openbsd
10 years agoImprove handling of next-line scope broken by end of file.
schwarze [Fri, 8 Aug 2014 15:35:31 +0000 (15:35 +0000)]
Improve handling of next-line scope broken by end of file.
Detect the condition earlier, report in the error message
which block is broken, and delete the broken block.
Consequently, empty section headers can no longer happen.

10 years agoSimplify: replace one global flag by one local variable
schwarze [Fri, 8 Aug 2014 15:32:17 +0000 (15:32 +0000)]
Simplify: replace one global flag by one local variable
and remove three unused global flags.  No functional change.

10 years agoGet rid of the useless FATAL error "child violates parent syntax".
schwarze [Fri, 8 Aug 2014 15:26:28 +0000 (15:26 +0000)]
Get rid of the useless FATAL error "child violates parent syntax".
When finding items outside lists, simply skip them and throw an ERROR.
Handle subsections before the first section instead of bailing out.

10 years agoRemove two useless FATAL errors.
schwarze [Fri, 8 Aug 2014 15:21:17 +0000 (15:21 +0000)]
Remove two useless FATAL errors.
When a file contains neither text nor macros, treat it as an empty document.
When the mdoc(7) document prologue is incomplete, use some default values.

10 years agouse nitems() instead of various local constructs
jasper [Fri, 8 Aug 2014 15:16:39 +0000 (15:16 +0000)]
use nitems() instead of various local constructs

ok stsp@

10 years agobetter name and wording for the last two non-generic errors
schwarze [Fri, 8 Aug 2014 15:15:27 +0000 (15:15 +0000)]
better name and wording for the last two non-generic errors

10 years agoVarious improvements related to .Ex and .Rv:
schwarze [Fri, 8 Aug 2014 15:10:14 +0000 (15:10 +0000)]
Various improvements related to .Ex and .Rv:
* let .Nm fall back to the empty string, not to UNKNOWN
* never let .Rv copy an argument from .Nm
* avoid spurious \fR after empty .Nm in -Tman
* correct handling of .Ex and .Rv in -Tman
* correct the wording of the output for .Rv without arguments
* use non-breaking spaces in .Ex and .Rv output where required
* split MANDOCERR_NONAME into a warning for .Ex and an error for .Nm

10 years agoPartial implementation of .Bd -centered.
schwarze [Fri, 8 Aug 2014 15:03:24 +0000 (15:03 +0000)]
Partial implementation of .Bd -centered.

In groff, .Bd -centered operates in fill mode, which is relatively
hard to implement, while this implementation operates in non-fill
mode so far.  As long as you pay attention that your lines do not
overflow, it works.  To make sure that rendering is the same for
mandoc and groff, it is recommended to insert .br between lines
for now.  This implementation will need improvement later.

10 years ago* consistently use semantic mdoc(7) macros
schwarze [Fri, 8 Aug 2014 14:52:53 +0000 (14:52 +0000)]
* consistently use semantic mdoc(7) macros
* add HISTORY and AUTHORS
* some mdoc(7) style fixes
* some wording fixes and avoid stray future tense
feedback and ok rpe@ jmc@, ok jasper@

10 years agoMake sure asynchronous commands do not race with synchronous ones.
mpi [Fri, 8 Aug 2014 14:34:11 +0000 (14:34 +0000)]
Make sure asynchronous commands do not race with synchronous ones.

Since asynchronous commands can be submitted from interrupt context
it was possible to race with a process waiting for the completion of
a previously submitted command.  So stop relying on the per-softc
TRB pointer for asynchronous commands and simply get the address of
the command TRB from the event TRB.

10 years agoImprove the logic to determine the maximum endpoint service interface
mpi [Fri, 8 Aug 2014 14:28:02 +0000 (14:28 +0000)]
Improve the logic to determine the maximum endpoint service interface
time payload.  Super speed companion descriptor are still not used but
at least we can properly initialize super speed interrupt pipes.

10 years agoImplement polling.
mpi [Fri, 8 Aug 2014 14:22:45 +0000 (14:22 +0000)]
Implement polling.

10 years agoSuper Speed hub descriptor definition and routine, required for upcoming
mpi [Fri, 8 Aug 2014 14:20:05 +0000 (14:20 +0000)]
Super Speed hub descriptor definition and routine, required for upcoming
external USB 3.0 hub support.

10 years agoEven if the endpoint it reseted before the stack gets informed that a
mpi [Fri, 8 Aug 2014 14:17:52 +0000 (14:17 +0000)]
Even if the endpoint it reseted before the stack gets informed that a
transfer stalled, report that a stall happen because umass(4) relies
on this behavior...

10 years agoFix debug printfs.
mpi [Fri, 8 Aug 2014 14:16:43 +0000 (14:16 +0000)]
Fix debug printfs.

10 years agoAdd support for using - as shorthand for stdin/stdout in tradcpp.
jsg [Fri, 8 Aug 2014 12:40:26 +0000 (12:40 +0000)]
Add support for using - as shorthand for stdin/stdout in tradcpp.

When looking into switching the /usr/bin/cpp wrapper to
tradcpp I came across "| ${CPP} ${CPPFLAGS} -" in usr.bin/which.

gcc documents this behaviour for cpp here:
https://gcc.gnu.org/onlinedocs/cpp/Invocation.html

Versions of the John F. Reiser derived cpp in 32V and CSRG SCCS
accept this usage as well, as does the cpp in PCC.

10 years agoFix CVE-2014-3507, avoid allocating and then leaking a fresh fragment
guenther [Fri, 8 Aug 2014 05:06:56 +0000 (05:06 +0000)]
Fix CVE-2014-3507, avoid allocating and then leaking a fresh fragment
structure when a zero-length fragment is received.

Based on
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74

diff by miod@, ok guenther@ bcook@ deraadt@

10 years agoFix CVE-2014-3508, pretty printing and OID validation:
guenther [Fri, 8 Aug 2014 04:53:43 +0000 (04:53 +0000)]
Fix CVE-2014-3508, pretty printing and OID validation:
 - make sure the output buffer is always NUL terminated if buf_len
   was initially greater than zero.
 - reject OIDs that are too long, too short, or not in proper base-127

Based on
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87

ok bcook@

10 years agoCorrect test reversed during merge of fix for CVE-2014-3509
guenther [Thu, 7 Aug 2014 22:27:28 +0000 (22:27 +0000)]
Correct test reversed during merge of fix for CVE-2014-3509

pointed out by Watson Ladd (watson (at) matasano.com)
ok deraadt@

10 years agoFix CVE-2014-3506, DTLS handshake message size checks. From
guenther [Thu, 7 Aug 2014 20:24:12 +0000 (20:24 +0000)]
Fix CVE-2014-3506, DTLS handshake message size checks.  From
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636
with comment/whitespace style tweaks

ok bcook@ miod@

10 years agoOops, revert changes commited by mistake. The previous commit was supposed
miod [Thu, 7 Aug 2014 20:02:23 +0000 (20:02 +0000)]
Oops, revert changes commited by mistake. The previous commit was supposed
to only apply to s23_srvr.c.

10 years agoWhen you expect a function to return a particular value, don't put a comment
miod [Thu, 7 Aug 2014 19:46:31 +0000 (19:46 +0000)]
When you expect a function to return a particular value, don't put a comment
saying that you expect it to return that value and compare it against zero
because it is supposedly faster, for this leads to bugs (especially given the
high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this
library).

Instead, compare for the exact value it ought to return upon success.

ok deraadt@

10 years agoBump example pubkey filenames to /etc/signify/openbsd-56-base.pub for
lteo [Thu, 7 Aug 2014 19:03:38 +0000 (19:03 +0000)]
Bump example pubkey filenames to /etc/signify/openbsd-56-base.pub for
5.6.

ok deraadt@

10 years agoFix and simplify the description of httpd(8)'s signal handling. httpd
reyk [Thu, 7 Aug 2014 18:21:13 +0000 (18:21 +0000)]
Fix and simplify the description of httpd(8)'s signal handling.  httpd
does not re-executed itself on SIGHUP, it simply reload the
configuration and sends it to its child processes.

ok deraadt@

10 years agoDon't try to ouput FCGI_STDERR into error.log if there is no data.
florian [Thu, 7 Aug 2014 12:43:22 +0000 (12:43 +0000)]
Don't try to ouput FCGI_STDERR into error.log if there is no data.
Problem noticed by naddy@, OK reyk@

10 years agoOpportunistically try to parse "Status: $code" in the very first
florian [Thu, 7 Aug 2014 10:52:34 +0000 (10:52 +0000)]
Opportunistically try to parse "Status: $code" in the very first
response from the fcgi daemon and use that code as HTTP response
code. If it doesn't work out fall back to code 200.
This might fix naddy@'s issue with redirects in cvsweb.
To be revisited after unlock.
Discussed with & grudgingly OK reyk@

10 years agoshorten signal text a bit
deraadt [Thu, 7 Aug 2014 06:56:41 +0000 (06:56 +0000)]
shorten signal text a bit

10 years agoFix CVE-2014-3511; TLS downgrade, verbatim diff
deraadt [Thu, 7 Aug 2014 04:49:53 +0000 (04:49 +0000)]
Fix CVE-2014-3511; TLS downgrade, verbatim diff
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b
ok guenther miod

10 years agomerge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of service
deraadt [Thu, 7 Aug 2014 01:24:10 +0000 (01:24 +0000)]
merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of service
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049
ok bcook

10 years agomerge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guenther
deraadt [Wed, 6 Aug 2014 23:16:16 +0000 (23:16 +0000)]
merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guenther

10 years agoMention how httpd responds to SIGHUP and SIGUSR1.
doug [Wed, 6 Aug 2014 22:33:08 +0000 (22:33 +0000)]
Mention how httpd responds to SIGHUP and SIGUSR1.

Description from reyk@

10 years agoWrite STDERR from the CGI to the web server error log as intended.
reyk [Wed, 6 Aug 2014 21:08:47 +0000 (21:08 +0000)]
Write STDERR from the CGI to the web server error log as intended.

OK florian@

10 years agoIf the very first fcgi STDOUT record has length 0 the cgi script
florian [Wed, 6 Aug 2014 20:56:23 +0000 (20:56 +0000)]
If the very first fcgi STDOUT record has length 0 the cgi script
didn't send anything back. This is an internal server error.
OK reyk@

10 years agoChange grammar to remove a shift/reduce conflict that was introduced
reyk [Wed, 6 Aug 2014 20:29:54 +0000 (20:29 +0000)]
Change grammar to remove a shift/reduce conflict that was introduced
with the ssl options.
"listen on $ip port 443 ssl" turns into "listen on $ip ssl port 443".

ok florian@

10 years agoPrevent a possible use after free by mimicing the s3_srvr.c fixes contributed by
miod [Wed, 6 Aug 2014 20:11:09 +0000 (20:11 +0000)]
Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed by
Adam Langley close to three years ago, which were commited in
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214

ok jsing@

10 years agoSupport NOTE_EOF for kqueue EVFILT_READ filters on NFS files.
guenther [Wed, 6 Aug 2014 19:31:30 +0000 (19:31 +0000)]
Support NOTE_EOF for kqueue EVFILT_READ filters on NFS files.

committing for jsg@,  ok reyk@ tedu@ guenther@

10 years agoAlways zero-out the fcgi record header for STDIN data.
reyk [Wed, 6 Aug 2014 18:40:15 +0000 (18:40 +0000)]
Always zero-out the fcgi record header for STDIN data.

OK florian@

10 years agoUse memset(buf instead of memset(&buf.
reyk [Wed, 6 Aug 2014 18:38:11 +0000 (18:38 +0000)]
Use memset(buf instead of memset(&buf.

Pointed out by deraadt@

10 years agoLimit the body size in client requests (eg. POST data) to 1M by default;
reyk [Wed, 6 Aug 2014 18:21:14 +0000 (18:21 +0000)]
Limit the body size in client requests (eg. POST data) to 1M by default;
add a configuration option to change the limit.

ok florian@

10 years agoDocument the SSL configuration for httpd (partly based on relayd.conf(5)).
jsing [Wed, 6 Aug 2014 16:31:09 +0000 (16:31 +0000)]
Document the SSL configuration for httpd (partly based on relayd.conf(5)).

10 years agosysctl machdep.ztsscale has been unused for 7 years, so stop handling it.
ajacoutot [Wed, 6 Aug 2014 16:13:48 +0000 (16:13 +0000)]
sysctl machdep.ztsscale has been unused for 7 years, so stop handling it.
s/TAB/SPACE for the wsconsctl.conf comment like we do with sysctl.conf
in MI.

"get this in fast" deraadt@
ok ratchov@ who will test it in the next few hours

10 years agoProvide configuration options that allow the SSL certificate, key and
jsing [Wed, 6 Aug 2014 16:11:34 +0000 (16:11 +0000)]
Provide configuration options that allow the SSL certificate, key and
ciphers to be specified for each server.

ok deraadt@ reyk@

10 years agoAlso clean up the public key when it is no longer needed.
jsing [Wed, 6 Aug 2014 16:10:02 +0000 (16:10 +0000)]
Also clean up the public key when it is no longer needed.

ok deraadt@ reyk@

10 years agoConfigure the default SSL ciphers as HIGH:!aNULL.
jsing [Wed, 6 Aug 2014 16:09:02 +0000 (16:09 +0000)]
Configure the default SSL ciphers as HIGH:!aNULL.

ok deraadt@ reyk@

10 years agoAllow B64_EOF to follow a base64 padding character. This restores previous
jsing [Wed, 6 Aug 2014 16:01:44 +0000 (16:01 +0000)]
Allow B64_EOF to follow a base64 padding character. This restores previous
behaviour that allows a PEM block to be fed through the base64 decoder.

Reported by Dmitry Eremin-Solenikov on tech@

ok deraadt@ tedu@

10 years agoCorrect some dma cleanup error paths.
jsg [Wed, 6 Aug 2014 15:40:40 +0000 (15:40 +0000)]
Correct some dma cleanup error paths.

While the index variables were correct the arrays of
dma handles they indexed were swapped for rx and tx.

As there are a mismatched number of rx and tx descriptors
we'd walk off the end of the rx handle array by 30 items.

ok deraadt@

10 years agofix an off by one
jsg [Wed, 6 Aug 2014 15:15:16 +0000 (15:15 +0000)]
fix an off by one
ok deraadt@

10 years agohttp POST support
florian [Wed, 6 Aug 2014 15:08:04 +0000 (15:08 +0000)]
http POST support
with & OK reyk@

10 years agoContent-Length and Content-Type are transmitted as CONTENT_LENGTH and
florian [Wed, 6 Aug 2014 13:40:18 +0000 (13:40 +0000)]
Content-Length and Content-Type are transmitted as CONTENT_LENGTH and
CONTENT_TYPE environment variables to cgi scripts, without the HTTP_
prefix.
OK reyk@

10 years agospacing
reyk [Wed, 6 Aug 2014 12:56:58 +0000 (12:56 +0000)]
spacing

10 years agoavoid displaying a NULL pointer
jsg [Wed, 6 Aug 2014 12:29:43 +0000 (12:29 +0000)]
avoid displaying a NULL pointer
ok deraadt@ reyk@

10 years agoThe watermark exposed a bug in server_write that broke keep-alive
reyk [Wed, 6 Aug 2014 11:24:12 +0000 (11:24 +0000)]
The watermark exposed a bug in server_write that broke keep-alive
support.  Instead of calling server_close from server_write, we have
to proceed to the next connection by calling the error handler.

OK jsg@

10 years agoBring back the last read (done) / last write (done) messages instead of just
reyk [Wed, 6 Aug 2014 09:40:04 +0000 (09:40 +0000)]
Bring back the last read (done) / last write (done) messages instead of just
"done" to simplify connection debugging.

10 years agoAdjust the read/write watermarks according to the TCP send buffer.
reyk [Wed, 6 Aug 2014 09:36:31 +0000 (09:36 +0000)]
Adjust the read/write watermarks according to the TCP send buffer.
This fixes sending of large files.  Previously, httpd was reading the
input file too quickly and could run out of memory when filling the
input buffer.

Found by jsg@
OK florian@

10 years agoAdd braces. Style-only change.
reyk [Wed, 6 Aug 2014 09:34:21 +0000 (09:34 +0000)]
Add braces.  Style-only change.

10 years agoAdd an overview of the features for httpd in the description section.
doug [Wed, 6 Aug 2014 05:47:40 +0000 (05:47 +0000)]
Add an overview of the features for httpd in the description section.

"commit" deraadt@

10 years agoadd missing va_start/va_end calls
jsg [Wed, 6 Aug 2014 04:39:50 +0000 (04:39 +0000)]
add missing va_start/va_end calls
ok deraadt@ guenther@

10 years agoCorrect error checks in EVP_read_pw_string_min(): UI_add_input_string()
guenther [Wed, 6 Aug 2014 04:28:21 +0000 (04:28 +0000)]
Correct error checks in EVP_read_pw_string_min(): UI_add_input_string()
and UI_add_verify_string() return -1 (and maybe -2?) on failure and
>=0 on success, instead of always zero on success

problem reported by Mark Patruck (mark (at) wrapped.cx)
ok miod@

10 years agoAdd signify instructions plus miniroot and install56.fs for amd64/i386
doug [Wed, 6 Aug 2014 02:34:23 +0000 (02:34 +0000)]
Add signify instructions plus miniroot and install56.fs for amd64/i386

ok deraadt@

10 years agoExplain the options in httpd.8
doug [Wed, 6 Aug 2014 02:31:47 +0000 (02:31 +0000)]
Explain the options in httpd.8

ok deraadt@

10 years agoLoad the SSL public/private keys in the parent process, then provide them
jsing [Wed, 6 Aug 2014 02:04:42 +0000 (02:04 +0000)]
Load the SSL public/private keys in the parent process, then provide them
to the privsep process via imsg. This allows the keys to be moved out of
the chroot (now /etc/ssl/server.crt, /etc/ssl/private/server.key).

ok reyk@

10 years agoAdd support for loading the public/private key from memory, rather than
jsing [Wed, 6 Aug 2014 01:54:01 +0000 (01:54 +0000)]
Add support for loading the public/private key from memory, rather than
directly from file.

10 years agoOnly check if the abort transfer is the interrupt one if the pipe is
mpi [Tue, 5 Aug 2014 20:26:15 +0000 (20:26 +0000)]
Only check if the abort transfer is the interrupt one if the pipe is
opened with a callback.

If a driver opens an interrupt pipe without callback function, like
umct(4) does with one of its bulk in endpoints being reported as an
interrupt endpoint, then we can end up aborting a transfer which is
different from the interrupt one.

Issue reported by Roberto E. Vargas Caballero, ok deraadt@

10 years agoAdd configuration options for the most-important connection limits:
reyk [Tue, 5 Aug 2014 18:01:10 +0000 (18:01 +0000)]
Add configuration options for the most-important connection limits:
max requests (per connection) and timeout.  We don't want to add too
many button, and there are good defaults, but these ones are kind of
mandatory.

10 years agoTweak the httpd.conf manpage with "sub-lists".
reyk [Tue, 5 Aug 2014 17:13:16 +0000 (17:13 +0000)]
Tweak the httpd.conf manpage with "sub-lists".

10 years agoBring back the tcp/ip configuration options. This code was already
reyk [Tue, 5 Aug 2014 17:03:21 +0000 (17:03 +0000)]
Bring back the tcp/ip configuration options.  This code was already
there and is from relayd.  We can decide later which options should
be added or removed, but it shouldn't do any harm.

10 years agoAdd srv_conf helper variable to make the code more readable.
reyk [Tue, 5 Aug 2014 16:46:35 +0000 (16:46 +0000)]
Add srv_conf helper variable to make the code more readable.
No functional change.

10 years agoFix an example: hostapd table entries have to be comma-separated.
reyk [Tue, 5 Aug 2014 16:35:37 +0000 (16:35 +0000)]
Fix an example: hostapd table entries have to be comma-separated.

From "Vigdis" via misc@
can go in deraadt@

10 years agoFix an example, nat-to requires to specify the "out" direction in pf rules.
reyk [Tue, 5 Aug 2014 16:34:03 +0000 (16:34 +0000)]
Fix an example, nat-to requires to specify the "out" direction in pf rules.

From "Vigdis" via misc@
can go in deraadt@

10 years agoLimit the number of (Keep-Alive) requests per connection to 100.
reyk [Tue, 5 Aug 2014 16:30:35 +0000 (16:30 +0000)]
Limit the number of (Keep-Alive) requests per connection to 100.
(Same default as in nginx and Apache).

10 years agoImprove logging to allow per- server/location log files. The log
reyk [Tue, 5 Aug 2014 15:36:59 +0000 (15:36 +0000)]
Improve logging to allow per- server/location log files.  The log
files can also be owned by root now: they're opened by the parent and
send to the logger process with fd passing.  This also works with reload.

ok deraadt@

10 years agoretire blink because this is serious software now; ok beck
deraadt [Tue, 5 Aug 2014 14:36:10 +0000 (14:36 +0000)]
retire blink because this is serious software now; ok beck

10 years agospaces
deraadt [Tue, 5 Aug 2014 14:35:47 +0000 (14:35 +0000)]
spaces

10 years agohandle wsconsctl.conf and sysctl.conf just being examples.
deraadt [Tue, 5 Aug 2014 13:15:51 +0000 (13:15 +0000)]
handle wsconsctl.conf and sysctl.conf just being examples.
from ratchov

10 years agoAdd $OpenBSD$ tags.
jsing [Tue, 5 Aug 2014 12:46:16 +0000 (12:46 +0000)]
Add $OpenBSD$ tags.

10 years agoadd a config option to specify the chroot directory
jsg [Tue, 5 Aug 2014 09:24:21 +0000 (09:24 +0000)]
add a config option to specify the chroot directory
ok reyk@

10 years agoenable httpd; ok deraadt@
naddy [Mon, 4 Aug 2014 20:17:09 +0000 (20:17 +0000)]
enable httpd; ok deraadt@

10 years agoTemporarily move the default location of the SSL/TLS server key and
reyk [Mon, 4 Aug 2014 18:12:15 +0000 (18:12 +0000)]
Temporarily move the default location of the SSL/TLS server key and
certificate from /var/www/ to /var/www/conf/.  Don't get scared - this
will be changed soon!  They're currently located in the chroot
directory but will be moved outside as soon as we adopted some of the
key privsep from relayd in ressl/httpd.

10 years agoAdd HTTPS = on CGI variable.
reyk [Mon, 4 Aug 2014 18:00:06 +0000 (18:00 +0000)]
Add HTTPS = on CGI variable.

10 years agoAdd HTTPS server example.
reyk [Mon, 4 Aug 2014 17:50:48 +0000 (17:50 +0000)]
Add HTTPS server example.

10 years agoRedirect to https:// if SSL/TLS is enabled.
reyk [Mon, 4 Aug 2014 17:43:20 +0000 (17:43 +0000)]
Redirect to https:// if SSL/TLS is enabled.

10 years agoProxy commit for jsing@:
reyk [Mon, 4 Aug 2014 17:38:12 +0000 (17:38 +0000)]
Proxy commit for jsing@:
"Add TLS/SSL support to httpd, based on the recent ressl commits."

From jsing@
ok reyk@

10 years agomanpage tweaks about logging
reyk [Mon, 4 Aug 2014 17:12:44 +0000 (17:12 +0000)]
manpage tweaks about logging

10 years agoImplement ressl_accept_socket, which allocates a new server connection
jsing [Mon, 4 Aug 2014 16:34:11 +0000 (16:34 +0000)]
Implement ressl_accept_socket, which allocates a new server connection
context (if necessary) and handles the TLS/SSL handshake over the given
socket.

10 years agoReturn -1 on error (not 1).
jsing [Mon, 4 Aug 2014 16:19:50 +0000 (16:19 +0000)]
Return -1 on error (not 1).

10 years agoA ressl server needs different configuration from a ressl client - provide
jsing [Mon, 4 Aug 2014 16:18:42 +0000 (16:18 +0000)]
A ressl server needs different configuration from a ressl client - provide
a specific server configuration function and call this from
ressl_configure.

10 years agoChange grammar from "log [style]" to "log style [style]".
reyk [Mon, 4 Aug 2014 16:07:59 +0000 (16:07 +0000)]
Change grammar from "log [style]" to "log style [style]".

10 years agoProvide a function that returns a server connection context.
jsing [Mon, 4 Aug 2014 16:07:25 +0000 (16:07 +0000)]
Provide a function that returns a server connection context.

10 years agoProvide a utility function for loading a private/public keypair.
jsing [Mon, 4 Aug 2014 15:58:29 +0000 (15:58 +0000)]
Provide a utility function for loading a private/public keypair.

10 years agoPrint error message if the log files cannot be opened.
reyk [Mon, 4 Aug 2014 15:57:25 +0000 (15:57 +0000)]
Print error message if the log files cannot be opened.

10 years agoImprove ressl_{read,write} handling of non-blocking reads/writes.
jsing [Mon, 4 Aug 2014 15:55:26 +0000 (15:55 +0000)]
Improve ressl_{read,write} handling of non-blocking reads/writes.

10 years agoAdd initial support for log files in /var/www/logs/. Logging with
reyk [Mon, 4 Aug 2014 15:49:28 +0000 (15:49 +0000)]
Add initial support for log files in /var/www/logs/.  Logging with
syslog is still supported but disabled by default.

ok deraadt@

10 years agoFree the SSL context first and let the reference counting do its thing.
jsing [Mon, 4 Aug 2014 15:48:01 +0000 (15:48 +0000)]
Free the SSL context first and let the reference counting do its thing.

10 years agoImplement PATH_INFO and add DOCUMENT_ROOT.
reyk [Mon, 4 Aug 2014 14:49:24 +0000 (14:49 +0000)]
Implement PATH_INFO and add DOCUMENT_ROOT.
PATH_INFO was requested by naddy@ who successfully tested it with "cvsweb".

ok naddy@

10 years agofix small layout inconsistency
jasper [Mon, 4 Aug 2014 13:24:42 +0000 (13:24 +0000)]
fix small layout inconsistency

ok'd by many

10 years agohttpd doesn't support SSL/TLS yet, remove the remaining bits.
reyk [Mon, 4 Aug 2014 11:09:25 +0000 (11:09 +0000)]
httpd doesn't support SSL/TLS yet, remove the remaining bits.
The secrect plan is to add it later using the ressl wrapper library.

10 years agono need for param.h
deraadt [Mon, 4 Aug 2014 06:35:31 +0000 (06:35 +0000)]
no need for param.h

10 years agowhitespace
deraadt [Mon, 4 Aug 2014 06:35:10 +0000 (06:35 +0000)]
whitespace

10 years agoIn chacha_init(), allow for a NULL iv. Reported by znz on github.
miod [Mon, 4 Aug 2014 04:16:11 +0000 (04:16 +0000)]
In chacha_init(), allow for a NULL iv. Reported by znz on github.
ok guenther@ jsing@

10 years agoOnly allow GET and HEAD for static files or return 405.
reyk [Sun, 3 Aug 2014 22:47:25 +0000 (22:47 +0000)]
Only allow GET and HEAD for static files or return 405.

ok florian@