aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@esdenera.com>2015-01-02 13:49:20 +0100
committerReyk Floeter <reyk@esdenera.com>2015-01-02 13:49:20 +0100
commit443c85a053b7a4f3b0ab8bb4e17fb4ef7a3f43c3 (patch)
treef1c52d9a3fa439b4163341e6093623d2f3dd67d4
parent185aa0947c6841726c4d9dd029a723ee27993a37 (diff)
downloadhttpd-443c85a053b7a4f3b0ab8bb4e17fb4ef7a3f43c3.tar.gz
httpd-443c85a053b7a4f3b0ab8bb4e17fb4ef7a3f43c3.zip
Sync with -current: change TLS to SSL, support HEAD, other changes.
Diffstat
-rw-r--r--config.c44
-rw-r--r--control.c3
-rw-r--r--httpd.86
-rw-r--r--httpd.c21
-rw-r--r--httpd.conf.589
-rw-r--r--httpd.h28
-rw-r--r--log.c3
-rw-r--r--logger.c3
-rw-r--r--parse.y94
-rw-r--r--proc.c5
-rw-r--r--server.c96
-rw-r--r--server_fcgi.c73
-rw-r--r--server_file.c9
-rw-r--r--server_http.c63
14 files changed, 220 insertions, 317 deletions
diff --git a/config.c b/config.c
index e545571..d651a02 100644
--- a/config.c
+++ b/config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: config.c,v 1.22 2014/09/05 10:04:20 reyk Exp $ */
+/* $OpenBSD: config.c,v 1.26 2014/12/21 00:54:49 guenther Exp $ */
/*
* Copyright (c) 2011 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -25,8 +25,6 @@
#include <net/if.h>
#include <net/pfvar.h>
#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <arpa/nameser.h>
#include <net/route.h>
#include <ctype.h>
@@ -185,13 +183,13 @@ config_setserver(struct httpd *env, struct server *srv)
c = 0;
iov[c].iov_base = &s;
iov[c++].iov_len = sizeof(s);
- if (srv->srv_conf.ssl_cert_len != 0) {
- iov[c].iov_base = srv->srv_conf.ssl_cert;
- iov[c++].iov_len = srv->srv_conf.ssl_cert_len;
+ if (srv->srv_conf.tls_cert_len != 0) {
+ iov[c].iov_base = srv->srv_conf.tls_cert;
+ iov[c++].iov_len = srv->srv_conf.tls_cert_len;
}
- if (srv->srv_conf.ssl_key_len != 0) {
- iov[c].iov_base = srv->srv_conf.ssl_key;
- iov[c++].iov_len = srv->srv_conf.ssl_key_len;
+ if (srv->srv_conf.tls_key_len != 0) {
+ iov[c].iov_base = srv->srv_conf.tls_key;
+ iov[c++].iov_len = srv->srv_conf.tls_key_len;
}
if (id == PROC_SERVER &&
@@ -285,7 +283,7 @@ config_getserver_config(struct httpd *env, struct server *srv,
if ((srv_conf->flags & f) == 0)
srv_conf->flags |= parent->flags & f;
- f = SRVFLAG_SSL;
+ f = SRVFLAG_TLS;
srv_conf->flags |= parent->flags & f;
f = SRVFLAG_ACCESS_LOG;
@@ -346,8 +344,8 @@ config_getserver(struct httpd *env, struct imsg *imsg)
/* Reset these variables to avoid free'ing invalid pointers */
serverconfig_reset(&srv_conf);
- if ((u_int)(IMSG_DATA_SIZE(imsg) - s) <
- (srv_conf.ssl_cert_len + srv_conf.ssl_key_len)) {
+ if ((off_t)(IMSG_DATA_SIZE(imsg) - s) <
+ (srv_conf.tls_cert_len + srv_conf.tls_key_len)) {
log_debug("%s: invalid message length", __func__);
goto fail;
}
@@ -384,24 +382,26 @@ config_getserver(struct httpd *env, struct imsg *imsg)
srv->srv_conf.name, srv->srv_conf.id,
printb_flags(srv->srv_conf.flags, SRVFLAG_BITS));
- if (srv->srv_conf.ssl_cert_len != 0) {
- if ((srv->srv_conf.ssl_cert = get_data(p + s,
- srv->srv_conf.ssl_cert_len)) == NULL)
+ if (srv->srv_conf.tls_cert_len != 0) {
+ if ((srv->srv_conf.tls_cert = get_data(p + s,
+ srv->srv_conf.tls_cert_len)) == NULL)
goto fail;
- s += srv->srv_conf.ssl_cert_len;
+ s += srv->srv_conf.tls_cert_len;
}
- if (srv->srv_conf.ssl_key_len != 0) {
- if ((srv->srv_conf.ssl_key = get_data(p + s,
- srv->srv_conf.ssl_key_len)) == NULL)
+ if (srv->srv_conf.tls_key_len != 0) {
+ if ((srv->srv_conf.tls_key = get_data(p + s,
+ srv->srv_conf.tls_key_len)) == NULL)
goto fail;
- s += srv->srv_conf.ssl_key_len;
+ s += srv->srv_conf.tls_key_len;
}
return (0);
fail:
- free(srv->srv_conf.ssl_cert);
- free(srv->srv_conf.ssl_key);
+ if (srv != NULL) {
+ free(srv->srv_conf.tls_cert);
+ free(srv->srv_conf.tls_key);
+ }
free(srv);
return (-1);
diff --git a/control.c b/control.c
index 1988ba7..a6422bc 100644
--- a/control.c
+++ b/control.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: control.c,v 1.4 2014/08/04 15:49:28 reyk Exp $ */
+/* $OpenBSD: control.c,v 1.5 2014/12/21 00:54:49 guenther Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -23,6 +23,7 @@
#include <sys/un.h>
#include <net/if.h>
+#include <arpa/inet.h>
#include <errno.h>
#include <event.h>
diff --git a/httpd.8 b/httpd.8
index ab301e1..e17f7de 100644
--- a/httpd.8
+++ b/httpd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: httpd.8,v 1.48 2014/08/09 08:49:48 jmc Exp $
+.\" $OpenBSD: httpd.8,v 1.49 2014/12/12 14:45:59 reyk Exp $
.\"
.\" Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: August 9 2014 $
+.Dd $Mdocdate: December 12 2014 $
.Dt HTTPD 8
.Os
.Sh NAME
@@ -28,7 +28,7 @@
.Sh DESCRIPTION
The
.Nm
-daemon is an HTTP server with FastCGI and SSL support.
+daemon is an HTTP server with FastCGI and TLS support.
.Pp
The FastCGI implementation has optional socket support.
.Nm
diff --git a/httpd.c b/httpd.c
index 6579e6b..491c2d4 100644
--- a/httpd.c
+++ b/httpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: httpd.c,v 1.24 2014/11/11 15:54:45 beck Exp $ */
+/* $OpenBSD: httpd.c,v 1.28 2014/12/11 17:06:55 schwarze Exp $ */
/*
* Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -22,7 +22,6 @@
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/resource.h>
-#include <sys/hash.h>
#include <net/if.h>
#include <netinet/in.h>
@@ -40,8 +39,6 @@
#include <unistd.h>
#include <ctype.h>
#include <pwd.h>
-#include <sha1.h>
-#include <md5.h>
#include "httpd.h"
@@ -493,7 +490,7 @@ canonicalize_host(const char *host, char *name, size_t len)
{
struct sockaddr_in sin4;
struct sockaddr_in6 sin6;
- u_int i, j;
+ size_t i, j;
size_t plen;
char c;
@@ -565,7 +562,7 @@ url_decode(char *url)
* We don't have to validate "hex" because it is
* guaranteed to include two hex chars followed by nul.
*/
- x = strtoul(hex, NULL, 16);
+ x = strtoul(hex, NULL, 16);
*q = (char)x;
p += 2;
break;
@@ -692,7 +689,7 @@ evbuffer_getline(struct evbuffer *evb)
u_int8_t *ptr = EVBUFFER_DATA(evb);
size_t len = EVBUFFER_LENGTH(evb);
char *str;
- u_int i;
+ size_t i;
/* Safe version of evbuffer_readline() */
if ((str = get_string(ptr, len)) == NULL)
@@ -1119,11 +1116,13 @@ media_find(struct mediatypes *types, char *file)
struct media_type *match, media;
char *p;
- if ((p = strrchr(file, '.')) == NULL) {
- p = file;
- } else if (*p++ == '\0') {
+ /* Last component of the file name */
+ p = strchr(file, '\0');
+ while (p > file && p[-1] != '.' && p[-1] != '/')
+ p--;
+ if (*p == '\0')
return (NULL);
- }
+
if (strlcpy(media.media_name, p,
sizeof(media.media_name)) >=
sizeof(media.media_name)) {
diff --git a/httpd.conf.5 b/httpd.conf.5
index b6177d3..222b3dc 100644
--- a/httpd.conf.5
+++ b/httpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: httpd.conf.5,v 1.36 2014/11/12 16:52:44 jmc Exp $
+.\" $OpenBSD: httpd.conf.5,v 1.40 2014/12/28 13:53:23 reyk Exp $
.\"
.\" Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 12 2014 $
+.Dd $Mdocdate: December 28 2014 $
.Dt HTTPD.CONF 5
.Os
.Sh NAME
@@ -49,6 +49,15 @@ If the address is an interface name,
.Xr httpd 8
will look up the first IPv4 address and any other IPv4 and IPv6
addresses of the specified network interface.
+If
+.Sq *
+is given as an address,
+it will be used as an alias for
+.Ar 0.0.0.0
+to listen on all IPv4 addresses.
+Likewise,
+.Sq ::
+can be used to listen on all IPv6 addresses.
A
.Ar port
can be specified by number or name.
@@ -169,7 +178,7 @@ root directory of
.Xr httpd 8
and defaults to
.Pa /run/slowcgi.sock .
-.It Ic listen on Ar address Oo Ic ssl Oc Ic port Ar number
+.It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
Set the listen address and port.
.It Ic location Ar path Brq ...
Specify server configuration rules for a specific location.
@@ -246,33 +255,6 @@ root directory of
.Nm httpd .
If not specified, it defaults to
.Pa /htdocs .
-.It Ic ssl Ar option
-Set the SSL configuration for the server.
-These options are only used if SSL has been enabled via the listen directive.
-Valid options are:
-.Bl -tag -width Ds
-.It Ic certificate Ar file
-Specify the certificate to use for this server.
-The
-.Ar file
-should contain a PEM encoded certificate.
-.It Ic ciphers Ar string
-Specify the SSL cipher string.
-If not specified, the default value
-.Qq HIGH:!aNULL
-will be used (strong crypto cipher suites without anonymous DH).
-See the CIPHERS section of
-.Xr openssl 1
-for information about SSL cipher suites and preference lists.
-.It Ic key Ar file
-Specify the private key to use for this server.
-The
-.Ar file
-should contain a PEM encoded private key and reside outside of the
-.Xr chroot 2
-root directory of
-.Nm httpd .
-.El
.It Ic tcp Ar option
Enable or disable the specified TCP/IP options; see
.Xr tcp 4
@@ -297,8 +279,7 @@ according to RFC 5082.
Change the default time-to-live value in the IP headers.
.It Oo Ic no Oc Ic nodelay
Enable the TCP NODELAY option for this connection.
-This is recommended to avoid delays in the relayed data stream,
-e.g. for SSH connections.
+This is recommended to avoid delays in the data stream.
.It Oo Ic no Oc Ic sack
Use selective acknowledgements for this connection.
.It Ic socket buffer Ar number
@@ -306,6 +287,33 @@ Set the socket-level buffer size for input and output for this
connection.
This will affect the TCP window size.
.El
+.It Ic tls Ar option
+Set the TLS configuration for the server.
+These options are only used if TLS has been enabled via the listen directive.
+Valid options are:
+.Bl -tag -width Ds
+.It Ic certificate Ar file
+Specify the certificate to use for this server.
+The
+.Ar file
+should contain a PEM encoded certificate.
+.It Ic ciphers Ar string
+Specify the TLS cipher string.
+If not specified, the default value
+.Qq HIGH:!aNULL
+will be used (strong crypto cipher suites without anonymous DH).
+See the CIPHERS section of
+.Xr openssl 1
+for information about SSL/TLS cipher suites and preference lists.
+.It Ic key Ar file
+Specify the private key to use for this server.
+The
+.Ar file
+should contain a PEM encoded private key and reside outside of the
+.Xr chroot 2
+root directory of
+.Nm httpd .
+.El
.El
.Sh TYPES
Configure the supported media types.
@@ -346,16 +354,13 @@ Include types definitions from an external file, for example
.El
.Sh EXAMPLES
The following example will start one server that is pre-forked two
-times and listening on the primary IP address of the network interface
-that is a member of the
-.Qq egress
-group.
+times and is listening on all local IP addresses.
It additionally defines some media types overriding the defaults.
.Bd -literal -offset indent
prefork 2
server "default" {
- listen on egress port 80
+ listen on * port 80
}
types {
@@ -370,6 +375,16 @@ types {
}
.Ed
.Pp
+The server can also be configured to only listen on the primary IP
+address of the network interface that is a member of the
+.Qq egress
+group.
+.Bd -literal -offset indent
+server "default" {
+ listen on egress port 80
+}
+.Ed
+.Pp
Multiple servers can be configured to support hosting of different domains.
If the same address is repeated multiple times in the
.Ic listen on
diff --git a/httpd.h b/httpd.h
index 5e39fe1..8c14f97 100644
--- a/httpd.h
+++ b/httpd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: httpd.h,v 1.63 2014/11/11 15:54:45 beck Exp $ */
+/* $OpenBSD: httpd.h,v 1.64 2014/12/12 14:45:59 reyk Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -38,9 +38,9 @@
#define HTTPD_LOGROOT "/logs"
#define HTTPD_ACCESS_LOG "access.log"
#define HTTPD_ERROR_LOG "error.log"
-#define HTTPD_SSL_CERT "/etc/ssl/server.crt"
-#define HTTPD_SSL_KEY "/etc/ssl/private/server.key"
-#define HTTPD_SSL_CIPHERS "HIGH:!aNULL"
+#define HTTPD_TLS_CERT "/etc/ssl/server.crt"
+#define HTTPD_TLS_KEY "/etc/ssl/private/server.key"
+#define HTTPD_TLS_CIPHERS "HIGH:!aNULL"
#define FD_RESERVE 5
#define SERVER_MAX_CLIENTS 1024
@@ -322,14 +322,14 @@ SPLAY_HEAD(client_tree, client);
#define SRVFLAG_SOCKET 0x0400
#define SRVFLAG_SYSLOG 0x0800
#define SRVFLAG_NO_SYSLOG 0x1000
-#define SRVFLAG_SSL 0x2000
+#define SRVFLAG_TLS 0x2000
#define SRVFLAG_ACCESS_LOG 0x4000
#define SRVFLAG_ERROR_LOG 0x8000
#define SRVFLAG_BITS \
"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX" \
"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG\13SOCKET" \
- "\14SYSLOG\15NO_SYSLOG\16SSL\17ACCESS_LOG\20ERROR_LOG"
+ "\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG"
#define TCPFLAG_NODELAY 0x01
#define TCPFLAG_NNODELAY 0x02
@@ -376,13 +376,13 @@ struct server_config {
u_int32_t maxrequests;
size_t maxrequestbody;
- char *ssl_cert;
- off_t ssl_cert_len;
- char *ssl_cert_file;
- char ssl_ciphers[NAME_MAX];
- char *ssl_key;
- off_t ssl_key_len;
- char *ssl_key_file;
+ char *tls_cert;
+ off_t tls_cert_len;
+ char *tls_cert_file;
+ char tls_ciphers[NAME_MAX];
+ char *tls_key;
+ off_t tls_key_len;
+ char *tls_key_file;
u_int16_t flags;
u_int8_t tcpflags;
@@ -464,7 +464,7 @@ int cmdline_symset(char *);
/* server.c */
pid_t server(struct privsep *, struct privsep_proc *);
-int server_ssl_load_keypair(struct server *);
+int server_tls_load_keypair(struct server *);
int server_privinit(struct server *);
void server_purge(struct server *);
void serverconfig_free(struct server_config *);
diff --git a/log.c b/log.c
index dc06b16..f086d00 100644
--- a/log.c
+++ b/log.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.3 2014/10/25 03:23:49 lteo Exp $ */
+/* $OpenBSD: log.c,v 1.4 2014/12/21 00:54:49 guenther Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -24,7 +24,6 @@
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
-#include <arpa/inet.h>
#include <errno.h>
#include <stdarg.h>
diff --git a/logger.c b/logger.c
index 9402695..672f3b8 100644
--- a/logger.c
+++ b/logger.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: logger.c,v 1.7 2014/11/11 15:54:45 beck Exp $ */
+/* $OpenBSD: logger.c,v 1.8 2014/12/21 00:54:49 guenther Exp $ */
/*
* Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -22,6 +22,7 @@
#include <sys/uio.h>
#include <net/if.h>
+#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
diff --git a/parse.y b/parse.y
index 2124eb1..943e00a 100644
--- a/parse.y
+++ b/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.42 2014/11/20 05:51:20 jsg Exp $ */
+/* $OpenBSD: parse.y,v 1.46 2014/12/21 00:54:49 guenther Exp $ */
/*
* Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -30,13 +30,11 @@
#include <sys/stat.h>
#include <sys/queue.h>
#include <sys/ioctl.h>
-#include <sys/hash.h>
#include <net/if.h>
#include <net/pfvar.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <arpa/nameser.h>
#include <net/route.h>
#include <ctype.h>
@@ -130,12 +128,12 @@ typedef struct {
%token ACCESS AUTO BACKLOG BODY BUFFER CERTIFICATE CHROOT CIPHERS COMMON
%token COMBINED CONNECTION DIRECTORY ERR FCGI INDEX IP KEY LISTEN LOCATION
%token LOG LOGDIR MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS ROOT
-%token SACK SERVER SOCKET SSL STYLE SYSLOG TCP TIMEOUT TYPES
+%token SACK SERVER SOCKET STYLE SYSLOG TCP TIMEOUT TLS TYPES
%token ERROR INCLUDE
%token <v.string> STRING
%token <v.number> NUMBER
%type <v.port> port
-%type <v.number> optssl
+%type <v.number> opttls
%type <v.tv> timeout
%type <v.string> numberstring
@@ -174,8 +172,8 @@ varset : STRING '=' STRING {
}
;
-optssl : /*empty*/ { $$ = 0; }
- | SSL { $$ = 1; }
+opttls : /*empty*/ { $$ = 0; }
+ | TLS { $$ = 1; }
;
main : PREFORK NUMBER {
@@ -231,14 +229,14 @@ server : SERVER STRING {
s->srv_conf.maxrequestbody = SERVER_MAXREQUESTBODY;
s->srv_conf.flags |= SRVFLAG_LOG;
s->srv_conf.logformat = LOG_FORMAT_COMMON;
- if ((s->srv_conf.ssl_cert_file =
- strdup(HTTPD_SSL_CERT)) == NULL)
+ if ((s->srv_conf.tls_cert_file =
+ strdup(HTTPD_TLS_CERT)) == NULL)
fatal("out of memory");
- if ((s->srv_conf.ssl_key_file =
- strdup(HTTPD_SSL_KEY)) == NULL)
+ if ((s->srv_conf.tls_key_file =
+ strdup(HTTPD_TLS_KEY)) == NULL)
fatal("out of memory");
- strlcpy(s->srv_conf.ssl_ciphers, HTTPD_SSL_CIPHERS,
- sizeof(s->srv_conf.ssl_ciphers));
+ strlcpy(s->srv_conf.tls_ciphers, HTTPD_TLS_CIPHERS,
+ sizeof(s->srv_conf.tls_ciphers));
if (last_server_id == INT_MAX) {
yyerror("too many servers defined");
@@ -279,25 +277,19 @@ server : SERVER STRING {
YYERROR;
}
- if (server_ssl_load_keypair(srv) == -1) {
+ if (server_tls_load_keypair(srv) == -1) {
yyerror("failed to load public/private keys "
"for server %s", srv->srv_conf.name);
serverconfig_free(srv_conf);
free(srv);
YYERROR;
}
-<<<<<<< parse.y
-
- TAILQ_INSERT_TAIL(conf->sc_servers, srv, srv_entry);
-
-=======
DPRINTF("adding server \"%s[%u]\"",
srv->srv_conf.name, srv->srv_conf.id);
TAILQ_INSERT_TAIL(conf->sc_servers, srv, srv_entry);
->>>>>>> 1.42
srv = NULL;
srv_conf = NULL;
}
@@ -307,7 +299,7 @@ serveropts_l : serveropts_l serveroptsl nl
| serveroptsl optnl
;
-serveroptsl : LISTEN ON STRING optssl port {
+serveroptsl : LISTEN ON STRING opttls port {
struct addresslist al;
struct address *h;
struct server *s;
@@ -345,7 +337,7 @@ serveroptsl : LISTEN ON STRING optssl port {
host_free(&al);
if ($4) {
- s->srv_conf.flags |= SRVFLAG_SSL;
+ s->srv_conf.flags |= SRVFLAG_TLS;
}
}
| TCP {
@@ -360,12 +352,12 @@ serveroptsl : LISTEN ON STRING optssl port {
YYERROR;
}
} connection
- | SSL {
+ | TLS {
if (parentsrv != NULL) {
- yyerror("ssl configuration inside location");
+ yyerror("tls configuration inside location");
YYERROR;
}
- } ssl
+ } tls
| ROOT STRING {
if (strlcpy(srv->srv_conf.root, $2,
sizeof(srv->srv_conf.root)) >=
@@ -439,26 +431,6 @@ serveroptsl : LISTEN ON STRING optssl port {
srv = s;
srv_conf = &srv->srv_conf;
SPLAY_INIT(&srv->srv_clients);
-<<<<<<< parse.y
- } '{' optnl serveropts_l '}' {
- struct server *s = NULL;
-
- TAILQ_FOREACH(s, conf->sc_servers, srv_entry) {
- if ((s->srv_conf.flags & SRVFLAG_LOCATION) &&
- s->srv_conf.id == srv_conf->id &&
- strcmp(s->srv_conf.location,
- srv_conf->location) == 0)
- break;
- }
- if (s != NULL) {
- yyerror("location \"%s\" defined twice",
- srv->srv_conf.location);
- serverconfig_free(srv_conf);
- free(srv);
- YYABORT;
- }
-
-=======
} '{' optnl serveropts_l '}' {
struct server *s = NULL;
@@ -481,7 +453,6 @@ serveroptsl : LISTEN ON STRING optssl port {
srv->srv_conf.location,
srv->srv_conf.name, srv->srv_conf.id);
->>>>>>> 1.42
TAILQ_INSERT_TAIL(conf->sc_servers, srv, srv_entry);
srv = parentsrv;
@@ -546,30 +517,30 @@ conflags : TIMEOUT timeout {
}
;
-ssl : '{' sslopts_l '}'
- | sslopts
+tls : '{' tlsopts_l '}'
+ | tlsopts
;
-sslopts_l : sslopts comma sslopts_l
- | sslopts
+tlsopts_l : tlsopts comma tlsopts_l
+ | tlsopts
;
-sslopts : CERTIFICATE STRING {
- free(srv_conf->ssl_cert_file);
- if ((srv_conf->ssl_cert_file = strdup($2)) == NULL)
+tlsopts : CERTIFICATE STRING {
+ free(srv_conf->tls_cert_file);
+ if ((srv_conf->tls_cert_file = strdup($2)) == NULL)
fatal("out of memory");
free($2);
}
| KEY STRING {
- free(srv_conf->ssl_key_file);
- if ((srv_conf->ssl_key_file = strdup($2)) == NULL)
+ free(srv_conf->tls_key_file);
+ if ((srv_conf->tls_key_file = strdup($2)) == NULL)
fatal("out of memory");
free($2);
}
| CIPHERS STRING {
- if (strlcpy(srv_conf->ssl_ciphers, $2,
- sizeof(srv_conf->ssl_ciphers)) >=
- sizeof(srv_conf->ssl_ciphers)) {
+ if (strlcpy(srv_conf->tls_ciphers, $2,
+ sizeof(srv_conf->tls_ciphers)) >=
+ sizeof(srv_conf->tls_ciphers)) {
yyerror("ciphers too long");
free($2);
YYERROR;
@@ -914,11 +885,11 @@ lookup(char *s)
{ "sack", SACK },
{ "server", SERVER },
{ "socket", SOCKET },
- { "ssl", SSL },
{ "style", STYLE },
{ "syslog", SYSLOG },
{ "tcp", TCP },
{ "timeout", TIMEOUT },
+ { "tls", TLS },
{ "types", TYPES }
};
const struct keywords *p;
@@ -1151,7 +1122,7 @@ nodigits:
x != '!' && x != '=' && x != '#' && \
x != ',' && x != ';' && x != '/'))
- if (isalnum(c) || c == ':' || c == '_') {
+ if (isalnum(c) || c == ':' || c == '_' || c == '*') {
do {
*p++ = c;
if ((unsigned)(p-buf) >= sizeof(buf)) {
@@ -1633,6 +1604,9 @@ host(const char *s, struct addresslist *al, int max,
{
struct address *h;
+ if (strcmp("*", s) == 0)
+ s = "0.0.0.0";
+
h = host_v4(s);
/* IPv6 address? */
diff --git a/proc.c b/proc.c
index d0994f8..95c3e98 100644
--- a/proc.c
+++ b/proc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: proc.c,v 1.5 2014/10/25 03:23:49 lteo Exp $ */
+/* $OpenBSD: proc.c,v 1.7 2014/12/21 00:54:49 guenther Exp $ */
/*
* Copyright (c) 2010 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -26,7 +26,6 @@
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
-#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
@@ -351,7 +350,7 @@ proc_run(struct privsep *ps, struct privsep_proc *p,
fatal("proc_run: cannot fork");
case 0:
/* Set the process group of the current process */
- setpgrp(0, getpid());
+ setpgid(0, 0);
break;
default:
return (pid);
diff --git a/server.c b/server.c
index 4aa8307..1d30f35 100644
--- a/server.c
+++ b/server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server.c,v 1.46 2014/10/31 13:49:52 jsing Exp $ */
+/* $OpenBSD: server.c,v 1.49 2014/12/21 00:54:49 guenther Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -24,13 +24,11 @@
#include <sys/un.h>
#include <sys/uio.h>
#include <sys/tree.h>
-#include <sys/hash.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
-#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
@@ -60,12 +58,12 @@ int server_socket(struct sockaddr_storage *, in_port_t,
int server_socket_listen(struct sockaddr_storage *, in_port_t,
struct server_config *);
-int server_ssl_init(struct server *);
-void server_ssl_readcb(int, short, void *);
-void server_ssl_writecb(int, short, void *);
+int server_tls_init(struct server *);
+void server_tls_readcb(int, short, void *);
+void server_tls_writecb(int, short, void *);
void server_accept(int, short, void *);
-void server_accept_ssl(int, short, void *);
+void server_accept_tls(int, short, void *);
void server_input(struct client *);
extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t,
@@ -146,33 +144,33 @@ server_load_file(const char *filename, off_t *len)
}
int
-server_ssl_load_keypair(struct server *srv)
+server_tls_load_keypair(struct server *srv)
{
- if ((srv->srv_conf.flags & SRVFLAG_SSL) == 0)
+ if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
return (0);
- if ((srv->srv_conf.ssl_cert = server_load_file(
- srv->srv_conf.ssl_cert_file, &srv->srv_conf.ssl_cert_len)) == NULL)
+ if ((srv->srv_conf.tls_cert = server_load_file(
+ srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len)) == NULL)
return (-1);
log_debug("%s: using certificate %s", __func__,
- srv->srv_conf.ssl_cert_file);
+ srv->srv_conf.tls_cert_file);
- if ((srv->srv_conf.ssl_key = server_load_file(
- srv->srv_conf.ssl_key_file, &srv->srv_conf.ssl_key_len)) == NULL)
+ if ((srv->srv_conf.tls_key = server_load_file(
+ srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len)) == NULL)
return (-1);
log_debug("%s: using private key %s", __func__,
- srv->srv_conf.ssl_key_file);
+ srv->srv_conf.tls_key_file);
return (0);
}
int
-server_ssl_init(struct server *srv)
+server_tls_init(struct server *srv)
{
- if ((srv->srv_conf.flags & SRVFLAG_SSL) == 0)
+ if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
return (0);
- log_debug("%s: setting up SSL for %s", __func__, srv->srv_conf.name);
+ log_debug("%s: setting up TLS for %s", __func__, srv->srv_conf.name);
if (tls_init() != 0) {
log_warn("%s: failed to initialise tls", __func__);
@@ -188,37 +186,37 @@ server_ssl_init(struct server *srv)
}
if (tls_config_set_ciphers(srv->srv_tls_config,
- srv->srv_conf.ssl_ciphers) != 0) {
+ srv->srv_conf.tls_ciphers) != 0) {
log_warn("%s: failed to set tls ciphers", __func__);
return (-1);
}
if (tls_config_set_cert_mem(srv->srv_tls_config,
- srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len) != 0) {
+ srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len) != 0) {
log_warn("%s: failed to set tls cert", __func__);
return (-1);
}
if (tls_config_set_key_mem(srv->srv_tls_config,
- srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len) != 0) {
+ srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) {
log_warn("%s: failed to set tls key", __func__);
return (-1);
}
if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) {
- log_warn("%s: failed to configure SSL - %s", __func__,
+ log_warn("%s: failed to configure TLS - %s", __func__,
tls_error(srv->srv_tls_ctx));
return (-1);
}
/* We're now done with the public/private key... */
tls_config_clear_keys(srv->srv_tls_config);
- explicit_bzero(srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len);
- explicit_bzero(srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len);
- free(srv->srv_conf.ssl_cert);
- free(srv->srv_conf.ssl_key);
- srv->srv_conf.ssl_cert = NULL;
- srv->srv_conf.ssl_key = NULL;
- srv->srv_conf.ssl_cert_len = 0;
- srv->srv_conf.ssl_key_len = 0;
+ explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len);
+ explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len);
+ free(srv->srv_conf.tls_cert);
+ free(srv->srv_conf.tls_key);
+ srv->srv_conf.tls_cert = NULL;
+ srv->srv_conf.tls_key = NULL;
+ srv->srv_conf.tls_cert_len = 0;
+ srv->srv_conf.tls_key_len = 0;
return (0);
}
@@ -254,7 +252,7 @@ server_launch(void)
struct server *srv;
TAILQ_FOREACH(srv, env->sc_servers, srv_entry) {
- server_ssl_init(srv);
+ server_tls_init(srv);
server_http_init(srv);
log_debug("%s: running server %s", __func__,
@@ -308,17 +306,17 @@ server_purge(struct server *srv)
void
serverconfig_free(struct server_config *srv_conf)
{
- free(srv_conf->ssl_cert_file);
- free(srv_conf->ssl_cert);
- free(srv_conf->ssl_key_file);
- free(srv_conf->ssl_key);
+ free(srv_conf->tls_cert_file);
+ free(srv_conf->tls_cert);
+ free(srv_conf->tls_key_file);
+ free(srv_conf->tls_key);
}
void
serverconfig_reset(struct server_config *srv_conf)
{
- srv_conf->ssl_cert_file = srv_conf->ssl_cert =
- srv_conf->ssl_key_file = srv_conf->ssl_key = NULL;
+ srv_conf->tls_cert_file = srv_conf->tls_cert =
+ srv_conf->tls_key_file = srv_conf->tls_key = NULL;
}
struct server *
@@ -538,7 +536,7 @@ server_socket_connect(struct sockaddr_storage *ss, in_port_t port,
}
void
-server_ssl_readcb(int fd, short event, void *arg)
+server_tls_readcb(int fd, short event, void *arg)
{
struct bufferevent *bufev = arg;
struct client *clt = bufev->cbarg;
@@ -594,7 +592,7 @@ server_ssl_readcb(int fd, short event, void *arg)
}
void
-server_ssl_writecb(int fd, short event, void *arg)
+server_tls_writecb(int fd, short event, void *arg)
{
struct bufferevent *bufev = arg;
struct client *clt = bufev->cbarg;
@@ -688,11 +686,11 @@ server_input(struct client *clt)
return;
}
- if (srv_conf->flags & SRVFLAG_SSL) {
+ if (srv_conf->flags & SRVFLAG_TLS) {
event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ,
- server_ssl_readcb, clt->clt_bev);
+ server_tls_readcb, clt->clt_bev);
event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE,
- server_ssl_writecb, clt->clt_bev);
+ server_tls_writecb, clt->clt_bev);
}
/* Adjust write watermark to the socket buffer output size */
@@ -899,9 +897,9 @@ server_accept(int fd, short event, void *arg)
return;
}
- if (srv->srv_conf.flags & SRVFLAG_SSL) {
+ if (srv->srv_conf.flags & SRVFLAG_TLS) {
event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ,
- server_accept_ssl, &clt->clt_tv_start,
+ server_accept_tls, &clt->clt_tv_start,
&srv->srv_conf.timeout, clt);
return;
}
@@ -923,14 +921,14 @@ server_accept(int fd, short event, void *arg)
}
void
-server_accept_ssl(int fd, short event, void *arg)
+server_accept_tls(int fd, short event, void *arg)
{
struct client *clt = (struct client *)arg;
struct server *srv = (struct server *)clt->clt_srv;
int ret;
if (event == EV_TIMEOUT) {
- server_close(clt, "SSL accept timeout");
+ server_close(clt, "TLS accept timeout");
return;
}
@@ -941,14 +939,14 @@ server_accept_ssl(int fd, short event, void *arg)
clt->clt_s);
if (ret == TLS_READ_AGAIN) {
event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ,
- server_accept_ssl, &clt->clt_tv_start,
+ server_accept_tls, &clt->clt_tv_start,
&srv->srv_conf.timeout, clt);
} else if (ret == TLS_WRITE_AGAIN) {
event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE,
- server_accept_ssl, &clt->clt_tv_start,
+ server_accept_tls, &clt->clt_tv_start,
&srv->srv_conf.timeout, clt);
} else if (ret != 0) {
- log_warnx("%s: SSL accept failed - %s", __func__,
+ log_warnx("%s: TLS accept failed - %s", __func__,
tls_error(srv->srv_tls_ctx));
return;
}
diff --git a/server_fcgi.c b/server_fcgi.c
index 17fdca9..842214e 100644
--- a/server_fcgi.c
+++ b/server_fcgi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server_fcgi.c,v 1.40 2014/10/25 03:23:49 lteo Exp $ */
+/* $OpenBSD: server_fcgi.c,v 1.43 2014/12/21 00:54:49 guenther Exp $ */
/*
* Copyright (c) 2014 Florian Obser <florian@openbsd.org>
@@ -23,13 +23,11 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/tree.h>
-#include <sys/hash.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
-#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
@@ -96,24 +94,12 @@ server_fcgi(struct httpd *env, struct client *clt)
{
struct server_fcgi_param param;
struct server_config *srv_conf = clt->clt_srv_conf;
-<<<<<<< server_fcgi.c
struct http_descriptor *desc = clt->clt_descreq;
- struct sockaddr_un sun;
-=======
- struct http_descriptor *desc = clt->clt_descreq;
->>>>>>> 1.40
struct fcgi_record_header *h;
struct fcgi_begin_request_body *begin;
-<<<<<<< server_fcgi.c
- size_t len;
- char hbuf[MAXHOSTNAMELEN];
- size_t scriptlen;
- int pathlen;
-=======
char hbuf[MAXHOSTNAMELEN];
size_t scriptlen;
int pathlen;
->>>>>>> 1.40
int fd = -1, ret;
const char *errstr = NULL;
char *str, *p, *script = NULL;
@@ -266,7 +252,7 @@ server_fcgi(struct httpd *env, struct client *clt)
goto fail;
}
- if (srv_conf->flags & SRVFLAG_SSL)
+ if (srv_conf->flags & SRVFLAG_TLS)
if (fcgi_add_param(&param, "HTTPS", "on", clt) == -1) {
errstr = "failed to encode param";
goto fail;
@@ -667,60 +653,6 @@ server_fcgi_writeheader(struct client *clt, struct kv *hdr, void *arg)
int
server_fcgi_writechunk(struct client *clt)
{
-<<<<<<< server_fcgi.c
- struct evbuffer *evb = clt->clt_srvevb;
- size_t len;
-
- if (clt->clt_fcgi_type == FCGI_END_REQUEST) {
- len = 0;
- } else
- len = EVBUFFER_LENGTH(evb);
-
- /* If len is 0, make sure to write the end marker only once */
- if (len == 0 && clt->clt_fcgi_end++)
- return (0);
-
- if (clt->clt_fcgi_chunked) {
- if (server_bufferevent_printf(clt, "%zx\r\n", len) == -1 ||
- server_bufferevent_write_chunk(clt, evb, len) == -1 ||
- server_bufferevent_print(clt, "\r\n") == -1)
- return (-1);
- } else
- return (server_bufferevent_write_buffer(clt, evb));
-
- return (0);
-}
-
-int
-server_fcgi_getheaders(struct client *clt)
-{
- struct http_descriptor *resp = clt->clt_descresp;
- struct evbuffer *evb = clt->clt_srvevb;
- int code = 200;
- char *line, *key, *value;
- const char *errstr;
-
- while ((line = evbuffer_getline(evb)) != NULL && *line != '\0') {
- key = line;
-
- if ((value = strchr(key, ':')) == NULL)
- break;
- if (*value == ':') {
- *value++ = '\0';
- value += strspn(value, " \t");
- } else {
- *value++ = '\0';
- }
-
- if (strcasecmp("Status", key) == 0) {
- value[strcspn(value, " \t")] = '\0';
- code = (int)strtonum(value, 100, 600, &errstr);
- if (errstr != NULL || server_httperror_byid(
- code) == NULL)
- code = 200;
- } else {
- (void)kv_add(&resp->http_headers, key, value);
-=======
struct evbuffer *evb = clt->clt_srvevb;
size_t len;
@@ -775,7 +707,6 @@ server_fcgi_getheaders(struct client *clt)
code = 200;
} else {
(void)kv_add(&resp->http_headers, key, value);
->>>>>>> 1.40
}
free(line);
}
diff --git a/server_file.c b/server_file.c
index 3a71959..c2eca71 100644
--- a/server_file.c
+++ b/server_file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server_file.c,v 1.39 2014/10/25 03:23:49 lteo Exp $ */
+/* $OpenBSD: server_file.c,v 1.43 2015/01/01 14:15:02 reyk Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -23,13 +23,11 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/tree.h>
-#include <sys/hash.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
-#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
@@ -83,7 +81,7 @@ server_file_access(struct httpd *env, struct client *clt,
/* Redirect to path with trailing "/" */
if (path[strlen(path) - 1] != '/') {
if (asprintf(&newpath, "http%s://%s%s/",
- srv_conf->flags & SRVFLAG_SSL ? "s" : "",
+ srv_conf->flags & SRVFLAG_TLS ? "s" : "",
desc->http_host, desc->http_path) == -1)
return (500);
/* Path alias will be used for the redirection */
@@ -313,8 +311,7 @@ server_file_index(struct httpd *env, struct client *clt, struct stat *st)
"sans-serif; }\nhr { border: 0; border-bottom: 1px dashed; }\n";
/* Generate simple HTML index document */
if (evbuffer_add_printf(evb,
- "<!DOCTYPE HTML PUBLIC "
- "\"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"
+ "<!DOCTYPE html>\n"
"<html>\n"
"<head>\n"
"<title>Index of %s</title>\n"
diff --git a/server_http.c b/server_http.c
index 1953036..3a5d84e 100644
--- a/server_http.c
+++ b/server_http.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server_http.c,v 1.54 2014/10/25 03:23:49 lteo Exp $ */
+/* $OpenBSD: server_http.c,v 1.58 2015/01/01 14:15:02 reyk Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -23,13 +23,11 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/tree.h>
-#include <sys/hash.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
-#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
@@ -665,10 +663,11 @@ server_abort_http(struct client *clt, u_int code, const char *msg)
struct server *srv = clt->clt_srv;
struct server_config *srv_conf = &srv->srv_conf;
struct bufferevent *bev = clt->clt_bev;
- const char *httperr = NULL, *text = "";
- char *httpmsg, *extraheader = NULL;
+ struct http_descriptor *desc = clt->clt_descreq;
+ const char *httperr = NULL, *style;
+ char *httpmsg, *body = NULL, *extraheader = NULL;
char tmbuf[32], hbuf[128];
- const char *style;
+ int bodylen;
if ((httperr = server_httperror_byid(code)) == NULL)
httperr = "Unknown Error";
@@ -696,8 +695,6 @@ server_abort_http(struct client *clt, u_int code, const char *msg)
}
break;
default:
-<<<<<<< server_http.c
-=======
/*
* Do not send details of the error. Traditionally,
* web servers responsed with the request path on 40x
@@ -705,7 +702,6 @@ server_abort_http(struct client *clt, u_int code, const char *msg)
* Instead of sanitizing the path here, we just don't
* reprint it.
*/
->>>>>>> 1.54
break;
}
@@ -713,17 +709,10 @@ server_abort_http(struct client *clt, u_int code, const char *msg)
style = "body { background-color: white; color: black; font-family: "
"'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; }\n"
"hr { border: 0; border-bottom: 1px dashed; }\n";
- /* Generate simple HTTP+HTML error document */
- if (asprintf(&httpmsg,
- "HTTP/1.0 %03d %s\r\n"
- "Date: %s\r\n"
- "Server: %s\r\n"
- "Connection: close\r\n"
- "Content-Type: text/html\r\n"
- "%s"
- "\r\n"
- "<!DOCTYPE HTML PUBLIC "
- "\"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"
+
+ /* Generate simple HTML error document */
+ if ((bodylen = asprintf(&body,
+ "<!DOCTYPE html>\n"
"<html>\n"
"<head>\n"
"<title>%03d %s</title>\n"
@@ -731,14 +720,26 @@ server_abort_http(struct client *clt, u_int code, const char *msg)
"</head>\n"
"<body>\n"
"<h1>%03d %s</h1>\n"
- "<div id='m'>%s</div>\n"
"<hr>\n<address>%s</address>\n"
"</body>\n"
"</html>\n",
- code, httperr, tmbuf, HTTPD_SERVERNAME,
+ code, httperr, style, code, httperr, HTTPD_SERVERNAME)) == -1)
+ goto done;
+
+ /* Add basic HTTP headers */
+ if (asprintf(&httpmsg,
+ "HTTP/1.0 %03d %s\r\n"
+ "Date: %s\r\n"
+ "Server: %s\r\n"
+ "Connection: close\r\n"
+ "Content-Type: text/html\r\n"
+ "Content-Length: %d\r\n"
+ "%s"
+ "\r\n"
+ "%s",
+ code, httperr, tmbuf, HTTPD_SERVERNAME, bodylen,
extraheader == NULL ? "" : extraheader,
- code, httperr, style, code, httperr, text,
- HTTPD_SERVERNAME) == -1)
+ desc->http_method == HTTP_METHOD_HEAD ? "" : body) == -1)
goto done;
/* Dump the message without checking for success */
@@ -746,6 +747,7 @@ server_abort_http(struct client *clt, u_int code, const char *msg)
free(httpmsg);
done:
+ free(body);
free(extraheader);
if (asprintf(&httpmsg, "%s (%03d %s)", msg, code, httperr) == -1) {
server_close(clt, msg);
@@ -758,27 +760,14 @@ server_abort_http(struct client *clt, u_int code, const char *msg)
void
server_close_http(struct client *clt)
{
-<<<<<<< server_http.c
struct http_descriptor *desc;
desc = clt->clt_descreq;
server_httpdesc_free(desc);
free(desc);
clt->clt_descreq = NULL;
-=======
- struct http_descriptor *desc;
->>>>>>> 1.54
-
-<<<<<<< server_http.c
- desc = clt->clt_descresp;
-=======
- desc = clt->clt_descreq;
- server_httpdesc_free(desc);
- free(desc);
- clt->clt_descreq = NULL;
desc = clt->clt_descresp;
->>>>>>> 1.54
server_httpdesc_free(desc);
free(desc);
clt->clt_descresp = NULL;
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion