NSS crashes with SIGFPE if SSL_REQUEST_CERTIFICATE is PR_TRUE,
but trust anchors have not been set with SSL_SetTrustAnchors()
(e.g. if ssl.verifyclient.activate = "enable" but ssl.ca-file
has not been configured in lighttpd.conf)
If cert is self-issued, then do not attempt to build certificate chain.
(Attempting to build certificate chain when chain is not provided, but
ssl.ca-file is specified, is provided as backward compatible behavior
from lighttpd versions prior to lighttpd 1.4.56)
remove buffer_urldecode_query() (unused)
query string generally needs to be split on '&'
before decoding '+' and decoding %-encoding
remove int2hex() (unused, and not well-named for nibble-to-hex)
Note: monotonic time does not change while VM is suspended
Continue to use real time where required by HTTP protocol, for logging
and for other user-visible instances, such as mod_status, as well as for
external databases and caches.
save parsed listen addrs at startup for reuse at runtime
srv_socket->srv_token is normalized at startup and contains IP and port.
save offset to colon, if present, or else length of string (unix socket)
At runtime, srv_token_colon can be quickly used as length of IP string
(without port) or, if not length of string, offset of stringified port
following the colon.
avoid interfaces deprecated in openssl 3.0.0
some newer interfaces might be present in openssl 1.1.1,
but might not be present in alt TLS libs (libressl or boringssl),
so retrict use to >= openssl 3.0.0
ignore server.event-handler = "libev" if lighttpd not built with libev
(no longer an error)
On most platforms, native event handling in lighttpd is more performant
than the overhead of libev, which usually uses the same underlying
OS system interface for event notification
fix crash for (broken) nested $SERVER["socket"] config
$SERVER["socket"] belongs in the global scope and should not be
nested in any other conditional config logic. Even so, lighttpd
should not crash when such misconfiguration occurs.
x-ref:
"Lighttpd multiple SSL hosts using Server Name Indication (SNI)"
https://redmine.lighttpd.net/boards/2/topics/9612
RFC 7233 Range handling for all non-streaming responses,
including (non-streaming) dynamic responses
(previously Range responses handled only for static files)
client browsers might remember prior algorithm if algorithm changed;
send 401 Unauthorized to reset client browser
(sending 400 Bad Request was not user friendly)
cast to unsigned before << 4 to avoid (pedantic) undefined behavior
of (time_t) (which is signed integral type) on 32-bit signed time_t
The high bit gets shifted into the sign-bit, which is technically
undefined behavior in C, but is defined behavior in C++.
x-ref:
"pedantic warning from -fsanitize=undefined"
https://redmine.lighttpd.net/issues/3069
augment configure.ac msgs to remove FAM on linux and *bsd
x-ref:
"stat-cache-fam feature appears disabled since 1.4.56"
https://redmine.lighttpd.net/issues/3068
cast high uint8_t byte to uint32_t before bit shifting << 24 to avoid
(pedantic) undefined behavior of uint8_t byte with high bit set when
it is promoted to int and then bit-shifted left 24 bytes. The high bit
gets shifted into the sign-bit, which is technically undefined behavior
in C, but is defined behavior in C++.
x-ref:
"pedantic warning from -fsanitize=undefined"
https://redmine.lighttpd.net/issues/3067
recognize and translate a common recommended cipherstring
"ECDHE+AESGCM:ECDHE+AES256:CHACHA20:!SHA1:!SHA256:!SHA384"
(basically: ECDHE+AESGCM:ECDHE+AES256:CHACHA20
without CBC ciphers reported as weak by SSLLabs)
(thx daimh)
commit 903024d7 in lighttpd 1.4.57 fixed issue #3046 but in the process
broke HTTP/1.1 101 Switching Protocols which included Content-Length: 0
in the response headers. Content-Length response header is permitted
by the RFCs, but not necessary with HTTP status 101 Switching Protocols.
x-ref:
"websocket proxy fails if 101 Switching Protocols from backend includes Content-Length"
https://redmine.lighttpd.net/issues/3063
(thx axe34)
do not call luaL_error() outside lua_pcall()
In magnet_attach_content(), call log_error() to report error,
not luaL_error(), and set flag to exit loop to allow the proper
number of entries to be popped off the lua stack.
x-ref:
"Segmentation Fault due to Empty String on Mod Magnet"
https://redmine.lighttpd.net/issues/3065
(thx axe34)
Be more careful inside the atpanic handler to avoid an infinite loop
that repeats the call to the atpanic handler
x-ref:
"Segmentation Fault due to Empty String on Mod Magnet"
https://redmine.lighttpd.net/issues/3065
(thx axe34)
Anyone running lua code inside the lighttpd server has control over
the lighttpd server, so this commit does not protect against
malicious behavior, but instead this commit more gracefully handles
a lua programmer mistake of attempting to stat() an empty string.
x-ref:
"Server Aborted due to Malicious Data sent to lighty.stat"
https://redmine.lighttpd.net/issues/3064
Glenn Strauss