Set SSL_VERIFY_PEER to request a client certificate from the server,
when available. Have to shim the certificate verification function or
else it will fail on self-signed client certs.
In serve_cgi retrieve client certificate, create a fingerprint, and set
proper environment variables. It's pretty barebones, it doesn't parse
the certificate to give any other useful info like the common name, but
it's acceptable IMO. For most CGI uses the fingerprint is the only
thing that is needed anyways.
with nothing waiting on the forked processes there is no reason not to
reap the CGI process on exit
intended to address issue from mailing list "gmnisrv uses too many
tasks" <163806E8-A16A-463E-8C62-43E903EF1E35@librem.one>
Fixes a compile error on gcc 9.3.0:
src/serve.c: In function 'serve_cgi':
src/serve.c:150:3: error: ignoring return value of 'chdir', declared
with attribute warn_unused_result [-Werror=unused-result]
150 | chdir(dirname(cwd));
| ^~~~~~~~~~~~~~~~~~~
Signed-off-by: William Casarin <jb55@jb55.com>
This takes the nginx approach to the "root" directive, which is simpler
to implement and more consistent with more complex routing behaviors
like regexp.
The path component of the URL is now simply appended to the root to form
the path to the file which should be served to the client.
With the following directory structure:
/srv/gmni:
baz/ foo/
/srv/gmni/baz:
a
/srv/gmni/foo:
bar/
/srv/gmni/foo/bar:
b
trying to access gemini://somesite/ with autoindex=on works,
but accessing /foo fails because it tries to stat /srv/gmni/foobar
instead of /srv/gmni/foo/bar. This commit fixes that by adding a trailing slash.
gcc 9.3.0 catches an off-by-one error with strncat in serve_autoindex
where it might not write a 0 byte:
In function ‘strncat’,
inlined from ‘serve_autoindex’ at src/serve.c:60:3:
/nix/store/...glibc-2.31-dev/include/bits/string_fortified.h:136:10:
error: ‘__builtin___strncat_chk’ specified bound 4097 equals destination size
[-Werror=stringop-overflow=]
Signed-off-by: William Casarin <jb55@jb55.com>