lighttpd1.4

lighttpd

Author	SHA1	Message	Date
Glenn Strauss	98a224a4a2	[mod_openssl] prefer some WolfSSL native APIs Prefer some WolfSSL native APIs when building with WolfSSL. However, some functionality in WolfSSL is available only through the WolfSSL compatibility layer for OpenSSL, so the effort to create a native mod_wolfssl halted here.	2 years ago
Glenn Strauss	1fc8a3e1f2	[core] sys-crypto-md.h w/ inline message digest fn sys-crypto-md.h w/ inline message digest functions; shared code	2 years ago
Glenn Strauss	bf4054f8ec	[mod_gnutls] GnuTLS option for TLS (fixes #109 ) (experimental) mod_gnutls supports most ssl.* config options supported by mod_openssl x-ref: "GnuTLS support for the mod_ssl" https://redmine.lighttpd.net/issues/109	2 years ago
Glenn Strauss	cb753ec5b5	[mod_mbedtls] mbedTLS option for TLS (experimental) mod_mbedtls supports most ssl.* config options supported by mod_openssl thx Ward Willats for the initial discussion and attempt in the comments https://redmine.lighttpd.net/boards/3/topics/7029	2 years ago
Glenn Strauss	b28a3714c4	[multiple] ./configure --with-nettle to use Nettle ./configure --with-nettle to use Nettle crypto lib for algorithms, instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS. x-ref: "How to use SHA-256 without OpenSSL?" https://redmine.lighttpd.net/boards/2/topics/8903	2 years ago
Glenn Strauss	c687e01c98	[core] r->uri.path always set, though might be "" (might be "" if <backend>.server sets "fix-root-scriptname" => "enable")	2 years ago
Glenn Strauss	7c7f8c467c	[multiple] split con, request (very large change) NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access) NB: request read and write chunkqueues currently point to connection chunkqueues; per-request and per-connection chunkqueues are not distinct from one another con->read_queue == r->read_queue con->write_queue == r->write_queue NB: in the future, a separate connection config may be needed for connection-level module hooks. Similarly, might need to have per-request chunkqueues separate from per-connection chunkqueues. Should probably also have a request_reset() which is distinct from connection_reset().	2 years ago
Glenn Strauss	31d9495330	[core] store subrequest_handler instead of mode store pointer to module in handler_module instead of con->mode id	2 years ago
Glenn Strauss	b5775b9951	[multiple] reduce direct use of srv->errh	2 years ago
Glenn Strauss	c8cd7cf49b	[multiple] extern log_epoch_secs replace srv->cur_ts	2 years ago
Glenn Strauss	409bba80b1	[multiple] reduce direct use of srv->cur_ts	2 years ago
Glenn Strauss	50bdb55de8	[multiple] connection hooks no longer get (srv ) (explicit (server ) not passed; available in con->srv)	2 years ago
Glenn Strauss	010c28949c	[multiple] prefer (connection ) to (srv ) convert all log_error_write() to log_error() and pass (log_error_st ) use con->errh in preference to srv->errh (even though currently same) avoid passing (server ) when previously used only for logging (errh)	2 years ago
Glenn Strauss	b73949e03f	[multiple] plugin.c handles common FREE_FUNC code (simpler for modules; less boilerplate to cut-n-paste)	2 years ago
Glenn Strauss	66a460d977	[mod_secdownload] use config_plugin_values_init()	2 years ago
Glenn Strauss	e2de4e581e	[core] const char name in struct plugin put void data (always used) as first member of struct plugin add int nconfig member to PLUGIN_DATA calloc() inits p->data to NULL	2 years ago
Glenn Strauss	36f64b26a1	[core] simpler config_check_cond() optimize for common case where condition has been evaluated for the request and a cached result exists (also: begin isolating data_config)	2 years ago
Glenn Strauss	47a758f959	[core] inline buffer key for _patch_connection() handle buffer key as part of DATA_UNSET in _patch_connection() (instead of key being (buffer *))	2 years ago
Mohammed Sadiq	6a988bb0d0	[multiple] cleaner calloc use in SETDEFAULTS_FUNC github: closes #99 x-ref: "cleaner calloc use in SETDEFAULTS_FUNC" https://github.com/lighttpd/lighttpd1.4/pull/99	3 years ago
Glenn Strauss	07fef25867	[mod_auth] http_auth_digest_hex2bin() replace http_auth_md5_hex2bin() with more generic function to handle digests of different lengths	3 years ago
Glenn Strauss	368630d925	[TLS] sys-crypto.h abstraction	4 years ago
Glenn Strauss	e1f21b2adb	[mod_secdownload] support if HMAC() is a macro support if HMAC() is a macro, which may not handle CONST_BUF_LEN() expanding to two arguments	4 years ago
Glenn Strauss	5e60b8faea	[mod_secdownload] compare bin MAC instead of hex	4 years ago
Glenn Strauss	a53f662a30	[core] remove some unused header includes remove exposure of stdio.h in buffer.h for print_backtrace(), now static	5 years ago
Glenn Strauss	afce434e0b	[mod_secdownload] new directives modify hash path (fixes #646 , fixes #1904 ) secdownload.path-segments = <number> include only given number of path segments in hash digest calculation secdownload.hash-querystr = "enable" \| "disable" include the query string in the hash digest calculation x-ref: "secdownload.path_elements support" https://redmine.lighttpd.net/issues/646 "mod_secdownload option to include url GET parameters in md5" https://redmine.lighttpd.net/issues/1904	5 years ago
Glenn Strauss	a801ef55a0	[TLS] mark code that uses -lcrypto but not -lssl mark code that uses openssl -lcrypto with USE_OPENSSL_CRYPTO to note that it does not depend on openssl -lssl (USE_OPENSSL)	6 years ago
Glenn Strauss	17f6595e1a	[mod_secdownload] warn if SHA used w/o SSL crypto issue warning at startup, instead of fatal error, if SHA used in secdownload.algorithm = "..." but mod_secdownload was built without SSL crypto. When lighttpd is built without openssl, this allows most tests/* to be run and pass, except the ones in tests/mod-secdownload.t which use "hmac-sha1" or "hmac-sha256". (alternatively, could have made, used isolated tests/secdownload.conf)	6 years ago
Glenn Strauss	c463860451	minor: quiet some compiler warnings	6 years ago
Glenn Strauss	e5006d88eb	pass buf size to li_tohex() also change passing of fixed-sized arrays: need to pass pointer to array as otherwise size does not get enforced From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3135 152afb58-edef-0310-8abb-c4023f1b3aa9	6 years ago
Glenn Strauss	8abd06a7ff	consistent inclusion of config.h at top of files (fixes #2073 ) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3113 152afb58-edef-0310-8abb-c4023f1b3aa9	6 years ago
Stefan Bühler	2a8f73e7d4	[mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project) Impact is probably low on most platforms, as it will probably overwrite one byte of "HASH HA1" which isn't used afterwards anymore. Reference: Fortify Open Review Project - lighttpd 1.4.39 ID 22708159 - Buffer Overflow: Off-by-One From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9	6 years ago
Stefan Bühler	bfaa48260a	[mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256" Differential Revision: https://review.lighttpd.net/D7 From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3054 152afb58-edef-0310-8abb-c4023f1b3aa9	7 years ago

32 Commits (f47ffb438c1944764442c0379378086f586b7325)