Skip to content
GitLab
  1. 08 Dec, 2015 1 commit
  3. 07 Dec, 2015 13 commits
  5. 06 Dec, 2015 2 commits
  7. 05 Dec, 2015 3 commits
  9. 04 Dec, 2015 4 commits
  11. 03 Dec, 2015 5 commits
  13. 02 Dec, 2015 1 commit
  15. 29 Nov, 2015 3 commits
  17. 28 Nov, 2015 2 commits
  19. 26 Nov, 2015 6 commits
    • Christophe Jaillet's avatar
      Fix typo in comment · f1682cfd
      Christophe Jaillet authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716770 13f79535-47bb-0310-9956-ffa450edef68
      f1682cfd
    • Stefan Eissing's avatar
      merge of trunk fix · 010352ba
      Stefan Eissing authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716662 13f79535-47bb-0310-9956-ffa450edef68
      010352ba
    • Jim Jagielski's avatar
      Merge r1711728, r1713209 from trunk: · 033018fd
      Jim Jagielski authored 
      For the "SSLStaplingReturnResponderErrors off" case, make sure to only
staple responses with certificate status "good". Also avoids including
inaccurate responses when the OCSP responder is not completely up
to date in terms of the CA-issued certificates (and provides interim
"unknown" or "extended revoked" [RFC 6960] status replies).

Log a certificate status other than "good" in stapling_check_response().

Propagate the "ok" status from stapling_check_response() back via both
stapling_renew_response() and get_and_check_cached_response() to the
callback code in stapling_cb(), enabling the decision whether to include
or skip the response.


insert missing LOGNO in ssl_util_stapling.c
Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716652 13f79535-47bb-0310-9956-ffa450edef68
      033018fd
    • Jim Jagielski's avatar
      Merge r1710095, r1710105, r1711902 from trunk: · 9f9b598d
      Jim Jagielski authored 
      core: Limit to ten the number of tolerated empty lines between request,
and consume them before the pipelining check to avoid possible response
delay when reading the next request without flushing.

Before this commit, the maximum number of empty lines was the same as
configured LimitRequestFields, defaulting to 100, which was way too much.
We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES).

check_pipeline() is changed to check for (up to the limit) and comsume the
trailing [CR]LFs so that they won't be interpreted as pipelined requests,
otherwise we would block on the next read without flushing data, and hence
possibly delay pending response(s) until the next/real request comes in or
the keepalive timeout expires.
 
Finally, when the maximum number of empty line is reached in
read_request_line(), or that request line does not contains at least a method
and an (valid) URI, we can fail early and avoid some failure detected in
further processing.


core: follow up to r1710095.
Simplify logic in check_pipeline(), and log unexpected errors.


core: follow up to r1710095, r1710105.
We can do this in a single (no inner) loop, and simplify again the logic.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716651 13f79535-47bb-0310-9956-ffa450edef68
      9f9b598d
    • Jim Jagielski's avatar
      promote · 419ec2ea
      Jim Jagielski authored 
      
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716650 13f79535-47bb-0310-9956-ffa450edef68
      419ec2ea
    • Jim Jagielski's avatar
      votes · 9dbf8adf
      Jim Jagielski authored 
      
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716649 13f79535-47bb-0310-9956-ffa450edef68
      9dbf8adf