Commit Graph

3743 Commits

Author SHA1 Message Date
Glenn Strauss 61f7d531eb [mod_mbedtls] newer mbedTLS vers support TLSv1.3 2020-10-24 02:03:05 -04:00
Glenn Strauss 0a2aab88d2 [core] silence coverity warnings (another try) 2020-10-23 23:14:06 -04:00
Glenn Strauss ad62991a5b [mod_webdav] define _NETBSD_SOURCE on NetBSD
NetBSD dirent.h improperly hides fdopendir() (POSIX.1-2008) declaration
which should be visible w/ _XOPEN_SOURCE 700 or _POSIX_C_SOURCE 200809L
2020-10-23 21:29:43 -04:00
Glenn Strauss 7adc66259e [build] more portable shell script
Use more portable shell function definition, better supported by /bin/sh

Some /bin/sh, e.g. dash, do not support trap on ERR,
so that will issue some trace and will not trigger on ERR,
but the rest of the script runs fine.
2020-10-23 21:27:32 -04:00
Glenn Strauss f65b054887 [mod_nss] more nss includes fixes 2020-10-22 01:34:25 -04:00
Glenn Strauss 033209393e [multiple] test for nss includes
some distro packages deploy NSS includes under nss/, others nss3/
(and similar for nspr/ vs nspr4/)
2020-10-22 00:48:40 -04:00
Glenn Strauss fef1a94509 [doc] /var/run -> /run 2020-10-22 00:24:22 -04:00
Glenn Strauss 0158c7f0fd [build] remove svnversion from versionstamp rule 2020-10-21 20:56:18 -04:00
Glenn Strauss 8dae5bd405 [doc] replace bzip2 refs with brotli 2020-10-21 19:22:58 -04:00
Glenn Strauss dab212b5f5 [doc] change mod_compress refs to mod_deflate 2020-10-21 19:14:55 -04:00
Glenn Strauss 23fdff645a [core] init NSS lib for basic crypto algorithms
basic algorithms fail if NSS library has not been init'd (WTH)

lighttpd defers initialization of rand and crypto until first use
to attempt to avoid long, blocking init at startup while waiting
for sufficient system entropy to become available
2020-10-21 18:18:40 -04:00
Glenn Strauss 9868d3b348 [core] add missing declaration for NSS rand
(bug on master branch; never released)
2020-10-21 17:05:24 -04:00
Glenn Strauss 2209c0cf6e [core] use inline funcs in sys-crypto-md.h
use inline funcs in sys-crypto-md.h for consistency
and to avoid compiler warnings when result is ignored
2020-10-21 00:57:24 -04:00
Glenn Strauss f98dff9bc3 [mod_mbedtls] quiet unused variable warning 2020-10-20 23:16:00 -04:00
Glenn Strauss 8f7019adf0 [core] fix fd sharing when splitting file chunk
(bug on master branch; never released)

fix fd sharing in chunkqueue_steal_partial_file_chunk()
2020-10-20 16:53:51 -04:00
Glenn Strauss 0f82722f5f [core] silence coverity warnings (another try) 2020-10-20 16:22:38 -04:00
Glenn Strauss fb7e5a7832 [core] silence coverity warnings in ls-hpack
The code originates from
and is explicitly documented as not needing to be initialized.

2020-10-20 16:04:48 -04:00
Glenn Strauss af04e0b0e1 [core] silence coverity warnings (false positives) 2020-10-20 15:29:25 -04:00
Glenn Strauss 1b74c50854 [core] always lseek() with shared fd
always lseek() with shared fd; remove optim to skip with offset = 0
2020-10-20 11:51:48 -04:00
Glenn Strauss 019c513819 [multiple] use http_chunk_append_file_ref()
use http_chunk_append_file_ref() and http_chunk_append_file_ref_range()

reduce resource usage (number of fds open) by reference counting open
fds to files served, and sharing the fd among FILE_CHUNKs in responses
2020-10-20 11:51:48 -04:00
Glenn Strauss 9078cc4ce8 [core] http_chunk_append_file_ref_range()
http_chunk_append_file_ref() and http_chunk_append_file_ref_range()
to take stat_cache_entry ref and append FILE_CHUNK
2020-10-20 11:51:48 -04:00
Glenn Strauss 6be2bd35a1 [core] FILE_CHUNK can hold stat_cache_entry ref 2020-10-20 11:51:48 -04:00
Glenn Strauss 7f8ab9dd29 [core] stat_cache_entry reference counting
future: should probably create fd cache separate from stat_cache,
        perhaps along w/ http-specific fields like etag and content_type
        and maybe even mmap
2020-10-20 11:51:48 -04:00
Glenn Strauss e057c5413b [mod_deflate] use large mmap chunks to compress
use large chunks since server blocks while compressing, anyway
(mod_deflate is not recommended for large files)
2020-10-20 11:51:47 -04:00
Glenn Strauss fc6612d7c7 [core] minimize pause during graceful restart
minimize pause during graceful restart for server.max-worker = 0 case

The previous generation continues to accept new connections until the
restarted parent signals that the restarted server is ready to accept
new connections, and so the previous server should gracefully shutdown.

This does not apply in the case of multiple workers.

When there are multiple workers, they receive SIGINT to gracefully shut
down and stop accepting new connections.  While the listen sockets are
kept open (and not closed and reopened), there is a small pause while
the parent process restarts before it begins accepting new connections
from the listen backlog.

Note: there is a window during restart during which lighttpd may exit
if it receives certain signals before it sets up signal handlers.
future: might block signals (sigprocmask()) during restart, but if that
is done, then care must be taken to unblock signals in restarted server
as soon as signal handlers are set up and before any other children are
created, e.g. by modules, or else signals must be explicitly unblocked
in children.  Also, during command line and config file processing,
signals would be blocked, too, which might not be ideal.
2020-10-19 21:40:14 -04:00
Glenn Strauss d6f692f1c2 [core] config_plugin_value_to_int32() 2020-10-19 21:40:14 -04:00
Glenn Strauss 3d8dcbdd43 [mod_openssl] use newer openssl 3.0.0 func
replace X509_STORE_load_locations() with X509_STORE_load_file()
2020-10-19 21:40:14 -04:00
Glenn Strauss 1cc81b703f [mod_webdav] update defaults after worker_init
update defaults after worker_init for config options in global scope

(bug on master branch; never released)
2020-10-19 21:40:14 -04:00
Glenn Strauss f973b87ca2 [mod_webdav] add missing update to cq accounting
(bug on master branch; never released)
2020-10-19 21:40:14 -04:00
Glenn Strauss d71c1d47ce [core] modify use of getrlimit() to not be fatal
modify use of getrlimit() to not be fatal if an error occurs

Some container configurations might cause getrlimit() and setrlimit() to
fail.  lighttpd will issue error trace if this occurs, but will now

  "aarch64: Use architecture specific header to general syscalls"
  "Rasperry Docker PiHole / "Starting lighttpd" Hanging"
  "Pi-hole runs on podman"
2020-10-19 21:40:14 -04:00
Glenn Strauss 3f1a12e5fb [multiple] remove chunk file.start member
c->offset is now offset into file
c->file.length is end of octets to send (end pos + 1)
c->file.length - c->offset is num of octets to send
2020-10-19 21:40:14 -04:00
Glenn Strauss d865d8c330 [TLS] ignore empty "CipherString" in ssl-conf-cmd
e.g. ssl.openssl.ssl-conf-cmd = ("CipherString" => "")
2020-10-19 21:40:14 -04:00
Glenn Strauss fe02111888 [multiple] stat_cache_path_stat() for struct st
stat_cache_path_stat() for cached (struct st *)
2020-10-19 21:40:14 -04:00
Glenn Strauss a46f519eb2 [multiple] use NSS crypto if no other crypto avail
use NSS crypto if no other crypto avail, but NSS crypto is available

"NSS crypto support" is not included in tests/
due to NSS libraries (freebl3) lacking public export for HMAC funcs
2020-10-19 21:40:14 -04:00
Glenn Strauss bdb5fb26a8 [wolfssl] wolfSSL_CTX_set_mode differs from others
wolfSSL_CTX_set_mode() differs from openssl SSL_CTX_set_mode().
wolfSSL_CTX_set_mode() takes a single flag at a time and has
sparse flag support (small number of recognized flags)
2020-10-19 21:40:14 -04:00
Glenn Strauss cf8cefceb6 [core] sys-crypto-md.h consistent interfaces
return values for sys-crypto-md.h interfaces

While some library implementations do not fail and have no return value,
others might fail on memory allocation or on failure to communicate with
an external or dedicated engine or device, e.g. which might store a
private key.

future: lighttpd callers of sys-crypto-md.h do not currently expect
        or check for errors from these digest functions, but should
        consider doing so.
2020-10-19 21:40:14 -04:00
Glenn Strauss a363383a92 [tests] detect multiple SSL/TLS/crypto providers 2020-10-19 21:40:14 -04:00
Glenn Strauss 7553ef7f44 [multiple] openssl 3.0.0 digest interface migrate
provide implementations for conventional digest interfaces
but use the newer openssl digest interfaces under the hood

It is baffling that the openssl library -- with *thousands* of public
interfaces -- does not provide these, and suggests that openssl
developers do not frequently write apps which utilize these interfaces.
2020-10-19 21:40:14 -04:00
Glenn Strauss e6a87a894d [mod_openssl] merge ssl_tlsext_ticket_key_cb impls 2020-10-19 21:40:14 -04:00
Glenn Strauss cc6a76be12 [mod_openssl] construct OSSL_PARAM on stack 2020-10-19 21:40:14 -04:00
Glenn Strauss ebafd914e7 [mod_openssl] migrate ticket cb to openssl 3.0.0
migrate ticket cb to openssl 3.0.0 interface
2020-10-19 21:40:14 -04:00
Glenn Strauss e1bcdb5e9f [multiple] ignore openssl 3.0.0 deprecation warns
quiet openssl 3.0.0 deprecation warnings for
low-level digest algorithm interfaces

future: migrate to openssl interfaces:
  EVP_DigestInit_ex(3), EVP_DigestUpdate(3), and EVP_DigestFinal_ex(3)

2020-10-19 21:40:14 -04:00
Glenn Strauss a3ccc46be1 [mod_cgi] use splice() to send input to CGI
use splice(), if available (Linux), to send input from temp files to CGI
2020-10-19 21:40:14 -04:00
Glenn Strauss e18da93e44 [core] reuse chunkqueue_compact_mem*() 2020-10-19 21:40:14 -04:00
Glenn Strauss 9c25581d6f [core] alloc optim reading file, sending chunked
avoid potential double-copy due to not enough space for final '\0'
in http_chunk_append_read_fd_range() if read size is exactly multiple
of 8k and sending chunked response
2020-10-19 21:40:14 -04:00
Glenn Strauss 6d76f7ce49 [core] fix chunkqueue_compact_mem w/ partial chunk
(bug on master branch; never released)
2020-10-19 21:40:14 -04:00
Glenn Strauss 8abbf621d1 [mod_fastcgi] decode chunked is cold code path
decode chunked from FastCGI backend is cold code path
2020-10-19 21:40:14 -04:00
Glenn Strauss dc51e9d61c [tests] simulate slow, small packets more quickly
simulate slow, small packets more quickly
1ms between chars is plenty slow; 100ms is excessive

2020-10-19 21:40:14 -04:00
Glenn Strauss 96abd9cfb8 [core] coalesce nearby ranges in Range requests
Range requests must be HTTP/1.1 or later (not HTTP/1.0)
2020-10-19 21:40:14 -04:00
Glenn Strauss 2f7839e88f [doc] comment out config disabling Range for .pdf
comment out lighttpd.conf config disabling Range requests for .pdf

bug in Adobe Acrobat Reader browser plugin dates to over 10 years ago
one possible workaround was to disable "fast web view" in the
  Adobe Acrobat Reader

bug in Chrome fixed in 2015

However, there still may be issues with PDF readers mishandling Range
requests, e.g. with coalesced ranges, so the section remains in the
sample lighttpd.conf, but is commented out.
2020-10-19 21:40:14 -04:00