Convert to use imsg_get_fd() since proc_forward_imsg() never forwards a
file descriptor just use -1 there.
OK tb@

Get all variable-length values for the parent server before linking the
server onto various list. Fixes a use-after-free if former fails.
OK tb@

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

Add httpd custom error page facility. Adapted by me from
https://github.com/mpfr/httpd-plus.
Improvements from & (earlier version) reads fine to tracey@;
improvements & OK this version benno@, floria

Add httpd custom error page facility. Adapted by me from
https://github.com/mpfr/httpd-plus.
Improvements from & (earlier version) reads fine to tracey@;
improvements & OK this version benno@, florian@. Thanks.

show more ...

Fix memory leak in "iov".

ok jca@

Set fastcgi socket default on server and location.
This allows "fastcgi" directly inside of a server directive without
giving specifying socket.
OK tracey

Add support for non-localhost fastcgi sockets.

Lots of review time kn@
Lots of review time, tweaks, and ok florian@

remove dead assignments
from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks
ok claudio@

spacing

httpd(8): add support for setting custom FastCGI parameters.

This commit extends the existing grammar by adding the param option
to the fastcgi directive: fastcgi param name value.

Example usage:

httpd(8): add support for setting custom FastCGI parameters.

This commit extends the existing grammar by adding the param option
to the fastcgi directive: fastcgi param name value.

Example usage:
fastcgi param VAR1 hello
fastcgi param VAR2 world

With help and OK florian@
Rogue manpage bits, feel free to modify them.

show more ...

Add support for simple one-off internal rewrites.

For example:

location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}

Requested by many.

Ok benno@

Add support for client certificate authentication to httpd.

From Jack Burton <jack at saosce dot com dot au> - thanks!

Also tested by Jan Klemkow <j.klemkow at wemelug dot de>.

ok beck@ reyk@

Rework the way that TLS configuration is sent/received via imsgs, so that
are no longer limited by the 16KB maximum size of a single imsg.
Configuration data that is larger than a single message is n

Rework the way that TLS configuration is sent/received via imsgs, so that
are no longer limited by the 16KB maximum size of a single imsg.
Configuration data that is larger than a single message is now chunked and
sent via multiple imsgs.

Prompted by a diff from Jack Burton <jack at saosce dot com dot au>.

ok reyk@

show more ...

use __func__ in log messages.
From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks!
ok florian, claudio

Implement TLS ticket support in httpd. Off by default. Use
tls ticket lifetime default
to turn it on with a 2h ticket lifetime.
Rekeying happens after a quarter of that time.
OK reky@ and bob@

Add OCSP stapling support to httpd
ok jsing@ bcook@

Prevent fd exhaustion in the parent when loading the listening server
sockets by sending the fd one-by-one. This allows to start httpd with
max 32 server instances and many server sockets without ch

Prevent fd exhaustion in the parent when loading the listening server
sockets by sending the fd one-by-one. This allows to start httpd with
max 32 server instances and many server sockets without changing the
default rlimits in any way.

OK rzalamena@

show more ...

The fork+exec diff broke "what?!", the ps_what field determines the
configuration that has to be initialized in each process and was
inherited from the parent instead of setting it everywhere. I'm
s

The fork+exec diff broke "what?!", the ps_what field determines the
configuration that has to be initialized in each process and was
inherited from the parent instead of setting it everywhere. I'm
surprised that it worked.

OK florian

show more ...

Use lowercase 'tls' in debug and log messages for consistency.

Requested by reyk@

Unbreak compilation with -DDEBUG.

From Fabian Raetz <fabian dot raetz at gmail dot com>

Simplify TLS configuration handling. Instead of matching by address/port,
match by configuration ID. This also prevents a memory leak when there are
multiple certificates specified for the same serve

Simplify TLS configuration handling. Instead of matching by address/port,
match by configuration ID. This also prevents a memory leak when there are
multiple certificates specified for the same server.

ok beck@

show more ...

sync with relayd, use proc_compose()

Change httpd(8) to use C99-style fixed-width integers (uintN_t instead
of u_intN_t) and replace u_int with unsigned int. Mixing both
variants is a bad style and most contributors seem to prefer this

Change httpd(8) to use C99-style fixed-width integers (uintN_t instead
of u_intN_t) and replace u_int with unsigned int. Mixing both
variants is a bad style and most contributors seem to prefer this
style; it also helps us to get used to it, portability, and
standardization.

Theoretically no binary change, except one in practice: httpd.o has a
different checksum because gcc with -O2 pads/optimizes "struct
privsep" differently when using "unsigned int" instead "u_int" for the
affected members. "u_int" is just a typedef of "unsigned int", -O0
doesn't build the difference and clang with -O2 doesn't do it either -
it is just another curiosity from gcc-land.

OK semarie@

show more ...

For the completeness of HSTS, add the non-standard preload option.

OK florian@

Allow to change the default media type globally or per-location,
eg. default type text/html.

OK florian@