Also clear the error queue before calling SSL_CTX_use_certificate[_chain]_file
(workaround for OpenSSL versions before 0.9.8h, see
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1513).

PR 56410.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588496 13f79535-47bb-0310-9956-ffa450edef68

  *) mod_proxy_wstunnel: Don't pool backend websockets connections,
     because we need to handshake every time. PR 55890.
     [Eric Covener]



actually remove mod_reqtimeout, since the util_filter functions involved
only manipulate c->input_filters no matter what we pass. We need to make
copies of c->input_filters after, not before, it skips over reqtimeout.

Note: reqtimeout doesn't really interfere today with normal operation,
but this is misleading/confusing when dealing with other
wstunnel issues.



cleanup wstunnel error handling

Submitted By: covener, ylavic, Edward Lu
Commited By: covener



followup to r1587036.

if backend->close is set too early, proxy_util.c will close it right 
away and then blow away the field.

Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588495 13f79535-47bb-0310-9956-ffa450edef68

Correct logic... if this is a UDS socket, then bypass all
this.

make mod_rewrite and mod_proxy UDS work together...

Adjust url as required, following what we did to r->filename.
Save some cycles when searching...

Tuck away UDS path in request-rec, since worker isn't
thread-safe. Protect from NULL refs.

Reflow logic... pull UDS stuff out

handle leak. thx to Y^2

r->filename should maintain the proxy: prefix for PHP-FPM
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588494 13f79535-47bb-0310-9956-ffa450edef68

follow-up to r813376:

finish reverting r808965 (ServerTokens set foo)


tweak syntax strings for ServerTokens
Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588492 13f79535-47bb-0310-9956-ffa450edef68

Follow-up to r1546759: Fix compilation when exception hooks aren't enabled.


avoid duplication of APR_HOOK_LINK invocations

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588491 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588490 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588489 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588478 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588430 13f79535-47bb-0310-9956-ffa450edef68

Bring SNI behavior into better conformance with RFC 6066:

- no longer send a warning-level unrecognized_name(112) alert
  when no matching vhost is found (PR 56241)

- at startup, only issue warnings about IP/port conflicts and name-based
  SSL vhosts when running with an OpenSSL without TLS extension support
  (almost 5 years after SNI was added to 2.2.x, the
  "[...] only work for clients with TLS server name indication support"
  warning feels obsolete)

Proposed by: kbrand
Reviewed by: jorton, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588424 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588356 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588345 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588268 13f79535-47bb-0310-9956-ffa450edef68

introduced by r1587695 (and my silent killer proposal)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588267 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588257 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588254 13f79535-47bb-0310-9956-ffa450edef68

mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified.

Submitted by: minfrin
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588247 13f79535-47bb-0310-9956-ffa450edef68

Only read "active" values from the key_files array. PR 56306.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588246 13f79535-47bb-0310-9956-ffa450edef68

Reverse the order when merging global and vhost-level config arrays.
Putting the vhost-level elements last allows overriding global settings
(for the deprecated SSLRequire directive, the order is irrelevant,
all of them must be met, cf. ssl_engine_kernel.c:ssl_hook_Access).

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588245 13f79535-47bb-0310-9956-ffa450edef68

If the "value" argument is prefixed with expr=, parse it with ap_expr
rather than mod_headers' built-in format strings.


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588244 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588240 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588221 13f79535-47bb-0310-9956-ffa450edef68

  Add hint about RequestHeader


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588220 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588179 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588176 13f79535-47bb-0310-9956-ffa450edef68

* support/rotatelogs.c (main): Prevent creation of zombies from
  post-rotate programs.

Reviewed by: druggeri, ylavic, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588175 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588135 13f79535-47bb-0310-9956-ffa450edef68

add change to makefile.win missing from r1588054
which was merged to 2.4 in r1588064


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588076 13f79535-47bb-0310-9956-ffa450edef68

Merged /httpd/httpd/trunk:r1515403,1515411,1515420,1517175,1521909,1526647,1541181,1578762,1585054,1585072,1588054

mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.

Submitted by: trawick, jailletc36, gsmith
Approved by: trawick, jim, gsmith

(Thanks gsmith for the Windows build bits!)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588064 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588057 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587884 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587881 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587770 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587768 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587767 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587758 13f79535-47bb-0310-9956-ffa450edef68

* Do not parse URL in case of regular expression as they likely do not follow
  the URL syntax.

PR: 56074

Submitted by: rpluem
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587699 13f79535-47bb-0310-9956-ffa450edef68

mod_reqtimeout: Resolve unexpected timeouts on keepalive requests 
under the Event MPM. PR56216.  

Submitted By: Frank Meier <frank meier ergon ch>
Committed By: covener



Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587697 13f79535-47bb-0310-9956-ffa450edef68

Add suspend_connection and resume_connection hooks to notify modules
when the thread/connection relationship changes.  (Currently implemented
only for the Event MPM; should be implemented for all async MPMs.)


follow-up to r1546759: remove an inadvertently committed testcase
Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587695 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_fcgi: Fix sending of response without some HTTP headers
that might be set by filters.

The problem occurs when no body bytes were read while reading the
response headers, resulting in an empty brigade being sent down
the filter stack.  One particualr filter that mishandles the empty
initial brigade is mod_deflate.  It neglects to add to the response
header fields.

PR: 55558
Submitted by: Jim Riggs <jim riggs.me>
Reviewed by: trawick

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587694 13f79535-47bb-0310-9956-ffa450edef68