onsuccess vs always

In PR 62380 a user was confused why Header set always
was not overriding a header set by a HTTP backend managed
via mod_proxy_http. The difference between 'onsuccess'
and 'always' is really subtle, even if somebody is familiar
with r->headers_out and r->err_headers_out and the httpd's
internals.

As Stefan mentioned over email, the absence of a "normalized"
headers list in the response should be explained, so I tried to
do so in this commit.





git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844401 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844354 13f79535-47bb-0310-9956-ffa450edef68

Fix a cppcheck warning and a style issue.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844352 13f79535-47bb-0310-9956-ffa450edef68

  message.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844343 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844090 13f79535-47bb-0310-9956-ffa450edef68

  by SSLProxyMachineCertificate{File|Path}.
  The certificates and keys loaded during configuration time got lost during
  runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
  level and there was an SSL directive at directory level, e.g. SSLRequire.
  This fixes a regression likely introduced in r1740928.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844002 13f79535-47bb-0310-9956-ffa450edef68

See https://github.com/jfclere/JBCSP-17 for example...


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844001 13f79535-47bb-0310-9956-ffa450edef68

at least not for OpenSSL 1.1.1. This is documented in the man
page for SSL_read and let to h2 failures when using OpenSSL 1.1.1.

When no data could be read, our code returned EAGAIN up until
OpenSSL 1.1.0, but APR_EOF for OpenSSL 1.1.1.

Now instead check SSL_get_error() also when SSL_read() returns 0.

To keep changes small, this change should not influence behavior,
when (rc=SSL_read()):
- rc < 0
- rc == 0 && *len > 0
- rc == 0 &&
  (APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc) &&
  inctx->block == APR_NONBLOCK_READ

Behavior changes if
- rc == 0 &&
  !(APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc) &&
  !*len > 0
  Instead of APR_EOF:
  - same behavior as rc < 0 for SSL_ERROR_WANT_READ
  - same behavior as rc < 0 for SSL_ERROR_SYSCALL && APR_STATUS_IS_EAGAIN(inctx->rc)

Another change is that rc == 0 && ssl_err == SSL_ERROR_ZERO_RETURN
also results in APR_EOF.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843954 13f79535-47bb-0310-9956-ffa450edef68

  Set c->aborted before apr_brigade_cleanup to have the correct status
  when logging the request as apr_brigade_cleanup triggers the logging
  of the request if it contains an EOR bucket.

PR: 62823
Submitted by: Arnaud Grandville <contact@grandville.net>
Reviewed by:rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843939 13f79535-47bb-0310-9956-ffa450edef68

Compiling in maintainer mode leads to a failure
due to challenges_configured initialized but
not used. Removing it seems harmless, Stefan
please let me know if this is not the case.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843743 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843677 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843676 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843671 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843670 13f79535-47bb-0310-9956-ffa450edef68

mod_md: eliminating compiler warnings re signedness and unused. Adding a APLOG_WARNING 
	when the only available ACME challenge is "tls-sni-01" since Let's Encrypt will
        disable that completely beginning of 2019.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843543 13f79535-47bb-0310-9956-ffa450edef68

mpm_event: Stop issuing AH00484 "server reached MaxRequestWorkers..." when
there are still idle threads available. When there are less idle threads than
MinSpareThreads, issue new one-time message AH10159. Matches worker MPM.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843513 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843430 13f79535-47bb-0310-9956-ffa450edef68

     missed to signal it the normal way (eos buckets). Addresses github issues 
     https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167
     and https://github.com/icing/mod_h2/issues/170. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843426 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843424 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843290 13f79535-47bb-0310-9956-ffa450edef68

                    in both r->headers_out and r->err_headers_out
                    to avoid duplication.

In session_cookie_save it seems that ap_cookie_write is called
with r->headers_out and r->err_headers_out, ending up in the same
Set-Cookie header on both tables and eventually duplicated in the
HTTP response. I took Emmanuel's patch and trimmed out the bits
that remove the header only from r->err_headers_out (leaving it
to do the work on both tables) as attempt to change this bit of code
in the most conservative way as possible. Sending a commit for
a broader review.

PR: 60910,56098,55278



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843244 13f79535-47bb-0310-9956-ffa450edef68

responses allowing these modules to properly set or fix-up the response
headers such as Vary or ETag.

This change follows up on r1837056 that disabled that special handling and
thus resulted in a potential violation of RFC7232, 4.1:

   The server generating a 304 response MUST generate any of the following
   header fields that would have been sent in a 200 (OK) response to the
   same request: Cache-Control, Content-Location, Date, ETag, Expires,
   and Vary.)

References:
  https://lists.apache.org/thread.html/f5733ca6743757e8aa8b58a0cd9e27680971551c2a20f5606c66507e@%3Cdev.httpd.apache.org%3E
  https://tools.ietf.org/html/rfc7232#section-4.1

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843242 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843205 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843201 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843164 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842938 13f79535-47bb-0310-9956-ffa450edef68

  statedir-relative default lock database path.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842931 13f79535-47bb-0310-9956-ffa450edef68

with default from config.layout, configurable via DefaultStateDir.

* server/core.c (set_state_dir, ap_state_dir_relative):
  New functions.
  
* config.layout, acinclude.m4, Makefile.in, configure.in: Define
  statedir variables, drop davlockdb.

* include/ap_config_layout.h.in: Define DEFAULT_REL_STATEDIR,
  DEFAULT_EXP_STATEDIR in place of _DAVLOCKDB.

* include/ap_mmn.h: Bump MMN minor.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842929 13f79535-47bb-0310-9956-ffa450edef68

  mkdir_structure error case.  Fixes Coverity warning.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842926 13f79535-47bb-0310-9956-ffa450edef68

  error case, as required by C89/POSIX stdarg.h - Coverity warns for
  this.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842919 13f79535-47bb-0310-9956-ffa450edef68

  rather than leak caches if all three cannot be allocated (Coverity
  warning).  Remove unnecessary pointer.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842898 13f79535-47bb-0310-9956-ffa450edef68

  (deflate_out_filter): Fix typo setting output note. (Coverity warning)
  (deflate_in_filter): Fix redundant assignment. (clang warning)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842888 13f79535-47bb-0310-9956-ffa450edef68

  redundant branch (warning from Coverity).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842884 13f79535-47bb-0310-9956-ffa450edef68

  redundant assignment (clang warning).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842883 13f79535-47bb-0310-9956-ffa450edef68

  redundant assignment (clang warning), the apr_file_eof(fp)=>APR_EOF
  case assigns rv to APR_EOF and then to APR_SUCCESS after already.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842882 13f79535-47bb-0310-9956-ffa450edef68

  buffer to avoid potential (harmless) memcmp comparison against
  garbage stack data later.  (clang warning).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842881 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842640 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842639 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842598 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842568 13f79535-47bb-0310-9956-ffa450edef68