Omar Polo
eac9287d29
copyright years++
2023-06-24 10:07:17 +00:00
Omar Polo
df6282815f
remove unused global flag
2023-06-24 10:03:03 +00:00
Omar Polo
aa30aaedc8
don't match host if connecting from the wrong socket
...
limit how one given virtual host can be reached based on its `listen
on' lists
2023-06-24 10:02:46 +00:00
Omar Polo
35dd3fc8ce
typo
2023-06-24 09:51:05 +00:00
Omar Polo
e50f85adcb
load the certs per listening address
2023-06-24 09:50:30 +00:00
Omar Polo
a0a42860d2
send host addresses to the server process
2023-06-24 09:14:35 +00:00
Omar Polo
9fda962861
better fd rampage avoidance
...
flush imsg right in config_send_file()
2023-06-24 09:04:21 +00:00
Omar Polo
2c0716fd7d
hopefully fix the macos ci
2023-06-23 22:40:58 +00:00
Omar Polo
2d0a2b21f5
add missing include of ../config.h in regress/*.c
...
otherwise we get a nice 'no previous prototype' due to
-Wmissing-prototypes.
2023-06-23 22:40:09 +00:00
Omar Polo
5134078414
macos' clang is retarded
...
thinks rsa and ecdsa may be used un-initialized... if we enter the
branch with fatalx().
sigh
2023-06-23 22:39:37 +00:00
Omar Polo
3d0204e7ef
don't quote $5 when calling pkg-config
...
otherwise we fail the openssl test 'libcrypto libssl'
2023-06-23 22:38:10 +00:00
Omar Polo
5a34572282
use REGRESS_HOST to specify the host to listen to; use in CI
...
some CI envs don't like `listen on localhost' but tolerate INADDR_ANY
or IN6ADDR_ANY_INIT.
2023-06-23 22:00:21 +00:00
Omar Polo
a7a998ac9b
fix `listen on *'
2023-06-23 21:59:11 +00:00
Omar Polo
509d0509a5
implement `listen on'
...
Listening by default on all the addresses is so bad I don't know
why I haven't changed this before. Anyway.
Add a `listen on $hostname port $port' syntax to the config file
and deprecate the old "port" and "ipv6" global setting. Still try
to honour them when no "listen on" directive is used for backward
compatibily, but this will go away in the next next version hopefully.
At the moment the `listen on' in server context don't filter the
host, i.e. one can still reach a host from a address not specified
in the corresponding `liste on', this will be added later.
2023-06-23 21:03:29 +00:00
Omar Polo
37df23d183
rename client->addr to raddr (remote address) and keep original length
2023-06-23 21:03:29 +00:00
Omar Polo
ab55c7815e
typo; use the `l' variable not `len'
2023-06-23 21:03:24 +00:00
Omar Polo
f29d705e04
add missing -include of *.d files
2023-06-23 21:03:24 +00:00
Omar Polo
abc599e031
drop debug log
2023-06-23 21:03:24 +00:00
Omar Polo
55b74a9691
remove the new_*() declarations that were moved to utils.c
2023-06-23 21:03:24 +00:00
Omar Polo
fc2d207c79
use host->domain to report errors, $2 is free'd
2023-06-23 16:23:59 +00:00
Omar Polo
c5ded53a8e
sort pledge promises as per pledge(2)
2023-06-23 15:52:20 +00:00
Omar Polo
b692d8bd5b
drop `proc' pledge in the main process
...
unlike the name might suggest, proc_kill() doesn't use kill(2) so
proc is not needed.
2023-06-23 15:52:04 +00:00
Omar Polo
5dad390015
add `release' target
2023-06-14 07:15:00 +00:00
Omar Polo
1959cda3d8
more avoiding of void pointer arithmetics
...
This time with a temporary variable to avoid not to trigger
-Wpointer-sign, sigh.
2023-06-13 17:36:42 +00:00
Omar Polo
b90faa1605
simplify check
...
brought to my attention by gcc who isn't smart enough to figure out
that `ret' is always set.
2023-06-13 17:10:13 +00:00
Omar Polo
cf5cf697a8
enable -Werror on CI
...
-Wno-deprecated-declarations is needed because of OpenSSL 3 (and macos
stupidly deprecating daemon(3) in favour of that trash of posix_spawn.)
2023-06-13 16:41:39 +00:00
Omar Polo
7604fc903a
drop questionable #warning
2023-06-13 16:39:32 +00:00
Omar Polo
1610f9541d
rework the configure script
...
now it resembles less oconfigure and more the configure scripts I'm
using in my recent projects. I'd argue it's more easy to use it.
2023-06-13 16:36:10 +00:00
Omar Polo
10cc819309
avoid arithmetic on void pointers (GNU extension)
...
not really sold on this one, I don't see what other interpretation could
be given, but it's not standard so...
2023-06-13 16:36:06 +00:00
Omar Polo
d6d9f9b2a9
add mac_task with disabled runtime tests for the time being
...
the runtime tests fails on the ci (gg: Connection refused); will be
revisited after we get a real `listen on' directive.
2023-06-13 11:02:51 +00:00
Omar Polo
8af9da9843
fix the build with some yacc implementations
2023-06-13 11:00:07 +00:00
Omar Polo
611dffe816
remove regress/sha
...
we can use cmp to tell if two files are different, which also has
the benefit of being available everywhere and reporting the byte
offset of the first difference. Reduces the test dependencies on
some systems.
2023-06-13 10:59:50 +00:00
Omar Polo
1b9031f1fc
work around missing SOCK_NONBLOCK/CLOEXEC on macos
2023-06-13 10:59:46 +00:00
Omar Polo
94893746ae
use the default prefork in tests
2023-06-12 21:28:28 +00:00
Omar Polo
2cef5cf42a
load_ca: get a buffer instead of a fd
...
We dup(1) the ca fd and send it to various processes, so they fail
loading it. Instead, use load_file to get a buffer with the file
content and pass that to load_ca which then loads via BIO.
2023-06-12 21:27:24 +00:00
Omar Polo
89cfcb4569
simplify config_send_kp: use config_send_file
2023-06-12 21:09:49 +00:00
Omar Polo
5d160453f2
remove proc_ispeer()
...
unused, and was dropped by other copies of proc.c; reduces the diff
with httpd' proc.c.
2023-06-11 12:45:42 +00:00
Omar Polo
ba290ef3af
disable the privsep crypto engine on !OpenBSD
...
it fails bandly at runtime on various linux distros and on freebsd.
Until a fix is found, disable it so I can move forward.
2023-06-11 12:18:27 +00:00
Omar Polo
237095fd9a
remove has_siginfo
...
and wrap siginfo behind #ifdef SIGINFO. avoids some warnings in !BSD.
2023-06-11 11:36:31 +00:00
Omar Polo
1ef09e6313
add -Wpointer-sign to the mix
...
It's not present in -W -Wall -Wextra on OpenBSD but it is enabled
on other systems.
2023-06-11 11:33:38 +00:00
Omar Polo
b8d68fc8e4
fixes for -Wpointer-sign
2023-06-11 11:31:22 +00:00
Omar Polo
d1739e3f03
cast uint64_t to unsigned long long
2023-06-11 11:31:06 +00:00
Omar Polo
ec96a0ad3b
work around different signature for ecdsae_compute_key
2023-06-11 11:30:20 +00:00
Omar Polo
86693a33ab
add a privsep crypto engine
...
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
2023-06-11 11:03:59 +00:00
Omar Polo
f81a97b356
drop useless debug statement
2023-06-11 09:49:01 +00:00
Omar Polo
725457a9e4
move setproctitle/privsep_process earlier
...
We don't always do privilege dropping (as we may start as unprivileged
user), so set these two beforehand so when we skip privdrop we don't
miss to set privsep_process and set the process' title.
2023-06-11 09:26:16 +00:00
Omar Polo
4ad573d0d5
rework load_file to use pread()
...
avoids issues since the same file is sent to multiple processes
after being dup()'ed. Since these files are meant to be regular
files, I don't expect short reads.
2023-06-11 09:21:34 +00:00
Omar Polo
1a99859b35
adjust how locations are received
2023-06-11 09:19:42 +00:00
Omar Polo
15e60fdf0c
simplify ocsp sending using config_send_file
...
while here add an explicit flush to avoid a fd rampage.
2023-06-11 09:18:30 +00:00
Omar Polo
2e880a57f8
change config_send_file to take the process id as argument
...
i.e. not hardcode PROC_SERVER
2023-06-10 11:03:29 +00:00