Permalink
Commits on Dec 6, 2017
  1. [#26] Use SSL_CTX_use_certificate_chain_file

    NathanFrench committed Dec 6, 2017
    (reference criticalstack#26)
    
    Via @mannol
    
    ```
    Currently, libevhtp is using SSL_CTX_use_certificate_file to load a
    certificate file. That function lacks the ability to load the pinned
    certificate chain (if any) which has a consequence of connecting clients
    not trusting the received certificate. By using
    SSL_CTX_use_certificate_chain_file we give the libssl the ability to
    read and send the entire certificate chain (if any), which clients can
    check against.
    ```
  2. Added a more extensive SSL sandbox.

    NathanFrench committed Dec 6, 2017
    After running `make examples`, if SSL is enabled, you
    can quickly test HTTPS, with optional client-based
    certificate authentication using the following process within
    the build directory:
    
    ```
    ./examples/https/bin/generate.sh
    
    -- Test without client auth
    
    ./examples/example_https              \
      -cert examples/https/server-crt.pem \
      -key  examples/https/server-key.pem
    
    curl -vk https://localhost:4443/
    
    -- Test WITH client auth
    
    ./examples/example_https              \
      -cert examples/https/server-crt.pem \
      -key  examples/https/server-key.pem \
      -ca   examples/https/ca-crt.pem     \
      -verify-peer                        \
      -verify-depth 2                     \
      -enforce-peer-cert
    
    curl -kv \
      --key  examples/https/client1-key.pem \
      --cert examples/https/client1-crt.pem \
      https://localhost:4443/
    
    ```
Commits on Nov 30, 2017
Commits on Nov 28, 2017
  1. Added new virtualhost examples and functions

    NathanFrench committed Nov 28, 2017
    - added examples/example_vhost.c which shows, in detail, how to use
      evhtp vhosts and aliases.
    
    - Added new function evhtp_add_aliases(). Much like add_alias, this
      allows for a variable number of aliases to be added within one call.
    
    - some error logging updates
Commits on Nov 21, 2017
  1. remove silly comment

    NathanFrench committed Nov 21, 2017
  2. Update README.markdown

    NathanFrench committed Nov 21, 2017
Commits on Nov 20, 2017
  1. Merge tag '1.2.14' into develop

    NathanFrench committed Nov 20, 2017
    v1.2.14 SECURITY UPDATE
  2. Remove built-in Oniguruma, now rely on system only

    NathanFrench committed Nov 20, 2017
    @flokli (github) informed us of our failure to keep up with security
    updates in the builtin version of onigurama we ship with evhtp.
    
    - CVE-2017-9224
    - CVE-2017-9225
    - CVE-2017-9226
    - CVE-2017-9227
    - CVE-2017-9228
    - CVE-2017-9229
    
    We should have never done this in the first place, but we did, and for
    that we apologize.
    
    So we decided to completely remove the packaged version. Sorry, but
    we think that this is a good thing. Instead, cmake will attempt to
    find a system-wide installed version of this library, and if it fails,
    regex support will be disabled.
    
    * DELETED ALL BUILTIN ONIGURUMA FILES
    * Added FindOniguruma.cmake for the obvious
    * Updated examples/test.c to make sure regex is working (or unsupported)
    * Moved various parts of the main CMakeLists.txt into smaller ones
Commits on Nov 19, 2017
  1. Merge pull request #59 from criticalstack/feature/doxygen-updates

    NathanFrench committed Nov 19, 2017
    Feature/doxygen updates
  2. Merge branch 'develop-v2-doxygen' of https://github.com/sftwrngnr/lib…

    NathanFrench committed Nov 19, 2017
    …evhtp into sftwrngnr-develop-v2-doxygen
Commits on Nov 17, 2017
Commits on Nov 15, 2017
  1. stupid formatting

    NathanFrench committed Nov 15, 2017
Commits on Nov 14, 2017
  1. Merge tag '1.2.13' into develop

    NathanFrench committed Nov 14, 2017
    v1.2.13