- Sep 18, 2018
-
-
Ruediger Pluem authored
consume 1 GB of memory as the subrequests and propdb pools are not destroyed and cleared after each element was handled. Do this now. There is one case in dav_get_props where elem->priv lives longer then the propdb pool. In this case allocate from r->pool. Furthermore also recycle propdb's which allows to clear the propdb's pools instead of destroying them and creating them again. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841225 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
Retrieve and set sslconn->client_cert here for both "modern" and classic access control. (ssl_hook_Access_classic, ssl_hook_Access_modern, ssl_hook_Access): Restore SSLRequire and FakeBasicAuth checks to ssl_hook_Access so tests are still applied for TLSv1.3. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841218 13f79535-47bb-0310-9956-ffa450edef68
-
André Malo authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841203 13f79535-47bb-0310-9956-ffa450edef68
-
André Malo authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841200 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 15, 2018
-
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840972 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840971 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840964 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 13, 2018
-
-
Christophe Jaillet authored
Instead of logging a password (which is not a good practice), clarify the associated message git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840776 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 12, 2018
-
-
Joe Orton authored
Disable AUTO_RETRY mode for OpenSSL 1.1.1, which fixes post-handshake authentication. (ssl_init_proxy_certs): Fix proxy client cert support with TLSv1.3, which is now crippled by default. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840710 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
This is more readable and isn't miscompiled w/ -O3 on a certain unnamed EBCDIC platforms compiler. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840678 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 11, 2018
-
-
Yann Ylavic authored
Move ap_filter_adopt_brigade()'s declaration to "server/core.h" (private). For ap_filter_recycle(), make it static/internal to util_filter (renamed to recycle_dead_filters() which better fits what it does). It's now also called unconditionally from ap_filter_input_pending() which itself is always called after the request processing and from MPM event (as input_pending hook). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840611 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
403 if SSL_verify_client_post_handshake() fails, e.g. when the TLS/1.3 client didn't send the Post-Handshake Authentication extension. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840585 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840582 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840575 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
Ignore sd_notify{,f} failure cases as currently recommended by the systemd API docs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840555 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
service getting stuck reloading if "ExtendedStatus off" is configured; regression in r1802251. PR: 62697 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840554 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 06, 2018
-
-
Yann Ylavic authored
Since r1840149 ap_core_input_filter() can't use use f->[priv->]bb directly, so ap_filter_input_pending() stopped accounting for its pending data. But ap_core_input_filter() can't (and doesn't need to) setaside its socket bucket, so ap_filter_setaside_brigade() is not an option. This commit adds ap_filter_adopt_brigade() which simply moves the given buckets (brigade) into f->priv->bb, and since this is not something to be done blindly (the buckets need to have c->pool/bucket_alloc lifetime, which is the case in the core filter) the function is not AP_DECLAREd/exported thus can be used in core only. With ap_filter_adopt_brigade() and ap_filter_reinstate_brigade(), the core input is now ap_filter_input_pending() friendly. Also, ap_filter_recycle() is no more part of the API (AP_DECLARE removed too), there really is no point to call it outside core code. MAJOR bumped once again because of this. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840265 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
While all VH'es are NVH'es in 2.4 and later, something special happens once a second NVH in a set is added. This case covers the global server config scenario as well. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840229 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 05, 2018
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840150 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Introduce opaque struct ap_filter_private to move ap_filter_t "pending", "bb" and "deferred_pool" fields to the "priv" side of things. This allows to trust values set internally (only!) in util_filter code, and make useful assertions between the different functions calls, along with the usual nice extensibility property. Likewise, the private struct ap_filter_conn_ctx in conn_rec (from r1839997) allows now to implement the new ap_acquire_brigade() and ap_release_brigade() functions useful to get a brigade with c->pool's lifetime. They obsolete ap_reuse_brigade_from_pool() which is replaced where previously used. Some comments added in ap_request_core_filter() regarding the lifetime of the data it plays with, up to EOR... MAJOR bumped (once again). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840149 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 04, 2018
-
-
Yann Ylavic authored
We don't mind about cleaning up a connection filter when its pool is being cleaned up already. For request filters, let pending_filter_cleanup() do nothing if the given filter is not pending (anymore), which allows to save a cleanup kill when the filter is removed. Clear (zero) the reused filters (ap_filter_t) on reuse rather than cleanup, then a single APR_RING_CONCAT() can be used to recycle dead_filters in a one go. Always call ap_filter_recycle() in ap_filter_output_pending(), even if no filter is pending, and while at it fix s/ap_filter_recyle/ap_filter_recycle/ silly typo. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840028 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
mod_http2: connection IO event handling reworked. Instead of reacting on incoming bytes, the state machine now acts on incoming frames that are affecting it. This reduces state transitions. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840010 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
We want not only ap_filter_output_pending() to be able to access each pending filter's *f after the EOR is destroyed, but also each request filter to do the same until it returns. So request filters are now always cleaned up into a dead_filters ring which is merged into spare_filters only when ap_filter_recycle() is called explicitely, that is in ap_process_request_after_handler() and ap_filter_output_pending(). The former takes care of recycling at the end of the request, with any MPM, while the latter keeps recycling during MPM event's write completion. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840002 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839998 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 03, 2018
-
-
Yann Ylavic authored
When filters are allocated on f->r->pool, they may be destroyed any time underneath themselves which makes it hard for them to be passed the EOR and forward it (*f can't be dereferenced anymore when the EOR is destroyed, thus before request filters return). On the util_filter side, it also makes it impossible to flush pending request filters when they have set aside the EOR, since f->bb can't be accessed after it's passed to the f->next. So we always use f->c->pool to allocate filters and pending brigades, and to avoid leaks with keepalive requests (long living connections handling multiple requests), filters and brigades are recycled with a cleanup on f->r->pool. Recycling is done (generically) with a spare data ring (void pointers), and a filter(s) context struct is associated with the conn_rec to maintain the rings by connection, that is: struct ap_filter_conn_ctx { struct ap_filter_ring *pending_input_filters; struct ap_filter_ring *pending_output_filters; struct ap_filter_spare_ring *spare_containers, *spare_brigades, *spare_filters, *spare_flushes; int flushing; }; MMN major bumped (again). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839997 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
Reverting change 1839920, making TLSv1.3 part of "all" again, if supported by the SSL library. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839946 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Pending input and output are now maintained separately in respectively c->pending_input_filters and c->pending_output_filters, which improves both performances and debug-ability. Also, struct ap_filter_ring is made opaque, it's only used by util_filter and this will allow us to later change it e.g. to a dual ring+apr_hash to avoid quadratic search in ap_filter_prepare_brigade(). MMN major bumped due to the change in conn_rec (this is trunk only code anyway for now). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839933 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
SSL protocl TLSv1.3 no longer part of 'all' when configured. Needs to be added explicitly. When using 'modern' as SSL policy, TLSv1.3 is enabled. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839920 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 31, 2018
-
-
Rainer Jung authored
from apr_time_t to milliseconds instead of hard-coded division by 1000. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839780 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 29, 2018
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839583 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Since [mpm]_note_child_killed uses the scoreboard's generation number for child_status hook (MPM_CHILD_EXITED), we must initialize it early (i.e. in [mpm]_note_child_started where MPM_CHILD_STARTED is set) to avoid race conditions on restart (e.g. storm/loop of restarts) leading to AH00546. PR 62658. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839571 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 28, 2018
-
-
Yann Ylavic authored
Make the SSL filters chain return an error when the handshake fails with an origin server. It can then be caught by mod_proxy to fail with 502. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839442 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839436 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839435 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 27, 2018
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839303 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 26, 2018
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839250 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
There is a typo in the comment. HN_UPDATE_SEC has been renamed HM_UPDATE_SEC. The TODO seems to have been taken into account in r759862. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839249 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839248 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
There is a typo in the comment. HN_UPDATE_SEC has been renamed HM_UPDATE_SEC. The TODO seems to have been taken into account in r759862. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839247 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839245 13f79535-47bb-0310-9956-ffa450edef68
-