Fork 0
Commit Graph

467 Commits

Author SHA1 Message Date
Stefan Bühler 7aec09dd27 [lua] split all metatable init/create code into separate functions
- lua_push_*_metatable and init_*_mt (init only used by push)

Change-Id: I42a3d58b884205f30e4ee9a99c693ce65e9dbf66
2021-08-05 13:55:29 +02:00
Stefan Bühler 4a4fd8fd11 [core] include and use hedley (v15) header
hedley is a single header to handle compiler-specific features:

Prefer headly macros over glib for now.

Change-Id: I3c67ebee0d43e27fde6402d47788e1045144e864
2021-08-05 12:29:46 +02:00
Stefan Bühler 140a3c9018 fix refcount issue: don't drop rc in li_iostream_reset
... so li_stream_simple_socket_close doesn't need to acquire (when the rc might already be 0).

Instead call li_iostream_reset in all places that didn't acquire before,
and drop the acquire.

Change-Id: I347f49eb57989738ed811a1f3a31b8942ff32881
2021-05-03 23:24:48 +02:00
Stefan Bühler 505bfb053f [core] move CGI environment creation to core
Change-Id: Ia826381365a04352249321097fda57f704984821
2019-08-31 13:48:17 +02:00
Stefan Bühler 8989ca32d4 [mod_{fast,s}cgi] support REQUEST_SCHEME cgi variable
Change-Id: I4750086962ee50a530694309ec8a6165eddabcf3
2019-08-31 13:08:11 +02:00
Stefan Bühler d167e6e416 [core/mod_proxy] support http backends trying to run keep-alive
Even if they shouldn't (due to HTTP/1.0 or Connection; close) some
backends send HTTP/1.1 without Connection: close, and use Content-Length
to signal end of response (and don't close the connection, as they wait
for another request).

Now Content-Length is used to find the end of the response (chunked
transfer-encoding was already supported).

mod_proxy now signals HTTP/1.1, but also sends "Connection: close": it
doesn't reuse the connection yet.

Change-Id: Ica0c9b3b7da79899412a746f21e7348ccd3d23ee
2019-08-25 11:45:18 +02:00
Stefan Bühler b3dcc9662e [mod_openssl] fix C90 mixed declarations and code warning
Change-Id: I04f5e5dba87b7174eb5e93d18bddb5fb0ba717e9
2017-07-29 15:06:39 +02:00
Stefan Bühler 04e54a4388 [mod_openssl] fix crash with libressl or openssl < 1.1
Change-Id: I920ab1e4bc36df8396dcbf3d5777af32ae273a8b
2017-07-29 14:59:50 +02:00
Stefan Bühler 8c68b120da [mod_gnutls] support OCSP responses in sni backends
Change-Id: I7ec08bf6e414140b53019885eb906bdfe3251a2e
2017-07-26 09:46:13 +02:00
Stefan Bühler 808cdf301b handle ENAMETOOLONG in various places
  - static, flv: return 414
  - dirlist, pathinfo: treat as not-existing (i.e. no handling)
- also return 500 instead of closing the connection when stat/open
  fails an unhandled error
- explicit return instead of switch-case fallthrough (no semantic
  change) in actions.c

Change-Id: I1e2dd721dd18544500b4436ada843cb6e7f2db72
2017-05-20 15:48:36 +02:00
Stefan Bühler c8b27d7462 [mod_openssl] fix warnings and compile breaks with openssl 1.1.0
Change-Id: Ia69e8192004208a9e55246196b5b64d39cd53a66
2017-01-02 17:06:34 +01:00
Simon Lundström a4804cbd93 Add NO_TLSv1_1 and higher options
Change-Id: I69b675a8b41f84b9e786bc2ce1b9661fbd76cbd4
2016-11-30 19:42:18 +01:00
Stefan Bühler 3d2880258d [mod_gnutls] workaround gnutls API breakage, and prepare for future ones
Change-Id: I1b97aa31fd1a7adb0107761d05bf81a4509e9fc9
2016-10-21 20:08:41 +02:00
Stefan Bühler fc0119720e [mod_gnutls] use gnutls_pem_base64_decode_alloc instead of gnutls_pem_base64_decode2 (compat name for old versions)
Change-Id: Id07d9d38ac809b4116b04debba41cd7351ebd40b
2016-08-27 20:19:53 +02:00
Stefan Bühler d72a3c2940 [mod_gnutls] add basic OCSP response stapling support
Change-Id: I700b2afd0e0fc60ce4f864e77166e3fa2e36aaae
2016-08-27 19:55:25 +02:00
Stefan Bühler 7fb0148348 [mod_gnutls] use only pin callback, don't pass pin as parameter
- also check for number of attempts instead of flags,
  the same the gnutls internal callback is doing when a
  password is passed

Change-Id: I84f5a0c7a4e3aea6f55b7b28c2f57019128351c7
2016-08-27 14:00:43 +02:00
Stefan Bühler c9a3764f12 [ssl] don't exit early when there is no data to write; otherwise EOS stream handling is not triggered
Change-Id: Ie49fa1e7062f91c5708ae72db48c8e2144570f20
2015-08-10 11:41:47 +02:00
Stefan Bühler f527a16138 [debug] provide more unique event names for waitqueues
Change-Id: Iddf9e10b3902fbfe4fa7e97b7a172018d0d70b54
2015-08-09 10:12:21 +02:00
Stefan Bühler 78ac96cc04 [mod_debug] show more details for events
Change-Id: I245cff8a95839fa961ec32a8a8b2f3da39edb777
2015-08-05 21:57:12 +02:00
Stefan Bühler 6b22f2f104 [mod_debug] debug events
Change-Id: Ib776e950902a36f13ed766a78a92f6971310e87d
2015-01-25 13:27:59 +01:00
Stefan Bühler 66bd6b22a2 track event "names" for debugging
Change-Id: Ib8f2b589a6087de2355906a87bd2cd0c84bafcba
2015-01-17 15:16:29 +01:00
Stefan Bühler a5886b3a81 [mod_openssl] various fixes, fix error handling
- update docs with default options
- always set "session_id_context"
- load all algorithms
- cleanup error handling (abort on fatal errors, not the other way
  round, log non fatal errors in debug log-level)

Change-Id: I2b6028bbe97a237ab94ad00d58c7773d9d3d8830
2014-12-22 15:12:48 +01:00
Stefan Bühler f144349c72 [mod_openssl] allow all authentication methods in default cipher string
The details depend on the server key anyway; with the new default string
ecdsa keys work out of the box.

Change-Id: I7229f899ffd8dca5740767f9832980198b4f7bee
2014-11-09 11:14:03 +01:00
Stefan Bühler fc02dcf9e2 [mod_gnutls] improve alert handling
* print alerts with numerical value
* show non-fatal alerts
* use log level info for all alerts
* use log level warning for non-fatal "unknown" errors

Change-Id: Ibaa33743bfe809579981fdeb121955ef5c6d0ab2
2014-11-09 08:45:43 +01:00
Nikos Mavrogiannopoulos 91060ebe91 [mod_gnutls] allow pemfile to accept a key-value list of a certificate and key
In addition, this patch adds the ability to specify a PIN,
to be used to decrypt an encrypted key, or to login to a PKCS #11

Change-Id: Iff36879926236d07be6baaa1736985a58c54d0cc
2014-11-02 08:27:20 +01:00
Nikos Mavrogiannopoulos 344e918f05 [mod_gnutls] when an alert is received print its actual value
Change-Id: I89b12cb5e53cbd0d36d9b30d9a7e99aa70836717
2014-11-01 12:25:03 +01:00
Stefan Bühler 72011fbede [mox_rewrite,mod_proxy,docs] fix request.raw_path handling (includes query-string) 2014-06-06 13:41:30 +02:00
Stefan Bühler b5eac15433 [mod_proxy] use raw_path instead of re-encoded path 2014-06-06 12:08:16 +02:00
Stefan Bühler 76c12e4077 [mod_rewrite] rewrite_raw result gets decoded 2014-06-06 11:43:40 +02:00
Stefan Bühler e168e0653c [docs] fix typos, add some details, add rewrite_raw action 2014-05-27 20:07:12 +02:00
Stefan Bühler dd9f052c57 [mod_gnutls] remove broken include 2014-05-23 11:24:43 +02:00
Stefan Bühler 09002ad827 [mod_openssl] fix default cipher string 2014-05-16 17:22:16 +02:00
Stefan Bühler 5e30919291 [mod_openssl] wrap all options in #ifdef 2014-05-16 08:33:24 +02:00
Stefan Bühler acd2967534 assert many previously unchecked return values, handle some explicitly, remove FD_CLOEXEC in worker - mustn't fork 2014-04-15 11:11:51 +02:00
Stefan Bühler 582a8585ff [fastcgi] assert pointer is not NULL before dereference before NULL check in a loop 2014-04-15 11:07:39 +02:00
Stefan Bühler 17a5168793 [core] convert all assert() to LI_FORCE_ASSERT(), and support writing backtraces on fatal errors with libunwind 2014-04-11 11:40:24 +02:00
Stefan Bühler 01788a7250 [common] remove hash value type (use key/value lists instead) 2014-04-10 12:40:08 +02:00
Stefan Bühler 84325a5a06 [backends: scgi,proxy,fastcgi] update *context immediately after *backend_get
- fixes use-after-free, usually caught by an assert in
2014-04-10 12:40:08 +02:00
Stefan Bühler db58828e0b [common] refactor liValue to share most of the code
* removing unused "range" value type in angel
2014-02-06 14:01:20 +01:00
Stefan Bühler 23be07f40c [mod_gnutls] don't abort if 'NORMAL:-CIPHER-ALL:+ARCFOUR-128' is not recognized, use 'NORMAL' instead 2014-02-04 14:39:07 +01:00
Stefan Bühler 133941c327 [mod_status] use PACKAGE_BUILD_DATE instead of __DATE__/__TIME__ 2014-02-04 13:59:13 +01:00
Stefan Bühler f482877825 [doc] document core config and modules in tree 2014-02-03 12:57:25 +01:00
Stefan Bühler 3f61b3c1b1 [mod_proxy] send Content-Length for all non GET/HEAD requests 2013-12-05 18:01:41 +01:00
Stefan Bühler 5222d524ad [plugin_core] fix some setup parameter handling 2013-09-09 23:23:46 +02:00
Stefan Bühler 1a7eec4aa5 [mod_gnutls] disable protect-against-beast by default now - considered mitigated on client side 2013-09-09 16:17:18 +02:00
Stefan Bühler 81ff95db84 [mod_gnutls] announce http/1.1 in ALPN 2013-09-09 16:16:38 +02:00
Stefan Bühler d65a2ffc16 [mod_redirect] fix segfault in config parsing 2013-09-09 12:28:31 +02:00
Stefan Bühler a1fbaab86b [core/modules] refactor config handling
* should be more robust now: taking list of wanted value, handling NULL
   pointers instead of value type NONE, fixed some bugs (wrong checks,
   mem leaks, ...)
 * add many methods to make handling of values easier; most methods
   can handle NULL value pointers safely (li_value_type(v) instead of
   v->type and so on)
2013-09-06 14:36:55 +02:00
Stefan Bühler 061b2a4262 [core] handle differences between options/actions/setups in plugin.c 2013-08-22 18:02:50 +02:00
Stefan Bühler cebb8df82c [mod_vhost] fix config mem leak 2013-08-22 15:02:33 +02:00