1af871fcef
[ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508)
Stefan Bühler2013-11-05 15:29:07 +00:00
3ce548c8d0
remove unused members from struct server_socket
Stefan Bühler2013-11-05 15:29:04 +00:00
268c054c40
[mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
Stefan Bühler2013-10-13 11:34:55 +00:00
29ff92d9ba
[core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502)
Stefan Bühler2013-08-30 15:46:13 +00:00
f0e5b84c27
[mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
Stefan Bühler2013-08-30 13:15:03 +00:00
92567b8b8f
[core] check whether server.chroot exists
Stefan Bühler2013-08-30 13:14:59 +00:00
916cf7cfc0
[core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
Stefan Bühler2013-08-30 13:14:57 +00:00
f9d58670d5
[auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436)
Stefan Bühler2013-08-30 13:14:56 +00:00
2bcf65c285
[mod_auth] some cleanup, only search for matching auth.require path once
Stefan Bühler2013-08-30 13:14:54 +00:00
559b198f86
[auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
Stefan Bühler2013-08-30 13:14:52 +00:00
93fd9ea7a4
[ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
Stefan Bühler2013-08-30 13:14:50 +00:00
6d4d2118c3
[ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
Stefan Bühler2013-08-30 13:14:48 +00:00
292b8d621b
move ssl.disable-client-renegotiation and added note that it currently doesnt work inside conditionals
Marcus Rückert
2013-08-15 10:33:00 +00:00
f8e9462d2f
[autoconf] pkg-config: search for lua5.1 and lua-5.1 before lua
Stefan Bühler2013-07-31 20:23:23 +00:00
05858f6cf2
[ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
Stefan Bühler2013-07-31 20:23:21 +00:00
25a3f2e826
[network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470)
Stefan Bühler2013-06-29 12:46:02 +00:00
3df2ec9248
[core] recognize more http methods to forward to backends (fixes #2346)
Stefan Bühler2013-06-29 10:53:24 +00:00
9b36534752
[core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
Stefan Bühler2013-06-29 10:53:22 +00:00
f0a2c0f293
[mod_user] add test cases to check handling of encoded ~ as %7E (#2124)
Stefan Bühler2013-06-29 10:07:45 +00:00
12c4a40b28
[mod_userdir] add userdir.active option, "enabled" by default
Stefan Bühler2013-06-29 10:07:43 +00:00
46240fdb7e
[mod_auth] fix distcheck, depends on openssl now for {SHA} crypted passwords
Stefan Bühler2013-06-29 09:45:31 +00:00
a6b42cc61e
[auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490)
Stefan Bühler2013-06-29 09:45:29 +00:00
c008fd7ec8
[mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
Stefan Bühler2013-06-29 09:45:27 +00:00
3caf47ecd9
[fdevent-libev] fix type punning warnings
Stefan Bühler2013-06-29 09:45:25 +00:00
680b714543
[cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
Stefan Bühler2013-06-29 09:45:23 +00:00
838d771550
added mime type for json files
Marcus Rückert
2013-06-25 10:20:15 +00:00
c26b50d9ad
[mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
Stefan Bühler2013-04-29 13:08:25 +00:00
0342dfef1d
[mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
Stefan Bühler2013-04-29 13:08:23 +00:00
b5da12c008
reject non ASCII characters in HTTP header names
Stefan Bühler2013-03-25 17:22:36 +00:00
25a2d665aa
call ERR_clear_error only for ssl connections in CON_STATE_ERROR
Stefan Bühler2013-03-25 17:22:34 +00:00
543bd249fb
fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
Stefan Bühler2013-01-22 13:08:21 +00:00
9cd8faa1b6
mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
Stefan Bühler2013-01-04 13:54:38 +00:00
6edfc40f93
fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533)
Stefan Bühler2012-11-21 12:01:44 +00:00
6200764f05
tests: check different combination of empty values, leading/trailing spaces and commas in the Connection header
Stefan Bühler2012-11-21 12:01:42 +00:00
29b126d5d3
mod_extforward: log address of untrusted proxy with debug.log-request-handling
Stefan Bühler2012-11-15 08:44:10 +00:00
fcb3f42f11
configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino)
Stefan Bühler2012-11-07 13:07:02 +00:00
d09fdd877f
Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo)
Stefan Bühler2012-11-07 13:07:00 +00:00
db1d977dea
Ignore EPIPE/ECONNRESET after SSL_shutdown (thx patdk-wk for reporting)
Stefan Bühler2012-11-06 17:14:37 +00:00
01f9debec3
Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413)
Stefan Bühler2012-04-19 13:02:06 +00:00
e697869e34
buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
Stefan Bühler2012-04-08 08:02:44 +00:00
33f1ec6d28
[mod_compress] fix handling if etags are disabled but cache-dir is set - may lead to double response
Stefan Bühler2012-01-11 21:59:51 +00:00
d83b009d54
[doc] fix ssl config exaple for ssl.cipher-list
Stefan Bühler2011-12-18 12:58:08 +00:00
761bedd7fe
[libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)
Stefan Bühler2011-12-18 12:58:04 +00:00
7bdb75fb47
[ssl] fix segfault on "ssl.honor-cipher-order" option while parsing the config
Stefan Bühler2011-12-06 20:03:42 +00:00
d964e49874
[ssl] document new options in config example
Stefan Bühler2011-12-06 11:26:51 +00:00
38e3e4a65a
[ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
Stefan Bühler2011-12-05 17:08:17 +00:00
456d7f4790
fix compile error when ssl is not enabled
Stefan Bühler2011-11-30 20:57:54 +00:00
b748fb890d
[core] accept dots in ipv6 addresses in host header (fixes #2359)
Stefan Bühler2011-11-30 20:46:49 +00:00
0f96222e7e
[ssl] add option to honor server cipher order, true by default (fixes #2364)
Stefan Bühler2011-11-30 19:59:24 +00:00
8c482a496d
remove copy/paste remainings from previous commit
Stefan Bühler2011-11-30 19:59:20 +00:00
a94bdd07df
[ssl] count renegotiations to prevent client renegotiations
Stefan Bühler2011-11-30 18:40:08 +00:00
6c9dff7cda
[mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
Stefan Bühler2011-11-29 22:27:11 +00:00
f15ee9becb
Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
Stefan Bühler2011-10-05 13:39:50 +00:00
3518ab60ed
Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
Stefan Bühler2011-09-05 09:32:43 +00:00
e05f1b3eec
Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
Stefan Bühler2011-08-30 22:13:59 +00:00
Stefan Bühler
Marcus Rückert