Double check we actually get a certificate if we are asking for one.
Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do.
Start logging the CN for the received client certificate in the access logs.
As a bonus re-arrange some accesslog stuff for sanity.
request can be used for when you want to validate something for
authentication bmanually. Youur validator will receive the http_reques
passed down.
A practical use of this is doing IP based ACL's.
Using authentication blocks one can define "authentication" mechanisms
in Kore for page handlers.
This can be used to require a session cookie (validated by your own validator)
for certain page handlers, and hopefully in the future provide a framework
for adding more authentication things (like HTTP Auth).
Right now only cookie checking is available.
- Parameter validation is now done only when http_process_*()
is called and upon http_argument_add().
- You MUST have defined your params in a param block or they will
be filtered out.
- http_argument_lookup() is dead, welcome http_argument_get() and
its brothers and sisters:
http_argument_get_string()
http_argument_get_uint16()
http_argument_get_int16()
http_argument_get_uint32()
http_argument_get_int32()
They will automatically do bounds checking on integers for you
and return proper integers or a NUL-terminated string.
- The http_argument_get* functions no longer create an additional
copy of the string which you need to free. Easier going.
- http_multiple_args() is dead, byebye
- Make some stuff we don't want to share with the modules static.
If a worker reached worker_max_connections and it was its turn to
grab the accept lock it would've gotten stuck and no new connections
would be handled even if other workers would be less busy.
Instead, we now skip the lock if we're too busy and pass it along
in the hopes other workers are less busy.
