change ap_md5() call in ssl_hook_pre_connection() to ap_md5_binary()
that uses the precalculated sc->nVHostID_length to avoid a strlen() call.

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92216 13f79535-47bb-0310-9956-ffa450edef68

request time by calling it at startup time and saving the value in the
SSLSrvConfigRec.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92215 13f79535-47bb-0310-9956-ffa450edef68

since we know the string returned by ap_md5() will always be that length
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92213 13f79535-47bb-0310-9956-ffa450edef68

(core handles all timeouts)
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92211 13f79535-47bb-0310-9956-ffa450edef68

these notes are unused, they handled by hooks.

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92210 13f79535-47bb-0310-9956-ffa450edef68

ssl_io_filter_Output() to a new ssl_filter_write() function.
this will make it easier to optimize how we deal with file buckets
than cannot be mmaped.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92209 13f79535-47bb-0310-9956-ffa450edef68

an apr_bucket_brigade and use transient buckets with the SSL
malloc-ed buffer, rather than copying into a mem BIO.

also allows us to pass the brigade as data is being written
rather than buffering up the entire response in the mem BIO.

PR:
Obtained from:
Submitted by:
Reviewed by:	Justin Erenkrantz, Ryan Bloom


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92206 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92151 13f79535-47bb-0310-9956-ffa450edef68

causing the server not to start.
previous method was to call exit(1) which would not fail
gracefully

PR:
Obtained from:
Submitted by:
Reviewed by:	(Idea only Jeff Trawick)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92144 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92123 13f79535-47bb-0310-9956-ffa450edef68

unless loglevel >= SSL_LOG_INFO
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92122 13f79535-47bb-0310-9956-ffa450edef68

- only look through the table once, rather than 2 apr_table_gets()
- case-sensitive and use strcmp() as little as possible
- only lookup once per-connection, as the flags will not change across
  keepalive requests
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92121 13f79535-47bb-0310-9956-ffa450edef68

else there are 5 (expensive!) calls made to ssl_var_lookup on every request
for info that will never be logged
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92119 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92114 13f79535-47bb-0310-9956-ffa450edef68

change app_data2 to be the request_rec itself.
if something needs per-request context in the future,
it can use r->request_config

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92113 13f79535-47bb-0310-9956-ffa450edef68

note: may actually be removed unless somebody can figure out why it is in
there to begin with
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92111 13f79535-47bb-0310-9956-ffa450edef68

writing to app_data2_idx, and another inside OpenSSL when calling
SSL_get_ex_new_index().
add SSL_init_app_data2_idx() to provide the same functionality but in
a safe place: called during ssl_init_Module
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92110 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92109 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92100 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92094 13f79535-47bb-0310-9956-ffa450edef68

c->conn_config
PR:
Obtained from:
Submitted by:
Reviewed by: rbb, madhu


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92093 13f79535-47bb-0310-9956-ffa450edef68

thread mutex routines for when we don't have APR_HAS_THREADS.

Submitted by:	Justin Erenkrantz
Reviewed by:	Aaron Bannert


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92061 13f79535-47bb-0310-9956-ffa450edef68

interact badly with makefile dependency generators, too.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92059 13f79535-47bb-0310-9956-ffa450edef68

request data from the client.
PR:
Obtained from:
Submitted by:	dougm
Reviewed by:	wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92043 13f79535-47bb-0310-9956-ffa450edef68

(only converting INTRAPROCESS locks at this time).

I don't see how this used to work, which also means I'm not entirely
sure if it works now. It really didn't look like it was allocating
the correct size before. It compiles and SSL still works in my limited
tests, but I'd appreciate a second opinion.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91979 13f79535-47bb-0310-9956-ffa450edef68

it does not actually do the reading and writing to the network.  By
moving that filter to in between CONNECTION and NETWORK filters, we ensure
that SSL is always called before the core.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91969 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91966 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91961 13f79535-47bb-0310-9956-ffa450edef68

I'm going to remove it until I or someone else can come up with a better
way to check for and link against libssl and libcrypto for mod_ssl.so.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91950 13f79535-47bb-0310-9956-ffa450edef68

need to set SSLFilterRec.pssl = NULL when ssl_hook_CloseConnection is called
otherwise, ap_lingering_close -> ap_flush_conn will call ssl_io_filter_Output
which thinks it can still use the SSLFilterRec.pssl
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91886 13f79535-47bb-0310-9956-ffa450edef68

Submitted by:	Madhu Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91791 13f79535-47bb-0310-9956-ffa450edef68

into a local buffer.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91781 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91774 13f79535-47bb-0310-9956-ffa450edef68

  Fix a nasty GP fault... stop testing buckets after they are passed!!!


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91610 13f79535-47bb-0310-9956-ffa450edef68

  It is absolutely invalid practice to test 'prot' bits to determine if a
  file is readable.  The only acceptable means of testing readability is to
  open it for reading, due to discrepancies between permissions, DACLs and
  SACLS.  Even Linux hackers are gonna need to learn that lesson if they
  plan to do any DOD or Gov work once DACL-enhanced Linux is adopted.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91516 13f79535-47bb-0310-9956-ffa450edef68

Place a big-ass comment there so that whomever comes next isn't stuck
at a cryptic call that they don't understand with a dinky comment.
Hopefully, this makes sense.  Someone more familiar with OpenSSL should
verify the comment.

This fix also requires the normalize call to be performed before
churn_input so that we don't enter churn_input with a 0-length ctx->b
brigade.

All httpd-test tests (except for the module/negotiation test) pass now.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91442 13f79535-47bb-0310-9956-ffa450edef68

we shouldn't delete it.

Thanks to Doug for pointing out that something broke.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91441 13f79535-47bb-0310-9956-ffa450edef68

Hey, I've never seen it in actual use anywhere, so I didn't know.

Thanks to Roy for pointing it out.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91440 13f79535-47bb-0310-9956-ffa450edef68

changed some of the style issues within the filtering code to conform to
the rest of the server.

Various incarnations of this patch have been posted to dev@httpd without
feedback.  Now that it passes all of the httpd-test cases (with the
exception of module/negotiation test which fails without mod_ssl anyway),
it is time to check it in.

Please review and test.  We are under C-T-R rules, so I'm going to take
advantage of that and commit it now.  I have tested this about as much
as I can and it seems to work from everything I can give to it.
Considering that mod_ssl was broken before this commit, this is an
improvement.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91414 13f79535-47bb-0310-9956-ffa450edef68

to match churn_output.  =)

Yes, I'm slowly working on fixing mod_ssl...


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91289 13f79535-47bb-0310-9956-ffa450edef68