- Remove the edge trigger io hacks we had in place.
- Use level triggered io for the libcurl fds instead.
- Batch all curl events together and process them at the end
of our worker event loop.
If a coroutine is killed from another coroutine and the killed coroutine
was waiting on a kore.lock() object, it would have been incorrectly
woken up again once said lock was released.
This would cause a Python exception that a generator was already
running and a crash due to the pool element already being freed.
Track the active locking operation per coroutine so we can remove
the coroutine if it is killed, fixing the problem.
This method allows you to set a Python object and obtain it
by calling the method again without any arguments.
eg:
foo = SomeClass()
kore.app(foo)
foo = kore.app()
- Fix the curl-extract-opt.sh generation script to work on newer
curl releases as the header changed slightly.
- Use the correct handles when calling curl_easy_setopt() inside
of our setopt functions exported via Python.
- Add a curl.setbody() method, allowing a body to be sent to be set.
(eg when sending mail via SMTP).
- Regen of our python_curlopt.h from 7.71.1
This hooks into the existing redirection framework but allows you
to quickly deny certain paths with a 403 or other status code.
The snippet below would for example declare a filemap served from 'www'
directory but denying all access to the files under the 'data' directory:
filemap / www
deny /data 403
Inside the domain contexts a 'redirect' rule will allow you to redirect
a request to another URI.
Ex:
Redirect all requests with a 301 to example.com
redirect ^/.*$ 301 https://example.com
Using capture groups
redirect ^/account/(.*)$ 301 https://example.com/account/$1
Adding the query string in the mix
redirect ^/(.*)$ 301 https://example.com/$1?$qs
Instead of adding all listening sockets into the kqueue at platform init,
do it in the first call to kore_platform_enable_accept().
This way a worker process can still call kore_server_create() in its
kore_worker_configure() hook.
Kore already exposed parts of this via the kore.httpclient() method but
this commit takes it a bit further and exposes the libcurl interface
completely (including the setopt options).
tldr:
handle = kore.curl("ftp://ftp.eu.openbsd.org/pub/OpenBSD/README")
handle.setopt(kore.CURLOPT_TIMEOUT, 5)
data = await handle.run()
print("%s" % data.decode())
If waitpid() returns -1 check if errno is ECHILD, just mark the worker
process as exited.
This could happen if Kore starts without keymgr/acme but those would still
be accounted for.
These changes improve the constraint kore had with client authentication and
multiple domains.
- Add kore_x509_subject_name() which will return a C string containing
the x509 subject name in full (in utf8).
- Log TLS errors if client authentication was turned on, will help debug
issues with client authentication in the future.
- If SNI was present in the TLS handshake, check it against the host specified
in the HTTP request and send a 421 in case they mismatch.
- Throw a 403 if client authentication was enabled but no client certificate
was specified.
Joris Vink
Frederic Cambus