Skip to content
Commits on May 16, 2016
  1. @dklayer

    Fix processing of chunked requests sent over SSL

    When processing a chunked HTTP request, the server used to rely
    on the socket library to perform the dechunking operation.
    The problem is that this is not currently implemented for SSL
    sockets (see rfe8891). To remedy that, the server now uses its
    own implementation of a dechunking stream. This is the same method
    that is used to decode chunked replies in the client code.
    In addition, trailing headers received with a chunked request are
    now correctly processed (these were previously ignored, even for
    non-SSL requests).
    
    See bug23851 for more details regarding problems with chunked HTTPS
    requests.
    
    Changes:
        * main.cl: Version 1 3 39
        (get-request-body-retrieve): use a dechunking stream instead of
        turning on dechunking at the socket level. Process trailing
        headers.
    
        * makefile: added (require :tester) in the test.mp target.
    
        * packages.cl: Defpatch 10.0 (4)
    
        * test/t-aserve.cl (test-chunked-request): a new test for
        chunked requests with trailing headers.
    
    Change-Id: I7ceea4567767aaf6687390228d5e09d6d0f13745
    Tadeusz Sznuk committed with dklayer Apr 29, 2016
Commits on Apr 9, 2016
  1. @dklayer

    Remove CVS Ids; fix copyright

    Change-Id: Ic04e4e39501c80936743dd54a07f143e5ab3566b
    dklayer committed Apr 8, 2016
Commits on Mar 31, 2016
  1. [bug23838] call make-ssl-client-stream with :method keyword

       client.cl
    make-http-client-request -- Call make-ssl-client-stream with
       :method keyword instead of :ssl-method [bug23838]
    
       main.cl
    Version 1 3 38
    
       packages.cl
    Defpatch 10.0 (3)  9.0 (20)  8.2 (31)
    Martin Mikelsons committed Mar 31, 2016
Commits on Dec 3, 2015
  1. add docstring to *http-io-timeout*

    Change-Id: I3f709e1db1943f688a1f618156580a8e111601d9
    John Foderaro committed Dec 4, 2015
Commits on Oct 20, 2015
  1. conditionalize for lisps without deflate

    Change-Id: Ib36cc4ee0607f201be96489173bede870f04dfba
    John Foderaro committed Oct 20, 2015
Commits on Oct 16, 2015
  1. modify patch headers

    Change-Id: I41c747a8dd00829ef1f2cf8aeba666b5b39975aa
    John Foderaro committed Oct 16, 2015
Commits on Oct 15, 2015
  1. split http-copy-file into two functions

    Change-Id: I35ff1e6c4e78af610e8db3ecd69aba6dde4e9489
    John Foderaro committed Oct 15, 2015
  2. 1.3.37 add support for setting trailers

    add functions to set trailers.
    update documentation, adding trailer setting functions
    regularize header names to always be keywords in the correct case
    for the lisp.
    John Foderaro committed Jul 28, 2015
Commits on Sep 17, 2015
  1. webactions 1.14: Print ipaddr for webaction no map

    When a request comes in that is fielded by a webaction project and
    there is no map for the request, include the source IP in the error
    message.
    Kevin Layer committed Sep 6, 2015
  2. Include local makefiles if they exist

    If they exist:
     - makefile.local is included at the top of makefile
     - makefile.last is included at the end of makefile
    
    This allows for the customization of rules in makefile.
    Kevin Layer committed Sep 6, 2015
Commits on Sep 16, 2015
  1. @dklayer

    patches: aserve 1.3.36; webactions 1.13

    The code for both patches is already in ACL 10.0.
    These changes are for the upcoming ACL 9.0 patch.
    
    Change-Id: I5898c8b0b3f3de678ee4d2047c7f860b3e9f5650
    dklayer committed Sep 16, 2015
Commits on Jul 31, 2015
  1. Allow server string to be specified plus other items

            (all changes by Charley Cox)
    
        	* webactions/webact.cl (webaction-project): Change
        	use-http-only-cookies default to nil.
        	(webaction): Change use-http-only-cookes initform to nil.
    
        	* publish.cl (*file-type-to-mime-type*): Add "mp4".
        	(send-response-headers): Use *server-fmt* instead of hardwired
        	server ID.
    
        	* main.cl (*server-fmt*): Make server id be variable so that it
        	can be suppressed.
    
    Change-Id: I834c5301c99d9d3eb9858b08acad5cddc72b5521
    John Foderaro committed Jul 31, 2015
  2. @cox-charley

    Add http-only cookies

    	* webactions/webact.cl (webaction): Add use-http-only-cookies slot to
    	webaction class.
    	(webaction-project):  Add :use-http-only-cookies argument.
    
    	* webactions/doc/webactions.html : Describe :use-http-only-cookies
    	to webaction-project.  Note that we are not providing a
    	description of what http-only does or what it is for.
    
    	* webactions/clpage.cl (process-entity): Create httponly cookie
    	per webaction parameter.
    
    	* publish.cl (set-cookie-header): add :http-only argument.
    
    	* packages.cl (:net.aserve.client): add new exported symbol
    	cookie-item-http-only
    
    	* doc/aserve.html: Describe http-only option.  Note that we
    	are not providing a description of what http-only does or what it
    	is for.
    
    	* client.cl (cookie-item): Add http-only slot.
    	(save-cookie): Transfer httponly cookie-flag to saved cookie.
    
    Change-Id: I066c18a483f8dca367617060c43fd192e91a61b7
    cox-charley committed with John Foderaro Jul 11, 2015
Commits on Jul 27, 2015
  1. @dklayer

    rfe13851: add MAX-LISTENERS arg to START

    The LISTENERS argument of START determines only the number of HTTP
    worker threads the server is going to start with. Under load the
    server may create more workers which may lead to resource management
    problems down the road.
    
    For this reason, a new argument, MAX-LISTENERS was added to START.
    When it is specified, it must be an integer denoting the hard limit on
    the number of workers. The previous behavior corresponds to
    MAX-LISTENERS being NIL (the default).
    
    Change-Id: I1c25b08e8f30521519435bf763698e7562bf5a95
    Gabor Melis committed with dklayer Jul 27, 2015
  2. @dklayer

    rfe13850: increase max header size to 8192

    ... to match Apache. It was previously 4096, but with the increased
    value it is less likely that we get bug reports when, for example, a
    set of cookies exceed the header size limit.
    
    Change-Id: I929b98910e88b1ed6b63f4d4b58467b87bddc0bc
    Gabor Melis committed with dklayer Jul 27, 2015
Commits on Jul 17, 2015
  1. bug23328 get current source to compile on 8.1

    client.cl
      make-http-client-request: Avoid crl- args in call to
        make-ssl-client-stream on 8.1.
    
    main.cl
      start: Avoid crl- args in call to make-ssl-derver-stream on 8.1.
    
    packages.cl
      Unbind some functions to avoid error when compiling or loading
      on top of older 8.1 version.
    
    publish.cl
      Avoid calling string+ in 8.1.
    Martin Mikelsons committed Jul 17, 2015
Commits on May 26, 2015
  1. @dklayer

    bug23208 Adjust default n to avoid issues from too many threads

    test/t-aserve.cl
      test-aserve-n - Adjust default value of :n keyword arg.
           If n is nil, do not run any.
      Adjust comment at end of file.
    Martin Mikelsons committed with dklayer May 26, 2015
Commits on May 14, 2015
  1. @dklayer

    bug23200: server leak in test suite

    test/t-aserve.cl
      test-aserve-n: Revise default for argument n (the old #+- did
           not make any sense).
      test-expect-header-responses: Add call to shutdown. [bug23200]
    
    Change-Id: Id7a397685d0ed88cdf191c8f427239041619ac0f
    Martin Mikelsons committed with dklayer May 13, 2015
Commits on May 11, 2015
  1. @dklayer

    [bug23176] Avoid some closure-related consing. v1.3.34

    client.cl
      client-request-read-sequence: Replace flet with macrolet to avoid
        a closure (that fails to be stack allocated for some reason).
        Repace handler-case with handler-bind, and call a named function
        instead of a closure.  [bug23176]
    
    main.cl
      v1.3.34
    Martin Mikelsons committed with dklayer May 8, 2015
Commits on Feb 9, 2015
  1. v1.3.33: speed up serving of files

    Send file content in large chunks so that stream code won't store the
    data in its own buffers before sending.
    
    Change-Id: I93f67d8189befd42908e01985322d7d00358f55b
    John Foderaro committed Feb 9, 2015
Commits on Dec 10, 2014
  1. @dklayer

    Add defpatch for webactions

    Change-Id: I6c8e3749f9501070e6b100fdf952025770cfe20f
    dklayer committed Dec 9, 2014
Commits on Dec 3, 2014
  1. bug22888: Fixup defpatch versioning for latest commit.

    The last release inadvertently skipped a number for both acl82 and
    acl90.
    
    Change-Id: I62d160c047dff28370541a9b90f777471b8bfbbf
    Mikel Bancroft committed Dec 3, 2014
  2. bug22888: Fix buggy ssl arg checking.

    When establishing an https server using the :ssl-args keyword,
    net.aserve:start required a :certificate argument even when passed a
    :context. Now, the function accepts either a valid certificate or
    context object.
    
    Tests: none, added in the ssl module.
    
    <release-note>
    bug22888: Better ssl arg checking in net.aserve:start
    
    Previously, when specifying an https server, net.aserve:start would
    require a :certficiate argument even if a :context argument was
    specified. Now, either is acceptable.
    </release-note>
    
    Change-Id: I890f5d55535a2accf0298fa0dc8d32e10f3f0ad7
    Mikel Bancroft committed Dec 3, 2014
Commits on Nov 18, 2014
  1. v1.3.32 - add no-proxy argument to do-http-request

    Add a no-proxy argument to do-http-request to specify which sites
    should not be directed to a proxy.
    
    <documentation>
    see rfe13441 for documentation changes to be made
    </documentation>
    
    Change-Id: I260266e69ea079ddc07ba5708488bcba71062163
    John Foderaro committed Nov 18, 2014
Commits on Nov 17, 2014
  1. v1.3.31 add timeout argument to webaction-project

    Entities created with webaction-project previously used the
    default timeout value (5 minutes) despite the fact that with
    I/O timeouts being active we don't need a global timeout.
    Adding a timeout argument and giving it a huge default value
    means that the global timeout is effectively disabled.
    
    Change-Id: I49453f1b25868de8ebad1abfa3fd9da4ebaba76d
    John Foderaro committed Nov 17, 2014
Commits on Nov 13, 2014
  1. @dklayer

    bug22805: Have Aserve use the userinfo in request uri for basic-auth

    If the request uri passed to an Allegroserve client function contains
    user authentication information in the userinfo slot, use it. The
    :basic-authorization keyword parameter takes precedence over the uri
    userinfo field if both are specified.
    
    Tests added to test/t-aserve
    
    <release-note>
    bug22805: Have Aserve use the userinfo in request uri for basic-auth
    
    It is possible, though not recommended, to include user login
    information in the userinfo part of a uri. For example, the following
    uri includes login for the user "test" with a password of "friend":
    
      http://test:friend@examples.org/a/door
    
    Previously, Allegroserve would ignore any userinfo included in the
    uri, and only issue an Authorization header if the
    :basic-authorization keyword were specified in the client call. Now,
    if no explicit basic-authorization is passed to the client function,
    Allegroserve will use the userinfo field in the request uri, if
    present, to generate an authorization header for the request.
    
    </release-note>
    
    <documentation>
    tNo doc update needed.
    </documentation>
    
    Change-Id: Iacc2b5fc04c4ec156bfded13b3b5021f53b700db
    Mikel Bancroft committed with dklayer Nov 5, 2014
  2. @dklayer

    rfe13402: Use defaults of the underlying ssl module.

    Remove outdated ssl defaults in both the client and server.
    Instead, rely on the defaults of the underlying ssl module,
    
    Fix a bug where passing an :ssl-args argument, and not an :ssl arg,
    when starting a server would not result in an https server being
    started. A server can now be started via
    
      :ssl "server.pem"
    
    or
    
      :ssl-args '(:certificate "server.pem")
    
    Updates the t-aserve testsuite to use the preferred :ssl-args when
    performing https testing.
    
    <release-note>
    rfe13402: Use defaults of the underlying ssl module.
    
    Remove the outdated :sslv23 defaults for using ssl in both the
    Allegroserve client and server. Instead, rely on the defaults supplied
    by the underlying ssl module.
    
    </release-note>
    
    <documentation>
    see rfe13398
    </documentation>
    
    Change-Id: I44cbd848f1e5f9996c77400c22056b9e7f0322bc
    Mikel Bancroft committed with dklayer Nov 5, 2014
Commits on Oct 29, 2014
  1. v1.3.29: proxy now returns content-length

    When aserve is used as a proxy it would return the proxied
    content and close the socket to indicate end of input.
    This confuses some clients who expect to see a content-length header.
    Now aserve will return that content-length header.
    
    Change-Id: I68909db36e3fa8335682aa71cf39cdeb20551a6a
    John Foderaro committed Oct 29, 2014
Commits on Sep 3, 2014
  1. @dklayer

    bug22596: Fix bug in do-http-request retry-on-timeout

    Fix a bug in the retry-on-timeout logic in do-http-request. When
    do-http-request attempts to retry a request due to a 408 response, it
    recursively calls do-http-request again. After the retry and the
    initial call to do-http-request was re-entered, it was attempting to
    further process the response of the original timeout
    response. Instead, the results of that recursive call should be
    returned from the initial invocation of do-http-request where the
    timeout occurred.
    
    Tests added to test/t-aserve distinct from the other timeout related
    tests.
    
    Change-Id: If9ad3ab77bebc4a455281fcd6a811db120e90cb8
    Mikel Bancroft committed with dklayer Aug 30, 2014
Commits on Aug 23, 2014
  1. @dklayer

    bug22596: Send 408 response on timeouts. Allow retries.

    Have Allegroserve send a '408 Request Timeout' response when a
    timeout occurs while processing a request, rather than just closing
    the connection. A connection may still be closed when no part of a
    request has been read by the server.
    
    Add a :retry-on-timeout argument to do-http-request (default: nil) for
    automatic retrying of timed out requests. In the fashion of the
    :redirect argument, it can be passed t, nil, or a positive integer in
    order to always retry, never retry, or retry n times before giving up
    and returning the response to the calling agent.
    
    <release-notes>
    bug22596: Send a 408 response when reading request times out.
    
    Previously, Allegroserver would respond with a 500 Server Error
    or simply close the connection if a timeout occurred while reading
    an incoming request. Now, a 408 Request Timeout is returned if
    any portion of the request has been read. If none of the request
    has been read when the timeout occurs, such as when a keep-alive
    connection goes unused, the connection will just be closed.
    </release-notes>
    
    <documentation>
    Add a :retry-on-timeout entry to the table describing the keyword args
    accepted by do-http-request.
    
    name: retry-on-timeout
    default: nil
    description: If the response is a timeout (code 408), then if this
    argument is true (and, if an integer, positive), do-http-request will
    call itself to retry the request.  If retry-on-timeout is an integer
    then in the recursive call the value passed for redirect will be one
    less than the current value.  This prevents infinite recursion due to
    redirection loops.
    
    </documentation>
    
    Change-Id: I17fc015c08f67f09c974a0d2d4e54fb17c1a5dbd
    Mikel Bancroft committed with dklayer Aug 16, 2014
Commits on Apr 2, 2014
  1. @dklayer

    bug22375: unchunking and unexpected eof

    DEVICE-READ on UNCHUNKING-STREAM of aserve used to call READ-SEQUENCE
    in a tight loop if an unexpected eof was encountered in the middle of
    a chunk.
    
    Make it use READ-VECTOR instead whose b/nb behavior is a better match
    and signal an error if it reads nothing.
    
    Bump patch version.
    
    Change-Id: Ief2286d5cce24224ada68daf9b57b8dc91d7c065
    Gabor Melis committed with dklayer Mar 27, 2014
Commits on Mar 13, 2014
  1. @dklayer

    rfe12965: Allow full ssl config in aserve client/server.

    Aserve exports only a subset of the ssl related keyword arguments. As
    a result, it is not possible to fully customize a secure client or
    server.
    
    Add :ssl-args keyword to net.aserve:start,
    net.aserve.client:do-http-request, and
    net.aserve.client:make-http-client-request. As argument, it accepts a
    plist of keyword options and values accepted by make-ssl-client-stream
    or make-ssl-server-stream as pertains to the function being invoked.
    
    If :ssl-args is specified all other ssl related keyword arguments are
    ignored. This makes it possible to fully configure the ssl layer of an
    http server or client, such as specifying the list of allowed ciphers,
    and eliminates the need to patch AllegroServe when the underlying ssl
    implementation changes.
    
    Existing ssl-related keywords are retained for backwards
    compatibility.
    
    Change-Id: Ida0cdf195b89c3e806966b76f32df64e59415bc4
    Mikel Bancroft committed with dklayer Jan 10, 2014
  2. @dklayer

    bug22337: add aserve post request query args to uri

    When making an http post request with the aserve client
    that contains both content and query parameters, add
    the query parameters to the uri.
    
    If there are query parameters and no content, then the
    parameters are still added to the body, and a content-type
    of application/x-www-form-urlencoded of set.
    
    Change-Id: I3bee7200afd460d0fddf3e9fb007e6c6e2fdad4c
    Mikel Bancroft committed with dklayer Mar 12, 2014
  3. @dklayer

    rfe12963: more merging of query part in DO-HTTP-REQUEST

    Take the previous commit one step further and do the merging for all
    non-POST requests.
    
    Change-Id: Ibf3320bca798f1133760376ee4be40faccb12e8f
    Gabor Melis committed with dklayer Mar 11, 2014
Commits on Mar 11, 2014
  1. @dklayer

    rfe12963: merging of query part in DO-HTTP-REQUEST

    Previously
    
      (net.aserve.client:do-http-request "http://localhost/xxx?q1=1"
                                         :query '(("q2" "2")))
    
    requested http://localhost/xxx?q2=2. Make it so that QUERY is merged
    into the query part of the uri instead of clobbering it and
    http://localhost/xxx?q1=1&q2=2 is requested.
    
    Bumped version. Updated defpatch forms for 8.2 and 9.0.
    
    Change-Id: Ibf3320bca798f1133760376ee4be40faccb12e8f
    Gabor Melis committed with dklayer Mar 11, 2014
Something went wrong with that request. Please try again.