aboutsummaryrefslogtreecommitdiff
path: root/utils.c
AgeCommit message (Collapse)Author
2023-10-18tweak certificate generation log messagesOmar Polo
2023-10-18rework gencert(); make gemexp generate EC certsOmar Polo
Taking inspiration from acme-client.
2023-08-11getcwd(NULL) is an extension; don't rely on itOmar Polo
also, while here, add some error checking too
2023-08-11remove not so useful starts_with()Omar Polo
replace its only usage with strncmp(). it's likely faster too.
2023-08-11remove a long, long unused functionOmar Polo
2023-08-08move strip_path to utils.cOmar Polo
2023-07-23revamp fastcgi configuration: make it per-locationOmar Polo
this revamps the syntax in the configuration to better match httpd(8) (and in general be less weird) and to allow per-location fastcgi configurations. the bare `param' is now deprecated, but for compatibility it acts like `fastcgi param' would do now. Same story for `fastcgi <pathÂ>'.
2023-06-24copyright years++Omar Polo
2023-06-23implement `listen on'Omar Polo
Listening by default on all the addresses is so bad I don't know why I haven't changed this before. Anyway. Add a `listen on $hostname port $port' syntax to the config file and deprecate the old "port" and "ipv6" global setting. Still try to honour them when no "listen on" directive is used for backward compatibily, but this will go away in the next next version hopefully. At the moment the `listen on' in server context don't filter the host, i.e. one can still reach a host from a address not specified in the corresponding `liste on', this will be added later.
2023-06-12load_ca: get a buffer instead of a fdOmar Polo
We dup(1) the ca fd and send it to various processes, so they fail loading it. Instead, use load_file to get a buffer with the file content and pass that to load_ca which then loads via BIO.
2023-06-11fixes for -Wpointer-signOmar Polo
2023-06-11add a privsep crypto engineOmar Polo
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).
2023-06-09use fatal/fatalx instead of err/errx in daemon codeOmar Polo
2023-06-09readd proxy certs and `require client ca' supportOmar Polo
Was temporarly disabled during the transition to real privsep. While here, fix a memory leak when using `require client ca'. Also, avoid leaking info about the parent address space layout to server processes by not sending pointer values.
2023-06-08move some new_* functions from parse.y to utils.cOmar Polo
2023-06-08drop now unused dispatch_imsgOmar Polo
2023-06-06switch to the more usual log.cOmar Polo
2023-06-06rename log.[ch] to logger.[ch]Omar Polo
2023-06-05provide a more usual fatalOmar Polo
fatal usually appends the error string. Add 'fatalx' that doesn't. Fix callers and move the prototypes to log.h
2022-04-12log when the certificate was successfully generatedOmar Polo
2021-10-18fmtOmar Polo
2021-05-12certificate generation (bugfix and improvement)Omar Polo
don't add gmid as organisation when generating the certificate, and set the version to 3, so it's compatible with java/android clients. Found by Gnuserland, thanks!
2021-03-31list instead of fixed-size array for vhosts and locationsOmar Polo
saves some bytes of memory and removes the limit on the maximum number of vhosts and location blocks.
2021-03-19refactoring: imsg everywhereOmar Polo
use imsg to handle ALL kinds of IPC in gmid. This simplifies and shorten the code, and makes everything more uniform too.
2021-02-12kill debug printfOmar Polo
2021-02-12fix various compilation errorsOmar Polo
Include gmid.h as first header in every file, as it then includes config.h (that defines _GNU_SOURCE for instance). Fix also a warning about unsigned vs signed const char pointers in openssl.
2021-02-10don't allocate BIGNUM on the stackOmar Polo
on fedora 33 the BIGNUM type is opaque. Allocate always to avoid headaches.
2021-02-09add `require client ca' rule to require certs signed by a CAOmar Polo
2021-02-07improve logs managementOmar Polo
2021-02-04reload configuration on SIGHUPOmar Polo
2021-02-03revert commit 346f28eeaa205d268d1e63c7ffd86cf041f6d1e6Omar Polo
keep mark_nonblock in utils.c, as otherwise the build for the regress suite will fail (mark_nonblock needs fatal which is in gmid.c, and we can't link gmid.o with the regress suite...)
2021-02-02move mark_nonblock to utils.cOmar Polo
2021-02-01ensure absolute paths in config-less modeOmar Polo
2021-01-28correct copyright dateOmar Polo
2021-01-27use starts_with in puny.cOmar Polo