Re: [patch] httpd: fcgi/PATH_INFO not handled correctly
This patch fixes the problem I had previously that I mentioned on the
Github issues.
Kyle
On 8/26/2015 1:23 PM, Denis Fondras wrote:
Hello,
While using httpd together uwsgi and Flask, I noticed that GET requests to /
returned 404. The same setup with nginx was returning 200.
The culprit is that PATH_INFO is not set when REQUEST_URI is /.
The following patch correctly set PATH_INFO in every case.
Denis
Index: httpd.c
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.c,v
retrieving revision 1.39
diff -u -p -r1.39 httpd.c
--- httpd.c 20 Aug 2015 13:00:23 - 1.39
+++ httpd.c 26 Aug 2015 18:12:34 -
@@ -695,7 +695,7 @@ path_info(char *path)
for (p = end; p start; p--) {
/* Scan every path component from the end and at each '/' */
- if (p end *p != '/')
+ if (p = end *p != '/')
continue;
/* Temporarily cut the path component out */
Re: [patch] Turn on Server Cipher Preference
Here is an updated diff with some configuration added.
Index: lib/libtls/tls.h
===
RCS file: /cvs/src/lib/libtls/tls.h,v
retrieving revision 1.12
diff -u -p -r1.12 tls.h
--- lib/libtls/tls.h31 Mar 2015 14:03:38 - 1.12
+++ lib/libtls/tls.h15 May 2015 18:34:43 -
@@ -66,6 +66,9 @@ void tls_config_insecure_noverifycert(st
void tls_config_insecure_noverifyname(struct tls_config *_config);
void tls_config_verify(struct tls_config *_config);
+void tls_config_prefer_server_ciphers(struct tls_config *_config);
+void tls_config_prefer_client_ciphers(struct tls_config *_config);
+
struct tls *tls_client(void);
struct tls *tls_server(void);
int tls_configure(struct tls *_ctx, struct tls_config *_config);
Index: lib/libtls/tls_config.c
===
RCS file: /cvs/src/lib/libtls/tls_config.c,v
retrieving revision 1.9
diff -u -p -r1.9 tls_config.c
--- lib/libtls/tls_config.c 22 Feb 2015 15:09:54 - 1.9
+++ lib/libtls/tls_config.c 15 May 2015 18:34:43 -
@@ -82,6 +82,8 @@ tls_config_new(void)
tls_config_verify(config);
+ tls_config_prefer_server_ciphers(config);
+
return (config);
err:
@@ -299,4 +301,16 @@ tls_config_verify(struct tls_config *con
{
config-verify_cert = 1;
config-verify_name = 1;
+}
+
+void
+tls_config_prefer_server_ciphers(struct tls_config *config)
+{
+ config-prefer_server = 1;
+}
+
+void
+tls_config_prefer_client_ciphers(struct tls_config *config)
+{
+ config-prefer_server = 0;
}
Index: lib/libtls/tls_internal.h
===
RCS file: /cvs/src/lib/libtls/tls_internal.h,v
retrieving revision 1.12
diff -u -p -r1.12 tls_internal.h
--- lib/libtls/tls_internal.h 31 Mar 2015 12:21:27 - 1.12
+++ lib/libtls/tls_internal.h 15 May 2015 18:34:43 -
@@ -46,6 +46,7 @@ struct tls_config {
int verify_cert;
int verify_depth;
int verify_name;
+ int prefer_server;
};
#define TLS_CLIENT (1 0)
Index: lib/libtls/tls_server.c
===
RCS file: /cvs/src/lib/libtls/tls_server.c,v
retrieving revision 1.7
diff -u -p -r1.7 tls_server.c
--- lib/libtls/tls_server.c 31 Mar 2015 14:03:38 - 1.7
+++ lib/libtls/tls_server.c 15 May 2015 18:34:43 -
@@ -81,6 +81,10 @@ tls_configure_server(struct tls *ctx)
EC_KEY_free(ecdh_key);
}
+ if (ctx-config-prefer_server == 1) {
+ SSL_CTX_set_options(ctx-ssl_ctx,
SSL_OP_CIPHER_SERVER_PREFERENCE);
+ }
+
/*
* Set session ID context to a random value. We don't support
* persistent caching of sessions so it is OK to set a temporary
[patch] Turn on Server Cipher Preference
Very basic patch to turn on server cipher preference in libtls. This will allow us to always use our cipher preference over what the client thinks is best. Tested with httpd as the server and openssl as the client with two ciphers selected. Should we make this a configurable option (possibly on by default)? Index: lib/libtls/tls_server.c === RCS file: /cvs/src/lib/libtls/tls_server.c,v retrieving revision 1.7 diff -u -p -r1.7 tls_server.c --- lib/libtls/tls_server.c 31 Mar 2015 14:03:38 - 1.7 +++ lib/libtls/tls_server.c 15 May 2015 04:12:43 - @@ -81,6 +81,8 @@ tls_configure_server(struct tls *ctx) EC_KEY_free(ecdh_key); } + SSL_CTX_set_options(ctx-ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + /* * Set session ID context to a random value. We don't support * persistent caching of sessions so it is OK to set a temporary
Re: [PATCH] If-Modified-Since support in httpd
I haven't heard back from anyone. Since the release has passed, has
anyone had time to look at this?
I think that I should move the time parsing out of server_file
to server_http so it can be reused later. I'm also not sure about
the placement of the check. Additionally, I'm using timeoff which seems
to not be documented anywhere.
On Sat, Apr 18, 2015 at 04:28:40PM -0500, jmp wrote:
If-Modified-Since is already sent by most web browsers to httpd. This
patch adds a check to server_file_access before we send the file back.
This does not do any checks for autoindex directories as the size and
last modification dates of files would not get updated properly.
I separated the logic for checking the header values as it can be
reused for different side effects of other headers like Range.
Index: usr.sbin/httpd/server_file.c
===
RCS file: /cvs/src/usr.sbin/httpd/server_file.c,v
retrieving revision 1.51
diff -u -p -r1.51 server_file.c
--- usr.sbin/httpd/server_file.c 12 Feb 2015 10:05:29 - 1.51
+++ usr.sbin/httpd/server_file.c 18 Apr 2015 16:41:55 -
@@ -42,6 +42,7 @@ int server_file_request(struct httpd *,
struct stat *);
int server_file_index(struct httpd *, struct client *, struct stat *);
int server_file_method(struct client *);
+int server_file_modified_since(struct http_descriptor *, struct stat *);
int
server_file_access(struct httpd *env, struct client *clt,
@@ -123,6 +124,10 @@ server_file_access(struct httpd *env, st
goto fail;
}
+ if ((ret = server_file_modified_since(desc, st)) != -1) {
+ return ret;
+ }
+
return (server_file_request(env, clt, path, st));
fail:
@@ -466,4 +471,24 @@ server_file_error(struct bufferevent *be
}
server_close(clt, unknown event error);
return;
+}
+
+int
+server_file_modified_since(struct http_descriptor * desc, struct stat * st)
+{
+ struct kvkey, *since;
+ struct tmtm; +
+ memset(tm, 0, sizeof(struct tm));
+
+ key.kv_key = If-Modified-Since;
+ if ((since = kv_find(desc-http_headers, key)) != NULL
+ since-kv_value != NULL) {
+ if (strptime(since-kv_value, %a, %d %h %Y %T %Z, tm) !=
NULL
+ timeoff(tm, 0L) = st-st_mtim.tv_sec) {
+ return 304;
+ }
+ }
+
+ return (-1);
}
Re: [PATCH] Support If-Modified-Since header on requests in httpd
On Sun, May 03, 2015 at 03:00:40PM +, Florian Obser wrote:
On Sat, Apr 18, 2015 at 12:19:46PM -0500, jmp wrote:
RFC 7232
A recipient MUST ignore the If-Modified-Since header field if the
received field-value is not a valid HTTP-date, or if the request
method is neither GET nor HEAD.
Does httpd allow any other types of requests through server_file.c? All
other types of requests should only get sent through the CGI scripts. It
doesn't make since to allow POST, PUT, etc.. through to the file
handler.
return (server_file_request(env, clt, path, st));
fail:
@@ -466,4 +471,24 @@ server_file_error(struct bufferevent *be
}
server_close(clt, unknown event error);
return;
+}
+
+int
+server_file_modified_since(struct http_descriptor * desc, struct stat * st)
+{
+ struct kvkey, *since;
+ struct tmtm;
+
+ memset(tm, 0, sizeof(struct tm));
+
+ key.kv_key = If-Modified-Since;
+ if ((since = kv_find(desc-http_headers, key)) != NULL
+ since-kv_value != NULL) {
+ if (strptime(since-kv_value, %a, %d %h %Y %T %Z, tm) !=
NULL
+ timeoff(tm, 0L) = st-st_mtim.tv_sec) {
+ return 304;
+ }
+ }
RFC 7231 defines 3 formats for HTTP-date and then goes on:
A recipient that parses a timestamp value in an HTTP header field
MUST accept all three HTTP-date formats.
I think it's ok here to only parse one variation and ignore
If-Modified-Since otherwise, we will just respond with a 200.
From looking at Apache and nginx code, I wasn't able to see that they
used any other method. Like I said in my 'other' reply, we can always
extract this out to server_http since the Date header is created there.
Re: [PATCH] Support If-Modified-Since header on requests in httpd
Sorry for the spam, I submitted the patch during the maintenance period. Any
advice on this patch is appreciated.
Kyle Thompson
On Apr 18, 2015, at 12:19 PM, jmp j...@giga.moe wrote:
If-Modified-Since is sent by http clients to be notified if a file has
been changed. This patch adds a function server_file_modified_since
that checks the time of the file from stat with the time sent from the
client. The separate function will help implement proper Range support.
I found 'timeoff' to be useful for converting to a time_t that is in
GMT; however, did not find documentation on this in the man pages. It
seems to be a function dating back to at least the NetBSD fork. If
there is a better time function I should be using please let me know.
The logic is separated out so we can reuse this in the future. I was
thinking this should be in http.c instead of server_file.c, but for
right now it is only useful for file operations. If-Modified-Since on
autoindex will not work due to how the index would be checked by this
code.
There is room for the 'If-Unmodified-Since' header, but it is not
really useful for file operations without Range support.
Index: usr.sbin/httpd/server_file.c
===
RCS file: /cvs/src/usr.sbin/httpd/server_file.c,v
retrieving revision 1.51
diff -u -p -r1.51 server_file.c
--- usr.sbin/httpd/server_file.c12 Feb 2015 10:05:29 -1.51
+++ usr.sbin/httpd/server_file.c18 Apr 2015 16:41:55 -
@@ -42,6 +42,7 @@ int server_file_request(struct httpd *,
struct stat *);
int server_file_index(struct httpd *, struct client *, struct stat *);
int server_file_method(struct client *);
+int server_file_modified_since(struct http_descriptor *, struct stat *);
int
server_file_access(struct httpd *env, struct client *clt,
@@ -123,6 +124,10 @@ server_file_access(struct httpd *env, st
goto fail;
}
+if ((ret = server_file_modified_since(desc, st)) != -1) {
+return ret;
+}
+
return (server_file_request(env, clt, path, st));
fail:
@@ -466,4 +471,24 @@ server_file_error(struct bufferevent *be
}
server_close(clt, unknown event error);
return;
+}
+
+int
+server_file_modified_since(struct http_descriptor * desc, struct stat * st)
+{
+struct kv key, *since;
+struct tm tm;
+
+memset(tm, 0, sizeof(struct tm));
+
+key.kv_key = If-Modified-Since;
+if ((since = kv_find(desc-http_headers, key)) != NULL
+since-kv_value != NULL) {
+if (strptime(since-kv_value, %a, %d %h %Y %T %Z, tm) != NULL
+timeoff(tm, 0L) = st-st_mtim.tv_sec) {
+return 304;
+}
+}
+
+return (-1);
}
