- Nov 26, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716662 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
For the "SSLStaplingReturnResponderErrors off" case, make sure to only staple responses with certificate status "good". Also avoids including inaccurate responses when the OCSP responder is not completely up to date in terms of the CA-issued certificates (and provides interim "unknown" or "extended revoked" [RFC 6960] status replies). Log a certificate status other than "good" in stapling_check_response(). Propagate the "ok" status from stapling_check_response() back via both stapling_renew_response() and get_and_check_cached_response() to the callback code in stapling_cb(), enabling the decision whether to include or skip the response. insert missing LOGNO in ssl_util_stapling.c Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716652 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
core: Limit to ten the number of tolerated empty lines between request, and consume them before the pipelining check to avoid possible response delay when reading the next request without flushing. Before this commit, the maximum number of empty lines was the same as configured LimitRequestFields, defaulting to 100, which was way too much. We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES). check_pipeline() is changed to check for (up to the limit) and comsume the trailing [CR]LFs so that they won't be interpreted as pipelined requests, otherwise we would block on the next read without flushing data, and hence possibly delay pending response(s) until the next/real request comes in or the keepalive timeout expires. Finally, when the maximum number of empty line is reached in read_request_line(), or that request line does not contains at least a method and an (valid) URI, we can fail early and avoid some failure detected in further processing. core: follow up to r1710095. Simplify logic in check_pipeline(), and log unexpected errors. core: follow up to r1710095, r1710105. We can do this in a single (no inner) loop, and simplify again the logic. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716651 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716650 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716649 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716572 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 25, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716493 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 24, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716210 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 22, 2015
-
-
Gregg Lewis Smith authored
follow-up r1715371 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715600 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 20, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715371 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 19, 2015
-
-
Jim Jagielski authored
Merge r1708107, r1709587, r1709602, r1709995, r1710231, r1710419, r1710572, r1710583, r1715023 from trunk: mod_ssl: performing protocol switch directly after ALPN selection, mod_http2: connection hook inits network filters to force TLS handshake, reads input only if H2Direct explicitly enabled, changes H2Direct default to off even for cleartext connections new ap_is_allowed_protocol() for testing configured protocols, added H2Upgrade on/off directive, changed H2Direct default back to on when h2c is in Protocols moved ssl handshake trigger from mod_http2 to new process_connection hook in mod_ssl mod_ssl: check request-server for TLS settings compatible to handshake server, allow request if equal, renegotiation checks: remember last used cipher_suite for optimizations, deny any regnegotiation in presence of master connection announce protocol choices on first request fixing compilation issue for older platform disabling protocol upgrades on slave connections first request on master connection only reports more preferred protocols in Upgrade header mod_ssl: follow up to r1709602. Fix "HTTP spoken on HTTPS port" broken by the SSL handshake trigger moved to process_connection hook (r1709602) along with H2Direct speculative read. Submitted by: icing, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715255 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715252 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715251 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715205 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-changes@1715202 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-changes@1715192 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715186 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715127 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 18, 2015
-
-
Jim Jagielski authored
Constify + save a few bytes in conf pool Save a few bytes in conf pool when processing 'AllowOverrideList'. The 'override_list' table is allocated from the cmd->pool, just as all strings from argv[]. So there is no need to duplicate them. + some minor style issues Save a few bytes in conf pool Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715015 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_ssl: forward EOR (only) brigades to the core_output_filter(). mod_ssl: don't FLUSH output (blocking) on read. This defeats deferred write (and pipelining), eg. check_pipeline() is not expecting the pipe to be flushed under it. So let OpenSSL >= 0.9.8m issue the flush when necessary (earlier versions are known to not handle all the cases, so we keep flushing with those). mod_ssl: follow up to r1705823. Oups, every #if needs a #endif... mod_ssl: pass through metadata buckets untouched in ssl_io_filter_output(), the core output filter needs them. Proposed by: jorton mod_ssl: follow up to r1705194, r1705823, r1705826 and r1705828. Add CHANGES entry, and restore ap_process_request_after_handler()'s comment as prior to r1705194 (the change makes no sense now). mod_ssl: follow up to r1705823. We still need to flush in the middle of a SSL/TLS handshake. mod_ssl: follow up to r1705823. Flush SSL/TLS handshake data when writing (instead of before reading), and only when necessary (openssl < 0.9.8m or proxy/client side). mod_ssl: follow up to r1707230: fix (inverted) logic for SSL_in_connect_init(). Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715014 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715013 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715012 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1714949 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1714942 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 17, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1714745 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1714742 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1714738 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 08, 2015
-
-
Kaspar Brand authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1713210 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 07, 2015
-
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1713142 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1713141 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 04, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712568 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
merge of 1708107,1709587,1709602,1709995,1710231,1710419,1710572,1710583 from trunk, addition of master conn_rec*, minor bump of mmn git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-changes@1712567 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-changes@1712542 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712521 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712475 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 03, 2015
-
-
Graham Leggett authored
alignment (SPARC64, PPC64). Submitted by: ylavic Reviewed by: jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712294 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
fields as described in RFC7230. See OWS definition. Submitted by: jailletc36 Reviewed by: ylavic, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712293 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712292 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712290 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712286 13f79535-47bb-0310-9956-ffa450edef68
-