CGIplus-enabled Run-time Environment Example
--------------------------------------------
***** FIRST, EVIDENCE OF PERSISTANCE *****
Usage Count: 1
***** SECOND, THE CGI ENVIRONMENT AVAILABLE *****
WWW_AUTH_TYPE=
WWW_CONTENT_LENGTH=0
WWW_CONTENT_TYPE=text/plain; charset=ISO-8859-1
WWW_CSP_NONCE=2c78238fc9ca59d65ccb88e512fea37
WWW_DOCUMENT_ROOT=
WWW_GATEWAY_INTERFACE=CGI/1.1
WWW_GATEWAY_EOF=$Z-26EAB4B5C9D4E5F2551B6CCB-
WWW_GATEWAY_EOT=$D-F8476D90DF530C511971F9DE-
WWW_GATEWAY_ESC=$E-23D35CC7C8BE665CD206A3AD-
WWW_GATEWAY_MRS=16492
WWW_HTTP_ACCEPT=*/*
WWW_HTTP_USER_AGENT=Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
WWW_HTTP_ACCEPT_ENCODING=gzip, br, zstd, deflate
WWW_HTTP_HOST=wasd.vsm.com.au
WWW_PATH_INFO=/just/a/bogus/path.txt
WWW_PATH_ODS=5
WWW_PATH_TRANSLATED=WASD_ROOT:[just.a.bogus]path.txt
WWW_QUERY_STRING=query=string
WWW_REMOTE_ADDR=18.224.58.33
WWW_REMOTE_HOST=ec2-18-224-58-33.us-east-2.compute.amazonaws.com
WWW_REMOTE_PORT=44655
WWW_REMOTE_USER=
WWW_REQUEST_METHOD=GET
WWW_REQUEST_PROTOCOL=HTTP/2
WWW_REQUEST_SCHEME=https:
WWW_REQUEST_TIME_GMT=Thu, 31 Oct 2024 23:53:38 GMT
WWW_REQUEST_TIME_LOCAL=Fri, 01 Nov 2024 10:23:38
WWW_REQUEST_URI=/rtbin/version.h/just/a/bogus/path.txt?query=string
WWW_SCRIPT_FILENAME=WASD_ROOT:[src.httpd]version.h
WWW_SCRIPT_NAME=/rtbin/version.h
WWW_SCRIPT_RTE=cgi-bin:[000000]rte_example.exe
WWW_SERVER_ADDR=119.252.17.13
WWW_SERVER_CHARSET=ISO-8859-1
WWW_SERVER_GMT=+10:30
WWW_SERVER_NAME=wasd.vsm.com.au
WWW_SERVER_PROTOCOL=HTTP/1.1
WWW_SERVER_PORT=443
WWW_SERVER_SIGNATURE=
WASD/12.2.5 Server at wasd.vsm.com.au Port 443
WWW_SERVER_SOFTWARE=HTTPd-WASD/12.2.5 OpenVMS/IA64 SSL
WWW_UNIQUE_ID=741a24ae183d1a5a65a
WWW_FORM_QUERY=string
WWW_KEY_COUNT=0
***** THIRD, AN "INTERPRETED" FILE (WWW_SCRIPT_NAME/WWW_SCRIPT_FILENAME) *****
[0001] /*****************************************************************************/
[0002] /*
[0003] version.h
[0004]
[0005]
[0006] VERSION HISTORY
[0007] ---------------
[0008] 24-OCT-2024 MGD v12.2.5,
[0009] /DO=AUTH=SKELKEY= extend skeleton-key functionality
[0010] WATCH now can generate standlone report file
[0011] WATCH can collect data in a "detached" mode
[0012] WATCH can collect data after network "trigger"
[0013] WATCH cipher octets only when [x]SSL is checked
[0014] WATCH "rabbit hole" restriction removed with revised strategy
[0015] /DO=ZERO=HTTP2
[0016] refine HTTP/2 flow control
[0017] Http2FlowCheck() and WASD_HTTP2_FLOW_CHECK logical name
[0018] [SRC.LIBZ] and WASD_LIBZ_SHR32
[0019] HttpdSystemInfo() SYI$_CPUID to get underlying x86-64 CPU
[0020] refine/expand server process log reports
[0021] RequestLogNBG() to access log NBG request
[0022] TcpIpSocketMaxQio() remove TLS-specific ->TcpMaxQio
[0023] SesolaNetIoPerMinute() allows socket read size to be set
[0024] SesolaCme.c supports ALPN-TLS-01 (acme-tls/1)
[0025] DclMemBuf.C as promised (in 2017)) counters moved to accounting
[0026] proxy FTP obsolete
[0027] bugfix; FileNextBlocks() StrDscBegin()
[0028] bugfix; DclScriptProcessCompletionAST() remove IO$_WRITEOF
[0029] bugfix; RequestEnd2() some statistics
[0030] bugfix; RequestDiscardBody() regression
[0031] bugfix; LoggingDo() abs(rqptr->rqResponse.Duration64)
[0032] bugfix; Sesola_netio_read_ex() ->TcpMaxQio to ->TcpMaxSeg
[0033] subtly broke (very) large reads, back to v12.0.0 strategy
[0034] bugfix; request I/O accounting with HTTP/2
[0035] bugfix; HpackHeadersFrame() >= CookieSize
[0036] bugfix; allow service name devoid of alphabetics (e.g. 10-8.)
[0037] bugfix; ProxyTunnelLogicalName() SYSNAM for PSL$C_EXEC
[0038] bugfix; DECnetSupervisor() remove orphaned tasks
[0039] 16-JAN-2024 MGD v12.2.0,
[0040] OpenSSL 3.0.n now the baseline supported version
[0041] Can still be built and run against OpenSSL 1.1.1
[0042] OpenSSL TLS 1.3 requires SSL_CTX_set_cipher_suites()
[0043] OpenSSL v1.1.1 emulate v3.0.n OSSL_default_ciphersuites()
[0044] and OSSL_default_cipher_list()
[0045] GATEWAY_SYMBOLS standard CGI variable
[0046] #WASD_CONFIG_GLOBAL [Accept] and [Reject] now accept file
[0047] specifications allowing files of patterns to be loaded
[0048] /DO=ACCEPT and /DO=REJECT allow reloading of above
[0049] /DO=REJECT=PURGE[=] allows purging of $STATUS IPs
[0050] NetReject..() module allows more sophisticated accept/reject
[0051] allow CIDR n.n.n.n/n patterns
[0052] allow IP range n.n.n.n-n.n.n.n patterns
[0053] $DNS, $LOG, $NOTE, $OPCOM, $4/5nn with $400, $403
[0054] $4/5nn maps a specific HTTP status to rejected IPs
[0055] [SSLcipherSuites] for TLSv1.3
[0056] [ServiceSSLcipherSuites] for TLSv1.3
[0057] [AuthParam] and AuthConfigParam() provides per-realm params
[0058] FaolSAK() 'UQ' and 'XQ' unsigned and hexdeciaml quadwords
[0059] SesolaCertVerifyCallback() and SesolaClientCert() use new
[0060] algorithm for determining client certificate validity
[0061] X509 Authorization parameters can now include
[0062] [IG:] will ignore client cert verification
[0063] error number returned during the verification process
[0064] (see prologue to AuthConfigParam())
[0065] logical name WASD_WATCH_ONE_SHOT defines one-shot items
[0066] ensure all WASD_ROOT:[] are WASD_:
[0067] HttpdSysOutDaily() per-day progessive snapshot of server log
[0068] Http2Supervisor() mitigate Rapid Reset CVE-2023-44487
[0069] DclTaskRecover() periodically recover scripting resources
[0070] HTTP/2 refinements using https://github.com/summerwind/h2spec
[0071] bugfix; DirFormatAcpInfoAst() 64 bit file size
[0072] bugfix; FileAcpInfoAst() 64 bit file size
[0073] bugfix; DavPropLive() 64 bit file size
[0074] bugfix; SesolaWatchPeek() do NOT SSL_free()!
[0075] bugfix; braindead SesolaServiceSameCA()
[0076] bugfix; OdsDirect() [again!]
[0077] if (odsptr->DirectWildcard[0] &&
[0078] !odsptr->DirectVersion0)
[0079] status = RMS$_NMF;
[0080] 08-JAN-2023 MGD v12.1.0,
[0081] WASD_CONFIG_INLINE configuration file
[0082] SESOLA123 and SESOLA321 to allow OpenSSL-3.0 and
[0083] OpenSSL-1.1.1 to be built using the same object code
[0084] SesolaServiceSameCA() mitigate OpenSSL-3.0 expense
[0085] TcpIpSocketMaxQio() adjust send buffer 2x (unless explicit)
[0086] TcpIpSocketSndBuf() and ..RcvBuf() selectively applied
[0087] ResponseHeader() default "content-security-policy:"
[0088] move onclick=s to addEventListener()s to support
[0089] content-security-policy: 'strict-dynamic'
[0090] NetListFor() include client IP port, rework truncation
[0091] AdminMenu() [Request+] report
[0092] NetWrite() drop any and all HTTP status 418 (e.g. DCL script)
[0093] Sesola..() remove code support prior to OpenSSL 1.1.0
[0094] SysLogInit() and SysLogOpcom() and WASD_SYSLOG logical name
[0095] OdsAccessCheck() and logical name WASD_ODS_ACCESS_CHECK
[0096] metacon remote-addr: and remote-name: tests if DNS resolution
[0097] succeeded (if equal then name equals address and failed)
[0098] RequestDiscardBody() use ->rqBody.ContentCount64
[0099] DECnetEnd() "solution" to obscure corner-case behaviour
[0100] [NoticeInvalid] global configuration
[0101] /DO=NOTICE=INVALID=
[0102] /DO=OPCOM=""
[0103] pre-v10.0 file name munging via v10orPrev10() eliminated
[0104] while every care has been exercised with null-terminated
[0105] string overflow; strzcpy() and strzcat() now ubiquitous
[0106] bugfix; PutDelete() missing OdsStructInit(&SearchOds,true);
[0107] bugfix; NetAbortSocket() deliver any outstanding read and/or
[0108] write ASTs (especially for HTTP/2 streams)
[0109] bugfix; ProxyTunnelLogicalName(NULL) from HttpdTick()
[0110] bugfix; HttpdSupervisor() HTTP/2 request timeout/no-progress
[0111] bugfix; ProxyTunnelBegin() not ProxyTunnelRebuildRequest()
[0112] PROXY_TUNNEL_HTTP and PROXY_TUNNEL_HTTPS should NetRead()
[0113] bugfix; DECnetWriteRequestBody() tkptr->QueuedDECnetIO++;
[0114] 05-OCT-2022 MGD v12.0.1,
[0115] strsame() now implemented using str[n]casecmp()
[0116] bugfix; OdsDirect() end of records (-1) in end file block
[0117] bugfix; when using file cache magic buffers
[0118] bugfix; AuthorizeRealm() greater-than not -or-equal-to
[0119] ->LastAccessMinutesAgo > ->rqAuth.RevalidateTimeout
[0120] 23-OCT-2021 MGD v12.0.0,
[0121] So long, farewell, Auf Wiedersehen, goodnight (-VAX)
[0122] (comprehensive move to native 64 bit data storage)
[0123] continuing port to x86-64 (OpenVMS V9.1-A)
[0124] verified builds against and operates with OpenSSL 3.0
[0125] (but not offically supported due to OpenSSL 3.0 issues)
[0126] accomodate PIPE from WASD_ROOT:[SRC.UTILS]WASTEE.C
[0127] TcpIpAlt..() experimental address/name lookup
[0128] BSD 4.4 sockaddr.. IO$M_EXTEND to $QIO (per MB)
[0129] proxy caching has been obsoleted
[0130] proxy SOCKS5 connect support
[0131] scripting process naming revised (perhaps even enhanced)
[0132] agent scripting extended and formalised for v12...
[0133] AGENT-BEGIN: and AGENT-END: callouts
[0134] CGI: and DICT: callouts
[0135] /DO=DCL=PROCTOR=APPLY
[0136] /DO=DCL=PROCTOR=LOAD
[0137] /DO=NET=LIST
[0138] /DO=NET=PURGE=HTTP1
[0139] /DO=NET=PURGE=HTTP2
[0140] logging 'XX:blb' visual aid
[0141] AdminPing() provides a baseline RTT for request processing
[0142] SET proxy=rework= (replacement strings for response)
[0143] SET response=var=asis (provide exact image of on-disk file)
[0144] SET webdav=all (process all requests via WebDAV code)
[0145] SET webdav=auth (authorise access using WebDAV SETings)
[0146] metacon webdav:all (SETing of above)
[0147] metacon webdav:auth (SETing of above)
[0148] pass /whatever "200 $" executes CLI command
[0149] !#-- and !#++ selectively disable/(re)enable WATCH reporting
[0150] [ServiceConnect] respond to a connection on a port
[0151] WATCH: proctored script by checking only [x]Script
[0152] OdsFileAcpInfo() ATR$C_MODDATE (date-time *data* modified)
[0153] supplements ATR$C_REVDATE (classic revision date-time)
[0154] callout HTTP-STATUS: detect if a script has responded yet
[0155] DavWebRequest() specifically handle WebDAV GET and HEAD
[0156] DavMetaOds() ensure extended syntax only used ODS-5 volumes
[0157] AuthAccessEnable() file access use (rqptr->WebDavRequest ||
[0158] rqptr->WhiffOfWebDav || rqptr->rqPathSet.WebDavAuth)
[0159] AuthParseAuthorization() return AUTH_DENIED_BY_LOGIN
[0160] if unknown scheme allowing 401 response rather than 403
[0161] FaoBigNumber() '&,' optionally numbers 'P', 'G', 'M', 'k'
[0162] SesolaMkCertRetain() stores dynamic cert in process logical
[0163] WatchData() and WatchDataDump() constrain length
[0164] NetListFor() use of $BRKTHRU requires OPER privilege
[0165] bugfix; Http2Supervisor() idle connection
[0166] bugfix; SesolaNetIoRead() /bytes = value/
[0167] bugfix; FileBegin() ERROR_REPORTED() free file task
[0168] bugfix; CliDemo and instance environment number (per KM)
[0169] bugfix; CgiGenerateVariables() "AUTHAGENT hangs when called
[0170] for a POST request" (per JPP)
[0171] bugfix; DclCalloutDefault() CLIENT-READ:
[0172] bugfix; AdminMenu() activity hours 672
[0173] bugfix; MapOdsAdsVmsToUrl() "if (SAME2(cptr,':['))"
[0174] bugfix; OdsDirectSearch() appending the resultant file name
[0175] to the pre-filled expanded name
[0176] bugfix; DavMetaCreateDir() and DavMetaDeleteDir()
[0177] allow for non-existant meta data files
[0178] bugfix; DavMetaName() no meta directory
[0179] bugfix; ErrorReportFooter() use request heap for signature
[0180] 17-AUG-2020 MGD v11.5.1,
[0181] Http2RequestData() reduce memory consumption
[0182] HTTP2_DEFAULT_WINDOW_SIZE from 1048575 to 131070
[0183] if no service configured create http: and https: ex nihilo
[0184] VmCheckPgFlLimit() and WASD_VM_PGFL_LIMIT logical name
[0185] keep connect cert (->VerifyPeer) distinct from client cert
[0186] bugfix; ProxyEnd() fix NetIoEnd() fix
[0187] bugfix; OdsDirectSearch() if wildcard specification
[0188] return RMS$_NMF, otherwise RMS$_FNF (seems so elementary)
[0189] bugfix; Http2RequestCancel() cancel and abort
[0190] bugfix; RequestEnd() redirection
[0191] bugfix; SesolaALPNCallback() 'h2' global and service enabled
[0192] bugfix; ControlDoHelp() remove non-existant DISCONNECT=..
[0193] bugfix; RequestExecutePostAuth1() INTERNAL_PASSWORD_CHANGE
[0194] should call HtAdminBegin() not AdminBegin()
[0195] bugfix; SesolaSNICallback() needs to propagate newly set
[0196] context client verify parameters to SSL-specific
[0197] bugfix; SesolaNetFree() ensure (sigh) X509_free() where
[0198] ->ClientCertPtr associated with connection (i.e. HTTP/2)
[0199] bugfix; RequestParseExecute() ensure PUT and DELETE have
[0200] WebDAV header field(s) before considering WebDAV
[0201] 22-JUL-2020 MGD v11.5.0, "Stay well..."
[0202] static fallback cert replaced by dynamic SesolaMkCert()
[0203] protocol "HTTP/2" also reported in standard log formats
[0204] DavWebRequest() remove requirement for logical name
[0205] WASD_HTTP2_WEBDAV after WebDAV over HTTP/2 tested
[0206] NetIoQioMaxSeg() tune QIO to TCP MSS
[0207] verified against VSI SSL111 product
[0208] SET response=c sp= ("content-security-policy:")
[0209] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
[0210] SET response=cspro= ("..policy-report-only:")
[0211] metacon alpn: (TLS application level protocol negotiation)
[0212] metacon proctor: (obvious proctored script clause)
[0213] DCL callout CSP: ("content-security-policy:")
[0214] DCL callout CSPRO: ("..policy-report-only:")
[0215] REGEX.C updated (ever-so-slightly)
[0216] more proxy persistent connection (per JPP)
[0217] RequestAbort() accomodates HttpdSupervisor() refinement
[0218] and REQUEST_STATE_ABORT used throughout server
[0219] Http2RequestData() delivers Http2RequestCancel() read AST
[0220] NetTestSupevisor() and WASD_NET_TEST_BREAK logical name
[0221] bugfix; ProxyEnd() free ioptr using NetIoEnd()
[0222] bugfix; NetIoWriteStatus() and NetIoReadStatus()
[0223] bugfix; RequestPersistentConnection() pipelined request
[0224] bugfix; Http2RequestData() flow control
[0225] bugfix; SesolaClientCertGet() SSL_VERIFY_POST_HANDSHAKE
[0226] bugfix; httpd.c if (!CliDemo) HttpdGblSecInit();
[0227] bugfix; MetaConConditionalList() bu**ered
[0228] bugfix; RequestProcessFields() DictLookup (.."accept"..)
[0229] bugfix; SesolaCertExtension() BIO_NOCLOSE memory leak
[0230] bugfix; CacheLoadEnd() free rqCache.ContentPtr on fail
[0231] bugfix; DICT.C "tmptr && tmptr->clink.."
[0232] bugfix; Http2Priority() exclusive bit
[0233] bugfix; NetCreateService() only SesolaInitService() once
[0234] bugfix; WatchDataDump() CHARS_PER_LINE calculation (sigh)
[0235] bugfix; OdsDirectSearch() RMS$_FNF not RMS$_NMF (per JPP)
[0236] bugfix; RequestShareBegin() if (!MATCH6 (cptr, "raw://"))
[0237] bugfix; SesolaNetClientBegin() SESOLA_SINCE_110
[0238] BIO_set_data() before SSL_set_bio() (per JPP)
[0239] bugfix; AdminParsePath() extraneous OdsParseRelease()
[0240] bugfix; OdsDirectSearch() only if not already on the block
[0241] boundary add one to get to next, otherwise already there!
[0242] 20-JUL-2019 MGD v11.4.0, "One small step ..."
[0243] 25th Anniversary Release (see 20-JUN-1994 below)
[0244] adapt WatchSystemPlus() to allow use via CLI /SYSPLUS
[0245] then dignified with a (sysPlus..()) module of its very own
[0246] /OUTPUT= (in particular for /SYSPLUS)
[0247] HttpdSupervisor() explicitly WatchEnd()
[0248] Sesola_netio_read() and Sesola_netio_write() if connection
[0249] broken (channel zero) return zero (SSL shutdown)
[0250] SET response=200=203 for request tracking and log analysis
[0251] ResponseHiss() response status changed from 403 to 203
[0252] status code 418 (teapot) forces connection drop
[0253] allow a specified port when redirecting, i.e. http[s]//:nnn
[0254] Sesola_netio_read_ast() 0 status TCP/IP Services?
[0255] Sesola_netio_write_ast() 0 status TCP/IP Services?
[0256] bugfix; SesolaClientCertGet() status 0 an issue
[0257] bugfix; SesolaClientCertGet() if (value <= 0) break;
[0258] bugfix; CgiOutput() Content-Length: strtoul()
[0259] bugfix; SesolaClientCert() allow pattern per 25-AUG-2015
[0260] bugfix; SesolaCertExtension() storage reset
[0261] bugfix; SesolaCertParseDn() regression (or whatever)
[0262] bugfix; Http2NetQueueWrite() PEEK_8 at w2ptr->type
[0263] bugfix; non-local without "Host:" use name not host:port
[0264] bugfix; Http2RequestEnd() copy tally rx/tx to request
[0265] bugfix; OdsDirectSearch() (uint)0xffff && rlen < 508)
[0266] bugfix; AuthCompleted() and AuthNotComplete() to address
[0267] AST delivery following request end and rundown
[0268] bugfix; for bugfix StringSliceValue() kludge
[0269] allow for DECnet connection string specified username
[0270] bugfix; DavMetaDir() ACCVIO from !SAME2(mfdptr,'[.')
[0271] 24-NOV-2018 MGD v11.3.0
[0272] verified against OpenSSL v1.0.2 && v1.1.0 && v1.1.1
[0273] TLSv1.3 operational
[0274] verified against EXPAT v2.2.5 (for WebDAV purposes)
[0275] (but reverted to v2.0.1 for final VAX WASD release)
[0276] VM.C eliminate dynamic tuning of heap initial allocation
[0277] and rework to allow detailed memory management statistics
[0278] to be compiled into the runtime for development purposes
[0279] ODS (FILES-11) directory parser
[0280] WatchSystemPlus() et.al. for system troubleshooting
[0281] RequestBegin() exit after consecutive SesolaNetBegin() fails
[0282] DavWebRundown() explicitly abort WebDAV processing
[0283] allow logical name content during one-to-one rule mapping
[0284] refactor WatchWrite() using NetWriteBuffered()
[0285] DclTaskRunDown() always use DclEmptySysOutput()
[0286] [BufferQuotaDclOutput] BUFQUO value for SYS$OUTPUT mailbox
[0287] refactor Http2RequestCancel() into Http2RequestCancelRead()
[0288] and Http2RequestCancelWrite()
[0289] ProxyRequestRebuild() proxy-authorization opaque:
[0290] ProxyTunnelLogicalName() WASD_TUNNEL_SECONDS
[0291] RequestGet() and ProxyTunnelNetReadAst() provide
[0292] "X-Forwarded-For:" client host to proxied-to server
[0293] /DO=REQUEST=RUNDOWN=..
[0294] /DO=ZERO=STATUS
[0295] /DO=SSL=SERVICE=LOAD[=] no longer works
[0296] SET response=var=crlf
[0297] SET response=var=lf
[0298] SET response=var=none
[0299] bugfix; PutWriteFileOpen() override incompatible existing
[0300] file characteristics by first erasing the file
[0301] bugfix; seeming innumerable WebDAV fixes (some obvious,
[0302] some obscure) many thanks to John Dite for his patience and
[0303] persistence in finding and reporting anomalous behaviours
[0304] (check the individual DAV...C modules for descriptions)
[0305] bugfix; StringSliceValue() kludge for DECnet tasks
[0306] bugfix; MetaConEvaluate() "webdav:MSagent"
[0307] bugfix; DavWebMicrosoftDetect() before ->WebDavTaskPtr
[0308] bugfix; X509_free() memory leak with ->ClientCertPtr
[0309] bugfix; Http2NetIoWrite() blocking write data must be
[0310] asynchronously persistent so employ internal buffer(s)
[0311] bugfix; /DO=AUTH=SKELKEY=.. cluster wide (yet again :-)
[0312] bugfix; SESOLA-OpenSSL memory leak at v11.0.0
[0313] bugfix; FileParseAst() regression with search list file
[0314] bugfix; RequestRundown() allow for cache activity
[0315] bugfix; WatchDataDump() CHARS_PER_LINE calculation
[0316] bugfix; (longstanding) MapUrl__Map() multiple template
[0317] wildcards when reverse mapping
[0318] 01-MAR-2018 MGD v11.2.0
[0319] make WATCH item width flexible using initial value 6 digits
[0320] with leading 3 digits HTTP/2 stream ID followed by 3 digits
[0321] connection ID number and on overflow increment by 2
[0322] if |WASD_ENV| defined use that in absence of /ENV=..
[0323] Dav..() always DavWebEnd() not RequestEnd()
[0324] WebDAV "authorisation" allowed to be EXTERNAL or OPAQUE
[0325] RequestRundown() outstanding task sanity checks
[0326] HttpdSupervisor() refactored timeout handling
[0327] ProxyTunnelLogicalName() and WASD_TUNNEL to provide client
[0328] host and port tunnel data available to the WASD system
[0329] activated by SET..PROXY=FORWARDED=[FOR|ADDRESS]
[0330] logging 'II' image information (file, version, link time)
[0331] logging 'TI' request time in ISO 8601 extended format
[0332] logging 'TS' (sortable) UTC request time ISO 8601 format
[0333] logging 'TU' request time UTC (GMT) now synonym for 'TG'
[0334] stamp (note) log events when common/combined with/without+
[0335] SET DIR=TITLE=[default|owner|remote||this=]
[0336] /DO=HELP brief summary of command-line /DOs
[0337] /DO=SSL=SERVICE=LOAD[= (re)load SSL context
[0338] (/DO=SSL=CERT=LOAD is now implemented using this)
[0339] /DO=STATUS report basic status of all instances
[0340] /DO=STATUS=NOW instances immediately update status information
[0341] /DO=STATUS=PURGE zero stale instance status information
[0342] /DO=STATUS=RESET zero instance status information
[0343] /NOTE= annotation to server process log
[0344] refactor WatchEnd() (yet again)
[0345] DclInit() do not adjust SYS$OUTPUT mailbox size when HTTP/2
[0346] is enabled, issue an informational as required
[0347] DclMemBuf..() memory buffer script IPC (see DCLMEMBUF.C)
[0348] callout BUFFER-BEGIN:
[0349] callout BUFFER-END:
[0350] callout BUFFER-WRITE:
[0351] SesolaReport() allow reporting using an HTTP service
[0352] CgiOutput() refine Content-Length: to report out-of-range
[0353] CgiOutput() reject subsequent non-header
[0354] WatchReport() move SSL item into Network group
[0355] WatchShowCluster() and WatchShowSystem() VMS V6.2 obsolete
[0356] bugfix; (longstanding) InstanceSocketForAdmin() sys$deq()
[0357] bugfix; Http2..() window update and flow control management
[0358] bugfix; logging 'BB' header length "lost" during HTTP/2 mods
[0359] bugfix; nil content CGI responses not delivered
[0360] bugfix; (long-standing) always use UpdEnd() not SysDclAst()
[0361] bugfix; CgiGenerateVariables()
[0362] |rqptr->rqAuth.SourceRealm != AUTH_SOURCE_AGENT_OPAQUE &&|
[0363] 09-AUG-2017 MGD v11.1.1
[0364] relax HTTP/2 "rabbit hole" to permit WATCHing except
[0365] for items [x]HTTP/2, [x]SSL and [x]network
[0366] /INSTANCE=CONFIG ensures config values used
[0367] SesolaClientCertRenegotiate() allow for pre- and post-
[0368] OpenSSL 1.1.0 due to MSIE11 (Edge) stalling on a read
[0369] after renegotiation (pre reverts to v11.0 and earlier code)
[0370] SesolaInitService() when SSL_CTX_set_tmp_dh_callback() is
[0371] enabled (DH_PARAM_*.PEM files present) ensure flag
[0372] SSL_OP_CIPHER_SERVER_PREFERENCE is implicitly set
[0373] MapUrl_GuaranteeAccess() mapping as well as authorisation
[0374] Authorize() move AuthorizeGuaranteeAccess() up-front to
[0375] ensure access to guaranteed paths not only with failure
[0376] StringSliceValue() allow quote-delim inside space-delimited
[0377] bugfix; rationalise as OpenSSL_version[_num]() becomes
[0378] confused catering for OpenSSL v1.0.2 && v1.1.0 && v1.1.1
[0379] bugfix; HttpdSupervisor() do RequestRundown() only the once
[0380] bugfix; DclCalloutDefault() NOTICED: and OPCOM: responses
[0381] bugfix; DclScriptProctor() request is not actually "!!*!"
[0382] bugfix; HpackHeadersFrame() use ":authority" pseudo-header
[0383] for "Host:" header according to RFC7540 8.1.2.3
[0384] bugfix; SesolaCertExtension() generate UPN independently
[0385] for each of pre- and post- OpenSSL 1.1.n
[0386] bugfix; SesolaClientCertConditional() 'IS' processing
[0387] bugfix; SesolaClientCertRenegotiate() allow for low-level
[0388] (i.e. SSL) I/O errors (e.g. link disconnection)
[0389] bugfix; LoggingDo() 'SR' silliness from v11.0 rework
[0390] bugfix; MapUrl_ExplainPathSet() response=header=add=..
[0391] bugfix; for HTTP/2 (sigh) we need NPH to generate a header
[0392] bugfix; session ticket key refresh (must be one of those...)
[0393] 04-MAY-2017 MGD v11.1.0,
[0394] "Raw"Socket based on WebSocket infrastructure
[0395] [DclScriptProctor] * general idle process(es)
[0396] [ServiceRawSocket] enables a RawSocket
[0397] [ServiceSSLcert] specification can contain wildcard(s)
[0398] SET proxy=header=[=]
[0399] logging 'CL' insert request content-length
[0400] logging 'PL' insert PUT or POST body received count
[0401] Sesola..() refinements for OpenSSL v1.1.1 and TLS 1.3
[0402] sesola.h |#include "openssl/rand.h"| to fix OpenSSL v1.1.0
[0403] static link error against rand_bytes() and rand_seed()
[0404] SesolaNetThisIsSSL() allow redirection to include scheme
[0405] /DO=SSL=CERT=LOAD ... basically for internal use only!
[0406] (heads-up: planned Let's Encrypt CME utility :-)
[0407] Graph..() activity graphic now implemented using HTML5 canvas
[0408] ResponseHeader() ensure non-printables cannot be injected
[0409] InstanceSessionTicketKey() rework multi-instance/cluster
[0410] (sigh! yes again; the lack of a test cluster these days)
[0411] DirDirectories() do not list "hidden" (^.the.DIR) directories
[0412] bugfix; use rqHeader.RequestBody.. for body with header
[0413] bugfix; DclScriptProctor() v11.0 request structure
[0414] requires dictionary and netio structures
[0415] bugfix; SesolaNetIoRead() SSL_read() in-progress
[0416] bugfix; Http2RequestEnd() end-of-request (control) frame
[0417] independent of request itself
[0418] bugfix; Http2NetQueueWrite() and Http2NetWriteDataAst()
[0419] blocking writes are not placed on the request's
[0420] write list as they are transparent to the request
[0421] bugfix; Http2NetQueueWrite() deliver via NetIoWriteStatus()
[0422] using SS$_NORMAL (HTTP/2 I/O) not the request ->VmsStatus
[0423] bugfix; SesolaControlReloadCA() do not proactively
[0424] X509_STORE_free() (leaves a dangling pointer?)
[0425] bugfix; SesolaSNICallback() port elimination
[0426] bugfix; RequestExecutePostCache() keyword redirection count
[0427] 25-AUG-2016 MGD v11.0.2,
[0428] Http2RequestBegin() ensure stream ident not reused
[0429] increase MAX_REQUEST_HEADER from 16384 to 32768
[0430] InstanceSessionTicketKey() rework multi-instance rotate
[0431] CgiGenerateVariables() mitigate httpoxy vulnerability
[0432] MsgConfigLoadCallback() make [ismap] optional
[0433] ParseCommandInteger() accept just an integer
[0434] CLI /INSTANCE= now sets global section |InstanceMax|
[0435] to allow the created process to continue to exist and when
[0436] used needs to be reset with the likes of /INSTANCE=1
[0437] minimum supported OpenSSL version is now v1.0.0
[0438] which precludes HP SSL V1.4 (at least)
[0439] OpenSSL v1.1.0 required code changes including
[0440] #if (OPENSSL_VERSION_NUMBER < 0x10100000L) in Sesola..()
[0441] modules, and introducing a version dependent build
[0442] SesolaClientCertRenegotiate() rework due to OpenSSL v1.1.0
[0443] ResponseHeader() ->rqCgi.ScriptControlHttpStatus will allow
[0444] an error reporting script to override the original status
[0445] CGI Script-Control: X-http-status=
[0446] %SSL-x-STRICT (RFC6797) now described as %SSL-x-STRICT, HSTS
[0447] bugfix; Http2RequestData() always deliver via NetIoReadAst()
[0448] bugfix; HpackHeadersFrame() uncompressed header size
[0449] bugfix; CgiGenerateVariables() names from dictionary
[0450] bugfix; MetaConEvaluate() request: regression
[0451] bugfix; RequestProcessFields() if-range: regression
[0452] bugfix; MetaConEvaluate() client_connect_gt: regression
[0453] bugfix; SesolaClientCert() move X509 RENEGOTIATE switch
[0454] HTTP/2 to HTTP/1.1 after SSL_get_peer_certificate()
[0455] 30-JUN-2016 MGD v11.0.1,
[0456] meta config [[wasd*n.n.n]] server version conditional
[0457] [SSLsessionLifetime] session ticket (or ID) lifetime
[0458] [SSLverifyPeerDataMax] see documentation
[0459] [ServiceSSLsessionLifetime] per-service equivalent
[0460] [ServiceSSLverifyPeerDataMax] per-service equivalent
[0461] [SSLsessionCacheMax] default (of zero) now disables
[0462] in favour of the more efficient Session Ticket
[0463] SesolaSessionTicket..() refresh and coordinate the
[0464] TLS session ticket key cluster-wide using the DLM
[0465] InstanceSupervisor() refresh session ticket key at midnight
[0466] RequestGblSecUpdate() method and URI only printable chars
[0467] ProxyTunnelRequestParse() append mapped path for logging
[0468] DirFiles() and DavPropSearchAst() ignore ambiguous file
[0469] names containing an escaped ("^.") period but no type
[0470] ErrorRedirectQueryString() ERROR_URI variable
[0471] bugfix; MapOdsUrlToOds5Vms() URLs will not contain
[0472] '^'-escaped sequences so just '^'-escape them
[0473] bugfix; SesolaClientCertRenegotiate() ensure request
[0474] data cleared before renegotiate ([SSLverifyPeerDataMax])
[0475] bugfix; DclTaskRundown() cancel HTTP/2 client read
[0476] bugfix; HttpdSupervisor() accumulate proxy accounting data
[0477] bugfix; RequestEnd2() decrement processing rx or (SSH) method
[0478] bugfix; RequestEnd2() read status OK -or- ENDOFFILE
[0479] bugfix; HpackHeadersFrame() multiple to single cookie header
[0480] bugfix; MetaConEvaluate() request-scheme: regression
[0481] bugfix; NetWrite() response header write error handling
[0482] bugfix; SesolaClientCert() just return status
[0483] 07-MAY-2016 MGD v11.0.0,
[0484] HTTP/2 (RFC7540, RFC7541)
[0485] restructure network I/O abstractions (oh boy!)
[0486] key-value dictionary (associative array) abstraction
[0487] add "Refresh [integer] Seconds" to appropriate reports
[0488] ProxyFtpListOutput() update in line with directory listing
[0489] SET dict[=[=]]
[0490] SET http2=protocol=1.1
[0491] SET http2=send=goaway[=]
[0492] SET http2=send=ping
[0493] SET http2=send=reset[=]
[0494] SET http2=write=[low|normal|high]
[0495] metacon dict:, http2: and request-protocol:
[0496] [HTTP2..] global configuration
[0497] [TimeoutHttp2Idle]
[0498] logging 'DI' insert specified dictionary item value
[0499] /DO=HTTP2=PURGE[=]
[0500] ensure timed-out requests are logged as 408/500
[0501] excise much of the twenty years of reporting HTML cruft
[0502] obsolete ismap.c, filedot.c, menu.c and track.c functionality
[0503] 22-APR-2016 MGD v10.4.3 (unreleased),
[0504] logging 'NP' insert notepad value
[0505] logging 'XX' insert custom site/client-specific datum
[0506] SET sslcgi=apache_mod_ssl_client
[0507] SET sslcgi=apache_mod_ssl_extens
[0508] LoggingDo() MAX_FAO_VECTOR from 64 to 128
[0509] SSL_CTX_set_ecdh_auto() set elliptic curves selection
[0510] SesolaTmpDHCallback() improve DH*.PEM flexibility
[0511] SesolaCertExtension() parse X509 extensions
[0512] SesolaCertName() parse X509 distinguished name
[0513] SesolaCgiVariablesExtension() document X509 extensions
[0514] SesolaReport() list certificate extensions
[0515] [ru:/CN=] allows multiple to be selected between
[0516] (e.g. "[ru:/CN=user*]", "[ru:/CN=^^\[^/=\]*$]")
[0517] SesolaCertParseDn() strncmp() not strsame()
[0518] SesolaCertParseDn() select on pattern match
[0519] StringMatchAndRegex() ensure |rqptr| not needed
[0520] add limit to consecutive failures on persistent connection
[0521] remove limit to consecutive requests on persistent connection
[0522] TcpIpAddressToString() IPv4 in IPv6 as ::FFFF:n.n.n.n
[0523] bugfix; ResponseHeader() for HEAD request transfer-encoding
[0524] chunked suppress actual chunked body (RFC 7230 3.3)
[0525] bugfix; SesolaInit() session cache max -1 disables cache
[0526] bugfix; LoggingDo() elapsed time items
[0527] bugfix; LoggingDo() 'CC' do not reuse pointers!
[0528] bugfix; LoggingDo() 'VS' |->ServicePtr| dereference
[0529] 15-AUG-2015 MGD v10.4.2,
[0530] [ServiceStrictTransSec] (RFC6797)
[0531] [SSLstrictTransSec] (RFC6797)
[0532] SET response=sts= (Strict-Transport-Security:)
[0533] ResponseHeader() Strict-Transport-Security: header
[0534] add WATCH "!42*x" to beginning and ending of requests
[0535] DavWebRequest() allow bodies with any and no Content-Type:
[0536] then in DavWebRequest2() check for XML in the body content
[0537] RequestRedirect() always use dynamic buffers
[0538] when "remote-addr:" begins '?' translate host to IP address
[0539] LoggingDo() add WASD_LOGS "convenience" logical name
[0540] disable kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C
[0541] as the issue seems to have been fixed in OpenSSL v1.0.2c
[0542] logical name WASD_REDIRECT_WILDCARD must be defined
[0543] to enable "DNS wildcard" proxy redirection
[0544] bugfix; [Cli]ParseCommand() parenthesis parsing
[0545] bugfix; Request..() rework pipelined request handling
[0546] bugfix; move supervisor PID from InstanceNodeSupervisor()
[0547] to InstanceNodeSupervisorAst()
[0548] bugfix; DavWebDestination() URI and URL (Total Commander)
[0549] bugfix; Error..() earlier and broader detection of WebDAV
[0550] bugfix; DavDeleteParse() enable access around OdsParse()
[0551] bugfix; DavMoveMeta() do not report RMS$_DNF
[0552] bugfix; FaoSAK() sdptr = StrDscBuffer(StrDscPtr);
[0553] bugfix; DavXmlStartElement() PROPFIND accumulate list of
[0554] dead properties subsequently searched for in the metadata
[0555] bugfix; MapUrl_ExplainPathSet() ->ResponseChunked
[0556] bugfix; CONFIG_SERVER_LOGS logical names precede fixed locale
[0557] 12-FEB-2015 MGD v10.4.1,
[0558] ProxyResponseRebuild() and ProxyRequestRebuild() provide
[0559] timeout=n parameter with Keep-Alive: header field (some
[0560] origin servers hang when no parameters supplied, per JPP)
[0561] SesolaInitOptions() expand options keywords to include
[0562] most SSL_OP_.. flags using the OpenSSL flag #define as the
[0563] keyword minus the "SSL_" (e.g. OP_CIPHER_SERVER_PREFERENCE)
[0564] SesolaTmpRSACallback() and SesolaTmpDHCallback()
[0565] support for ephemeral keys enabling "forward secrecy"
[0566] SesolaInitService() and SesolaInitClientService()
[0567] if cipher list begins '+', '-' or '!' append it to default
[0568] increase MAX_REQUEST_HEADER from 8192 to 16384
[0569] (proxying requests from Firefox to IIS, per JPP)
[0570] kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C
[0571] bugfix; RequestEndEnd() use ZERO_DELTA_TIME macro
[0572] bugfix; AuthCacheNeedsReval() AlreadyLocked (per JPP)
[0573] bugfix; ConfigReportSecureSocket() FaoVector[32]
[0574] 05-DEC-2014 MGD v10.4.0
[0575] CORS support
[0576] /SSL=(TLSvALL,TLSv1.1,noTLSv1.1,TLSv1.2,noTLSv1.2)
[0577] removed /SSL=(2|3|23) which must be altered to SSLv2, etc.
[0578] NOTE: TLSv1, TLSv1.1, TLSv1.2 now ENABLED by default
[0579] SSLv2 and SSLv3 are now DISABLED by default
[0580] (as recommended post-POODLE)
[0581] MapUrl_ClientAddress() allows for transparent upstream proxy
[0582] ResponseStream() and request /stream/
[0583] AuthCacheNeedsReval() so multiple cache entries for the
[0584] same credentials do not trigger multiple revalidations
[0585] SsiEnd() detect and report non-SSI problem encountered
[0586] access log buffer extended from [4096] to [16384] (UMA SAML)
[0587] LoggingQuoted() explicitly encode some fields where a raw
[0588] quotation mark (URI forbidden) can break a log entry
[0589] HttpdExit() sanity check trace after %SYSTEM-F-ASTFLT
[0590] stack corruption at (you guessed it) Uni Malaga resulted
[0591] in the icb.libicb$v_bottom_of_stack never being set!
[0592] tweaks to some accounting fields and values (for WASDmon)
[0593] NetCreateService() check bind address string instead of
[0594] address to allow binding primary to 0.0.0.0 (INADDR_ANY)
[0595] directory default listing style now ed
[0596] directory path SET ods=name=utf8 then response charset=utf-8
[0597] directory ?httpd=index&font=[inherit|monospace(D)]
[0598] ?httpd=index&style=table[2]
[0599] SET client=[forwarded|if=forwarded|literal=|reset|
[0600] if=xforwardedfor|xforwardedfor]
[0601] SET dir=font=[inherit|monospace(D)]
[0602] dir=style=TABLE[2] (new default)
[0603] SET cors=age= cors=cred=[true|false]
[0604] cors=expose= cors=headers=
[0605] cors=methods= cors=origin=
[0606] SET ods=name=8bit, ods=name=utf8, ods=name=default
[0607] SET webdav=[no]hidden
[0608] webdav=meta=dir=
[0609] [SecureSocket] and [SSL...] (overridden by /SSL=)
[0610] [WebDAVmetaDir] sub or full directory for meta files
[0611] WedDAV configurable metadata (sub)directory
[0612] AuthAccessCheck() add explicit check against server
[0613] account to improve reporting of underlying access
[0614] User-defined logging directives 'CI', 'SR', 'SV' for
[0615] SSL cipher, session reuse and version items
[0616] COMMON+, COMMON_SERVER+, COMBINED+ composite log formats
[0617] X-record0-mode[=0|1] and associated CGI null-record mode
[0618] bugfix; and refine DirFormatSize()
[0619] bugfix; SSLv23_method() appears to be a Swiss-army knife
[0620] significant rework of SSL version configuration
[0621] bugfix; TcpIpCacheAddressToName() memcpy null char
[0622] bugfix; DavMetaOpenAst() retry after meta directory creation
[0623] bugfix; DavPropEnd() ensure unused meta-data file deleted
[0624] bugfix; MapOds5VmsToUrl() et.al. allow for ".]["
[0625] bugfix; SAME3 0x00ffffff mask (not 0xffffff00)
[0626] bugfix; DirFormatAcpInfoAst() ThisIsADirectory = false;
[0627] bugfix; DavWebCreateDir() set SYSPRV access, propagate rest
[0628] bugfix; PutWriteFileOpen() WebDAV should not use default
[0629] protection mask and instead propagate from profile
[0630] bugfix; FileParseAst() allow for non-dir .DIR files
[0631] bugfix; RequestRedirect() allocate using (possibly expanded)
[0632] header length (not fixed) when allocating POST buffer
[0633] bugfix; PROXY.C no $QIO buffer should exceed 65535!
[0634] 06-OCT-2013 MGD v10.3.0
[0635] TLS1 Server Name Indication (SNI) extension
[0636] /SSL= parameter options rework (plus new mnemonic options)
[0637] SesolaNetClientBegin() include SNI before connect
[0638] PutWriteFileOpen() support FAB$C_STM and FAB$C_STMCR
[0639] DclMailboxAcl() allow usernames without associated
[0640] identifiers (i.e. shared UICs) by first trying with the
[0641] username and on failure getting the UIC and using that
[0642] FaoUrlEncodeTable tilde from "%7e" to "~" (cadaver issue)
[0643] GzipInit() ZLIB shareable image via logical names
[0644] WASD_LIBZ_SHR32, then GNV$LIBZSHR32, finally LIBZ_SHR32
[0645] PersonaAssume() wrap sys$persona_create() with SYSPRV
[0646] after modifications to DclMailboxAcl() to allow usernames
[0647] without associated identifiers (i.e. shared UICs)
[0648] authorisation realm read-only group can be specified as "*"
[0649] to represent that "everyone else" can read
[0650] ProxyResponseRebuild() additional header length bumped
[0651] from an ambit 256 to an ambit 1024 (Uni Malaga :-)
[0652] OdsNamBlockAst() on non-ODS_EXTENDED platforms (i.e. VAX)
[0653] tease-out system file name from Nam.nam$l_name and
[0654] Nam.nam$l_type into odsptr->SysFileName buffer
[0655] historically used by ODS-5 and munge for ODS-2 as well
[0656] .WWW_WASD directory directive file
[0657] sortable directory listing
[0658] ?httpd=index&ilink=[yes|no]
[0659] ?httpd=index&override=[yes|no]
[0660] ?httpd=index&query= (.WWW_WASD specific)
[0661] ?httpd=index&style=
[0662] ?httpd=index&sort=[+|-]
[0663] ?httpd=index&target=
[0664] ?httpd=index&these=[,]
[0665] ?httpd=index&versions=|*
[0666] SET dir=delimit=
[0667] SET dir=[no]ilink
[0668] SET dir=style=sort (plus the dir=style=2)
[0669] SET dir=sort=[+|-]
[0670] SET dir=target=
[0671] SET dir=these=[,]
[0672] SET dir=versions=|*
[0673] SET put=rfm=[STM|STMCR|UDF] added to FIX512,STMLF
[0674] "upstream-addr:" conditional
[0675] [AuthRevalidateLoginCookie] obsolete (in favour of ...)
[0676] rqptr->AuthRevalidateCount to track empty authentication
[0677] prompts preceding potential redundant revalidation prompt
[0678] [PutBinaryRFM] add STM and STMCR
[0679] [ServiceNonSSLRedirect] |[:]
[0680] some refinements to Upd..() layout and functionality
[0681] refine HTML and bring a little more up-to-date
[0682] AUTH_MAX_USERNAME_LENGTH bumped from 47 to 64 for X509
[0683] FileAcpInfoAst() '$.' file extension kludge
[0684] bugfix; AuthConfigLoadCallBack() additional [AuthProxy]
[0685] with intervening rules should reset proxies
[0686] bugfix; FileResponseHeader() "?httpd=content&type=" decoded
[0687] bugfix; MapOds..() identify MFD using "000000]" and "000000."
[0688] bugfix; AuthVmsGetUai() interaction of logon= parameters
[0689] bugfix; UpdFileRename() ACCVIO with AuthAccessEnable()
[0690] bugfix; RequestParseAndExecute2() remove reset of
[0691] request persistent flag from OPTIONS and DELETE
[0692] bugfix; SesolaInitService() (or refinement)
[0693] SSL_CTX_set_session_id_context() against each service
[0694] bugfix; DirFormatSize() bytes
[0695] bugfix; OdsParseTerminate() on non-ODS_EXTENDED platforms
[0696] (i.e. VAX) reset .nam$b_esl to changed expanded length
[0697] or it can generate RMS$_ESL errors
[0698] bugfix; DavPropSearchAst() on non-ODS_EXTENDED platforms
[0699] (i.e. VAX) reset .nam$b_rsl to changed resultant length
[0700] or it can generate RMS$_RSL errors
[0701] bugfix; non-ODS_EXTENDED platforms (e.g. VAX) must
[0702] OdsParse() NAM$M_NOCONCEAL before OdsSearchNoConceal()
[0703] bugfix; MapUrl__Map() reverse mapping wildcard copy
[0704] bugfix; CgiGenerateVariables() AUTH_GROUP write/read status
[0705] bugfix; AuthClientHostGroup() wildcard match result reversed
[0706] bugfix; ProxyResponseRebuild() call ProxyRebuildLocation()
[0707] can return a pointer to the original location!
[0708] bugfix; SesolaInit() translate WASD_SSL_CIPHER logical name
[0709] 09-NOV-2012 MGD v10.2.0,
[0710] TOKEN authorisation
[0711] request header DNT (do not track)
[0712] set ProxyReadBufferSize to 64k (per JPP)
[0713] allow (proxy) ResponseBufferSize to be >= 64k (per JPP)
[0714] HttpdSystemInfo() $GETSYIW() CsidVersion treat status
[0715] SS$_UNREACHABLE as non-fatal and fallback to 16 byte LVB
[0716] DIGEST.C numerious tweaks up to RFC2069
[0717] [AuthTokenEntriesMax] for token authorisation
[0718] bugfix; HTAdminModifyUser() use database name for digest
[0719] bugfix; AuthorizeResponse() digest scheme
[0720] bugfix; AuthVmsGetUai() logon= fall through
[0721] bugfix; DclSysOutputAst() WebSocket wrt agent
[0722] bugfix; WebSockEnd() do not NetCloseSocket()
[0723] bugfix; (at least improve) caching of group write/read
[0724] bugfix; SesolaParseCertDn() return NULL if record not found
[0725] bugfix; AuthorizeGroupWrite() with cached entries!
[0726] bugfix; AuthReadSimpleList() parameter /DIRECTORY= processing
[0727] 28-APR-2012 MGD v10.1.1,
[0728] RequestGet() no longer report 408 for unused connections
[0729] RequestEndEnd() likewise ignore unused connections (Chrome)
[0730] MetaConLoad() compress non-signficant white-space
[0731] proxy WebSocket upgrade requests as raw tunnels (kludge)
[0732] DclRestartScript() refine WebSocket handling
[0733] DirFormatSize() now uses quadword
[0734] DirFormatSize() adjusts units to fit size width
[0735] MATCH0..8() macro to improve efficiency over memcmp()
[0736] SAME1..4() macro to abstract the *(USHORTPTR)s, etc.
[0737] bugfix; RequestBegin() remove RequestEnd() following failed
[0738] SesolaNetBegin() resulted in redundant request rundown
[0739] bugfix; SesolaNetAccept() initialise value=0
[0740] bugfix; SesolaNetRead() SSL state not SSL_ST_OK
[0741] bugfix; SesolaNetWrite() SSL state not SSL_ST_OK
[0742] bugfix; DavWebMicrosoftMunge2() token reprocessing
[0743] bugfix; FileAcpInfoAst() SS$_BADPARAM >2GB <4GB (per JPP)
[0744] bugfix; WebSockCloseMailboxes() logic
[0745] bugfix; DclScriptProcessCompletionAST() don't WebSockClose()
[0746] any WebSocket request currrently associated with the task
[0747] bugfix; RequestEndEnd() '->WebSocketCount' already locked
[0748] 06-NOV-2011 MGD v10.1.0,
[0749] dragged kicking and screaming to VMS V7.0 base build
[0750] Web Socket (HTML5) support
[0751] Secure Sockets default to SSL v3 and TLS v1 (no more SSL v2)
[0752] SET cache=[no]cookie
[0753] SET map=uri
[0754] SET proxy=chain=cred=
[0755] SET proxy=tunnel=request=
[0756] SET regex=
[0757] SET response=HTTP=original
[0758] SET service=
[0759] SET notimeout (short-hand for timeout=none,none,none)
[0760] SET websocket=
[0761] "origin:" conditional
[0762] "request-peek:" conditional
[0763] "upgrade:" conditional
[0764] "websocket:" conditional
[0765] [DclScriptProctor] (pro-)activate script/environments
[0766] [RegEx] enabled/disabled/
[0767] [ServiceProxyChainCred] down-stream proxy credentials
[0768] [WwwImplied] "www." is implied even with virtual services
[0769] ("Host:") not beginning with it (ServiceFindVirtual())
[0770] callout LIFETIME: can accept
[0771] callout SCRIPT-CONTROL:string (see DCL.C)
[0772] logging 'PP' outgoing proxy connection local port
[0773] /DO=ALIGN=.. to allow collection and analysis of Alpha and
[0774] Itanium alignment fault data using HttpdAlignFault() et.al.
[0775] /DO=NET=PURGE[=..] expanded capability
[0776] /DO=WEBSOCKET=DISCONNECT[=..] to disconnect WebSockets
[0777] /PRIORITY= limit increased from 6 to 15
[0778] SesolaInit() default is SSLv2 off and SSLv3/TLSv1 on
[0779] AuthAgentCallout() callout BODY implemented (for PAPI)
[0780] MapOdsUrlTo..() consecutive '/' into a single a la Unix
[0781] ServiceReportNow() service synopsis
[0782] ProxyTunnelChainConnect() chain proxy authorization
[0783] ProxyRequestRebuild() chain proxy authorization (BASIC only)
[0784] ServiceReportNow() add summary to service report
[0785] configuration lines beginning "!#" now allow WATCHable
[0786] during mapping and authorisation processing
[0787] reworked query string handling based on length
[0788] ServiceEntityMatch() processes in-match and if-not-match
[0789] CacheSearch() implement request cache control
[0790] CacheLoadResponse() checks response header for
[0791] "Cache-Control:" directives and adjusts accordingly
[0792] CacheLoadEnd() buffer all content-type data
[0793] (previous behaviour truncated at ';' or white-space)
[0794] MetaConLoad() ensure metacon "lines" are quadword aligned
[0795] __unaligned directive added to pointer macros in a
[0796] (successful) effort to avoid alignment faults
[0797] VM_OFFSET now 8 (quadword alignment) instead of 4
[0798] bugfix; OdsFileExists() parse NAM$M_NOCONCEAL in case of
[0799] multi-valued, concealed logical devices and then convert
[0800] returned status DNF into the functional equivalent FNF
[0801] bugfix; directory listing OdsSearchNoConceal() to
[0802] process concealed, multi-value logical device names
[0803] bugfix; RequestRedirect() only concat '&' if including query
[0804] bugfix; set rule 'CacheSetting' boolean with any CACHE=..
[0805] 02-OCT-2010 MGD v10.0.3,
[0806] command-line checks of configuration files
[0807] /DO=AUTH=CHECK /DO=CONFIG=CHECK (all configuration files)
[0808] /DO=GLOBAL=CHECK /DO=MAP=CHECK /DO=MSG=CHECK
[0809] /DO=SERVICE=CHECK
[0810] TcpIp6..() functions to resolve IPv6 AAAA records
[0811] ProxyRequestParse() improve IPv6 host parsing
[0812] bugfix; regression at 10.0.1 with proxy authorization
[0813] bugfix; SSL_set_info_callback() not SSL_CTX_set..()
[0814] 01-JUL-2010 MGD v10.0.2,
[0815] metacon "file:" and "directory:" to probe file-system
[0816] SET script=lifetime=
[0817] SET put=max= per-path equivalent of [PutMaxKbytes]
[0818] SET put=max=* for (effectively) unlimited upload
[0819] BODY.C significant rework to function()alise common code
[0820] BODY.C improve performance with multiblock of 127 (per JPP)
[0821] BODY.C make MultipartContentType(Ptr) a dynamic structure
[0822] as Microsoft endeavour to include application data
[0823] along with MIME content-type, see ...
[0824] http://msdn.microsoft.com/en-us/library/aa338205.aspx
[0825] and an example (no kidding!) ...
[0826] "application/vnd.ms.powerpoint.template.macroEnabled.12application/x-font"
[0827] FileNextBlocks() change QIO file size from long to quad
[0828] to cater for files greater than 4GB (4GB+ is limited to
[0829] file serving only, no ranges, etc.)
[0830] RequestExecutePostCache() UTF-8 decode WebDAV objects
[0831] RequestRedirect() support WebDAV "Destination:" field (JPP)
[0832] DclAllocateTask() default unconfigured CGIplus lifetime
[0833] SsiDoSet() and SsiGetTagValue() allow '$' in variable names
[0834] Mapurl_ControlReload() rather than Mapurl_Load()
[0835] bugfix; MapUrl_ControlReload()
[0836] bugfix; DclUpdateScriptNameCache() run-time pointer
[0837] bugfix; OdsNamBlockAst() odsptr->NamFileSysNamePtr
[0838] always set to odsptr->SysFileName in case RMS$_FNF, etc.
[0839] bugfix; RequestGet() MAX_REQUEST_HEADER (per JPP)
[0840] bugfix; allow METACON_TOKEN_INCLUDE for [IncludeFile]
[0841] bugfix; MetaConEvaluate() when JustChecking: HTTP header
[0842] fields (e.g. "cookie:")
[0843] bugfix; DavMetaReadName() and DavMetaWriteName()
[0844] allow for typeless file names (e.g. ]AFILE.;)
[0845] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before
[0846] $ERASE() if not WebDAV request (access and ownership) (JPP)
[0847] bugfix; DavWebSlashlessMunge() enable SYSPRV while
[0848] calling OdsFileExists() (per JPP)
[0849] bugfix; do not use REDIRECT for WebDAV request error report
[0850] bugfix; no new token when refreshing existing lock (per JPP)
[0851] bugfix; FileNextBlocks() signed/unsigned comparison
[0852] when calculating buffer size on files larger than 2^31
[0853] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms()
[0854] include '|' and '%' as ODS-5 escaped characters
[0855] bugfix; DirAuthorizationAst() only check access on
[0856] non-empty expanded file names
[0857] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before
[0858] $CREATE() if not WebDAV request (for access and ownership)
[0859] bugfix; FileNextBlocks() signed/unsigned comparison
[0860] when calculating buffer size on files larger than 2^31
[0861] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms()
[0862] include '|' as an ODS-5 escaped character
[0863] bugfix; DirAuthorizationAst() only check access on
[0864] non-empty expanded file names
[0865] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before
[0866] $CREATE() if not WebDAV request (for access and ownership)
[0867] bugfix; DirBegin() "httpd=index&" detection (since v9.3.0)
[0868] bugfix; DirEnd() suppress