reflect reality.
OK benno@
-# $OpenBSD: httpd.conf,v 1.11 2014/08/25 14:27:54 reyk Exp $
+# $OpenBSD: httpd.conf,v 1.12 2014/12/12 14:45:59 reyk Exp $
#
# Macros
# An HTTPS server using SSL/TLS
server "secure.example.com" {
- listen on 127.0.0.1 ssl port 443
+ listen on 127.0.0.1 tls port 443
# Define server-specific log files relative to /logs
log { access "secure-access.log", error "secure-error.log" }
-/* $OpenBSD: config.c,v 1.24 2014/12/07 16:05:08 florian Exp $ */
+/* $OpenBSD: config.c,v 1.25 2014/12/12 14:45:59 reyk Exp $ */
/*
* Copyright (c) 2011 - 2014 Reyk Floeter <reyk@openbsd.org>
c = 0;
iov[c].iov_base = &s;
iov[c++].iov_len = sizeof(s);
- if (srv->srv_conf.ssl_cert_len != 0) {
- iov[c].iov_base = srv->srv_conf.ssl_cert;
- iov[c++].iov_len = srv->srv_conf.ssl_cert_len;
+ if (srv->srv_conf.tls_cert_len != 0) {
+ iov[c].iov_base = srv->srv_conf.tls_cert;
+ iov[c++].iov_len = srv->srv_conf.tls_cert_len;
}
- if (srv->srv_conf.ssl_key_len != 0) {
- iov[c].iov_base = srv->srv_conf.ssl_key;
- iov[c++].iov_len = srv->srv_conf.ssl_key_len;
+ if (srv->srv_conf.tls_key_len != 0) {
+ iov[c].iov_base = srv->srv_conf.tls_key;
+ iov[c++].iov_len = srv->srv_conf.tls_key_len;
}
if (id == PROC_SERVER &&
if ((srv_conf->flags & f) == 0)
srv_conf->flags |= parent->flags & f;
- f = SRVFLAG_SSL;
+ f = SRVFLAG_TLS;
srv_conf->flags |= parent->flags & f;
f = SRVFLAG_ACCESS_LOG;
serverconfig_reset(&srv_conf);
if ((off_t)(IMSG_DATA_SIZE(imsg) - s) <
- (srv_conf.ssl_cert_len + srv_conf.ssl_key_len)) {
+ (srv_conf.tls_cert_len + srv_conf.tls_key_len)) {
log_debug("%s: invalid message length", __func__);
goto fail;
}
srv->srv_conf.name, srv->srv_conf.id,
printb_flags(srv->srv_conf.flags, SRVFLAG_BITS));
- if (srv->srv_conf.ssl_cert_len != 0) {
- if ((srv->srv_conf.ssl_cert = get_data(p + s,
- srv->srv_conf.ssl_cert_len)) == NULL)
+ if (srv->srv_conf.tls_cert_len != 0) {
+ if ((srv->srv_conf.tls_cert = get_data(p + s,
+ srv->srv_conf.tls_cert_len)) == NULL)
goto fail;
- s += srv->srv_conf.ssl_cert_len;
+ s += srv->srv_conf.tls_cert_len;
}
- if (srv->srv_conf.ssl_key_len != 0) {
- if ((srv->srv_conf.ssl_key = get_data(p + s,
- srv->srv_conf.ssl_key_len)) == NULL)
+ if (srv->srv_conf.tls_key_len != 0) {
+ if ((srv->srv_conf.tls_key = get_data(p + s,
+ srv->srv_conf.tls_key_len)) == NULL)
goto fail;
- s += srv->srv_conf.ssl_key_len;
+ s += srv->srv_conf.tls_key_len;
}
return (0);
fail:
if (srv != NULL) {
- free(srv->srv_conf.ssl_cert);
- free(srv->srv_conf.ssl_key);
+ free(srv->srv_conf.tls_cert);
+ free(srv->srv_conf.tls_key);
}
free(srv);
-.\" $OpenBSD: httpd.8,v 1.48 2014/08/09 08:49:48 jmc Exp $
+.\" $OpenBSD: httpd.8,v 1.49 2014/12/12 14:45:59 reyk Exp $
.\"
.\" Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: August 9 2014 $
+.Dd $Mdocdate: December 12 2014 $
.Dt HTTPD 8
.Os
.Sh NAME
.Sh DESCRIPTION
The
.Nm
-daemon is an HTTP server with FastCGI and SSL support.
+daemon is an HTTP server with FastCGI and TLS support.
.Pp
The FastCGI implementation has optional socket support.
.Nm
-.\" $OpenBSD: httpd.conf.5,v 1.36 2014/11/12 16:52:44 jmc Exp $
+.\" $OpenBSD: httpd.conf.5,v 1.37 2014/12/12 14:45:59 reyk Exp $
.\"
.\" Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 12 2014 $
+.Dd $Mdocdate: December 12 2014 $
.Dt HTTPD.CONF 5
.Os
.Sh NAME
.Xr httpd 8
and defaults to
.Pa /run/slowcgi.sock .
-.It Ic listen on Ar address Oo Ic ssl Oc Ic port Ar number
+.It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
Set the listen address and port.
.It Ic location Ar path Brq ...
Specify server configuration rules for a specific location.
.Nm httpd .
If not specified, it defaults to
.Pa /htdocs .
-.It Ic ssl Ar option
-Set the SSL configuration for the server.
-These options are only used if SSL has been enabled via the listen directive.
-Valid options are:
-.Bl -tag -width Ds
-.It Ic certificate Ar file
-Specify the certificate to use for this server.
-The
-.Ar file
-should contain a PEM encoded certificate.
-.It Ic ciphers Ar string
-Specify the SSL cipher string.
-If not specified, the default value
-.Qq HIGH:!aNULL
-will be used (strong crypto cipher suites without anonymous DH).
-See the CIPHERS section of
-.Xr openssl 1
-for information about SSL cipher suites and preference lists.
-.It Ic key Ar file
-Specify the private key to use for this server.
-The
-.Ar file
-should contain a PEM encoded private key and reside outside of the
-.Xr chroot 2
-root directory of
-.Nm httpd .
-.El
.It Ic tcp Ar option
Enable or disable the specified TCP/IP options; see
.Xr tcp 4
connection.
This will affect the TCP window size.
.El
+.It Ic tls Ar option
+Set the TLS configuration for the server.
+These options are only used if TLS has been enabled via the listen directive.
+Valid options are:
+.Bl -tag -width Ds
+.It Ic certificate Ar file
+Specify the certificate to use for this server.
+The
+.Ar file
+should contain a PEM encoded certificate.
+.It Ic ciphers Ar string
+Specify the TLS cipher string.
+If not specified, the default value
+.Qq HIGH:!aNULL
+will be used (strong crypto cipher suites without anonymous DH).
+See the CIPHERS section of
+.Xr openssl 1
+for information about SSL/TLS cipher suites and preference lists.
+.It Ic key Ar file
+Specify the private key to use for this server.
+The
+.Ar file
+should contain a PEM encoded private key and reside outside of the
+.Xr chroot 2
+root directory of
+.Nm httpd .
+.El
.El
.Sh TYPES
Configure the supported media types.
-/* $OpenBSD: httpd.h,v 1.63 2014/11/11 15:54:45 beck Exp $ */
+/* $OpenBSD: httpd.h,v 1.64 2014/12/12 14:45:59 reyk Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
#define HTTPD_LOGROOT "/logs"
#define HTTPD_ACCESS_LOG "access.log"
#define HTTPD_ERROR_LOG "error.log"
-#define HTTPD_SSL_CERT "/etc/ssl/server.crt"
-#define HTTPD_SSL_KEY "/etc/ssl/private/server.key"
-#define HTTPD_SSL_CIPHERS "HIGH:!aNULL"
+#define HTTPD_TLS_CERT "/etc/ssl/server.crt"
+#define HTTPD_TLS_KEY "/etc/ssl/private/server.key"
+#define HTTPD_TLS_CIPHERS "HIGH:!aNULL"
#define FD_RESERVE 5
#define SERVER_MAX_CLIENTS 1024
#define SRVFLAG_SOCKET 0x0400
#define SRVFLAG_SYSLOG 0x0800
#define SRVFLAG_NO_SYSLOG 0x1000
-#define SRVFLAG_SSL 0x2000
+#define SRVFLAG_TLS 0x2000
#define SRVFLAG_ACCESS_LOG 0x4000
#define SRVFLAG_ERROR_LOG 0x8000
#define SRVFLAG_BITS \
"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX" \
"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG\13SOCKET" \
- "\14SYSLOG\15NO_SYSLOG\16SSL\17ACCESS_LOG\20ERROR_LOG"
+ "\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG"
#define TCPFLAG_NODELAY 0x01
#define TCPFLAG_NNODELAY 0x02
u_int32_t maxrequests;
size_t maxrequestbody;
- char *ssl_cert;
- off_t ssl_cert_len;
- char *ssl_cert_file;
- char ssl_ciphers[NAME_MAX];
- char *ssl_key;
- off_t ssl_key_len;
- char *ssl_key_file;
+ char *tls_cert;
+ off_t tls_cert_len;
+ char *tls_cert_file;
+ char tls_ciphers[NAME_MAX];
+ char *tls_key;
+ off_t tls_key_len;
+ char *tls_key_file;
u_int16_t flags;
u_int8_t tcpflags;
/* server.c */
pid_t server(struct privsep *, struct privsep_proc *);
-int server_ssl_load_keypair(struct server *);
+int server_tls_load_keypair(struct server *);
int server_privinit(struct server *);
void server_purge(struct server *);
void serverconfig_free(struct server_config *);
-/* $OpenBSD: parse.y,v 1.43 2014/12/04 02:44:42 tedu Exp $ */
+/* $OpenBSD: parse.y,v 1.44 2014/12/12 14:45:59 reyk Exp $ */
/*
* Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
%token ACCESS AUTO BACKLOG BODY BUFFER CERTIFICATE CHROOT CIPHERS COMMON
%token COMBINED CONNECTION DIRECTORY ERR FCGI INDEX IP KEY LISTEN LOCATION
%token LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS ROOT
-%token SACK SERVER SOCKET SSL STYLE SYSLOG TCP TIMEOUT TYPES
+%token SACK SERVER SOCKET STYLE SYSLOG TCP TIMEOUT TLS TYPES
%token ERROR INCLUDE
%token <v.string> STRING
%token <v.number> NUMBER
%type <v.port> port
-%type <v.number> optssl
+%type <v.number> opttls
%type <v.tv> timeout
%type <v.string> numberstring
}
;
-optssl : /*empty*/ { $$ = 0; }
- | SSL { $$ = 1; }
+opttls : /*empty*/ { $$ = 0; }
+ | TLS { $$ = 1; }
;
main : PREFORK NUMBER {
s->srv_conf.maxrequestbody = SERVER_MAXREQUESTBODY;
s->srv_conf.flags |= SRVFLAG_LOG;
s->srv_conf.logformat = LOG_FORMAT_COMMON;
- if ((s->srv_conf.ssl_cert_file =
- strdup(HTTPD_SSL_CERT)) == NULL)
+ if ((s->srv_conf.tls_cert_file =
+ strdup(HTTPD_TLS_CERT)) == NULL)
fatal("out of memory");
- if ((s->srv_conf.ssl_key_file =
- strdup(HTTPD_SSL_KEY)) == NULL)
+ if ((s->srv_conf.tls_key_file =
+ strdup(HTTPD_TLS_KEY)) == NULL)
fatal("out of memory");
- strlcpy(s->srv_conf.ssl_ciphers, HTTPD_SSL_CIPHERS,
- sizeof(s->srv_conf.ssl_ciphers));
+ strlcpy(s->srv_conf.tls_ciphers, HTTPD_TLS_CIPHERS,
+ sizeof(s->srv_conf.tls_ciphers));
if (last_server_id == INT_MAX) {
yyerror("too many servers defined");
YYERROR;
}
- if (server_ssl_load_keypair(srv) == -1) {
+ if (server_tls_load_keypair(srv) == -1) {
yyerror("failed to load public/private keys "
"for server %s", srv->srv_conf.name);
serverconfig_free(srv_conf);
| serveroptsl optnl
;
-serveroptsl : LISTEN ON STRING optssl port {
+serveroptsl : LISTEN ON STRING opttls port {
struct addresslist al;
struct address *h;
struct server *s;
host_free(&al);
if ($4) {
- s->srv_conf.flags |= SRVFLAG_SSL;
+ s->srv_conf.flags |= SRVFLAG_TLS;
}
}
| TCP {
YYERROR;
}
} connection
- | SSL {
+ | TLS {
if (parentsrv != NULL) {
- yyerror("ssl configuration inside location");
+ yyerror("tls configuration inside location");
YYERROR;
}
- } ssl
+ } tls
| ROOT STRING {
if (strlcpy(srv->srv_conf.root, $2,
sizeof(srv->srv_conf.root)) >=
}
;
-ssl : '{' sslopts_l '}'
- | sslopts
+tls : '{' tlsopts_l '}'
+ | tlsopts
;
-sslopts_l : sslopts comma sslopts_l
- | sslopts
+tlsopts_l : tlsopts comma tlsopts_l
+ | tlsopts
;
-sslopts : CERTIFICATE STRING {
- free(srv_conf->ssl_cert_file);
- if ((srv_conf->ssl_cert_file = strdup($2)) == NULL)
+tlsopts : CERTIFICATE STRING {
+ free(srv_conf->tls_cert_file);
+ if ((srv_conf->tls_cert_file = strdup($2)) == NULL)
fatal("out of memory");
free($2);
}
| KEY STRING {
- free(srv_conf->ssl_key_file);
- if ((srv_conf->ssl_key_file = strdup($2)) == NULL)
+ free(srv_conf->tls_key_file);
+ if ((srv_conf->tls_key_file = strdup($2)) == NULL)
fatal("out of memory");
free($2);
}
| CIPHERS STRING {
- if (strlcpy(srv_conf->ssl_ciphers, $2,
- sizeof(srv_conf->ssl_ciphers)) >=
- sizeof(srv_conf->ssl_ciphers)) {
+ if (strlcpy(srv_conf->tls_ciphers, $2,
+ sizeof(srv_conf->tls_ciphers)) >=
+ sizeof(srv_conf->tls_ciphers)) {
yyerror("ciphers too long");
free($2);
YYERROR;
{ "sack", SACK },
{ "server", SERVER },
{ "socket", SOCKET },
- { "ssl", SSL },
{ "style", STYLE },
{ "syslog", SYSLOG },
{ "tcp", TCP },
{ "timeout", TIMEOUT },
+ { "tls", TLS },
{ "types", TYPES }
};
const struct keywords *p;
-/* $OpenBSD: server.c,v 1.47 2014/12/04 02:44:42 tedu Exp $ */
+/* $OpenBSD: server.c,v 1.48 2014/12/12 14:45:59 reyk Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
int server_socket_listen(struct sockaddr_storage *, in_port_t,
struct server_config *);
-int server_ssl_init(struct server *);
-void server_ssl_readcb(int, short, void *);
-void server_ssl_writecb(int, short, void *);
+int server_tls_init(struct server *);
+void server_tls_readcb(int, short, void *);
+void server_tls_writecb(int, short, void *);
void server_accept(int, short, void *);
-void server_accept_ssl(int, short, void *);
+void server_accept_tls(int, short, void *);
void server_input(struct client *);
extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t,
}
int
-server_ssl_load_keypair(struct server *srv)
+server_tls_load_keypair(struct server *srv)
{
- if ((srv->srv_conf.flags & SRVFLAG_SSL) == 0)
+ if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
return (0);
- if ((srv->srv_conf.ssl_cert = server_load_file(
- srv->srv_conf.ssl_cert_file, &srv->srv_conf.ssl_cert_len)) == NULL)
+ if ((srv->srv_conf.tls_cert = server_load_file(
+ srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len)) == NULL)
return (-1);
log_debug("%s: using certificate %s", __func__,
- srv->srv_conf.ssl_cert_file);
+ srv->srv_conf.tls_cert_file);
- if ((srv->srv_conf.ssl_key = server_load_file(
- srv->srv_conf.ssl_key_file, &srv->srv_conf.ssl_key_len)) == NULL)
+ if ((srv->srv_conf.tls_key = server_load_file(
+ srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len)) == NULL)
return (-1);
log_debug("%s: using private key %s", __func__,
- srv->srv_conf.ssl_key_file);
+ srv->srv_conf.tls_key_file);
return (0);
}
int
-server_ssl_init(struct server *srv)
+server_tls_init(struct server *srv)
{
- if ((srv->srv_conf.flags & SRVFLAG_SSL) == 0)
+ if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
return (0);
- log_debug("%s: setting up SSL for %s", __func__, srv->srv_conf.name);
+ log_debug("%s: setting up TLS for %s", __func__, srv->srv_conf.name);
if (tls_init() != 0) {
log_warn("%s: failed to initialise tls", __func__);
}
if (tls_config_set_ciphers(srv->srv_tls_config,
- srv->srv_conf.ssl_ciphers) != 0) {
+ srv->srv_conf.tls_ciphers) != 0) {
log_warn("%s: failed to set tls ciphers", __func__);
return (-1);
}
if (tls_config_set_cert_mem(srv->srv_tls_config,
- srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len) != 0) {
+ srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len) != 0) {
log_warn("%s: failed to set tls cert", __func__);
return (-1);
}
if (tls_config_set_key_mem(srv->srv_tls_config,
- srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len) != 0) {
+ srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) {
log_warn("%s: failed to set tls key", __func__);
return (-1);
}
if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) {
- log_warn("%s: failed to configure SSL - %s", __func__,
+ log_warn("%s: failed to configure TLS - %s", __func__,
tls_error(srv->srv_tls_ctx));
return (-1);
}
/* We're now done with the public/private key... */
tls_config_clear_keys(srv->srv_tls_config);
- explicit_bzero(srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len);
- explicit_bzero(srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len);
- free(srv->srv_conf.ssl_cert);
- free(srv->srv_conf.ssl_key);
- srv->srv_conf.ssl_cert = NULL;
- srv->srv_conf.ssl_key = NULL;
- srv->srv_conf.ssl_cert_len = 0;
- srv->srv_conf.ssl_key_len = 0;
+ explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len);
+ explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len);
+ free(srv->srv_conf.tls_cert);
+ free(srv->srv_conf.tls_key);
+ srv->srv_conf.tls_cert = NULL;
+ srv->srv_conf.tls_key = NULL;
+ srv->srv_conf.tls_cert_len = 0;
+ srv->srv_conf.tls_key_len = 0;
return (0);
}
struct server *srv;
TAILQ_FOREACH(srv, env->sc_servers, srv_entry) {
- server_ssl_init(srv);
+ server_tls_init(srv);
server_http_init(srv);
log_debug("%s: running server %s", __func__,
void
serverconfig_free(struct server_config *srv_conf)
{
- free(srv_conf->ssl_cert_file);
- free(srv_conf->ssl_cert);
- free(srv_conf->ssl_key_file);
- free(srv_conf->ssl_key);
+ free(srv_conf->tls_cert_file);
+ free(srv_conf->tls_cert);
+ free(srv_conf->tls_key_file);
+ free(srv_conf->tls_key);
}
void
serverconfig_reset(struct server_config *srv_conf)
{
- srv_conf->ssl_cert_file = srv_conf->ssl_cert =
- srv_conf->ssl_key_file = srv_conf->ssl_key = NULL;
+ srv_conf->tls_cert_file = srv_conf->tls_cert =
+ srv_conf->tls_key_file = srv_conf->tls_key = NULL;
}
struct server *
}
void
-server_ssl_readcb(int fd, short event, void *arg)
+server_tls_readcb(int fd, short event, void *arg)
{
struct bufferevent *bufev = arg;
struct client *clt = bufev->cbarg;
}
void
-server_ssl_writecb(int fd, short event, void *arg)
+server_tls_writecb(int fd, short event, void *arg)
{
struct bufferevent *bufev = arg;
struct client *clt = bufev->cbarg;
return;
}
- if (srv_conf->flags & SRVFLAG_SSL) {
+ if (srv_conf->flags & SRVFLAG_TLS) {
event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ,
- server_ssl_readcb, clt->clt_bev);
+ server_tls_readcb, clt->clt_bev);
event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE,
- server_ssl_writecb, clt->clt_bev);
+ server_tls_writecb, clt->clt_bev);
}
/* Adjust write watermark to the socket buffer output size */
return;
}
- if (srv->srv_conf.flags & SRVFLAG_SSL) {
+ if (srv->srv_conf.flags & SRVFLAG_TLS) {
event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ,
- server_accept_ssl, &clt->clt_tv_start,
+ server_accept_tls, &clt->clt_tv_start,
&srv->srv_conf.timeout, clt);
return;
}
}
void
-server_accept_ssl(int fd, short event, void *arg)
+server_accept_tls(int fd, short event, void *arg)
{
struct client *clt = (struct client *)arg;
struct server *srv = (struct server *)clt->clt_srv;
int ret;
if (event == EV_TIMEOUT) {
- server_close(clt, "SSL accept timeout");
+ server_close(clt, "TLS accept timeout");
return;
}
clt->clt_s);
if (ret == TLS_READ_AGAIN) {
event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ,
- server_accept_ssl, &clt->clt_tv_start,
+ server_accept_tls, &clt->clt_tv_start,
&srv->srv_conf.timeout, clt);
} else if (ret == TLS_WRITE_AGAIN) {
event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE,
- server_accept_ssl, &clt->clt_tv_start,
+ server_accept_tls, &clt->clt_tv_start,
&srv->srv_conf.timeout, clt);
} else if (ret != 0) {
- log_warnx("%s: SSL accept failed - %s", __func__,
+ log_warnx("%s: TLS accept failed - %s", __func__,
tls_error(srv->srv_tls_ctx));
return;
}
-/* $OpenBSD: server_fcgi.c,v 1.41 2014/12/04 02:44:42 tedu Exp $ */
+/* $OpenBSD: server_fcgi.c,v 1.42 2014/12/12 14:45:59 reyk Exp $ */
/*
* Copyright (c) 2014 Florian Obser <florian@openbsd.org>
goto fail;
}
- if (srv_conf->flags & SRVFLAG_SSL)
+ if (srv_conf->flags & SRVFLAG_TLS)
if (fcgi_add_param(¶m, "HTTPS", "on", clt) == -1) {
errstr = "failed to encode param";
goto fail;
-/* $OpenBSD: server_file.c,v 1.40 2014/12/04 02:44:42 tedu Exp $ */
+/* $OpenBSD: server_file.c,v 1.41 2014/12/12 14:45:59 reyk Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
/* Redirect to path with trailing "/" */
if (path[strlen(path) - 1] != '/') {
if (asprintf(&newpath, "http%s://%s%s/",
- srv_conf->flags & SRVFLAG_SSL ? "s" : "",
+ srv_conf->flags & SRVFLAG_TLS ? "s" : "",
desc->http_host, desc->http_path) == -1)
return (500);
/* Path alias will be used for the redirection */
projects / openbsd / commitdiff