summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* [core] workaround fragile code in wolfssl types.hlighttpd-1.4.56-rc4Glenn Strauss2020-10-291-0/+17
| | | | | | | | | | workaround fragile code in wolfssl/wolfcrypto/types.h Including header blows up compile in 32-bit when lighttpd meson build in OpenWRT on a 32-bit platform generates lighttpd config.h containing define of SIZEOF_LONG, but not SIZEOF_LONG_LONG, and the wolfssl types.h flubs and fails to choose an enum value used by a macro that is unused by most consumers of the wolfssl header.
* [TLS] server.feature-flags "ssl.session-cache"lighttpd-1.4.56-rc3Glenn Strauss2020-10-295-10/+39
| | | | | | | | | disabled by default, but can be enabled (session tickets should be preferred) applies to mod_openssl, mod_wolfssl, mod_nss session cache is not currently implemented in mod_mbedtls or mod_gnutls
* [mod_mbedtls] wrap addtl code in preproc definesGlenn Strauss2020-10-281-3/+13
| | | | wrap additional code in preprocessor defines to check if enabled in lib
* [build] adjust meson.build for use by OpenWRTGlenn Strauss2020-10-282-34/+38
|
* [build] WITHOUT_LIB_CRYPTO option in codeGlenn Strauss2020-10-272-0/+12
| | | | | | | | | | | | | (not (yet?) an end-user option in the build system) (If extended to build system, build system should also unset CRYPTO_LIB) If WITHOUT_LIB_CRYPTO is defined in sys-crypto.h, then non-TLS modules will have access to MD5() and SHA1() built with lighttpd (algo_md5.[ch] and algo_sha1.[ch]), but not to other message digest algorithms. As of this commit, this affects only mod_secdownload with SHA256 digest and mod_auth* modules using HTTP Digest Auth with digest=SHA-256, which is not currently well-supported by client browers (besides Opera)
* [build] detect nss3/nss.h or nss/nss.h for NSSGlenn Strauss2020-10-274-1/+13
|
* [build] CMake use pkg_check_modules() w/ wolfsslGlenn Strauss2020-10-271-0/+5
|
* [build] CMake mod_openssl, mod_wolfssl can coexistGlenn Strauss2020-10-271-4/+0
|
* [build] add --with-brotli to meson.buildGlenn Strauss2020-10-271-1/+12
|
* [build] fix lib paths for GnuTLS, NSSlighttpd-1.4.56-rc2Glenn Strauss2020-10-271-2/+2
| | | | (thx dirk)
* [mod_secdownload] fix compile w/ NSS on FreeBSDGlenn Strauss2020-10-261-0/+2
| | | | | | (thx dirk) nss/alghmac.h might not exist
* [mod_wolfssl] need to build --enable-alpn for ALPNGlenn Strauss2020-10-261-0/+6
| | | | | | | | need to build wolfSSL library with --enable-alpn for ALPN even if already building wolfSSL library with --enable-openssall (sigh) ALPN is required by the HTTP/2 specification
* [mod_wolfssl] cripple SNI if not built OPENSSL_ALLGlenn Strauss2020-10-263-16/+53
| | | | | | | | | | | | | | | crippled functionality if wolfssl library not built --enable-opensslall * SNI not handled since SNI callbacks are disabled in wolfSSL library unless the wolfSSL library is built with --enable-openssall This means that there is only one certificate per listening socket -- no certificate selection based on server name indication (SNI) and is additionally a violation of the HTTP/2 specification, which requires SNI. slightly reduced functionality if wolfssl not built --enable-opensslall * disable client certificate verification (error out if in lighttpd.conf) * omit SSL_CIPHER_USEKEYSIZE, SSL_CIPHER_ALGKEYSIZE env vars
* [mod_wolfssl] use more wolfssl/options.h definesGlenn Strauss2020-10-261-21/+18
|
* [build] use pkg-config with wolfsslGlenn Strauss2020-10-261-2/+9
|
* [build] mark dependencies on crypto lib for MD5()Glenn Strauss2020-10-264-16/+16
| | | | | (lighttpd base executable depends on crypto lib for rand functionality, so the crypto library was already being loaded -- no missing symbols)
* [tests] OpenBSD crypt() support limited to bcryptGlenn Strauss2020-10-261-0/+4
| | | | OpenBSD crypt() does not support (insecure) crypt-des or crypt-md5
* [core] STAILQ_* -> SIMPLEQ_* on OpenBSDGlenn Strauss2020-10-261-0/+12
| | | | (thx brad)
* [doc] NEWSlighttpd-1.4.56-rc1Glenn Strauss2020-10-251-0/+533
|
* [core] fix (startup) mem leaks in configparser.yGlenn Strauss2020-10-241-2/+7
| | | | (thx stbuehler)
* [multiple] add some missing config cleanupGlenn Strauss2020-10-244-0/+4
| | | | (thx stbuehler)
* [mod_accesslog] update defaults after cycling logGlenn Strauss2020-10-241-0/+2
| | | | | | | | | (thx avij) must update the cached copy of global scope config after cycling log. Although (accesslog_st *) is modified in-place, the log_access_fd member of (accesslog_st *) is copied into the cache and must be updated after cycling logs in the global scope.
* [mod_mbedtls] newer mbedTLS vers support TLSv1.3Glenn Strauss2020-10-241-2/+15
|
* [core] silence coverity warnings (another try)Glenn Strauss2020-10-232-7/+9
|
* [mod_webdav] define _NETBSD_SOURCE on NetBSDGlenn Strauss2020-10-231-0/+5
| | | | | NetBSD dirent.h improperly hides fdopendir() (POSIX.1-2008) declaration which should be visible w/ _XOPEN_SOURCE 700 or _POSIX_C_SOURCE 200809L
* [build] more portable autogen.sh shell scriptGlenn Strauss2020-10-231-1/+1
| | | | | | | | Use more portable shell function definition, better supported by /bin/sh Some /bin/sh, e.g. dash, do not support trap on ERR, so that will issue some trace and will not trigger on ERR, but the rest of the script runs fine.
* [mod_nss] more nss includes fixesGlenn Strauss2020-10-221-1/+3
|
* [multiple] test for nss includesGlenn Strauss2020-10-225-1/+29
| | | | | some distro packages deploy NSS includes under nss/, others nss3/ (and similar for nspr/ vs nspr4/)
* [doc] /var/run -> /runGlenn Strauss2020-10-221-1/+1
|
* [build] remove svnversion from versionstamp ruleGlenn Strauss2020-10-211-6/+0
|
* [doc] replace bzip2 refs with brotliGlenn Strauss2020-10-211-2/+2
|
* [doc] change mod_compress refs to mod_deflateGlenn Strauss2020-10-213-3/+8
|
* [core] init NSS lib for basic crypto algorithmsGlenn Strauss2020-10-211-0/+16
| | | | | | | | basic algorithms fail if NSS library has not been init'd (WTH) lighttpd defers initialization of rand and crypto until first use to attempt to avoid long, blocking init at startup while waiting for sufficient system entropy to become available
* [core] add missing declaration for NSS randGlenn Strauss2020-10-211-0/+1
| | | | (bug on master branch; never released)
* [core] use inline funcs in sys-crypto-md.hGlenn Strauss2020-10-211-28/+84
| | | | | use inline funcs in sys-crypto-md.h for consistency and to avoid compiler warnings when result is ignored
* [mod_mbedtls] quiet unused variable warningGlenn Strauss2020-10-201-0/+1
|
* [core] fix fd sharing when splitting file chunkGlenn Strauss2020-10-201-0/+1
| | | | | | (bug on master branch; never released) fix fd sharing in chunkqueue_steal_partial_file_chunk()
* [core] silence coverity warnings (another try)Glenn Strauss2020-10-202-1/+8
|
* [core] silence coverity warnings in ls-hpackGlenn Strauss2020-10-201-1/+4
| | | | | | | | | The code originates from https://github.com/litespeedtech/ls-hpack and is explicitly documented as not needing to be initialized. x-ref: https://github.com/litespeedtech/ls-hpack/commit/634c69215f8646653bb4cb5cf448fb943008529f https://github.com/litespeedtech/ls-hpack/commit/d92883ca10f458b76168eee980f2ccb776917ad3
* [core] silence coverity warnings (false positives)Glenn Strauss2020-10-203-11/+22
|
* [core] always lseek() with shared fdGlenn Strauss2020-10-202-2/+2
| | | | always lseek() with shared fd; remove optim to skip with offset = 0
* [multiple] use http_chunk_append_file_ref()Glenn Strauss2020-10-203-20/+8
| | | | | | | use http_chunk_append_file_ref() and http_chunk_append_file_ref_range() reduce resource usage (number of fds open) by reference counting open fds to files served, and sharing the fd among FILE_CHUNKs in responses
* [core] http_chunk_append_file_ref_range()Glenn Strauss2020-10-202-0/+38
| | | | | http_chunk_append_file_ref() and http_chunk_append_file_ref_range() to take stat_cache_entry ref and append FILE_CHUNK
* [core] FILE_CHUNK can hold stat_cache_entry refGlenn Strauss2020-10-202-8/+26
|
* [core] stat_cache_entry reference countingGlenn Strauss2020-10-202-5/+34
| | | | | | future: should probably create fd cache separate from stat_cache, perhaps along w/ http-specific fields like etag and content_type and maybe even mmap
* [mod_deflate] use large mmap chunks to compressGlenn Strauss2020-10-201-13/+13
| | | | | use large chunks since server blocks while compressing, anyway (mod_deflate is not recommended for large files)
* [core] minimize pause during graceful restartGlenn Strauss2020-10-191-2/+36
| | | | | | | | | | | | | | | | | | | | | | | | | minimize pause during graceful restart for server.max-worker = 0 case The previous generation continues to accept new connections until the restarted parent signals that the restarted server is ready to accept new connections, and so the previous server should gracefully shutdown. This does not apply in the case of multiple workers. When there are multiple workers, they receive SIGINT to gracefully shut down and stop accepting new connections. While the listen sockets are kept open (and not closed and reopened), there is a small pause while the parent process restarts before it begins accepting new connections from the listen backlog. Note: there is a window during restart during which lighttpd may exit if it receives certain signals before it sets up signal handlers. future: might block signals (sigprocmask()) during restart, but if that is done, then care must be taken to unblock signals in restarted server as soon as signal handlers are set up and before any other children are created, e.g. by modules, or else signals must be explicitly unblocked in children. Also, during command line and config file processing, signals would be blocked, too, which might not be ideal.
* [core] config_plugin_value_to_int32()Glenn Strauss2020-10-195-23/+31
|
* [mod_openssl] use newer openssl 3.0.0 funcGlenn Strauss2020-10-191-1/+6
| | | | replace X509_STORE_load_locations() with X509_STORE_load_file()
* [mod_webdav] update defaults after worker_initGlenn Strauss2020-10-191-0/+2
| | | | | | update defaults after worker_init for config options in global scope (bug on master branch; never released)
View Lorry Controller Status