- Jun 16, 2015
-
-
Jim Jagielski authored
mod_ssl: Remove deprecated SSLCertificateChainFile warning. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1685870 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 11, 2015
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1684895 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 09, 2015
-
-
Stefan Fritsch authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1684533 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. Submitted by: breser Backports: r1684524 Reviewed by: wrowe, ylavic, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1684525 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. Submitted by: graham, ylavic Reviewed by: ylavic, wrowe, jim Backports: 1484852, 1684513 Reported by: Régis Leroy git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1684515 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 04, 2015
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1683585 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 02, 2015
-
-
Jim Jagielski authored
mod_proxy: Don't put the worker in error state for 500 or 503 errors returned by the backend unless failonstatus is configured to. PR 56925. mod_proxy: follow up to r1681694. Handle the proxy-error-override note also in mod_proxy_ajp. The note is not needed in mod_proxy_fcgi (which also handles ProxyErrorOverride) since it calls ap_die() by itself, and always returns OK to proxy_handler(). Add a comment about the note where used. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1683112 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 01, 2015
-
-
Jim Jagielski authored
PR 57968: Don't lowercase the argument to SetHandler if the handler is proxy:unix. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682888 13f79535-47bb-0310-9956-ffa450edef68
-
- May 29, 2015
-
-
William A. Rowe Jr authored
handler or input filter already did it while reading the request (causing a double response body). Submitted by: ylavic Backports: r1482522 (partial, ap_map_http_request_error() things only!), r1529988, r1529991, r1643537, r1643543, r1657897, r1665625, r1665721, r1674056 Reviewed by: ylavic, minfrin, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682544 13f79535-47bb-0310-9956-ffa450edef68
-
Gregg L. Smith authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682360 13f79535-47bb-0310-9956-ffa450edef68
-
- May 27, 2015
-
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682077 13f79535-47bb-0310-9956-ffa450edef68
-
- May 23, 2015
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681347 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
r1679032: mod_ssl OCSP Stapling: Don't block initial handshakes while refreshing the OCSP response for a different certificate. mod_ssl has an additional global mutex, "ssl-stapling-refresh". Not mentioned in CHANGES: Stapling no longer uses a mutex when using a stapling cache implementation which doesn't require it. (A further, unrelated code change to mod_ssl is required to allow the use of memcache as a stapling cache, and I haven't tested with distcache; thus it isn't clear if this helps in practice yet.) r1679192: Fix regression in check for cached response (Essentially) Submitted by: ylavic r1680276: OCSP stapling: slight simplification to some internal interfaces, add a few comments and sanity checks Submitted by: trawick (with assist from ylavic) Reviewed by: jim, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681320 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* modules/aaa/mod_authz_owner.h: Add header file with optional hook declaration for "authz_owner_get_file_group". * modules/aaa/mod_authz_dbm.c, modules/aaa/mod_authz_groupfile.c: Use the header to pick up the above declaration; retrieve the optional function in a hook; use a static variable to store the function pointer. Submitted by: jorton Reviewed by: jkaluza, wrowe, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681311 13f79535-47bb-0310-9956-ffa450edef68
-
- May 22, 2015
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681187 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
http: Make ap_die() robust against any HTTP error code and not modify response status (finally logged) when nothing is to be done. ap_die(): follow up to r1657881. Use log level DEBUG for AP_FILTER_ERROR => HTTP_INTERNAL_SERVER_ERROR. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681114 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
core: Cleanup the request soon/even if some output filter fails to handle the EOR bucket. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681113 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
* mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free bug with postgresql mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetime of DB lookup entries independently of the selected DB engine. PR 46421. Suggested by: Michel Stam <michel reverze net> Proposed by: Steven whitson <steven.whitson gmail com> Reviewed/Extended/Committed by: ylavic Follup up to r1679181: CHANGES entry. Submitted by: jkaluza, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681107 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_log_config: instead of using the new dedicated pattern format "%M" for duration milliseconds, overload the existing "%D" to choose the time precision ("%{s}D" for seconds, "%{ms}D" for milliseconds and "%{us}D" for microseconds). The existing %T and %D without precision are kept for compatibility. The previously introduced "%M" (r1677187) is removed, it has not yet been released. Format pattern characters are rare, so we should only use a new one if an existing one isn't a good fit. Fix syntax. Follow-up to r1680895: Let %T be the format character which accepts time resolution arguments. Submitted by: rjung, trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681106 13f79535-47bb-0310-9956-ffa450edef68
-
- May 18, 2015
-
-
Jim Jagielski authored
Conform to RFC 7525, with additional suggestion to drop RSA Kx ciphers Document RFC 7525 changes Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1679987 13f79535-47bb-0310-9956-ffa450edef68
-
- May 13, 2015
-
-
Jim Jagielski authored
mod_ssl: Check for RAND_egd() at configure time and only use it if present. Fixes the build with LibreSSL which does not provide this function. Submitted by: Bernard Spil <pil.oss gmail com>, stsp Committed by: stsp mod_ssl: Make the config parser complain if SSLRandomSeed specifies the Entropy Gathering Daemon (EGD) as source while the underlying SSL library does not support EGD (e.g. in case of LibreSSL). Suggested and reviewed by: kbrand Follow up to r1674542 and r1675410: CHANGES entry. Submitted by: stsp, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1679199 13f79535-47bb-0310-9956-ffa450edef68
-
- May 11, 2015
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1678717 13f79535-47bb-0310-9956-ffa450edef68
-
- May 07, 2015
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1678234 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
consistently output SSLCertificateChainFile deprecation warnings Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1678233 13f79535-47bb-0310-9956-ffa450edef68
-
- May 01, 2015
-
-
Jim Jagielski authored
If a directory exists but no indexes can be resolved, the fallback resource should be attempted first before giving up. Submitted By: Jack <tjerk.meesters gmail.com> , covener Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1677186 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 26, 2015
-
-
Kaspar Brand authored
Add support for extracting subjectAltName entries of type rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables. * docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the environment variables table * modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction of subjectAltName entries for the "StdEnvVars" case * modules/ssl/ssl_engine_vars.c: add support for retrieving the SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with individual on-demand lookup (ssl_var_lookup_ssl_cert_san), or with full-list extraction to the environment ("StdEnvVars") * modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype * modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where suitable. Limit SSL_X509_getSAN to the two most common subjectAltName entry types appearing in user or server certificates (i.e., rfc822Name and dNSName), for the time being. * modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8 and SSL_X509_getSAN prototypes Proposed by: kbrand Reviewed by: ylavic, druggeri git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1676087 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 20, 2015
-
-
Jim Jagielski authored
mpm_event: Allow for timer events duplicates. Meanwhile ap[r]_skiplist_add()... mpm_event: follow up to r1666468. We only need one compare function for add semantic with apr_skiplist_insert() and unique timers (pointers). It also should work with apr_skiplist_remove() and apr_skiplist_find(), be they used some day. mpm_event: follow up to r1666468 and r1666618. We don't need to return 0 in the compare function, but for debugging purpose which we could implement later if necessary (in a separate function). For now, keep the function simple as in 2.4.x to ease backport, and add a comment about why we never return 0 here. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674921 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 19, 2015
-
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674670 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
move CHANGES entries to correct version. Use "mod_ssl" instead of "ssl". git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674667 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_wstunnel: Bypass the handler while the connection is not upgraded to WebSocket, so that other modules can possibly take over the leading HTTP requests. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674661 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
* Fix If-Match handling: - We need to fail if we do NOT match. - ETag comparison only makes sense if we have an ETag PR: 57358 Submitted by: Kunihiko Sakamoto <ksakamoto google.com> Reviewed by: rpluem Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674658 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Add a warning if protocol given in SSLProtocol or SSLProxyProtocol will override other parameters given in the same directive. This could be a missing + or - prefix. PR 52820 Tweak log message Add CHANGES entry before backport proposal Follow-up to r1520445: Tweak error message for clarity Submitted by: jailletc36, trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674655 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 16, 2015
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674048 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 15, 2015
-
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673942 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
* Use the correct server name for SNI in case the backend SSL connection itself is established via a proxy server. PR: 57139 Submitted by: Szabolcs Gyurko <szabolcs gyurko.org> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673941 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
ssl_util: Fix possible crash (free => OPENSSL_free) and error path leaks when checking the server certificate constraints (SSL_X509_getBC()). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673940 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
PR 57379: If mod_cgi and mod_cgid get installed, use IfModule for MPM to LoadModule mod_cgi for prefork and mod_cgid for all other MPMs. Previously when combined with --enable-load-all-modules both modules were loaded and it was undefined which one actually handled cgi requests. Based on a patch by olli hauer <ohauer gmx.de>. Addition to r1652955: Use "=" in combination with "test" instead of "==". Fix indentation and tab use after r1652955. Submitted By: olli hauer <ohauer gmx.de> Reviewed By: rjung, ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673909 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
allow time to first byte (of response headers) to be logged by mod_logio. mod_logio was just a conveninent place to do this w/o writing a new filter or complicating an existing important one. Use 'unsigned int' in bitfield git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673904 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
*) mod_proxy_wstunnel: Avoid an empty response by failing with 502 (Bad Gateway) when no response is ever received from the backend. Submitted By: jkaluza Reviewde By: covener, ylavic, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673902 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
mod_ssl: Protect ENGINE_CTRL_CHIL_SET_FORKCHECK macro with a featue check for libressl. Submitted by: Stuart Henderson <sthen openbsd.org> Reviewed by: covener, trawick, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673900 13f79535-47bb-0310-9956-ffa450edef68
-