Permalink
Commits on Jun 28, 2017
  1. Be sure to support SNI to explicitly disable it in the testsuite

    capflam committed Jun 28, 2017
    In fact, SNI support on the client side was introducted in R16B03-1. But we can
    safely rely on its support on the server side (introduced in Erlang/OTP 18)
    because this only matters on Erlang/OTP 20.0 and greater.
Commits on Jun 27, 2017
  1. Changes for Erlang/OTP 20.0

    vinoski committed Jun 27, 2017
    In testsuite.erl, explicitly disable SNI if not set because in
    Erlang/OTP 20.0, it is set by default to the Host value used in
    ssl:connect/4 (Christopher).
    
    Fix old-style catch in yaws_server.erl that caused a compilation
    warning under Erlang/OTP 20.0 (Steve).
    
    Remove an old zlib workaround in yaws_zlib.erl, as it's no longer
    needed (Christopher).
    
    Add versions 19.3 and 20.0 to the .travis file.
Commits on Jun 8, 2017
Commits on Apr 27, 2017
  1. Fix #306: ignore http_error tuples in yaws_api:fold_others/4

    vinoski committed Apr 27, 2017
    When processing HTTP headers in yaws_api:fold_others/4, ignore
    http_error tuples and other values that are not http_header tuples.
Commits on Apr 21, 2017
  1. Remove 'export_all' compile option and export public functions explic…

    capflam committed Apr 21, 2017
    …itly
    
    Unlike the testsuite, modules updated by this patch have been updated to export
    explicitly public functions instead of using 'expor_all' compile option. This
    remove compilation errors in Erlang/OTP 20.
  2. Compile testsuite modules with '+nowarn_export_all' option

    capflam committed Apr 21, 2017
    This remove compilation errors with Erlang/OTP 20. Instead of exporting
    explicitly public functions, it is easier to ignore the warning.
Commits on Apr 18, 2017
Commits on Apr 11, 2017
Commits on Apr 10, 2017
  1. Fix writing of yaws_dynopts.erl if path contains tilde

    weisslj authored and capflam committed Apr 10, 2017
    Writing of yaws_dynopts.erl fails if the Yaws include path contains a
    tilde (~) character. This happens often on Windows for long paths (e.g.
    "c:/Users/ADMINI~1/repos/yaws").
    
    Reproduce:
    
        git clone https://github.com/klacke/yaws.git yaws~1
        autoreconf -fi && ./configure && make && make test
        [...]
        Kernel pid terminated (application_controller) ({application_start_failure,yaws,{{shutdown,{failed_to_start_child,yaws_server,{badarg,[{io,format,[<0.168.0>,"-module(yaws_dynopts).\n\n-include(\"/home ...
Commits on Jan 31, 2017
  1. Improve finding of private ports

    weisslj authored and capflam committed Dec 12, 2016
    Since df1d7bf Yaws does not really open port 0 anymore, but tries to
    open one from 49152 onwards. This leads to "badbind" errors when e.g.
    executing multiple separate common test runs which use Yaws repeatedly.
    
    With this patch port 0 is opened instead, the port number retrieved, and
    closed again. This still is not completely safe, as the port could be
    taken by another application in the short time Yaws tries to listen on
    it again, but in practice I could not reproduce badbind errors.
    
    This approach leaves all advantages of df1d7bf, but also respects the
    local range for dynamic ports if specified, see
    http://stackoverflow.com/a/924337.
    
    Here is a test program which illustrates the problem. With this patch
    it runs continuously, without it stops with "badbind":
    
        #!/bin/bash
    
        NUM_CT_CONCURRENT=4
    
        trap "exit" INT TERM
        trap "kill 0" EXIT
    
        sim_testcase () {
            echo "ct run $1, testcase $2"
            output=`erl -pa ebin -noshell \
                -eval 'yaws:start_embedded("www/testdir", [{port, 0}], [], "'$1'")' \
                -eval 'timer:sleep(1000)' \
                -eval 'yaws:stop()' \
                -eval 'init:stop()' \
                2>&1`
            retval=$?
            if [[ $retval -ne 0 ]] ; then
                case $output in
                    *badbind*) echo "---> BADBIND <---" ;;
                    *) echo "$output" ;;
                esac
            fi
            return $retval
        }
    
        sim_ct_run () {
            n=$(($2+1))
            if sim_testcase $1 $n ; then
                sim_ct_run $1 $n
            else
                kill 0
            fi
        }
    
        set -m
        (
            for tag in `seq 1 $NUM_CT_CONCURRENT` ; do
                sim_ct_run $tag 0 &
            done
            wait
        )
  2. Get the port number from the Host header in yaws_api:request_url/1

    capflam committed Jan 31, 2017
    yaws_api:request_url/1 returns the parsed url (a #url{} record) that the
    client requested. #url.host field is get from the Host header, with a fallback
    on #sconf.servername. But #url.port was always retrived from the #sconf record
    without any checks on the Host header.
    
    With this patch, we try to extract the port number from the Host header and we
    fallback on the #sonf record only if there is no Host header. This way,
    yaws_api:request_url/1 is now returning the expected result.
    
    Fix #297. Thanks to Thomas Rackwitz for reporting the issue and working on it.
Commits on Dec 22, 2016
  1. Add supervisor for websocket callback processes

    vinoski committed Dec 22, 2016
    Add the yaws_ws_sup simple_one_for_one supervisor to start and manage
    websocket callback handler processes.
Commits on Nov 24, 2016
  1. SSL restart bug fixed

    Klacke Wikstrom
    Klacke Wikstrom committed Nov 24, 2016
    Testing tools that stress SSL by sending junk, crashes SSL and yaws
    handles it nicely and restarts - all good. However we're counting
    number of connections erroneously when this happens, and eventually
    we run out of connections.
    If e.g max_connections is 1024, and SSL dies 1024 times, we get into
    "max connections reached" case.
    Found and fixed by Per Hedeland and Tail-f test team
  2. Merge pull request #293 from weisslj/purge_yaws_dynopts

    capflam committed Nov 24, 2016
    Purge old code of yaws_dynopts after loading
  3. Add scripts/systemd directory in the dist files

    capflam committed Nov 24, 2016
    A systemd service script was added to Yaws in 5b362c4; But it was not listed
    in the EXTRA_DIST varaible in scripts/Makefile.am.
    
    [ci skip]
Commits on Nov 23, 2016
  1. Purge old code of yaws_dynopts after loading

    weisslj committed Nov 23, 2016
    After starting Yaws the yaws_dynopts module has old code loaded:
    
        > erlang:check_old_code(yaws_dynopts).
        true
    
    This causes Erlang/OTP monitoring systems like WombatOAM to raise an
    alarm:
    
        New alarm raised.
        Alarm id: {old_code,yaws_dynopts}.
        Additional information: <<"yaws_dynopts has old code loaded">>
    
    This patch purges the old code if the generated yaws_dynopts module is
    loaded. It cannot be done in the yaws_dynopts itself.
Commits on Nov 18, 2016
  1. Update known dialyzer warning

    capflam committed Nov 18, 2016
  2. Fix dialyzer warnings about missing function

    capflam committed Nov 18, 2016
    On old Erlang/OTP releases, dialyzer fails because of missing functions. So we
    use a small workaround to bypass this issue. Instead of calling
    
        module:function(Args)
    
    we call
    
       (fun module:function/N)(Args)
    
    Ref. #292
  3. Fix yaws_dynopts:compare_version/2 function

    capflam committed Nov 17, 2016
    It failed to compare versions of different length.
    
    Ref. #292
  4. Use a dynamic wrapper around ssl:connection_information/2

    capflam committed Nov 18, 2016
    This function has been introduced int Erlang/OTP 18. So for previous releases we
    need to have a wrapper function.
    
    Ref. #292
  5. Remove dynamic wrapper on rand_bytes/1 function

    capflam committed Nov 17, 2016
    Because crypto:rand_bytes/1 is deprecated since releases 19, we had added a
    wrapper function in yaws_dynopts module to use crypto:strong_rand_bytes/1 when
    possible. This was mandatory for R14 and R15 releases. But, since we have
    removed the support for these releases, the wrapper function is useless.
    
    Now, use use crypto:strong_rand_bytes/1 directly.
    
    Ref #292
  6. Fix a typo in yaws_ls

    capflam committed Nov 18, 2016
  7. Fix a typo in yaws_config

    capflam committed Nov 18, 2016
  8. Specify the port in proc_cleanup_SUITE testsuite

    capflam committed Nov 18, 2016
    Instead of using the default port (8000) in proc_cleanup_SUITE testsuite, we use
    a reserved port.
Commits on Oct 30, 2016
  1. Remove forgotten debug messages

    capflam committed Oct 30, 2016
    [ci skip]
  2. Add support of unicode characters in the configuration file

    capflam committed Oct 30, 2016
    By default, Erlang VM opens files using latin1 encoding. So it was impossible to
    use Docroot path with unicode characters. Though, there is an option to open
    file using unicode encoding.
    
    So now, it is possible to choose. With the yaws script, the option '--encoding'
    can be used to choose between latin1 and unicode. It is also possible to set the
    yaws application environment variable '{encoding, latin1|unicode}'.
    
    If you load the configuration file by hand, using yaws_config:load/1, you must
    set #env.encoding field. By default, latin1 is used.
    
    IMPORTANT: if you use Docroot path with unicode characters, you MUST use
    quotes. For example:
    
       docroot = "/tmp/ẅẅẅ"
    
    Ref: issue #290
Commits on Sep 22, 2016
  1. Preparing for 2.0.4

    Klacke Wikstrom
    Klacke Wikstrom committed Sep 22, 2016
Commits on Sep 20, 2016
  1. Add support for salted hashes in users credentials

    capflam committed Sep 13, 2016
    Now, it is possible to use a random salt to hash passwords. The salt must be
    provided, encoded in base64.
    In yaws configuration is must follow the format:
    
      user = "User:{Algo}$Salt$Hash"
    
    And in .yaws_file:
    
      {"User", "Algo", "Salt", "Hash"}.
    
    Using clear passwords or hashes without salt is still possible. Yaws startup
    script always uses salted hashes
  2. Remove support for Erlang/OTP R14 and R15 releases

    capflam committed Sep 13, 2016
    Now, R16B01 or higher is required.
  3. Add support of hashed passwords in yaws configuration and in .yaws_au…

    capflam committed Sep 13, 2016
    …th files
    
    Now, it is possible to used hashed password to define user's credential. In the
    yaws configuration, you can add following lines is <auth> sections:
    
      user = "User:{Algo}Base64Hash"
    
    and in .yaws_auth files:
    
      {"User", "Algo", "Base64Hash"}.
    
    Algo is one of: md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512
    
    and Base64Hash is the result of the hash functions, encoded in base64. For
    example:
    
      "/N4rLtula/QIYB+3If6bXDONEO5CnqBPrlURto+/j7k=" for "bar" password.
    
    yaws startup script has been updated to add a way to generate user's credential:
    
      $> yaws --auth --algo sha256 USER
      baz
    
      User's credential successfully generated:
          Put this line in your Yaws config (in <auth> section): user = "USER:{sha256}uqWglk0zIPvAxqkiFARTyFE+okq4/QV3A0gEqWckgJY="
    
          Or in a .yaws_auth file: {"USER", "sha256", "uqWglk0zIPvAxqkiFARTyFE+okq4/QV3A0gEqWckgJY="}.