usr.sbin/relayd: handle HTTP responses without bodies
RFC 9112 section 6.3 specifies that responses to HEAD requests, and
responses with 1xx, 204, or 304 status codes, are terminated by the
empty line after the header section regardless of Content-Length or
Transfer-Encoding. They cannot contain a message body or trailer
section.
Teach relayd to apply that framing rule before deciding whether a
response body is bounded. Otherwise relayd treats these responses as
unbounded, adds Connection: close, and can forward both the backend's
Connection: keep-alive and its own Connection: close.
Tweaks and OK: rsadowski@
Import devel/scnlib
scnlib is a modern C++ library for replacing scanf and std::istream.
This library attempts to move us ever so much closer to replacing
iostreams and C stdio altogether. It's faster than iostream, and
type-safe, unlike scanf. Think {fmt} or C++20 std::format, but in
the other direction.
ok rsadowski@
repair more prototypes for pseudo-device attach functions
pppattach and spppattach should have a single int parameter to match
what's in ioconf.c.
also noticed independently by jsg@; ok jsg@
relayd: use explicit_bzero in ssl_password_cb
This replaces bzero with explicit_bzero in the SSL password callback. Since
ssl_password_cb handles sensitive data a standard bzero could be optimized
away by the compiler.
Additionally, this ensures the buffer is cleared if strlcpy fails due to
truncation, preventing password fragments from lingering in memory.
OK renaud@, kirill@
