| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
(quiet compiler warning)
|
| | |
|
| | |
|
| |
|
|
| |
use fdopendir(), fstatat(), if available
|
| |
|
|
|
|
|
|
|
| |
set Ciphersuites once API is available (SSL_CTX_set_ciphersuites())
in LibreSSL.
x-ref:
"Add support for TLS 1.3"
https://github.com/libressl-portable/portable/issues/228
|
| |
|
|
|
| |
fix typo: honor user-defined CipherString for alternative TLS libraries
(LibreSSL, BoringSSL, wolfSSL)
|
| | |
|
| |
|
|
|
|
|
|
| |
(thx hamelg)
x-ref:
"segfault with mod_scgi on backend server with unix socket domain"
https://redmine.lighttpd.net/issues/3052
|
| | |
|
| |
|
|
| |
buffer_is_equal_caseless_string() -> buffer_eq_icase_slen()
|
| |
|
|
| |
When known, use HTTP_HEADER_* enum before string comparisons
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(thx glen)
Regression in lighttpd 1.4.56 - 1.4.58 when extforward.headers is
not set in lighttpd.conf.
Workaround: extforward.headers = ("X-Forwarded-For")
(or appropriate value depending on header sent by upstream proxy)
x-ref:
"mod_extforward regression 1.4.56"
https://redmine.lighttpd.net/issues/3051
|
| |
|
|
| |
expand config warning for module load order to include other TLS modules
|
| |
|
|
|
|
| |
extend ssl.openssl.ssl-conf-cmd to accept "SecurityLevel"
(lighttpd extension) and use the (string) value to call the
openssl-specific SSL_CTX_set_security_level()
|
| | |
|
| |
|
|
|
|
| |
If server.systemd-socket-activation = "enable" and one or more of the
sockets is not listed in lighttpd.conf, then when the server is shutting
down, a buffer from the config file is free()d twice.
|
| |
|
|
| |
allocate memory for PATH_MAX to avoid pathconf() for _PC_NAME_MAX
|
| |
|
|
|
|
| |
On some older gcc, strncmp is a macro and expects three arguments,
but does not see expansion of lighttpd CONST_STR_LEN() macro before
warning/error about incorrect number of arguments
|
| |
|
|
|
|
| |
On some older gcc, strncmp is a macro and expects three arguments,
but does not see expansion of lighttpd CONST_STR_LEN() macro before
warning/error about incorrect number of arguments
|
| |
|
|
|
|
|
| |
include mbedtls/platform_util.h for mbedtls_platform_zeroize()
(instead of relying on an indirect include)
(fixes build with (very old) mbedtls-2.14.0)
|
| |
|
|
| |
hide unused funcs depending on build flags
|
| |
|
|
|
|
| |
read retry loop needs separate var for result and data size to read
rename 'toSend' variable to 'len' (of chunk)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
create API in chunk.[ch] for writing a chunk to an fd
(pull similar code from mod_cgi and mod_webdav)
This new API is intended for use on request body input, which is
written to size-limited temporary files controlled by lighttpd and
written to files or pipes.
(network_backend_write() is for writing chunkqueues to sockets)
|
| |
|
|
|
|
|
|
| |
FreeBSD provides an API similar to Linux copy_file_range()
but uses off_t instead of loff_t in the syscall.
off_t is equivalent to off64_t when lighttpd is built with LFS
(and lighttpd is built with LFS enabled by default)
|
| |
|
|
| |
separate func to check "If-Range"
|
| |
|
|
|
|
|
|
| |
(thx zoon01 and ms49434)
x-ref:
"Memory Growth with PUT and full buffered streams"
https://redmine.lighttpd.net/issues/3033
|
| | |
|
| |
|
|
|
|
| |
more efficient implementation of HTTP ETag generation and comparison
modify dekhash() to take hash value to allow for incremental hashing
|
| |
|
|
|
| |
* rename inet_ntop_cache.[ch] to sock_addr_cache.[ch]
* reimplement as separate caches for IPv4 and IPv6
|
| |
|
|
| |
use buffer_append_path_len() to join path segments
|
| |
|
|
| |
move from mod_openssl.c
|
| |
|
|
|
| |
- replace use of strptime() w/ implementation specialized for HTTP dates
- use thread-safe gmtime_r(), localtime_r() (replace localtime, gmtime)
|
| | |
|
| |
|
|
|
|
| |
http_date.[ch] encapsulate HTTP-date parse/compare
(import from one of my development branches from 2015)
|
| |
|
|
|
|
|
|
|
|
| |
sys-time.h - localtime_r,gmtime_r macros if needed
provide rudimentary localtime_r() and gmtime_r() if not present
(wraps localtime() and gmtime() funtions, but are not thread-safe since
they do not take a lock around access to localtime() and gmtime())
(import from one of my development branches from 2015)
|
| | |
|
| |
|
|
| |
fix sending of initial reqbody chunked to backend
|
| |
|
|
|
|
| |
x-ref:
"Memory Growth with PUT and full buffered streams"
https://redmine.lighttpd.net/issues/3033
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(thx flynn)
fix large memory usage for large file downloads from dynamic backends
reuse or release large memory chunks
x-ref:
"Memory Growth with PUT and full buffered streams"
https://redmine.lighttpd.net/issues/3033
|
| | |
|
| |
|
|
|
|
|
| |
- rewrite fcgi-responder as standalone app
fcgi-responder is now a minimal, standalone FastCGI server for tests
- remove dependency on fcgi-devel package
- merge fcgi-auth into fcgi-responder
|
| |
|
|
|
|
|
|
|
|
|
|
| |
compatibility to compile with earlier wolfSSL versions
compile-tested back to wolfSSL tag v3.14.0-stable
configured with (possibly extra flags)
./configure --enable-opensslextra --enable-opensslall --enable-sni \
--enable-lighty --enable-stunnel --enable-nginx --enable-haproxy
Functionality has not been tested!
Please consider using the latest stable release of wolfSSL.
|
| |
|
|
|
|
|
| |
now that mod_wolfssl is a standalone module, use wolfSSL TLS ver defines
(Increase compatibility of mod_wolfssl with wolfSSL versions prior to
wolfSSL v4.2.0)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(thx flynn)
fix decoding chunked from backend
truncate response and error out if backend sends excess data
after chunked encoding
x-ref:
"Too much content with HTTP/2.0"
https://redmine.lighttpd.net/issues/3049
|
| | |
|
| |
|
|
|
|
|
|
|
| |
replace /* fall through */ comment with __attribute_fallthrough__ macro
Note: not adding attribute to code with external origins:
xxhash.h (algo_xxhash.h)
ls-hpack/lshpack.c
so to avoid warnings, may need to compile with -Wno-implicit-fallthrough
|
