enable-sni \
    --enable-lighty --enable-stunnel --enable-nginx --enable-haproxy

Functionality has not been tested!
Please consider using the latest stable release of wolfSSL.
2020-12-18 20:36:25 -05:00
Glenn Strauss 6cf92dffe3 [mod_wolfssl] use wolfSSL TLS version defines
now that mod_wolfssl is a standalone module, use wolfSSL TLS ver defines

(Increase compatibility of mod_wolfssl with wolfSSL versions prior to
 wolfSSL v4.2.0)
2020-12-17 21:09:59 -05:00
Glenn Strauss 881d05076a [core] attempt to quiet some coverity warnings 2020-12-17 04:01:34 -05:00
Glenn Strauss cabced1f9f [core] fix decoding chunked from backend (fixes #3049)
(thx flynn)

fix decoding chunked from backend

truncate response and error out if backend sends excess data
after chunked encoding

  "Too much content with HTTP/2.0"
2020-12-17 03:59:41 -05:00
Glenn Strauss eda12aee22 [core] fix crash printing trace if backend is down 2020-12-16 20:07:21 -05:00
Glenn Strauss 76faed9145 [multiple] replace fall through comment with attr
replace /* fall through */ comment with __attribute_fallthrough__ macro

Note: not adding attribute to code with external origins:
  xxhash.h (algo_xxhash.h)
so to avoid warnings, may need to compile with -Wno-implicit-fallthrough
2020-12-16 05:16:25 -05:00
Glenn Strauss fefdf7f097 [core] fix array_copy_array() sorted[]
fix array_copy_array() sorted[]
(current use appears to be only on value lists; not user-visible issue)

Some time back, sorted[] was a set of indexes into data[],
and therefore sorted[] could be copied when copying array.
Now that sorted[] is a list of pointers, the sorted[] list
must be rebuilt.  If copied, it continued to point to
(data_unset *) from the original src array, not the dst array.
2020-12-16 02:00:17 -05:00
Glenn Strauss 20b54fa918 [mod_authn_ldap, mod_vhostdb_ldap] default cafile
set default cafile at startup if cafile configured in global scope
2020-12-16 02:00:17 -05:00
Glenn Strauss 2565ad1b86 [mod_authn_ldap] fix crash (fixes #3048)
(thx mgottinger)

fix crash due to uninitialized memory during config parsing

  "Broken LDAP authentication on lighttpd 1.4.56"
2020-12-16 02:00:17 -05:00
Glenn Strauss fe5740d5e5 [mod_proxy] proxy.header = ("force-http10" => ...)
compatibility option to force HTTP/1.0 requests to mod_proxy backend
proxy.header += ("force-http10" => "disable")  (default)

If proxy.header is set (for any options), it overrides the global
server.feature-flags += ("proxy.force-http10" => "disable")
2020-12-16 02:00:17 -05:00
Glenn Strauss bbd958382e [core] reorder srv->config_context to match ndx (fixes #3047)
(thx altblue)

reorder dc->context_ndx to match srv->config_context->data[] index.
srv->config_context->data[] may have been re-ordered in configparser.y.
Since the dc->context_ndx (id) is reused by config_insert*() and by
plugins to index into srv->config_context->data[], reorder into the
order encountered during config file parsing for least surprise to
end-users writing config files.

  "mismatched nested config conditions in lighttpd 1.4.56"
2020-12-16 02:00:17 -05:00
Glenn Strauss b467ba1bbf [core] enhance config parsing debugging (#3047)
enhance config parsing debugging to add condition string

  "mismatched nested config conditions in lighttpd 1.4.56"
2020-12-16 02:00:17 -05:00
Glenn Strauss 903024d711 [core] track Content-Length from backend (fixes #3046)
track Content-Length from backend in r->resp_body_scratchpad

  "Failure on second request in http proxy backend"
2020-12-16 02:00:17 -05:00
Glenn Strauss e9309ae6e6 [core] li_restricted_strtoint64()
(make public for reuse)
2020-12-15 22:31:08 -05:00
Glenn Strauss 167513c840 [core] track chunked encoding state from backend (fixes #3046)
(thx flynn)

track chunked encoding state when parsing backend response

  "Failure on second request in http proxy backend"
2020-12-14 19:59:08 -05:00
Glenn Strauss 3230c6ef17 [core] reject excess data after chunked encoding (#3046)
reject excess data after chunked encoding when parsing backend response

  "Failure on second request in http proxy backend"
2020-12-14 19:55:00 -05:00
Glenn Strauss 163cb8be28 [core] fix chunked decoding from backend (fixes #3044)
(thx flynn)

  "Socket errors after update to version 1.4.56"
2020-12-14 12:34:49 -05:00
Glenn Strauss 4933a2259b [core] warn if mod_authn_file needed in conf
warn if mod_authn_file is not listed in lighttpd.conf, but is needed
2020-12-13 06:01:51 -05:00
Glenn Strauss a360eafc8b [mod_nss] portability fix
check if NSS supports TLSv1.3 ciphers
(very old versions do not, and admins should consider upgrading NSS)
2020-12-10 13:04:39 -05:00
Glenn Strauss 1d73fc2329 [core] portability fix if st_mtime not defined 2020-12-09 17:39:43 -05:00
Glenn Strauss de29a37771 [core] skip some trace if backend Upgrade (#3044)
(thx flynn)

To reduce log noise, skip warning trace reporting error on backend
socket if the connection has been upgraded, e.g. to websockets

  "Socket errors after update to version 1.4.56"
2020-12-09 17:07:43 -05:00
Glenn Strauss 1d9cab1bc3 [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044)
(thx flynn)

  "Socket errors after update to version 1.4.56"
2020-12-09 17:07:37 -05:00
Glenn Strauss d15e2286f2 [core] fix handling chunked response from backend (fixes #3044)
(thx flynn)

When the backend sends Transfer-Encoding: chunked (which is HTTP/1.1,
not HTTP/1.0) and the client is HTTP/1.1, then lighttpd will transfer
the chunked encoding as it is sent from the backend without excess data
copying involved in decoding and then re-encoding. The bug is that if
the first data chunk (or chunks) is partially received at the same time
as the response headers, then the chunked encoding got corrupted.

  "Socket errors after update to version 1.4.56"
2020-12-09 02:59:36 -05:00
Glenn Strauss adf7aea0e1 [core] wrap a macro value with parens
(code review)
2020-12-08 15:17:11 -05:00
Glenn Strauss a43420ba07 [mod_wolfssl] add complex preproc logic for SNI
add complex preproc logic for SNI detection
- HAVE_SNI is not sufficient
- HAVE_LIGHTY is not sufficient (in wolfssl <= 4.5.0)
Instead, use more complex logic wrapping calls to SNI_Callback()
in wolfssl.

  "[lighttpd] -mod-wolfssl inhibited by missing library functionality"
  "put all SNI code behind simpler preprocessor directive HAVE_SNI"
2020-12-06 22:50:49 -05:00
Glenn Strauss 083b3fb992 [core] SHA512_Init, SHA512_Update, SHA512_Final 2020-12-06 19:59:24 -05:00
Glenn Strauss aa3cabae3b [mod_openssl] remove ancient preprocessor logic
remove ancient preprocessor logic which might define OPENSSL_NO_TLSEXT

The logic was added to base.h in
some 13 years ago, and today might cause more harm than good with other
TLS libraries which provide some level of openssl-compatiblity layer,
e.g. BoringSSL and LibreSSL

If building with an ancient version of openssl and building without
support for TLS extensions, then be sure that OPENSSL_NO_TLSEXT is
defined.  (Alternatively, please consider using modern versions of
security libraries for better security.)
2020-12-06 02:08:06 -05:00
Glenn Strauss a27e55b2dd [core] add missing mod_wolfssl to ssl compat list
add missing mod_wolfssl to ssl compat module list

  "[lighttpd] -mod-wolfssl fails (requires dependency on -mod-openssl?)"
2020-12-05 11:19:03 -05:00
Glenn Strauss ce1d45ed82 [build] fix SCons build when building all TLS mods 2020-12-05 02:30:15 -05:00
Glenn Strauss 3579c32295 [core] prefer inet_aton() over inet_addr() 2020-12-05 02:18:58 -05:00
Glenn Strauss 233a218ab3 [build] fix when building all TLS mods
  "[lighttpd] -mod-openssl fails"
  "[lighttpd] -mod-wolfssl fails"
2020-12-03 17:16:52 -05:00
Glenn Strauss f8369910ff [core] setsockopt IPV6_V6ONLY if server.v4mapped
always setsockopt IPV6_V6ONLY on IPv6 addrs if server.v4mapped
is configured
2020-12-02 17:46:21 -05:00
Glenn Strauss b9bdca9b8a [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD 2020-12-01 17:08:19 -05:00
Glenn Strauss 2d55953e75 [core] allow keep-alives in one-shot mode (#3042)
  "lighttpd on demand"
2020-11-30 19:32:23 -05:00
Glenn Strauss f279ae7d50 [core] quiet start/shutdown trace in one-shot mode 2020-11-30 19:31:54 -05:00
Glenn Strauss 716e4d7a5d [core] fix lighttpd -1 one-shot with pipes 2020-11-30 19:31:05 -05:00
Glenn Strauss ba995e9ec9 [core] handle U+00A0 in config parser
treat U+00A0 (c2 a0) "NO-BREAK SPACE" as whitespace between tokens

2020-11-30 11:19:55 -05:00
Glenn Strauss ab5ae94509 [mod_webdav] compile fix for Mac OSX/11 2020-11-30 01:38:08 -05:00
Glenn Strauss 01d49a283d [core] attempt to quiet some coverity warnings
read() on inotify fd does not return partial records,
and the info from the kernel can be trusted.  Still add a sanity check.

If initialization of inotify fails, server will subsequently exit,
so memory leak reported by coverity is insignificant.
2020-11-29 20:04:19 -05:00
Glenn Strauss ae228cadb5 [mod_webdav] workaround for gvfs dir redir bug
workaround for gvfs dir redir bug

fix for unhandled live properties

(thx montvid)

  "lighttpd webdav does not work with Nemo, Nautilus gvfs"
2020-11-29 12:20:00 -05:00
Glenn Strauss 025f2d0dad [core] server.v4mapped option
For IPv6 listen addresses:
server.v4mapped = "disable" results in IPV6_V6ONLY socket opt set to 0
server.v4mapped = "enable"  results in IPV6_V6ONLY socket opt set to 1

server.v4mapped has an effect only if explicitly set in lighttpd.conf.
If not set, the socket option is inherited from kernel defaults, which
may vary on different OS.

server.v4mapped takes priority over server.set_v6only

server.set_v6only behavior is inconsistent and depreacted.
server.set_v6only behavior differs from server.v4mapped in that
server.set_v6only = "enable" will cause the IPV6_V6ONLY socket
option to be set to 1 for IPv6 listening sockets configured via
$SERVER["socket"] in lighttpd.conf, is enabled by default, and
has no effect if set to "disable"

Note: IPv4-mapped addresses may bring potential security issues,
depending on the situation.  For example, lighttpd does not attempt
to match IPv4 addresses with IPv4-mapped addresses.  Other writings:
2020-11-29 09:13:19 -05:00
Glenn Strauss a0ad558006 [mod_status] add additional HTML-encoding 2020-11-27 19:39:59 -05:00
Glenn Strauss 54922d61af [mod_fastcgi] move src/fastcgi.h into src/compat/ 2020-11-27 08:12:21 -05:00
Glenn Strauss 88433270c6 [mod_webdav] fallbacks if _ATFILE_SOURCE not avail
Note: filesystem access race conditions exist without _ATFILE_SOURCE
2020-11-27 08:12:21 -05:00
Glenn Strauss 7a0d94cd6f [mod_webdav] pass full path to webdav_unlinkat()
so that path can be removed from stat_cache
2020-11-27 08:12:21 -05:00
Glenn Strauss 09faa72f2f [mod_flv_streaming] use stat_cache_get_entry_open 2020-11-27 08:12:21 -05:00
Glenn Strauss edfc5f394e [core] consolidate chunk size checks 2020-11-27 08:12:21 -05:00
Glenn Strauss 35fa47d802 [core] quiet more request parse errs unless debug
quiet more request parse errors unless debug enabled with
  debug.log-request-header-on-error = "enable"

  "invalid character in URI -> 400 config?"
2020-11-27 08:12:21 -05:00
Glenn Strauss 647222b35c [core] check for __builtin_expect() availability 2020-11-27 08:12:21 -05:00
Glenn Strauss 730c932e3c [multiple] more forgiving config str to boolean (fixes #3036)
more consistent use of shared code config_plugin_value_tobool()

(thx tow-conf)

  "The on/off keywords in boolean configuration options is inconsistent, which might be misleading and error-prone."
2020-11-16 01:39:14 -05:00
Glenn Strauss c42b280583 [core] fix bug when HTTP/2 frames span chunks
fix inverted logic when HTTP/2 frames span chunkqueue chunks
2020-11-13 17:00:01 -05:00
Glenn Strauss f2b33e7520 [multiple] add back-pressure gw data pump (fixes #3033)
When = 0 (the default), the entire request
body is collected before engaging the backend.  For backends which
require data framing, this could lead to growth in memory use as large
requests were framed all at once.

Prefer to retain large request bodies in temporary files on disk and
frame in portions as write queue to backend drains below a threshold.

  "Memory Growth with PUT and full buffered streams"
2020-11-12 17:19:31 -05:00
Glenn Strauss 45aa1aa880 [mod_cgi] ensure tmp file open() before splice()
(bug on master branch)

With lighttpd defaults, including fully buffering request body, and
if request body > 1 MB, then multiple temporary files are used and
might not have open fd in chunkqueue.  This would result in failure
to send request body to CGI. (bug commited to master branch 1 month ago)
2020-11-12 01:44:19 -05:00
Glenn Strauss fc19558f96 [mod_cgi] fix crash if initial write to CGI fails
(bug on master branch)
2020-11-12 01:43:26 -05:00
Glenn Strauss 78ec2b5b68 [core] filter out duplicate modules
filter out modules duplicated in server.modules list
2020-11-11 20:57:41 -05:00
Glenn Strauss c16c6a8f8f [mod_alias] validate given order, not sorted order
(bug on master branch)

  "Debian Bullseye/sid arm64 - lighttp broken after update"
2020-11-11 19:06:51 -05:00
Glenn Strauss 5ec13918d3 [core] define SHA*_DIGEST_LENGTH macros if missing 2020-11-10 07:44:53 -05:00
Glenn Strauss 47aa6d4ac8 [core] http_response_buffer_append_authority()
make public func for benefit of external, third-party mod_authn_tkt
2020-11-10 06:10:27 -05:00
Glenn Strauss 291fd1e72e [core] accept "HTTP/2.0", "HTTP/3.0" from backends (#3031)
accept "HTTP/2.0" and "HTTP/3.0" NPH from naive non-proxy backends

(thx flynn)

  "uwsgi fails with HTTP/2"
2020-11-10 02:32:34 -05:00
Glenn Strauss 169d8d3608 [core] accept "HTTP/2.0", "HTTP/3.0" from backends (fixes #3031)
accept "HTTP/2.0" and "HTTP/3.0" NPH from naive non-proxy backends

(thx flynn)

  "uwsgi fails with HTTP/2"
2020-11-09 19:00:58 -05:00
Glenn Strauss c0e2667b71 [multiple] handle NULL val as empty in *_env_add (fixes #3030)
(bug on master branch; never released)

(thx flynn)

  "Fastcgi fails if server.tag is empty"
2020-11-09 18:20:13 -05:00
Glenn Strauss ff7cbcf5dd [mod_maxminddb] fix config validation typo
(bug on master branch; never released)

(thx maxentry)

  "maxminddb.env error 1.4.56"
2020-11-05 13:20:39 -05:00
Glenn Strauss 2a3fac7653 [mod_openssl] adjust LIBRESSL_VERSION_NUMBER check
libressl >= 0x3000000fL has SSL_set1_chain(), but not some other APIs
2020-11-05 01:17:30 -05:00
Glenn Strauss dce440602d [core] stat_cache preprocessor paranoia 2020-11-05 01:08:11 -05:00
Glenn Strauss 520bffcd24 [core] use struct kevent on stack in stat_cache
This alternative approach attempts to work around error:
  invalid application of 'sizeof' to incomplete type 'struct kevent'
seen in continuous integration (CI) autoconf build on FreeBSD VM
2020-11-05 00:48:41 -05:00
Glenn Strauss 57f450f199 [mod_openssl] add LIBRESSL_VERSION_NUMBER checks
add some additional LIBRESSL_VERSION_NUMBER checks for feature support
2020-11-04 22:47:36 -05:00
Glenn Strauss 8e1394ea49 [core] no graceful-restart-bg on OpenBSD, NetBSD
disable server.graceful-restart-bg on OpenBSD and NetBSD

kqueue is not inherited across fork, and OpenBSD and NetBSD do not
implement rfork() (implemented on FreeBSD and DragonFly)

lighttpd has not implemented rebuilding the kqueues after fork,
so server.graceful-restart-bg is disabled on OpenBSD and NetBSD.
2020-11-04 20:16:30 -05:00
Glenn Strauss 0b00b13a42 [core] use kqueue() instead of FAM/gamin on *BSD
Note: there have always been limitations with lighttpd stat_cache.[ch]
using FAM/gamin on *BSD via kqueue() as lighttpd stat_cache.[ch] only
monitors directories.  This kqueue() implementation also only monitors
directories and has limitations.

lighttpd stat_cache.[ch] is notified about additions and removals of
files within a monitored directory but might not be notified of changes
such as timestamps (touch), ownership, or even changes in contents
(e.g. if a file is edited through a hard link)

server.stat-cache-engine = "disable" should be used when files should
not be cached.  Full stop.  Similarly, "disable" is recommended if files
change frequently.  If using server.stat-cache-engine with any engine,
there are caching effects and tradeoffs.

On *BSD and using kqueue() on directories, any change detected clears
the stat_cache of all entries in that directory, since monitoring only
the directory does not indicate which file was added or removed.  This
is not efficient for directories containing frequently changed files.
2020-11-04 20:16:30 -05:00
Glenn Strauss 1efd74457b [core] cold func for gw_recv_response error case
2020-11-04 03:53:15 -05:00
Glenn Strauss 639f70a00f [core] set last_used on rd/wr from backend (fixes #3029)
  "mod_wstunnel kills child on disconnect after idle-timeout from connection start"
2020-11-04 03:53:15 -05:00
Glenn Strauss 3db556fde3 [mod_nss] update session ticket NSS devel comment
Update: NSS developer explains:
"The way that we currently operate is to tie the session key encryption
 to the server public key. Which only works if you have an RSA key
2020-11-04 03:53:15 -05:00
Glenn Strauss 7ce8b22cb2 [build] detect inotify header <sys/inotify.h> 2020-11-04 03:53:15 -05:00
Glenn Strauss 5c7173026f [core] use inotify in stat_cache.[ch] on Linux
use inotify in stat_cache.[ch] on Linux, replacing FAM/gamin
2020-11-04 03:53:15 -05:00
Glenn Strauss 64aff80d86 [build] prepend search for lua version 5.4 2020-10-31 00:55:44 -04:00
Glenn Strauss 89cd3d8b9d [meson] add matching -I for lua lib version 2020-10-31 00:55:44 -04:00
Glenn Strauss 07622251b0 [build] option to use system-provided libxxhash
2020-10-29 19:30:45 -04:00
Glenn Strauss 28b086aa26 [core] use system xxhash lib if available 2020-10-29 17:20:25 -04:00
Glenn Strauss bcac9b5785 [core] set NSS_VER_INCLUDE after crypto lib select 2020-10-29 16:49:35 -04:00
Glenn Strauss 8187e98897 [multiple] include wolfssl/options.h after select
include wolfssl/options.h crypto lib config
after selecting crypto lib to use

wolfSSL does not prefix its defines with a wolfSSL-specific namespace
(so we would like to avoid unnecessarily polluting preproc namespace)

This commit further isolates wolfSSL after split from mod_openssl.
Cleans up some preprocessor logic that was put in place when using
the wolfSSL compatibility layer for openssl, before creating a
dedicated mod_wolfssl.
2020-10-29 16:42:55 -04:00
Glenn Strauss 6fb63fa8d6 [multiple] include mbedtls/config.h after select
include mbedtls/config.h crypto lib config
after selecting crypto lib to use
2020-10-29 16:41:27 -04:00
Glenn Strauss 441c95c697 [multiple] consistent order for crypto lib select 2020-10-29 16:39:56 -04:00
Glenn Strauss e726a41a74 [core] adjust wolfssl workaround for another case
adjust wolfssl types.h workaround for another edge case
2020-10-29 05:45:18 -04:00
Glenn Strauss 78b13b610c [core] move misplaced error trace to match option
(thx grohne)
2020-10-29 05:34:43 -04:00
Glenn Strauss e9590277ca [core] workaround fragile code in wolfssl types.h
workaround fragile code in wolfssl/wolfcrypto/types.h

Including header blows up compile in 32-bit when lighttpd meson build
in OpenWRT on a 32-bit platform generates lighttpd config.h containing
define of SIZEOF_LONG, but not SIZEOF_LONG_LONG, and the wolfssl types.h
flubs and fails to choose an enum value used by a macro that is unused
by most consumers of the wolfssl header.
2020-10-29 05:06:24 -04:00
Glenn Strauss 31fc3a0773 [TLS] server.feature-flags "ssl.session-cache"
disabled by default, but can be enabled
(session tickets should be preferred)

applies to mod_openssl, mod_wolfssl, mod_nss

session cache is not currently implemented in mod_mbedtls or mod_gnutls
2020-10-29 01:05:55 -04:00
Glenn Strauss 1d27391c29 [mod_mbedtls] wrap addtl code in preproc defines
wrap additional code in preprocessor defines to check if enabled in lib
2020-10-28 22:58:47 -04:00
Glenn Strauss 3353ff2024 [build] adjust for use by OpenWRT 2020-10-28 22:58:47 -04:00
Glenn Strauss babfb43873 [build] WITHOUT_LIB_CRYPTO option in code
(not (yet?) an end-user option in the build system)
(If extended to build system, build system should also unset CRYPTO_LIB)

If WITHOUT_LIB_CRYPTO is defined in sys-crypto.h, then non-TLS modules
will have access to MD5() and SHA1() built with lighttpd (algo_md5.[ch]
and algo_sha1.[ch]), but not to other message digest algorithms.

As of this commit, this affects only mod_secdownload with SHA256 digest
and mod_auth* modules using HTTP Digest Auth with digest=SHA-256, which
is not currently well-supported by client browers (besides Opera)
2020-10-27 16:47:33 -04:00
Glenn Strauss 31a7f0d43c [build] detect nss3/nss.h or nss/nss.h for NSS 2020-10-27 16:40:08 -04:00
Glenn Strauss 75c29505be [build] CMake use pkg_check_modules() w/ wolfssl 2020-10-27 13:01:01 -04:00
Glenn Strauss 07f40eaf9a [build] CMake mod_openssl, mod_wolfssl can coexist 2020-10-27 12:37:48 -04:00