- Dec 24, 2011
-
-
Kaspar Brand authored
SSLProtocol: allow explicit control of TLSv1.1 and TLSv1.2 flavors when compiled against OpenSSL 1.0.1 or later. Update documentation. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1222922 13f79535-47bb-0310-9956-ffa450edef68
-
Kaspar Brand authored
Set OPENSSL_NO_SSL_INTERN when compiling against OpenSSL 1.0.1 or later, so that mod_ssl retains binary compatibility with future versions when internal structures are changed. Use API functions where available, and fall back to direct access for OpenSSL up to 1.0.0, where needed. Remove SSL_make_ciphersuite() from ssl_util_ssl.[ch], as it was never used by any released version of mod_ssl. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1222920 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 23, 2011
-
-
Graham Leggett authored
mod_mime: Don't arbitrarily bypass AddOutputFilter during a ProxyPass, but then allow AddOutputFilter during a RewriteRule [P]. Make mod_mime behave identically in both cases. PR52342. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1222643 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 20, 2011
-
-
Graham Leggett authored
Move ab, logresolve, httxt2dbm and apxs to bin from sbin, along with corresponding man pages. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1221299 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 19, 2011
-
-
Graham Leggett authored
Distinguish properly between the bindir and sbindir directories when installing binaries. Previously all binaries were silently installed to sbindir, whether they were system administration commands or not. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1220867 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 15, 2011
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1214793 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1214787 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 12, 2011
-
-
Kaspar Brand authored
Streamline TLS session ticket key handling (added in r1200040): - drop the SSLTicketKeyDefault directive, and only support a single ticket key per server/vhost - rename the SSLTicketKeyFile directive to SSLSessionTicketKeyFile, remove the keyname parameter - move ticket key parameters from SSLSrvConfigRec to modssl_ctx_t - configure the tlsext_ticket_key_cb only when in server mode - add documentation for SSLSessionTicketKeyFile git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1213395 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Fritsch authored
Limit length of lines in .htaccess to 8K again, to reduce DoS potential. Make ap_varbuf_cfg_getline() strictly enforce the max_len parameter. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1213344 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 05, 2011
-
-
Stefan Fritsch authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1210288 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 02, 2011
-
-
Stefan Fritsch authored
Fix segfault with Solaris LDAP SDK when enabling ldaps. Enable SSL by passing secure=1 to apr_ldap_init instead of calling apr_ldap_set_option(... APR_LDAP_OPT_TLS ...). This change carefully avoids any change of behavior on non-Solaris LDAP SDKs. PR: 42682 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209604 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 01, 2011
-
-
Graham Leggett authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209070 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
mod_rewrite: Add the AllowNoSlash RewriteOption, which makes it possible for RewriteRules to be placed in .htaccess files that match the directory with no trailing slash. PR 48304. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209057 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 30, 2011
-
-
Graham Leggett authored
mod_session_crypto: Add a SessionCryptoPassphraseFile directive so that the administrator can hide the keys from the configuration. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208518 13f79535-47bb-0310-9956-ffa450edef68
-
http://svn.apache.org/viewvc?view=revision&revision=1070179Graham Leggett authored
as per the following thread: http://www.gossamer-threads.com/lists/apache/dev/395830?do=post_view_threaded#395830 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208384 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
Introduce a per request version of the remote IP address, which can be optionally modified by a module when the effective IP of the client is not the same as the real IP of the client (such as a load balancer). Introduce a per connection "peer_ip" and a per request "client_ip" to distinguish between the raw IP address of the connection and the effective IP address of the request. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208378 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 24, 2011
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1205850 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 23, 2011
-
-
Stefan Fritsch authored
Pass ap_errorlog_info to error_log hook git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1205573 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 21, 2011
-
-
Graham Leggett authored
mod_cache_disk: Make sure we check return codes on all writes and attempts to close, and clean up after ourselves in these cases. PR43589. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204602 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204357 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
PR51471: IndexIgnore doesn't work in DirectoryMatch. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204342 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204320 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
PR39923: Allow AddDescription to work with absolute filesystem paths, by not adding "*/" to their prefix (intended for relative paths) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204309 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 19, 2011
-
-
Graham Leggett authored
mod_cache_disk: Remove the unnecessary intermediate brigade while writing to disk. Fixes a problem where mod_disk_cache was leaving buckets in the intermediate brigade and not passing them to out on exit. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204102 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 18, 2011
-
-
Kaspar Brand authored
Change the SSLCipherSuite default to a shorter, whitelist oriented definition, and add an example for a speed-optimized configuration (commented out by default). In the SSL How-To, streamline the SSLCipherSuite examples where applicable (explicitly banning EXP and NULL is not needed when only HIGH is specified). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1203753 13f79535-47bb-0310-9956-ffa450edef68
-
Kaspar Brand authored
drop SSLv2 support (set SSL_OP_NO_SSLv2 for any new SSL_CTX) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1203495 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 13, 2011
-
-
Eric Covener authored
add per-dir config merging to mod_lua so LuaHook* in multiple per-dir sections behaves as expected instead of discarding previous sections. Reviewed by: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201445 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 12, 2011
-
-
Jeff Trawick authored
Server directive display (-L): Include directives of DSOs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201358 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
mod_cache: Make sure we merge headers correctly when we handle a non cacheable conditional response. PR52120. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201332 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201216 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Part 3: Remote MPM simple. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201214 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Part 2: Remove mod_serf. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201210 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Part 1: mod_noloris was superseded by mod_reqtimeout. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201164 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Fritsch authored
Set MaxMemFree 2048 by default git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201161 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Fritsch authored
Fix assertion failure during very high load by preventing race condition between appending to the timeout queues and adding to the pollset. We don't add additional locking calls but only extend the present calls to include the apr_pollset_add. Therefore this hopefully should not cause too much performance regression. Add some comments Replace two AP_DEBUG_ASSERTS with better error handling git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201149 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
1) Promoted from "most" to "yes/few" - mod_headers 2) Demoted from "yes/few" to "most" - mod_actions - mod_allowmethods - mod_auth_form - mod_buffer - mod_cgi(d) - mod_include - mod_negotiation - mod_ratelimit - mod_request - mod_userdir Remember: default module set is "most", but only the LoadModule lines of all modules except "yes/few" are commented out by default. The following modules will now be loaded by default: - mod_access_compat - mod_alias - mod_auth_basic - mod_authn_core - mod_authn_file - mod_authz_core - mod_authz_groupfile - mod_authz_host - mod_authz_user - mod_autoindex - mod_dir - mod_env - mod_filter - mod_headers - mod_log_config - mod_mime - mod_mpm_event - mod_reqtimeout - mod_setenvif - mod_status - mod_unixd - mod_version Backport of r1201111 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201118 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 11, 2011
-
-
Rainer Jung authored
Backport of r1201042 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201046 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Merge r1200475, r1200478, r1200482, r1200491, r1200513, r1200550, r1200580, r1200605, r1200612, r1200614, r1200639, r1200646, r1200656, r1200667, r1200679, r1200699, r1200957, r1200961, r1200963 from trunk: fix issue with incorrect munging of the lua package path -- LuaPackagePath directives were not working Default to not allowing htaccess in /, instead of just the documentroot, which gets a nice 10% performance boost by default for me. * modules/ssl/ssl_private.h, modules/ssl/ssl_engine_kernel.c (ssl_callback_tlsext_tickets): Use unsigned char * to fix gcc -Wpointer-sign warnings. Only load the really imporant modules (i.e. those enabled by the 'few' selection) by default. Don't handle modules enabled with --enable-foo specially. This fixes problems with module dependencies until someone implements a mechanism for resolving module dependencies. remove last traces of the code cache * modules/proxy/mod_proxy_html.c (comp_urlmap): Fix const-ness warning. * modules/lua/mod_lua.c (ap_lua_ssl_is_https): New function. (lua_post_config): Pick up ssl_is_https optional function. * modules/lua/lua_request.c (req_ssl_is_https_field): New function. (ap_lua_load_request): Map is_https field to above. remove some debug logging which snuck in remove ability to set min and max pool sizes for server scope in prep for removing server scope remove lingering reslist references before killing server scope replace server scope with thread scope use a sub-pool for scope_once Fix installation of conf/extra/proxy-html.conf. Otherwise httpd does no longer start, because it is the only extra file required in the main config at the moment. Rebuild xdoc transform Clarify docs for LimitRequestLine, as per bug #51665. Rebuild doc transforms. Submitted by: brianm, pquerna, jorton, sf, brianm, jorton, jorton, sf, pquerna, brianm, brianm, brianm, brianm, brianm, jorton, rjung, rbowen, rbowen, rbowen Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1200981 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 10, 2011
-
-
Jeff Trawick authored
temporary intervals with no active MPM children. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1200449 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 09, 2011
-
-
Paul Querna authored
* SSLTicketKeyFile: To store the private information for the encryption of the ticket. * SSLTicketKeyDefault To set the default, otherwise the first listed token is used. This enables key rotation across servers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1200040 13f79535-47bb-0310-9956-ffa450edef68
-