Use more portable shell function definition, better supported by /bin/sh
Some /bin/sh, e.g. dash, do not support trap on ERR,
so that will issue some trace and will not trigger on ERR,
but the rest of the script runs fine.
basic algorithms fail if NSS library has not been init'd (WTH)
lighttpd defers initialization of rand and crypto until first use
to attempt to avoid long, blocking init at startup while waiting
for sufficient system entropy to become available
use http_chunk_append_file_ref() and http_chunk_append_file_ref_range()
reduce resource usage (number of fds open) by reference counting open
fds to files served, and sharing the fd among FILE_CHUNKs in responses
minimize pause during graceful restart for server.max-worker = 0 case
The previous generation continues to accept new connections until the
restarted parent signals that the restarted server is ready to accept
new connections, and so the previous server should gracefully shutdown.
This does not apply in the case of multiple workers.
When there are multiple workers, they receive SIGINT to gracefully shut
down and stop accepting new connections. While the listen sockets are
kept open (and not closed and reopened), there is a small pause while
the parent process restarts before it begins accepting new connections
from the listen backlog.
Note: there is a window during restart during which lighttpd may exit
if it receives certain signals before it sets up signal handlers.
future: might block signals (sigprocmask()) during restart, but if that
is done, then care must be taken to unblock signals in restarted server
as soon as signal handlers are set up and before any other children are
created, e.g. by modules, or else signals must be explicitly unblocked
in children. Also, during command line and config file processing,
signals would be blocked, too, which might not be ideal.
use NSS crypto if no other crypto avail, but NSS crypto is available
"NSS crypto support" is not included in tests/LightyTest.pm:has_crypto()
due to NSS libraries (freebl3) lacking public export for HMAC funcs
wolfSSL_CTX_set_mode() differs from openssl SSL_CTX_set_mode().
wolfSSL_CTX_set_mode() takes a single flag at a time and has
sparse flag support (small number of recognized flags)
return values for sys-crypto-md.h interfaces
While some library implementations do not fail and have no return value,
others might fail on memory allocation or on failure to communicate with
an external or dedicated engine or device, e.g. which might store a
private key.
future: lighttpd callers of sys-crypto-md.h do not currently expect
or check for errors from these digest functions, but should
consider doing so.
provide implementations for conventional digest interfaces
but use the newer openssl digest interfaces under the hood
<rant>
It is baffling that the openssl library -- with *thousands* of public
interfaces -- does not provide these, and suggests that openssl
developers do not frequently write apps which utilize these interfaces.
</rant>
avoid potential double-copy due to not enough space for final '\0'
in http_chunk_append_read_fd_range() if read size is exactly multiple
of 8k and sending chunked response
Glenn Strauss