Fork 0
Commit Graph

1383 Commits

Author SHA1 Message Date
Stefan Bühler a5886b3a81 [mod_openssl] various fixes, fix error handling
- update docs with default options
- always set "session_id_context"
- load all algorithms
- cleanup error handling (abort on fatal errors, not the other way
  round, log non fatal errors in debug log-level)

Change-Id: I2b6028bbe97a237ab94ad00d58c7773d9d3d8830
2014-12-22 15:12:48 +01:00
Stefan Bühler 10305546cb [core] close out stream nicely on regular shutdown (fixes openssl session problem)
Change-Id: Iaac73fa64c03225751c4492b5c690094f3d6e97f
2014-12-22 15:11:31 +01:00
Stefan Bühler f144349c72 [mod_openssl] allow all authentication methods in default cipher string
The details depend on the server key anyway; with the new default string
ecdsa keys work out of the box.

Change-Id: I7229f899ffd8dca5740767f9832980198b4f7bee
2014-11-09 11:14:03 +01:00
Stefan Bühler fc02dcf9e2 [mod_gnutls] improve alert handling
* print alerts with numerical value
* show non-fatal alerts
* use log level info for all alerts
* use log level warning for non-fatal "unknown" errors

Change-Id: Ibaa33743bfe809579981fdeb121955ef5c6d0ab2
2014-11-09 08:45:43 +01:00
Nikos Mavrogiannopoulos 91060ebe91 [mod_gnutls] allow pemfile to accept a key-value list of a certificate and key
In addition, this patch adds the ability to specify a PIN,
to be used to decrypt an encrypted key, or to login to a PKCS #11

Change-Id: Iff36879926236d07be6baaa1736985a58c54d0cc
2014-11-02 08:27:20 +01:00
Nikos Mavrogiannopoulos 344e918f05 [mod_gnutls] when an alert is received print its actual value
Change-Id: I89b12cb5e53cbd0d36d9b30d9a7e99aa70836717
2014-11-01 12:25:03 +01:00
Stefan Bühler 72011fbede [mox_rewrite,mod_proxy,docs] fix request.raw_path handling (includes query-string) 2014-06-06 13:41:30 +02:00
Stefan Bühler b5eac15433 [mod_proxy] use raw_path instead of re-encoded path 2014-06-06 12:08:16 +02:00
Stefan Bühler 76c12e4077 [mod_rewrite] rewrite_raw result gets decoded 2014-06-06 11:43:40 +02:00
Stefan Bühler 4c741ce853 [core] expose request.raw_path as condition variable 2014-06-06 11:16:22 +02:00
Stefan Bühler e168e0653c [docs] fix typos, add some details, add rewrite_raw action 2014-05-27 20:07:12 +02:00
Stefan Bühler dd9f052c57 [mod_gnutls] remove broken include 2014-05-23 11:24:43 +02:00
Stefan Bühler d58d98a62d [value] move value functions that depend on angel / main implementations into separate file, included in the other implementations
this fixes building with --no-undefined. also link with libm in cmake.
2014-05-22 14:58:26 +02:00
Stefan Bühler 928d5dcb5e [angel] don't load angel core plugin for shut down, so the core plugin doesn't respawn a worker with default settings 2014-05-22 12:44:48 +02:00
Stefan Bühler c30060e0eb [angel] check setgid/setuid/... return values and abort on failure 2014-05-16 17:23:27 +02:00
Stefan Bühler 09002ad827 [mod_openssl] fix default cipher string 2014-05-16 17:22:16 +02:00
Stefan Bühler 5e30919291 [mod_openssl] wrap all options in #ifdef 2014-05-16 08:33:24 +02:00
Stefan Bühler b6ee9241ad [angel_fake] use li_sockaddr_from_string in li_angel_fake_listen 2014-04-15 13:05:52 +02:00
Stefan Bühler 5f4019359e [config parser] copy fixes from angel config parser 2014-04-15 12:41:09 +02:00
Stefan Bühler 63f4b78353 fix some socket address handlings - limit unix socket path names to struct size 2014-04-15 12:06:11 +02:00
Stefan Bühler 5b706ac033 [simple-stream] fix double assignment 2014-04-15 11:30:36 +02:00
Stefan Bühler 21e18176f2 fix wrong operator to check for set bit in events 2014-04-15 11:24:51 +02:00
Stefan Bühler ed7e70d0b4 [angel] fix missing break in switch statement in config parser for casting string to int 2014-04-15 11:22:15 +02:00
Stefan Bühler 3ad9e4cb01 [actions] fix dereference before null check 2014-04-15 11:13:20 +02:00
Stefan Bühler acd2967534 assert many previously unchecked return values, handle some explicitly, remove FD_CLOEXEC in worker - mustn't fork 2014-04-15 11:11:51 +02:00
Stefan Bühler 582a8585ff [fastcgi] assert pointer is not NULL before dereference before NULL check in a loop 2014-04-15 11:07:39 +02:00
Stefan Bühler 118844573c [angel] fix memory leak on error in angel config parser 2014-04-15 10:39:14 +02:00
Stefan Bühler 176d6099aa [liValue] fix missing break in switch statement 2014-04-15 10:33:48 +02:00
Stefan Bühler e5e37b8369 [idlist] fix bad shift operations 2014-04-14 17:51:47 +02:00
Stefan Bühler 419d60dd83 [profile] add missing utils.h include 2014-04-11 12:30:42 +02:00
Stefan Bühler 17a5168793 [core] convert all assert() to LI_FORCE_ASSERT(), and support writing backtraces on fatal errors with libunwind 2014-04-11 11:40:24 +02:00
Stefan Bühler e2992d7b6b [ip-parser] allow [ipv6]/net:port and [ipv6/net]:port for IPv6 address + network + port 2014-04-10 12:40:08 +02:00
Stefan Bühler 074f53744a [angel] merge allow_listen_* items
* allow_listen_ip ".." -> allow_listen ".."
 * allow_listen_unix ".." -> allow_listen "unix:.."
 * allow_listen also takes lists of strings
2014-04-10 12:40:08 +02:00
Stefan Bühler 22d186cecc [angel] rewrite config handling, rename items, document it
* remove "instance { ... }" wrapping
  * use "_" instead of "-"
  * modules -> modules_path
  * allow_listen { ip "..."; } -> allow_listen_ip "...";
  * allow_listen { unix "..."; } -> allow_listen_unix "...";
2014-04-10 12:40:08 +02:00
Stefan Bühler 01788a7250 [common] remove hash value type (use key/value lists instead) 2014-04-10 12:40:08 +02:00
Stefan Bühler dfaab291d9 [angel] rewrite parser, changing syntax (similar to main config) 2014-04-10 12:40:08 +02:00
Stefan Bühler 84325a5a06 [backends: scgi,proxy,fastcgi] update *context immediately after *backend_get
- fixes use-after-free, usually caught by an assert in
2014-04-10 12:40:08 +02:00
Stefan Bühler b5edda3bf4 [plugin_core] fix index "/filename" handling 2014-02-26 13:18:30 +01:00
Stefan Bühler ec6600271a [config] fix conditional parsing
conditional expressions include values to compare with; any
  complicated value expression must be put into parantheses.
  -> stop parsing after a simple value, don't search for operators,
     "and"/"or" operators are handled by the conditional
2014-02-10 15:33:48 +01:00
Stefan Bühler db58828e0b [common] refactor liValue to share most of the code
* removing unused "range" value type in angel
2014-02-06 14:01:20 +01:00
Stefan Bühler 23be07f40c [mod_gnutls] don't abort if 'NORMAL:-CIPHER-ALL:+ARCFOUR-128' is not recognized, use 'NORMAL' instead 2014-02-04 14:39:07 +01:00
Stefan Bühler 133941c327 [mod_status] use PACKAGE_BUILD_DATE instead of __DATE__/__TIME__ 2014-02-04 13:59:13 +01:00
Stefan Bühler d529150a9b [autotools] remove generated ragel parsers from dist 2014-02-04 13:22:01 +01:00
Stefan Bühler c3b715dae1 remove old test file 2014-02-04 13:01:23 +01:00
Stefan Bühler f482877825 [doc] document core config and modules in tree 2014-02-03 12:57:25 +01:00
Stefan Bühler 3f61b3c1b1 [mod_proxy] send Content-Length for all non GET/HEAD requests 2013-12-05 18:01:41 +01:00
Stefan Bühler a6303d8baa [config] allow setting vars in setup block 2013-11-13 23:49:08 +01:00
Stefan Bühler 0d40b25d19 [config] fix missing reference (segfault on shutdown) 2013-09-10 16:05:13 +02:00
Stefan Bühler 7d22354772 [config] fix cast(string) 2013-09-10 15:22:58 +02:00
Stefan Bühler 56e606bbd7 [config] setup only allowed in master config context 2013-09-10 12:07:04 +02:00
Stefan Bühler 5222d524ad [plugin_core] fix some setup parameter handling 2013-09-09 23:23:46 +02:00
Stefan Bühler 1a7eec4aa5 [mod_gnutls] disable protect-against-beast by default now - considered mitigated on client side 2013-09-09 16:17:18 +02:00
Stefan Bühler 81ff95db84 [mod_gnutls] announce http/1.1 in ALPN 2013-09-09 16:16:38 +02:00
Stefan Bühler e55f423203 [config] fix more bugs in new config handling 2013-09-09 13:10:50 +02:00
Stefan Bühler d65a2ffc16 [mod_redirect] fix segfault in config parsing 2013-09-09 12:28:31 +02:00
Stefan Bühler 04c6aa93cf [plugin_core] fix alias action 2013-09-09 12:15:12 +02:00
Stefan Bühler e4c99e55d6 [config] fix bug in config parser (failed parsing names followed by a comma) 2013-09-09 12:09:22 +02:00
Stefan Bühler 4056bd1a43 [config] fix mem leaks in config parser 2013-09-09 10:30:07 +02:00
Stefan Bühler 875995dae5 [config] fix bugs in new config handling 2013-09-09 10:17:43 +02:00
Stefan Bühler 8037af605f replace g_hash_table_contains with g_hash_table_lookup 2013-09-06 17:11:14 +02:00
Stefan Bühler eb19c66524 [lua] fix key-value list handling and export of lists 2013-09-06 16:43:28 +02:00
Stefan Bühler e76ebe2021 [core] rewrite config parser
* no more hash values - only lists and list of key-value pairs
 * "master" config:
   the config loaded on startup can use all features,
   configs loaded later (vhost on demand from sql...) can't use
   include* and cannot modify global vars.
 * scoped variables
   - add a global var store in the server struct
   - global vars can be set with "global foo = bar"
   - if a variable already exists in a scope it will be modified on a
	 write, otherwise a new local variable is created
   - global vars won't be modified if not in "master" mode
   - vars can be made explicitly local with "local foo = bar"; create a
	 local copy with "local foo = foo"
   - globals vars are available in live config loads for reading
   - each file and action block {...} creates a new scope; if/else branches do
	 NOT create a new scope
 * to append a value to a list use "l + [v]" (not "l + v" anymore);
   lists are concatenated with "+"
 * [...] always marks a list
 * (...) is a list if it contains a "," or "=>", otherwise it justs
   groups an expression
 * a list can either contain key-value pairs or other values. mixing is
   not allowed
2013-09-06 16:43:26 +02:00
Stefan Bühler a1fbaab86b [core/modules] refactor config handling
* should be more robust now: taking list of wanted value, handling NULL
   pointers instead of value type NONE, fixed some bugs (wrong checks,
   mem leaks, ...)
 * add many methods to make handling of values easier; most methods
   can handle NULL value pointers safely (li_value_type(v) instead of
   v->type and so on)
2013-09-06 14:36:55 +02:00
Stefan Bühler b783bd5aaa [misc] use less C99 features 2013-08-23 13:39:09 +02:00
Stefan Bühler 061b2a4262 [core] handle differences between options/actions/setups in plugin.c 2013-08-22 18:02:50 +02:00
Stefan Bühler 898e0c4687 [log] fix small mem leak 2013-08-22 15:02:35 +02:00
Stefan Bühler cebb8df82c [mod_vhost] fix config mem leak 2013-08-22 15:02:33 +02:00
Stefan Bühler ad687636e9 [lua] push list values with __index metamethod to lookup string/nil keys in key-value lists 2013-08-21 13:50:02 +02:00
Stefan Bühler 9f9fe72d97 [lua] fix usage of lua_typename 2013-08-21 13:50:02 +02:00
Stefan Bühler f9d0abac66 [lua] add lighty.error -> lighty.print alias 2013-08-21 12:41:11 +02:00
Stefan Bühler 0adefe5f18 [mod_memcached] convert to handling key-value list 2013-08-19 20:09:16 +02:00
Stefan Bühler 9430a8a112 [mod_deflate] convert to handling key-value list 2013-08-19 19:22:22 +02:00
Stefan Bühler 9e71dc6890 [core] li_value_to_string: use => for separating hash keys and values like the config 2013-08-19 19:13:48 +02:00
Stefan Bühler d825212823 [mod_lua] convert to handling key-value list 2013-08-19 19:11:28 +02:00
Stefan Bühler 32e91a9e8a [core] handle NULL values in li_value_extract* functions 2013-08-19 19:10:15 +02:00
Stefan Bühler a14d0d00a5 [mod_auth] convert to handling key-value list 2013-08-19 18:53:01 +02:00
Stefan Bühler 74b64a6d1a [plugin_core] log/setup log: convert to handling key-value list 2013-08-19 17:26:16 +02:00
Stefan Bühler 433d4da14e [mod_vhost] convert to handling key-value list; make vhost.map_regex predictable
vhost.map_regex used to reorder the list to put often used entries at
  the top; now it just uses the first matching entry.

  new syntax now uses the default keyword for default entries instead of
  the string "default".
2013-08-19 16:25:34 +02:00
Stefan Bühler 92dc237ee8 [core] add li_value_new_hashtable to create a GString -> liValue hashtable 2013-08-19 15:43:48 +02:00
Stefan Bühler 7bc6e275ef [mod_throttle] fix refcount and double free 2013-08-18 19:58:09 +02:00
Stefan Bühler ccd512ca57 [waf] remove waf for now, doesn't work anymore 2013-08-18 18:42:15 +02:00
Stefan Bühler 3c27596287 [plugin_core] index action should do less stat() calls now, especially for multiple names 2013-08-18 15:59:26 +02:00
Stefan Bühler 919a8dd6d2 [mod_openssl] error out on unknown parameters 2013-08-18 15:53:26 +02:00
Stefan Bühler dc2f0b7885 [mod_openssl] support key-value list for multiple listen parameters 2013-08-18 15:49:12 +02:00
Stefan Bühler 8eae9f3b50 [mod_gnutls] remove ca-file option; only needed for not yet supported client cert authentication. add docs in the source 2013-08-18 14:29:26 +02:00
Stefan Bühler c372d21f2c [mod_gnutls] use key-value list for parameters, allows duplicate listen/pemfile parameters 2013-08-18 13:48:48 +02:00
Stefan Bühler 969818083e [core] add li_value_to_key_value_list: convert value hash to key-value list 2013-08-18 13:47:29 +02:00
Stefan Bühler ab47f9b33c [mod_gnutls] fix endless loop in client hello parser 2013-08-18 11:45:45 +02:00
Stefan Bühler 36b901afa7 [mod_gnutls] fix build with SNI disabled 2013-08-18 11:16:01 +02:00
Stefan Bühler 40169d5fc9 [autobuild] fix renamed header ssl_client_hello_parser.h 2013-08-18 11:15:30 +02:00
Stefan Bühler a7f41b9e3b [core] check for disabled keep-alive early to send matching headers 2013-08-18 00:58:54 +02:00
Stefan Bühler 975ca1cddf [mod_gnutls] parse client hello for sni and protocol version
changing priority in gnutls post_client_hello didn't work with session
2013-08-18 00:55:24 +02:00
Stefan Bühler c51d89fe6e [mod_openssl] disable SSL3 by default 2013-08-09 00:23:33 +02:00
Stefan Bühler 0b8365ca29 [mod_openssl] enable DH and ECDH 2013-08-07 20:59:46 +02:00
Stefan Bühler b9d77f50a4 [core] add req_header.* actions 2013-08-07 18:05:16 +02:00
Stefan Bühler f3436e69f1 [gnutls] fix cleanup order (use-after-free) 2013-08-03 09:24:58 +02:00
Simon Lundström 859da7d7eb [plugin_core] docroot: show stat() errors for all entries when debug log is enabled 2013-07-31 21:54:05 +02:00
Stefan Bühler f64ba1bb72 [fastcgi] add debug prints before all fastcgi_reset calls, don't reset connection on stderr data if connection was already closed 2013-07-20 13:33:58 +02:00
Stefan Bühler 9aafe5aa2a [fetch] use signed integers for liFetchDatabase refcount 2013-07-20 11:49:49 +02:00
Stefan Bühler e762189fb5 [core] only use feature test macros on linux 2013-07-20 11:45:09 +02:00