regress: add test_ipv6_server

at least on the CI is failing with "can't connect to ::1:10965:
Address not available" which suggests IPv6 is broken there.

.cirrus.yml

@@ -1,6 +1,9 @@
 # gcc' -Werror=use-after-free gets tripped by vis.c: it sees a use
 # after free where it's not possible and breaks the CI.
 
+# seems that inside the CI it's not currently possible to bind to ::1
+# so set HAVE_IPV6=no.
+
 linux_amd64_task:
   container:
     image: alpine:latest
@@ -8,7 +11,7 @@ linux_amd64_task:
     - apk add alpine-sdk linux-headers bison libretls-dev libevent-dev
     - ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations -Wno-use-after-free' -Werror
     - make
-    - make regress REGRESS_HOST="*"
+    - make regress REGRESS_HOST="*" HAVE_IPV6=no
 
 linux_arm_task:
   arm_container:
@@ -17,20 +20,25 @@ linux_arm_task:
     - apk add alpine-sdk linux-headers bison libretls-dev libevent-dev
     - ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations -Wno-use-after-free' -Werror
     - make
-    - make regress REGRESS_HOST="*"
+    - make regress REGRESS_HOST="*" HAVE_IPV6=no
 
-freebsd_13_task:
+freebsd_14_task:
   freebsd_instance:
-    image_family: freebsd-13-0
-  test_script:
-    - pkg install -y libevent libressl pkgconf
+    image_family: freebsd-14-0
+  install_script: pkg install -y libevent libressl pkgconf
+  script:
     - ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror
     - make
-    - make regress
+    - make regress HAVE_IPV6=no
 
+#
+# There are some issues with imsg fd passing on macos at the moment that
+# seem to be triggered only in applications that do a heavy use of them,
+# like gmid or opensmtpd.  Still, keep macos to ensure gmid builds here.
+#
 mac_task:
   macos_instance:
-    image: ghcr.io/cirruslabs/macos-ventura-xcode:latest
+    image: ghcr.io/cirruslabs/macos-sonoma-xcode:latest
   test_script:
     - brew install libevent openssl libretls
     - PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror

.github/workflows/alpine-release.yml

@@ -0,0 +1,33 @@
+name: release docker image
+on:
+  push:
+    tags:
+env:
+  IMAGE_NAME: "gmid"
+jobs:
+  build:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+
+    - name: build the image
+      run: docker build -f contrib/Dockerfile -t gmid:alpine .
+
+    - name: login to ghcr.io
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: push the image
+      run: |
+        IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
+        IMAGE_ID=$(echo $IMAGE_ID | tr A-Z a-z)
+        # strip git ref prefix from version
+        VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+        echo IMAGE_ID=$IMAGE_ID
+        echo VERSION=$VERSION
+        docker tag gmid:alpine $IMAGE_ID:$VERSION
+        docker push $IMAGE_ID:$VERSION

ChangeLog

@@ -1,3 +1,27 @@
+2024-04-03  Omar Polo  <op@omarpolo.com>
+
+	* configure: improve function checking in the configure
+	* have/landlock.c: fix landlock test
+	* gmid.c (main_print_conf): fix config dumping with -nn
+
+2024-03-03  Omar Polo  <op@omarpolo.com>
+
+	* gmid.c: fix `log access path' with a chroot
+
+2024-01-30  Anna “CyberTailor”
+
+	* contrib/vim/indent/gmid.vim: fix indent
+
+2024-01-30  Omar Polo  <op@omarpolo.com>
+
+	* parse.y: don't make log styles reserved keywords.  Unbreaks the
+	example in the manpage with `common = ...'.
+
+2024-01-26  Omar Polo  <op@omarpolo.com>
+
+	* parse.y: rework grammar to allow the semicolon after
+	variables/macros definition and top-level options
+
 2024-01-24  Omar Polo  <op@omarpolo.com>
 
 	* configure (VERSION): release 2.0.1

Makefile

@@ -131,7 +131,7 @@ y.tab.c: parse.y
 lint:
 	man -Tlint -Wstyle -l gmid.8 gmid.conf.5 gemexp.1 gg.1 titan.1
 
-PUBKEY =	keys/gmid-${VERSION}.pub
+PUBKEY =	keys/gmid-2.0.pub
 PRIVKEY =	set-PRIVKEY
 DISTFILES =	.cirrus.yml .dockerignore .gitignore ChangeLog LICENSE \
 		Makefile README.md config.c configure crypto.c dirs.c fcgi.c \

configure

@@ -19,7 +19,7 @@
 set -e
 
 RELEASE=no
-VERSION=2.0.1
+VERSION=2.0.2-current
 
 usage()
 {
@@ -59,6 +59,10 @@ CDIAGFLAGS="${CDIAGFLAGS} -Wsign-compare -Wno-unused-parameter" # -Wshadow
 CDIAGFLAGS="${CDIAGFLAGS} -Wno-missing-field-initializers"
 CDIAGFLAGS="${CDIAGFLAGS} -Wno-pointer-sign"
 
+# On all OSes except OpenBSD use the bundled one.  It may crash at
+# runtime otherwise since we depend on the libtls internals for the
+# privsep crypto engine.
+# See <https://codeberg.org/op/gmid/issues/2>.
 LIBTLS=bundled # or system
 if [ "$(uname || true)" = OpenBSD ]; then
 	LIBTLS=system
@@ -142,7 +146,7 @@ NEED_OPENBSD_SOURCE=0
 NEED_LIBBSD_OPENBSD_VIS=0
 
 COMPATS=
-COMP="${CC} ${CFLAGS} -Wno-unused -Werror"
+COMP="${CC} ${CFLAGS} -Werror=implicit-function-declaration"
 
 # singletest name var extra-cflags extra-libs msg
 singletest() {

contrib/gmid.service

@@ -6,8 +6,6 @@ Wants=network-online.target
 
 [Service]
 Type=simple
-User=gmid
-Group=nobody
 ExecStart=/usr/local/bin/gmid -f -c /etc/gmid.conf
 ExecStop=/bin/kill -TERM $MAINPID
 ExecReload=/bin/kill -HUP $MAINPID

contrib/vim/indent/gmid.vim

@@ -9,3 +9,5 @@ setlocal indentexpr=
 setlocal cindent
 " Just make sure that the comments are not reset as defs would be.
 setlocal cinkeys-=0#
+" And indentation works correctly without semicolons.
+setlocal cinoptions=+0

gg.1

@@ -20,7 +20,7 @@
 .Sh SYNOPSIS
 .Nm
 .Bk -words
-.Op Fl 23Nn
+.Op Fl 23Nnq
 .Op Fl C Ar cert
 .Op Fl d Ar mode
 .Op Fl H Ar sni
@@ -82,6 +82,8 @@ and
 to do the request instead of the ones extracted by the IRI.
 .Ar port
 is by default 1965.
+.It Fl q
+Don't print server error messages to standard error.
 .It Fl T Ar seconds
 Kill
 .Nm

gg.c

@@ -41,6 +41,7 @@ int		 flag3;
 int		 nop;
 int		 redirects = 5;
 int		 timer;
+int		 quiet;
 const char	*cert;
 const char	*key;
 const char	*proxy_host;
@@ -308,8 +309,11 @@ get(const char *r)
 		assert(t != NULL);
 		if (code < 20 || code >= 30) {
 			*t = '\0';
-			fprintf(stderr, "Server says: ");
-			safeprint(stderr, buf + 3); /* skip return code */
+			if (!quiet) {
+				fprintf(stderr, "Server says: ");
+				/* skip return code */
+				safeprint(stderr, buf + 3);
+			}
 		}
 		t += 2; /* skip \r\n */
 		len -= t - buf;
@@ -335,7 +339,7 @@ static void __attribute__((noreturn))
 usage(void)
 {
 	fprintf(stderr, "version: " GG_STRING "\n");
-	fprintf(stderr, "usage: %s [-23Nn] [-C cert] [-d mode] [-H sni] "
+	fprintf(stderr, "usage: %s [-23Nnq] [-C cert] [-d mode] [-H sni] "
 	    "[-K key] [-P host[:port]]\n",
 	    getprogname());
 	fprintf(stderr, "          [-T seconds] gemini://...\n");
@@ -385,7 +389,7 @@ main(int argc, char **argv)
 
 	setlocale(LC_CTYPE, "");
 
-	while ((ch = getopt(argc, argv, "23C:d:H:K:NP:T:")) != -1) {
+	while ((ch = getopt(argc, argv, "23C:d:H:K:nNP:qT:")) != -1) {
 		switch (ch) {
 		case '2':
 			flag2 = 1;
@@ -415,6 +419,9 @@ main(int argc, char **argv)
 			parse_proxy(optarg);
 			dont_verify_name = 1;
 			break;
+		case 'q':
+			quiet = 1;
+			break;
 		case 'T':
 			timer = strtonum(optarg, 1, 1000, &errstr);
 			if (errstr != NULL)

gmid.8

@@ -1,4 +1,4 @@
-.\" Copyright (c) 2021, 2022, 2023 Omar Polo <op@omarpolo.com>
+.\" Copyright (c) 2021, 2022, 2023, 2024 Omar Polo <op@omarpolo.com>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -11,7 +11,7 @@
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd October 20, 2023
+.Dd April 27, 2024
 .Dt GMID 8
 .Os
 .Sh NAME
@@ -52,7 +52,8 @@ Overrides the definition of
 .Ar macro
 in the config file if present.
 .It Fl f
-Stays and logs on the foreground.
+Do not daemonize.
+Stay and log in the foreground.
 .It Fl h , Fl -help
 Print the usage and exit.
 .It Fl n

gmid.c

@@ -412,7 +412,7 @@ main_send_logfd(struct conf *conf)
 			goto done;
 		}
 
-		fd = open(conf->log_access, O_WRONLY|O_CREAT|O_APPEND, 0600);
+		fd = open(path, O_WRONLY|O_CREAT|O_APPEND, 0600);
 		if (fd == -1)
 			log_warn("can't open %s", conf->log_access);
 	}
@@ -605,8 +605,8 @@ main_print_conf(struct conf *conf)
 
 	TAILQ_FOREACH(h, &conf->hosts, vhosts) {
 		printf("\nserver \"%s\" {\n", h->domain);
-		printf("	cert \"%s\"\n", h->cert);
-		printf("	key \"%s\"\n", h->key);
+		printf("	cert \"%s\"\n", h->cert_path);
+		printf("	key \"%s\"\n", h->key_path);
 		/* TODO: print locations... */
 		printf("}\n");
 	}

gmid.conf.5

@@ -11,7 +11,7 @@
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd January 11, 2024
+.Dd April 4, 2024
 .Dt GMID.CONF 5
 .Os
 .Sh NAME
@@ -384,7 +384,7 @@ The port the server is listening on.
 .Dq GEMINI
 .It Ev SERVER_SOFTWARE
 The name and version of the server, i.e.
-.Dq gmid/2.0.1
+.Dq gmid/2.0.2
 .It Ev REMOTE_USER
 The subject of the client certificate if provided, otherwise unset.
 .It Ev TLS_CLIENT_ISSUER

gmid.h

@@ -114,6 +114,9 @@ struct address {
 	socklen_t		 slen;
 	int16_t			 port;
 
+	/* pretty-printed version of `ss' */
+	char			 pp[NI_MAXHOST];
+
 	/* used in the server */
 	struct conf		*conf;
 	int			 sock;
@@ -412,7 +415,6 @@ void		 mark_nonblock(int);
 void		 client_write(struct bufferevent *, void *);
 int		 start_reply(struct client*, int, const char*);
 void		 client_close(struct client *);
-struct client	*client_by_id(int);
 void		 server_accept(int, short, void *);
 void		 server_init(struct privsep *, struct privsep_proc *, void *);
 int		 server_configure_done(struct conf *);

have/landlock.c

@@ -19,6 +19,8 @@
 #include <sys/stat.h>
 #include <sys/syscall.h>
 
+#include <stddef.h>
+
 #ifndef landlock_create_ruleset
 static inline int
 landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size,

iri.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2022 Omar Polo <op@omarpolo.com>
+ * Copyright (c) 2020, 2022, 2024 Omar Polo <op@omarpolo.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -177,25 +177,47 @@ parse_port(struct parser *p)
 	return 1;
 }
 
-/* TODO: add support for ip-literal and ipv4addr ? */
 /* *( unreserved / sub-delims / pct-encoded ) */
 static int
 parse_authority(struct parser *p)
 {
-	p->parsed->host = p->iri;
+	struct addrinfo	 hints, *ai;
+	char		*end;
+	int		 err;
 
-	while (unreserved(*p->iri)
-	    || sub_delimiters(*p->iri)
-	    || parse_pct_encoded(p)
-	    || valid_multibyte_utf8(p)) {
-		/* normalize the host name. */
-		if (*p->iri < 0x7F)
-			*p->iri = tolower(*p->iri);
+	if (*p->iri == '[') {
 		p->iri++;
-	}
+		p->parsed->host = p->iri;
+		if ((end = strchr(p->iri, ']')) == NULL) {
+			p->err = "invalid IPv6 address";
+			return 0;
+		}
+		*end++ = '\0';
+		p->iri = end;
 
-	if (p->err != NULL)
-		return 0;
+		memset(&hints, 0, sizeof(hints));
+		hints.ai_flags = AI_NUMERICHOST;
+		err = getaddrinfo(p->parsed->host, NULL, &hints, &ai);
+		if (err != 0) {
+			p->err = "invalid IPv6 address";
+			return 0;
+		}
+		freeaddrinfo(ai);
+	} else {
+		p->parsed->host = p->iri;
+		while (unreserved(*p->iri)
+		    || sub_delimiters(*p->iri)
+		    || parse_pct_encoded(p)
+		    || valid_multibyte_utf8(p)) {
+			/* normalize the host name. */
+			if (*p->iri < 0x7F)
+				*p->iri = tolower(*p->iri);
+			p->iri++;
+		}
+
+		if (p->err != NULL)
+			return 0;
+	}
 
 	if (*p->iri == ':') {
 		*p->iri = '\0';

parse.y

@@ -1,7 +1,7 @@
 %{
 
 /*
- * Copyright (c) 2021, 2022, 2023 Omar Polo <op@omarpolo.com>
+ * Copyright (c) 2021-2024 Omar Polo <op@omarpolo.com>
  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
  * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
  * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
@@ -46,7 +46,7 @@ static struct file {
 	TAILQ_ENTRY(file)	 entry;
 	FILE			*stream;
 	char			*name;
-	size_t	 		 ungetpos;
+	size_t			 ungetpos;
 	size_t			 ungetsize;
 	u_char			*ungetbuf;
 	int			 eof_reached;
@@ -92,11 +92,9 @@ char		*ensure_absolute_path(char*);
 int		 check_block_code(int);
 char		*check_block_fmt(char*);
 int		 check_strip_no(int);
-int		 check_port_num(int);
 int		 check_prefork_num(int);
 void		 advance_loc(void);
 void		 advance_proxy(void);
-void		 parsehp(char *, char **, const char **, const char *);
 int		 fastcgi_conf(const char *, const char *);
 void		 add_param(char *, char *);
 int		 getservice(const char *);
@@ -125,12 +123,12 @@ typedef struct {
 
 %token	ACCESS ALIAS AUTO
 %token	BLOCK
-%token	CA CERT CHROOT CLIENT COMBINED COMMON CONDENSED
+%token	CA CERT CHROOT CLIENT
 %token	DEFAULT
 %token	FACILITY FASTCGI FOR_HOST
 %token	INCLUDE INDEX IPV6
 %token	KEY
-%token	LANG LEGACY LISTEN LOCATION LOG
+%token	LANG LISTEN LOCATION LOG
 %token	OCSP OFF ON
 %token	PARAM PORT PREFORK PROTO PROTOCOLS PROXY
 %token	RELAY_TO REQUIRE RETURN ROOT
@@ -150,13 +148,12 @@ typedef struct {
 %%
 
 conf		: /* empty */
-		| conf include '\n'
-		| conf '\n'
-		| conf varset '\n'
-		| conf option '\n'
-		| conf vhost '\n'
-		| conf types '\n'
-		| conf error '\n'		{ file->errors++; }
+		| conf include nl
+		| conf varset nl
+		| conf option nl
+		| conf vhost nl
+		| conf types nl
+		| conf error nl		{ file->errors++; }
 		;
 
 include		: INCLUDE STRING		{
@@ -265,17 +262,18 @@ logopt		: ACCESS string		{
 			free(conf->log_access);
 			conf->log_access = $2;
 		}
-		| STYLE COMMON		{
-			conf->log_format = LOG_FORMAT_COMMON;
-		}
-		| STYLE COMBINED	{
-			conf->log_format = LOG_FORMAT_COMBINED;
-		}
-		| STYLE CONDENSED	{
-			conf->log_format = LOG_FORMAT_CONDENSED;
-		}
-		| STYLE LEGACY		{
-			conf->log_format = LOG_FORMAT_LEGACY;
+		| STYLE string {
+			if (!strcmp("combined", $2))
+				conf->log_format = LOG_FORMAT_COMBINED;
+			else if (!strcmp("common", $2))
+				conf->log_format = LOG_FORMAT_COMMON;
+			else if (!strcmp("condensed", $2))
+				conf->log_format = LOG_FORMAT_CONDENSED;
+			else if (!strcmp("legacy", $2))
+				conf->log_format = LOG_FORMAT_LEGACY;
+			else
+				yyerror("unknown log style: %s", $2);
+			free($2);
 		}
 		| SYSLOG FACILITY string {
 			const char *str = $3;
@@ -617,7 +615,7 @@ mediaopts_l	: mediaopts_l mediaoptsl nl
 mediaoptsl	: STRING {
 			free(current_media);
 			current_media = $1;
-		} medianames_l optsemicolon
+		} medianames_l
 		| include
 		;
 
@@ -633,17 +631,13 @@ medianamesl	: numberstring {
 		;
 
 nl		: '\n' optnl
+		| ';' optnl
 		;
 
-optnl		: '\n' optnl		/* zero or more newlines */
-		| ';' optnl		/* semicolons too */
+optnl		: nl
 		| /*empty*/
 		;
 
-optsemicolon	: ';'
-		|
-		;
-
 %%
 
 static const struct keyword {
@@ -659,9 +653,6 @@ static const struct keyword {
 	{"cert", CERT},
 	{"chroot", CHROOT},
 	{"client", CLIENT},
-	{"combined", COMBINED},
-	{"common", COMMON},
-	{"condensed", CONDENSED},
 	{"default", DEFAULT},
 	{"facility", FACILITY},
 	{"fastcgi", FASTCGI},
@@ -671,7 +662,6 @@ static const struct keyword {
 	{"ipv6", IPV6},
 	{"key", KEY},
 	{"lang", LANG},
-	{"legacy", LEGACY},
 	{"listen", LISTEN},
 	{"location", LOCATION},
 	{"log", LOG},
@@ -1211,16 +1201,6 @@ check_strip_no(int n)
 	return n;
 }
 
-int
-check_port_num(int n)
-{
-	if (n <= 0 || n >= UINT16_MAX)
-		yyerror("port number is %s: %d",
-		    n <= 0 ? "too small" : "too large",
-		    n);
-	return n;
-}
-
 int
 check_prefork_num(int n)
 {
@@ -1243,25 +1223,6 @@ advance_proxy(void)
 	TAILQ_INSERT_TAIL(&host->proxies, proxy, proxies);
 }
 
-void
-parsehp(char *str, char **host, const char **port, const char *def)
-{
-	char		*at;
-	const char	*errstr;
-
-	*host = str;
-
-	if ((at = strchr(str, ':')) != NULL) {
-		*at++ = '\0';
-		*port = at;
-	} else
-		*port = def;
-
-	strtonum(*port, 1, UINT16_MAX, &errstr);
-	if (errstr != NULL)
-		yyerror("port is %s: %s", errstr, *port);
-}
-
 int
 fastcgi_conf(const char *path, const char *port)
 {
@@ -1319,7 +1280,7 @@ getservice(const char *n)
 }
 
 static void
-add_to_addr_queue(struct addrhead *a, struct addrinfo *ai)
+add_to_addr_queue(struct addrhead *a, struct addrinfo *ai, const char *pp)
 {
 	struct address		*addr;
 	struct sockaddr_in	*sin;
@@ -1345,6 +1306,7 @@ add_to_addr_queue(struct addrhead *a, struct addrinfo *ai)
 	addr->ai_protocol = ai->ai_protocol;
 	addr->slen = ai->ai_addrlen;
 	memcpy(&addr->ss, ai->ai_addr, ai->ai_addrlen);
+	strlcpy(addr->pp, pp, sizeof(addr->pp));
 
 	/* for commodity */
 	switch (addr->ai_family) {
@@ -1369,6 +1331,7 @@ void
 listen_on(const char *hostname, const char *servname)
 {
 	struct addrinfo hints, *res, *res0;
+	char pp[NI_MAXHOST];
 	int error;
 
 	memset(&hints, 0, sizeof(hints));
@@ -1383,8 +1346,14 @@ listen_on(const char *hostname, const char *servname)
 	}
 
 	for (res = res0; res; res = res->ai_next) {
-		add_to_addr_queue(&host->addrs, res);
-		add_to_addr_queue(&conf->addrs, res);
+		if (getnameinfo(res->ai_addr, res->ai_addrlen, pp, sizeof(pp),
+		    NULL, 0, NI_NUMERICHOST) == -1) {
+			yyerror("getnameinfo failed: %s", strerror(errno));
+			break;
+		}
+
+		add_to_addr_queue(&host->addrs, res, pp);
+		add_to_addr_queue(&conf->addrs, res, pp);
 	}
 
 	freeaddrinfo(res0);

proxy.c

@@ -22,7 +22,7 @@
 
 #include "log.h"
 
-#define MIN(a, b)	((a) < (b) ? (a) : (b))
+#define MINIMUM(a, b)	((a) < (b) ? (a) : (b))
 
 static const struct timeval handshake_timeout = { 5, 0 };
 
@@ -50,7 +50,7 @@ proxy_tls_readcb(int fd, short event, void *d)
 	}
 
 	if (bufev->wm_read.high != 0)
-		howmuch = MIN(sizeof(buf), bufev->wm_read.high);
+		howmuch = MINIMUM(sizeof(buf), bufev->wm_read.high);
 
 	switch (ret = tls_read(c->proxyctx, buf, howmuch)) {
 	case TLS_WANT_POLLIN:

regress/Makefile

@@ -7,6 +7,9 @@ GENCERT_FLAGS=
 # host to bind to during regress
 REGRESS_HOST =	localhost
 
+# set to no if don't have IPv6 working (need to listen on ::1)
+HAVE_IPV6 =	yes
+
 DISTFILES =	Makefile \
 		env \
 		err \
@@ -39,7 +42,7 @@ IRI_OBJS =	${IRI_SRCS:.c=.o} ${REG_COMPATS}
 .PHONY: all data clean dist
 
 all: data puny-test iri_test fcgi-test
-	env REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}
+	env HAVE_IPV6="${HAVE_IPV6}" REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}
 
 data: testdata localhost.pem testca.pem valid.crt invalid.pem
 

regress/iri_test.c

@@ -162,6 +162,14 @@ main(void)
 	    PASS,
 	    IRI("gemini", "naïve.omarpolo.com", "", "", "", ""),
 	    "Can percent decode hostnames");
+	TEST("gemini://100.64.3.27/",
+	    PASS,
+	    IRI("gemini", "100.64.3.27", "", "", "", ""),
+	    "Accepts IPv4 addresses");
+	TEST("gemini://[::1]/",
+	    PASS,
+	    IRI("gemini", "::1", "", "", "", ""),
+	    "Accepts IPv6 addresses");
 
 	/* path */
 	TEST("gemini://omarpolo.com/foo/bar/baz",

regress/lib.sh

@@ -6,9 +6,12 @@ gemexp="./../gemexp"
 gg="./../gg"
 gmid="./../gmid"
 current_test=
+server_name=
+gghost=
 
 run_test() {
 	ggflags=
+	host="$REGRESS_HOST"
 	port=10965
 	config_common="log syslog off"
 	hdr=
@@ -18,9 +21,15 @@ run_test() {
 	ran_no=$((ran_no + 1))
 
 	current_test=$1
+	server_name=localhost
+	gghost=localhost
+
 	rm -f reg.conf
 
-	if ! $1; then
+	if [ "$2" = "need_ipv6" -a "$HAVE_IPV6" != "yes" ]; then
+		echo "$1 skipped (needs HAVE_IPV6='yes')"
+		return
+	elif ! $1; then
 		echo "$1 failed"
 		failed="$failed $1"
 		failed_no=$((failed_no + 1))
@@ -58,11 +67,11 @@ gen_config() {
 	cat <<EOF > reg.conf
 $config_common
 $1
-server "localhost" {
+server "$server_name" {
 	cert "$PWD/localhost.pem"
 	key  "$PWD/localhost.key"
 	root "$PWD/testdata"
-	listen on $REGRESS_HOST port $port
+	listen on $host port $port
 	$2
 }
 EOF
@@ -77,7 +86,7 @@ set_proxy() {
 server "localhost.local" {
 	cert "$PWD/localhost.pem"
 	key "$PWD/localhost.key"
-	listen on $REGRESS_HOST port $port
+	listen on $host port $port
 	proxy {
 		relay-to localhost port $port
 		$1
@@ -108,13 +117,13 @@ setup_simple_test() {
 # usage: get <path>
 # return the body of the request on stdout
 get() {
-	$gg -T10 $ggflags "gemini://localhost:10965/$1" || true
+	$gg -q -T10 $ggflags "gemini://$gghost:10965/$1" || true
 }
 
 # usage: head <path>
 # return the meta response line on stdout
 head() {
-	$gg -T10 -d header $ggflags "gemini://localhost:10965/$1" || true
+	$gg -q -T10 -d header $ggflags "gemini://$gghost:10965/$1" || true
 }
 
 # usage: fetch <path>

regress/regress

@@ -20,6 +20,9 @@ fi
 run_test test_punycode
 run_test test_iri
 
+# Run configuration dumping test.
+run_test test_dump_config
+
 if [ "${SKIP_RUNTIME_TESTS:-0}" -eq 1 ]; then
 	echo
 	echo "======================"
@@ -59,6 +62,9 @@ run_test test_proxy_with_certs
 # run_test test_unknown_host	# XXX: breaks on some distro
 run_test test_include_mime
 run_test test_log_file
+run_test test_ipv4_addr
+run_test test_ipv6_addr need_ipv6
+run_test test_ipv6_server need_ipv6
 
 # TODO: add test that uses only a TLSv1.2 or TLSv1.3
 # TODO: add a test that attempt to serve a non-regular file

regress/tests.sh

@@ -8,6 +8,34 @@ test_iri() {
 	./iri_test
 }
 
+test_dump_config() {
+	dont_check_server_alive=yes
+	gen_config '' ''
+
+        exp="$(mktemp)"
+	got="$(mktemp)"
+	cat <<EOF >$exp
+prefork 3
+
+server "localhost" {
+	cert "$PWD/localhost.pem"
+	key "$PWD/localhost.key"
+}
+EOF
+
+	$gmid -nn -c reg.conf > $got 2>/dev/null
+
+	ret=0
+	if ! cmp -s "$exp" "$got"; then
+    		echo "config differs!" >&2
+    		diff -u "$exp" "$got" >&2
+    		ret=1
+	fi
+
+	rm "$exp" "$got"
+	return $ret
+}
+
 test_gemexp() {
 	dont_check_server_alive=yes
 
@@ -287,13 +315,15 @@ test_fastcgi_deprecated_syntax() {
 test_macro_expansion() {
 	cat <<EOF > reg.conf
 pwd = "$PWD"
+common = "lang it; auto index on"
 
 server "localhost" {
 	# the quoting of \$ is for sh
 	cert \$pwd "/localhost.pem"
 	key  \$pwd "/localhost.key"
 	root \$pwd "/testdata"
-	listen on $REGRESS_HOST port $port
+	listen on $host port $port
+	@common
 }
 EOF
 
@@ -305,7 +335,7 @@ EOF
 	run
 
 	fetch /
-	check_reply "20 text/gemini" "# hello world"
+	check_reply "20 text/gemini;lang=it" "# hello world"
 }
 
 test_proxy_relay_to() {
@@ -400,3 +430,36 @@ log style legacy'
 	rm -f log log.edited
 	return 0
 }
+
+test_ipv4_addr() {
+	server_name="*"
+	host="127.0.0.1"
+	gghost=127.0.0.1
+	ggflags=-N
+	setup_simple_test
+
+	fetch /
+	check_reply "20 text/gemini" "# hello world" || return 1
+}
+
+test_ipv6_addr() {
+	server_name="*"
+	host="::1"
+	gghost="[::1]"
+	ggflags=-N
+	setup_simple_test
+
+	fetch /
+	check_reply "20 text/gemini" "# hello world" || return 1
+}
+
+test_ipv6_server() {
+	server_name="::1"
+	host="::1"
+	gghost="[::1]"
+	ggflags=-N
+	setup_simple_test
+
+	fetch /
+	check_reply "20 text/gemini" "# hello world" || return 1
+}

server.c

@@ -31,7 +31,7 @@
 #include "log.h"
 #include "proc.h"
 
-#define MIN(a, b)	((a) < (b) ? (a) : (b))
+#define MINIMUM(a, b)	((a) < (b) ? (a) : (b))
 
 #ifndef nitems
 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
@@ -119,6 +119,9 @@ match_host(struct vhost *v, struct client *c)
 	if (addr == NULL)
 		return 0;
 
+	if (*c->domain == '\0')
+		strlcpy(c->domain, addr->pp, sizeof(c->domain));
+
 	if (matches(v->domain, c->domain))
 		return 1;
 
@@ -403,16 +406,19 @@ handle_handshake(int fd, short ev, void *d)
 	evbuffer_unfreeze(c->bev->output, 1);
 #endif
 
-	if ((servname = tls_conn_servername(c->ctx)) == NULL) {
+	if ((servname = tls_conn_servername(c->ctx)) == NULL)
 		log_debug("handshake: missing SNI");
-		goto err;
-	}
-
 	if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
 		log_info("puny_decode: %s", parse_err);
-		goto err;
+		start_reply(c, BAD_REQUEST, "Wrong/malformed host");
+		return;
 	}
 
+	/*
+	 * match_addr will serialize the (matching) address if c->domain
+	 * is empty, so that we can support requests for raw IPv6 address
+	 * that can't have a SNI.
+	 */
 	TAILQ_FOREACH(h, &conf->hosts, vhosts)
 		if (match_host(h, c))
 			break;
@@ -428,8 +434,7 @@ handle_handshake(int fd, short ev, void *d)
 		return;
 	}
 
-err:
-	start_reply(c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
+	start_reply(c, BAD_REQUEST, "Wrong/malformed host");
 }
 
 static void
@@ -853,7 +858,7 @@ client_tls_readcb(int fd, short event, void *d)
 	}
 
 	if (bufev->wm_read.high != 0)
-		howmuch = MIN(sizeof(buf), bufev->wm_read.high);
+		howmuch = MINIMUM(sizeof(buf), bufev->wm_read.high);
 
 	switch (ret = tls_read(client->ctx, buf, howmuch)) {
 	case TLS_WANT_POLLIN:
@@ -1329,15 +1334,6 @@ server_accept(int sock, short et, void *d)
 	connected_clients++;
 }
 
-struct client *
-client_by_id(int id)
-{
-	struct client find;
-
-	find.id = id;
-	return SPLAY_FIND(client_tree_id, &clients, &find);
-}
-
 static void
 handle_siginfo(int fd, short ev, void *d)
 {

site/Makefile

@@ -21,7 +21,7 @@ REPOLOGY_URL =		https://repology.org/project/gmid/versions
 
 SUBST =		./subst GITHUB=https://github.com/omar-polo/gmid \
 			SITE=https://ftp.omarpolo.com \
-			VERS=2.0.1 \
+			VERS=2.0.2 \
 			PUBKEY=gmid-2.0.pub \
 			TREE=https://github.com/omar-polo/gmid/blob/master
 

site/changelog.gmi

@@ -1,5 +1,13 @@
 # change log
 
+## 2024/04/04 - 2.0.2 “Lady Stardust” bugfix release
+
+- fix `log access path' with `chroot' enabled.
+- fix config dumping (-nn).
+- rework grammar to allow semicolons after top-level statements.
+- don't make the log styles reserved keywords.
+- contrib/vim: fixed indent, from Anna “CyberTailor”, thanks!
+
 ## 2024/01/24 - 2.0.1 “Lady Stardust” bugfix release
 
 * convert gmid to the new imsg API