err/warn is not available on some systems (unfortunately!) and in any
case don't play well with our daemon mode (that closes std{in,out,err}).
Use our fatal that is daemon-aware.
when we switched from one process to two, I introduced a small
optimisation: empty string are not send, so we receive NULL.
Constructing requri we need to make sure that relpath is not null.
cgi.c wasn't really needed; it better to group all the server related
functions together, cgi or not. Now gmid.c contains only startup and
utility code.
this way, we can sandbox the listener with seccomp (todo) or capsicum
(already done) and still have CGI scripts. When we want to exec, we
tell the executor what to do, the executor executes the scripts and
send the fd backt to the listener.
we switched to getnameinfo some time ago, but that call to inet_ntop
remained. Fortunately, it doesn't harm, since what i wrote is
overwritten by getnameinfo and the provided buffer should be large
enough.
RFC3986 3.2.2 "Host" says that
> Although host is case-insensitive, producers and normalizers should
> use lowercase for registered names and hexadecimal addresses for the
> sake of uniformity, while only using uppercase letters for
> percent-encodings.
so we cope with that.
* gmid.c (main): changed behaviour: daemon off by default
(main): changed -c in -C (cert option)
(main): changed -k in -K (key option, for consistency with -C)
(main): added -c to load a configuration
(main): certs, key and doc (-C -K and -d) doesn't have a default value anymore
(handle_handshake): add vhosts support
RFC3986 in section 3.1 "Scheme" says that
> Although schemes are case-insensitive, the canonical form is
> lowercase and documents that specify schemes must do so with
> lowercase letters. An implementation should accept uppercase
> letters as equivalent to lowercase in scheme names (e.g., allow
> "HTTP" as well as "http") for the sake of robustness but should only
> produce lowercase scheme names for consistency.
so we cope with that. The other possibility would have been to use
strcasecmp instead of strcmp when checking on the protocol, but since
the "case" version, although popular, is not part of any standard
AFAIK I prefer downcasing while parsing and be done with it.
This alter the current state machine by adding S_HANDSHAKE as the
initial state. There, we ensure we did the handshake and we check
SNI. ATM we simply continue in S_OPEN, but later we can add virtual
host checks there, and skip to S_INITIALIZING with an error state if
the client is accessing a wrong host.
