florian [Thu, 7 Aug 2014 10:52:34 +0000 (10:52 +0000)]
Opportunistically try to parse "Status: $code" in the very first
response from the fcgi daemon and use that code as HTTP response
code. If it doesn't work out fall back to code 200.
This might fix naddy@'s issue with redirects in cvsweb.
To be revisited after unlock.
Discussed with & grudgingly OK reyk@
deraadt [Thu, 7 Aug 2014 06:56:41 +0000 (06:56 +0000)]
shorten signal text a bit
deraadt [Thu, 7 Aug 2014 04:49:53 +0000 (04:49 +0000)]
Fix CVE-2014-3511; TLS downgrade, verbatim diff
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=
280b1f1ad12131defcd986676a8fc9717aaa601b
ok guenther miod
deraadt [Thu, 7 Aug 2014 01:24:10 +0000 (01:24 +0000)]
merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of service
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=
17160033765480453be0a41335fa6b833691c049
ok bcook
deraadt [Wed, 6 Aug 2014 23:16:16 +0000 (23:16 +0000)]
merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guenther
doug [Wed, 6 Aug 2014 22:33:08 +0000 (22:33 +0000)]
Mention how httpd responds to SIGHUP and SIGUSR1.
Description from reyk@
reyk [Wed, 6 Aug 2014 21:08:47 +0000 (21:08 +0000)]
Write STDERR from the CGI to the web server error log as intended.
OK florian@
florian [Wed, 6 Aug 2014 20:56:23 +0000 (20:56 +0000)]
If the very first fcgi STDOUT record has length 0 the cgi script
didn't send anything back. This is an internal server error.
OK reyk@
reyk [Wed, 6 Aug 2014 20:29:54 +0000 (20:29 +0000)]
Change grammar to remove a shift/reduce conflict that was introduced
with the ssl options.
"listen on $ip port 443 ssl" turns into "listen on $ip ssl port 443".
ok florian@
miod [Wed, 6 Aug 2014 20:11:09 +0000 (20:11 +0000)]
Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed by
Adam Langley close to three years ago, which were commited in
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=
e7928282d0148af5f28fa3437a625a2006af0214
ok jsing@
guenther [Wed, 6 Aug 2014 19:31:30 +0000 (19:31 +0000)]
Support NOTE_EOF for kqueue EVFILT_READ filters on NFS files.
committing for jsg@, ok reyk@ tedu@ guenther@
reyk [Wed, 6 Aug 2014 18:40:15 +0000 (18:40 +0000)]
Always zero-out the fcgi record header for STDIN data.
OK florian@
reyk [Wed, 6 Aug 2014 18:38:11 +0000 (18:38 +0000)]
Use memset(buf instead of memset(&buf.
Pointed out by deraadt@
reyk [Wed, 6 Aug 2014 18:21:14 +0000 (18:21 +0000)]
Limit the body size in client requests (eg. POST data) to 1M by default;
add a configuration option to change the limit.
ok florian@
jsing [Wed, 6 Aug 2014 16:31:09 +0000 (16:31 +0000)]
Document the SSL configuration for httpd (partly based on relayd.conf(5)).
ajacoutot [Wed, 6 Aug 2014 16:13:48 +0000 (16:13 +0000)]
sysctl machdep.ztsscale has been unused for 7 years, so stop handling it.
s/TAB/SPACE for the wsconsctl.conf comment like we do with sysctl.conf
in MI.
"get this in fast" deraadt@
ok ratchov@ who will test it in the next few hours
jsing [Wed, 6 Aug 2014 16:11:34 +0000 (16:11 +0000)]
Provide configuration options that allow the SSL certificate, key and
ciphers to be specified for each server.
ok deraadt@ reyk@
jsing [Wed, 6 Aug 2014 16:10:02 +0000 (16:10 +0000)]
Also clean up the public key when it is no longer needed.
ok deraadt@ reyk@
jsing [Wed, 6 Aug 2014 16:09:02 +0000 (16:09 +0000)]
Configure the default SSL ciphers as HIGH:!aNULL.
ok deraadt@ reyk@
jsing [Wed, 6 Aug 2014 16:01:44 +0000 (16:01 +0000)]
Allow B64_EOF to follow a base64 padding character. This restores previous
behaviour that allows a PEM block to be fed through the base64 decoder.
Reported by Dmitry Eremin-Solenikov on tech@
ok deraadt@ tedu@
jsg [Wed, 6 Aug 2014 15:40:40 +0000 (15:40 +0000)]
Correct some dma cleanup error paths.
While the index variables were correct the arrays of
dma handles they indexed were swapped for rx and tx.
As there are a mismatched number of rx and tx descriptors
we'd walk off the end of the rx handle array by 30 items.
ok deraadt@
jsg [Wed, 6 Aug 2014 15:15:16 +0000 (15:15 +0000)]
fix an off by one
ok deraadt@
florian [Wed, 6 Aug 2014 15:08:04 +0000 (15:08 +0000)]
http POST support
with & OK reyk@
florian [Wed, 6 Aug 2014 13:40:18 +0000 (13:40 +0000)]
Content-Length and Content-Type are transmitted as CONTENT_LENGTH and
CONTENT_TYPE environment variables to cgi scripts, without the HTTP_
prefix.
OK reyk@
reyk [Wed, 6 Aug 2014 12:56:58 +0000 (12:56 +0000)]
spacing
jsg [Wed, 6 Aug 2014 12:29:43 +0000 (12:29 +0000)]
avoid displaying a NULL pointer
ok deraadt@ reyk@
reyk [Wed, 6 Aug 2014 11:24:12 +0000 (11:24 +0000)]
The watermark exposed a bug in server_write that broke keep-alive
support. Instead of calling server_close from server_write, we have
to proceed to the next connection by calling the error handler.
OK jsg@
reyk [Wed, 6 Aug 2014 09:40:04 +0000 (09:40 +0000)]
Bring back the last read (done) / last write (done) messages instead of just
"done" to simplify connection debugging.
reyk [Wed, 6 Aug 2014 09:36:31 +0000 (09:36 +0000)]
Adjust the read/write watermarks according to the TCP send buffer.
This fixes sending of large files. Previously, httpd was reading the
input file too quickly and could run out of memory when filling the
input buffer.
Found by jsg@
OK florian@
reyk [Wed, 6 Aug 2014 09:34:21 +0000 (09:34 +0000)]
Add braces. Style-only change.
doug [Wed, 6 Aug 2014 05:47:40 +0000 (05:47 +0000)]
Add an overview of the features for httpd in the description section.
"commit" deraadt@
jsg [Wed, 6 Aug 2014 04:39:50 +0000 (04:39 +0000)]
add missing va_start/va_end calls
ok deraadt@ guenther@
guenther [Wed, 6 Aug 2014 04:28:21 +0000 (04:28 +0000)]
Correct error checks in EVP_read_pw_string_min(): UI_add_input_string()
and UI_add_verify_string() return -1 (and maybe -2?) on failure and
>=0 on success, instead of always zero on success
problem reported by Mark Patruck (mark (at) wrapped.cx)
ok miod@
doug [Wed, 6 Aug 2014 02:34:23 +0000 (02:34 +0000)]
Add signify instructions plus miniroot and install56.fs for amd64/i386
ok deraadt@
doug [Wed, 6 Aug 2014 02:31:47 +0000 (02:31 +0000)]
Explain the options in httpd.8
ok deraadt@
jsing [Wed, 6 Aug 2014 02:04:42 +0000 (02:04 +0000)]
Load the SSL public/private keys in the parent process, then provide them
to the privsep process via imsg. This allows the keys to be moved out of
the chroot (now /etc/ssl/server.crt, /etc/ssl/private/server.key).
ok reyk@
jsing [Wed, 6 Aug 2014 01:54:01 +0000 (01:54 +0000)]
Add support for loading the public/private key from memory, rather than
directly from file.
mpi [Tue, 5 Aug 2014 20:26:15 +0000 (20:26 +0000)]
Only check if the abort transfer is the interrupt one if the pipe is
opened with a callback.
If a driver opens an interrupt pipe without callback function, like
umct(4) does with one of its bulk in endpoints being reported as an
interrupt endpoint, then we can end up aborting a transfer which is
different from the interrupt one.
Issue reported by Roberto E. Vargas Caballero, ok deraadt@
reyk [Tue, 5 Aug 2014 18:01:10 +0000 (18:01 +0000)]
Add configuration options for the most-important connection limits:
max requests (per connection) and timeout. We don't want to add too
many button, and there are good defaults, but these ones are kind of
mandatory.
reyk [Tue, 5 Aug 2014 17:13:16 +0000 (17:13 +0000)]
Tweak the httpd.conf manpage with "sub-lists".
reyk [Tue, 5 Aug 2014 17:03:21 +0000 (17:03 +0000)]
Bring back the tcp/ip configuration options. This code was already
there and is from relayd. We can decide later which options should
be added or removed, but it shouldn't do any harm.
reyk [Tue, 5 Aug 2014 16:46:35 +0000 (16:46 +0000)]
Add srv_conf helper variable to make the code more readable.
No functional change.
reyk [Tue, 5 Aug 2014 16:35:37 +0000 (16:35 +0000)]
Fix an example: hostapd table entries have to be comma-separated.
From "Vigdis" via misc@
can go in deraadt@
reyk [Tue, 5 Aug 2014 16:34:03 +0000 (16:34 +0000)]
Fix an example, nat-to requires to specify the "out" direction in pf rules.
From "Vigdis" via misc@
can go in deraadt@
reyk [Tue, 5 Aug 2014 16:30:35 +0000 (16:30 +0000)]
Limit the number of (Keep-Alive) requests per connection to 100.
(Same default as in nginx and Apache).
reyk [Tue, 5 Aug 2014 15:36:59 +0000 (15:36 +0000)]
Improve logging to allow per- server/location log files. The log
files can also be owned by root now: they're opened by the parent and
send to the logger process with fd passing. This also works with reload.
ok deraadt@
deraadt [Tue, 5 Aug 2014 14:36:10 +0000 (14:36 +0000)]
retire blink because this is serious software now; ok beck
deraadt [Tue, 5 Aug 2014 14:35:47 +0000 (14:35 +0000)]
spaces
deraadt [Tue, 5 Aug 2014 13:15:51 +0000 (13:15 +0000)]
handle wsconsctl.conf and sysctl.conf just being examples.
from ratchov
jsing [Tue, 5 Aug 2014 12:46:16 +0000 (12:46 +0000)]
Add $OpenBSD$ tags.
jsg [Tue, 5 Aug 2014 09:24:21 +0000 (09:24 +0000)]
add a config option to specify the chroot directory
ok reyk@
naddy [Mon, 4 Aug 2014 20:17:09 +0000 (20:17 +0000)]
enable httpd; ok deraadt@
reyk [Mon, 4 Aug 2014 18:12:15 +0000 (18:12 +0000)]
Temporarily move the default location of the SSL/TLS server key and
certificate from /var/www/ to /var/www/conf/. Don't get scared - this
will be changed soon! They're currently located in the chroot
directory but will be moved outside as soon as we adopted some of the
key privsep from relayd in ressl/httpd.
reyk [Mon, 4 Aug 2014 18:00:06 +0000 (18:00 +0000)]
Add HTTPS = on CGI variable.
reyk [Mon, 4 Aug 2014 17:50:48 +0000 (17:50 +0000)]
Add HTTPS server example.
reyk [Mon, 4 Aug 2014 17:43:20 +0000 (17:43 +0000)]
Redirect to https:// if SSL/TLS is enabled.
reyk [Mon, 4 Aug 2014 17:38:12 +0000 (17:38 +0000)]
Proxy commit for jsing@:
"Add TLS/SSL support to httpd, based on the recent ressl commits."
From jsing@
ok reyk@
reyk [Mon, 4 Aug 2014 17:12:44 +0000 (17:12 +0000)]
manpage tweaks about logging
jsing [Mon, 4 Aug 2014 16:34:11 +0000 (16:34 +0000)]
Implement ressl_accept_socket, which allocates a new server connection
context (if necessary) and handles the TLS/SSL handshake over the given
socket.
jsing [Mon, 4 Aug 2014 16:19:50 +0000 (16:19 +0000)]
Return -1 on error (not 1).
jsing [Mon, 4 Aug 2014 16:18:42 +0000 (16:18 +0000)]
A ressl server needs different configuration from a ressl client - provide
a specific server configuration function and call this from
ressl_configure.
reyk [Mon, 4 Aug 2014 16:07:59 +0000 (16:07 +0000)]
Change grammar from "log [style]" to "log style [style]".
jsing [Mon, 4 Aug 2014 16:07:25 +0000 (16:07 +0000)]
Provide a function that returns a server connection context.
jsing [Mon, 4 Aug 2014 15:58:29 +0000 (15:58 +0000)]
Provide a utility function for loading a private/public keypair.
reyk [Mon, 4 Aug 2014 15:57:25 +0000 (15:57 +0000)]
Print error message if the log files cannot be opened.
jsing [Mon, 4 Aug 2014 15:55:26 +0000 (15:55 +0000)]
Improve ressl_{read,write} handling of non-blocking reads/writes.
reyk [Mon, 4 Aug 2014 15:49:28 +0000 (15:49 +0000)]
Add initial support for log files in /var/www/logs/. Logging with
syslog is still supported but disabled by default.
ok deraadt@
jsing [Mon, 4 Aug 2014 15:48:01 +0000 (15:48 +0000)]
Free the SSL context first and let the reference counting do its thing.
reyk [Mon, 4 Aug 2014 14:49:24 +0000 (14:49 +0000)]
Implement PATH_INFO and add DOCUMENT_ROOT.
PATH_INFO was requested by naddy@ who successfully tested it with "cvsweb".
ok naddy@
jasper [Mon, 4 Aug 2014 13:24:42 +0000 (13:24 +0000)]
fix small layout inconsistency
ok'd by many
reyk [Mon, 4 Aug 2014 11:09:25 +0000 (11:09 +0000)]
httpd doesn't support SSL/TLS yet, remove the remaining bits.
The secrect plan is to add it later using the ressl wrapper library.
deraadt [Mon, 4 Aug 2014 06:35:31 +0000 (06:35 +0000)]
no need for param.h
deraadt [Mon, 4 Aug 2014 06:35:10 +0000 (06:35 +0000)]
whitespace
miod [Mon, 4 Aug 2014 04:16:11 +0000 (04:16 +0000)]
In chacha_init(), allow for a NULL iv. Reported by znz on github.
ok guenther@ jsing@
reyk [Sun, 3 Aug 2014 22:47:25 +0000 (22:47 +0000)]
Only allow GET and HEAD for static files or return 405.
ok florian@
reyk [Sun, 3 Aug 2014 22:38:12 +0000 (22:38 +0000)]
Also write log messages, like 404 Not Found, on error. This is a bit
tricky because we couldn't guarantee a sane state after
server_response_http() so fail hard afterwards and close the connection.
ok doug@
florian [Sun, 3 Aug 2014 22:06:51 +0000 (22:06 +0000)]
c-type functions / makros need a cast to unsigned char, not int
"feel free to commit" reyk@
reyk [Sun, 3 Aug 2014 21:33:27 +0000 (21:33 +0000)]
Allocate http_host instead of carrying a buffer in the descriptor.
reyk [Sun, 3 Aug 2014 20:43:03 +0000 (20:43 +0000)]
spacing
reyk [Sun, 3 Aug 2014 20:39:40 +0000 (20:39 +0000)]
Dynamically pass HTTP request headers as protocol-specific HTTP_* CGI
meta-variables.
ok florian@
stsp [Sun, 3 Aug 2014 17:52:46 +0000 (17:52 +0000)]
Add ral(4) at pci and cardbus to RAMDISK on macppc; ok deraadt
stsp [Sun, 3 Aug 2014 17:52:10 +0000 (17:52 +0000)]
Add ral(4) at cardbus to GENERIC on macppc; ok deraadt
rpe [Sun, 3 Aug 2014 16:00:15 +0000 (16:00 +0000)]
smtpd got privsep'ed and the _smtpq user is now used to manage these
directories. Ensure proper ownership in case smtpd has been started
before this change.
brought up by matthieu@
OK deraadt@
jsg [Sun, 3 Aug 2014 14:35:30 +0000 (14:35 +0000)]
X509_NAME_get_text_by_NID() returns -1 on error so the type
the return value is stored in must be signed. Fixes a test for error.
ok jsing@ guenther@
jsg [Sun, 3 Aug 2014 14:30:28 +0000 (14:30 +0000)]
don't return unitialised memory on error in ehci_alloc_sqtd()
It seems mpi introduced a problem into ehci.c rev 1.162
two weeks ago. An error check that used to return NULL
now jumps to the end of the function, but sqtd isn't
initialised at that point.
ok miod@ deraadt@
jsg [Sun, 3 Aug 2014 14:23:59 +0000 (14:23 +0000)]
When stsp changed bwi_encap() for 30 bit addresses in rev 1.106 code
that used to always initialise the error variable is no longer run.
And at the end of bwi_encap() there is:
if (error)
m_freem(m);
return (error);
Fixing this prevents packet loss stsp was seeing.
ok stsp@ miod@ deraadt@
reyk [Sun, 3 Aug 2014 12:26:19 +0000 (12:26 +0000)]
Add function to iterate all headers. No functional change.
reyk [Sun, 3 Aug 2014 11:51:40 +0000 (11:51 +0000)]
The first server example should be the "minimal default" to illustrate
that you don't have to push all kinds of buttons to run httpd.
reyk [Sun, 3 Aug 2014 11:28:58 +0000 (11:28 +0000)]
More examples, include FastCGI for php and cgi-bin and logging.
reyk [Sun, 3 Aug 2014 11:16:10 +0000 (11:16 +0000)]
Split fastcgi socket path and document root option and add the
SCRIPT_FILENAME CGI param with a prepended root. This fixes php-fpm
that expects SCRIPT_FILENAME and also works with slowcgi if you
configure the root correctly. For example, if SCRIPT_NAME and
REQUEST_URI are /php/index.php, root is /htdocs, SCRIPT_FILENAME will
be /htdocs/php/index.php. As tested and discussed with florian@
reyk [Sun, 3 Aug 2014 10:38:42 +0000 (10:38 +0000)]
Add missing log call for FastCGI requests.
reyk [Sun, 3 Aug 2014 10:26:43 +0000 (10:26 +0000)]
Add another log mode "connection" for a relayd(8)-style log entry after
each connection, not every request. The code was already there and enabled
on debug, I just turned it into an alternative log format.
reyk [Sun, 3 Aug 2014 10:22:30 +0000 (10:22 +0000)]
Prefer getnameinfo() with NI_NUMERICHOST over inet_ntop because it is also
aware of the IPv6 scope Id. We already have a function print_host() that
uses getnameinfo, so no need for the inet_ntop cases. Confirmed by florian@
doug [Sat, 2 Aug 2014 21:21:47 +0000 (21:21 +0000)]
Locations now inherit access log settings from the server.
Add log to the server flags.
input/"Looks ok" reyk@
florian [Sat, 2 Aug 2014 17:42:24 +0000 (17:42 +0000)]
don't leak fcgi fd
florian [Sat, 2 Aug 2014 17:05:18 +0000 (17:05 +0000)]
Padding of fcgi records is optional, but if we receive padding data we
should read it.
florian [Sat, 2 Aug 2014 11:59:04 +0000 (11:59 +0000)]
We need to read from the fcgi bufferevent until it's empty because the
event handler will not be called again if no new data arrives.
Debugged with and OK reyk@
reyk [Sat, 2 Aug 2014 11:52:00 +0000 (11:52 +0000)]
Allow to specify a FastCGI TCP socket on localhost (eg. :9000). Used
for debugging, you should prefer local UNIX sockets, but it helped to
find an issue that will be fixed with the next commit.
OK florian@
reyk [Sat, 2 Aug 2014 10:24:36 +0000 (10:24 +0000)]
'fastcgi socket "path"' is the correct syntax; update the manpage.
Found by jsg@
reyk [Sat, 2 Aug 2014 09:54:13 +0000 (09:54 +0000)]
spacing