| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
glibc is clearly violating POSIX since they set HOST_NAME_MAX to 64, and
they've known so for years. Unfortunately this means that, despite
using the right interfaces, we have to work around bugs in their libc.
ugh.
Luckily, gmid doesn't need to do DNS, it just needs a define large
enough to store a hostname, but not unlimited, to catch possible
misconfigurations. We don't risk to round-trip this into an interface
that expects smaller strings.
Reported and fix tested by Anna “CyberTailor”,
see <https://codeberg.org/op/gmid/issues/3>.
|
|
|
|
This is symmetrical to the support for *incoming* requests. The
new regress case uses this to proxy to itself using the proxy-protocol
v1.
Fixes https://github.com/omar-polo/gmid/issues/31
|
|
Soon we may want to run (some) proxies with the proxy-protocol so
we can't reuse the same port.
|
|
we don't load the prefork dynamically, only the prefork at startup
is honoured, so fix the test by stopping gmid so it is started with
the right prefork.
|
|
otherwise the child processes still believet the prefork value is
3 and can end up reading/writing out of bounds when setting up the
sockets. Actually, server processes shouldn't create pipes to other
servers, but this is left for a follow-up diff.
Issue reported by la ninpre, thank you!
|
|
|
|
Related to https://github.com/omar-polo/gmid/issues/12
|
|
|
|
|
|
|
|
Based on the bug report from Alex, thanks!
|
|
|
|
|
|
|
|
|
|
|
|
now common is no longer a reserved keyword
|
|
See Codeberg issue #1.
|
|
Call the certificates .pem and the keys .key; use contrib/gencert
to generate the certificates and provide a GENCERT_FLAGS knob so
that regress can be run with EC keys (GENCERT_FLAGS=-e). Still no
automatic way of testing with both RSA and EC keys.
|
|
|
|
|
|
|
|
add `log style <style>'; The old default is called `legacy' now, a
new default format is added called `condensed', and `common' and
`combined' to mimick Apache httpd and nginx (respectively) are also
added.
|
|
|
|
|
|
|
|
|
|
some CI envs don't like `listen on localhost' but tolerate INADDR_ANY
or IN6ADDR_ANY_INIT.
|
|
Listening by default on all the addresses is so bad I don't know
why I haven't changed this before. Anyway.
Add a `listen on $hostname port $port' syntax to the config file
and deprecate the old "port" and "ipv6" global setting. Still try
to honour them when no "listen on" directive is used for backward
compatibily, but this will go away in the next next version hopefully.
At the moment the `listen on' in server context don't filter the
host, i.e. one can still reach a host from a address not specified
in the corresponding `liste on', this will be added later.
|
|
we can use cmp to tell if two files are different, which also has
the benefit of being available everywhere and reporting the byte
offset of the first difference. Reduces the test dependencies on
some systems.
|
|
|
|
|
|
I really want to get rid of the `executor' process hack for CGI scripts
and its escalation to allow fastcgi and proxying to work on non-OpenBSD.
This drops the CGI support and the `executor' process entirely and is
the first step towards gmid 2.0. It also allows to have more secure
defaults.
On non-OpenBSD systems this means that the sandbox will be deactivated
as soon as fastcgi or proxying are used: you can't open sockets under
FreeBSD' capsicum(4) and I don't want to go thru the pain of making it
work under linux' seccomp/landlock. Patches are always welcome however.
For folks using CGI scripts (hey, I'm one of you!) not all hope is lost:
fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were
FastCGI applications.
fixes for the documentation and to the non-OpenBSD sandboxes will
follow.
|
|
|
|
not just the number of lines, check the full page!
|
|
|
|
it's not a problem when we have only one check_reply at then end,
since $? is kept across function boundaries, but when we have multiple
checks we need to quit on the first error.
|
|
|
|
libevent2 can still somehowe call client_read even in code paths
that never enable reading from the evbuffer. Can't reproduce on
the libevent in base on OpenBSD. It's a bit ugly, but it's a small
workaround for something that otherwise *always* make gmid crash
when linked against libevent2. (client_read works under the
assumption that c->host != NULL, matched_proxy crashes otherwise.)
|
|
|
|
|
|
|
|
|
|
|
