git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842567 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842566 13f79535-47bb-0310-9956-ffa450edef68

  not the configuration settings for frontend connections in case of
  connections by the proxy to the backend.

PR: 62769


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842540 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842394 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842389 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842388 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842387 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842386 13f79535-47bb-0310-9956-ffa450edef68

Use priority to remove the ambiguity.

The only rational for choosing "3" and "4" for these priorities, is that "4" is related to <h4> tags, and 3=4-1 for the previous level.

Tested with the actual Xalan XSL engine:
   ./build.sh all
with and without the change.
Outputs are exactly the same.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842165 13f79535-47bb-0310-9956-ffa450edef68

Some rules to help me detect un-needed links to directives, or missing ones were sent by error

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842164 13f79535-47bb-0310-9956-ffa450edef68

Use priority to remove the ambiguity.

The only rational for choosing "3" and "4" for these priorities, is that "4" is related to <h4> tags, and 3=4-1 for the previous level.

Tested with the actual Xalan XSL engine:
   ./build.sh all
with and without the change.
Outputs are exactly the same.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842160 13f79535-47bb-0310-9956-ffa450edef68

The XSLT Saxon engine warns that  match="@*" will return only attribute nodes, which can't have any attributes or child.

So simplify the xsl rules accordingly.

Tested with:
   ./build.sh all
with and without the change.
Outputs are exactly the same.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842146 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842104 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842058 13f79535-47bb-0310-9956-ffa450edef68

  pool. Hence close the propdb *after* dav_stream_response which clears thei
  probdb pool.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842010 13f79535-47bb-0310-9956-ffa450edef68

* modules/http/http_protocol.c (status_lines,
  get_canned_error_string): Add 425 response.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842007 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841786 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841784 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841680 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841640 13f79535-47bb-0310-9956-ffa450edef68

Suggested by the IRC Freenode user 'a-ja' on #httpd-dev



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841639 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: changing from APLOG_WARN to DEBUG to INFO after review.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841455 13f79535-47bb-0310-9956-ffa450edef68

downgrade mod_ssl log level for requests not carrying SNI when SSLStrictSNIVHostCheck is on.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841446 13f79535-47bb-0310-9956-ffa450edef68

  consume 1 GB of memory as the subrequests and propdb pools are not
  destroyed and cleared after each element was handled.
  Do this now. There is one case in dav_get_props where elem->priv
  lives longer then the propdb pool. In this case allocate from r->pool.
  Furthermore also recycle propdb's which allows to clear the propdb's
  pools instead of destroying them and creating them again.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841225 13f79535-47bb-0310-9956-ffa450edef68

  Retrieve and set sslconn->client_cert here for both "modern" and
  classic access control.
  (ssl_hook_Access_classic, ssl_hook_Access_modern, ssl_hook_Access):
  Restore SSLRequire and FakeBasicAuth checks to ssl_hook_Access so tests
  are still applied for TLSv1.3.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841218 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841203 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841200 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840972 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840971 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840964 13f79535-47bb-0310-9956-ffa450edef68

Instead of logging a password (which is not a good practice), clarify the associated message

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840776 13f79535-47bb-0310-9956-ffa450edef68

  Disable AUTO_RETRY mode for OpenSSL 1.1.1, which fixes
  post-handshake authentication.
  (ssl_init_proxy_certs): Fix proxy client cert support with
  TLSv1.3, which is now crippled by default.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840710 13f79535-47bb-0310-9956-ffa450edef68

This is more readable and isn't miscompiled w/ -O3 on a certain
unnamed EBCDIC platforms compiler.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840678 13f79535-47bb-0310-9956-ffa450edef68

Move ap_filter_adopt_brigade()'s declaration to "server/core.h" (private).

For ap_filter_recycle(), make it static/internal to util_filter (renamed to
recycle_dead_filters() which better fits what it does). It's now also called
unconditionally from ap_filter_input_pending() which itself is always called
after the request processing and from MPM event (as input_pending hook).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840611 13f79535-47bb-0310-9956-ffa450edef68

  403 if SSL_verify_client_post_handshake() fails, e.g. when the
  TLS/1.3 client didn't send the Post-Handshake Authentication
  extension.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840585 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840582 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840575 13f79535-47bb-0310-9956-ffa450edef68

  Ignore sd_notify{,f} failure cases as currently recommended by the
  systemd API docs.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840555 13f79535-47bb-0310-9956-ffa450edef68

  service getting stuck reloading if "ExtendedStatus off" is
  configured; regression in r1802251.

PR: 62697


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840554 13f79535-47bb-0310-9956-ffa450edef68

Since r1840149 ap_core_input_filter() can't use use f->[priv->]bb directly, so
ap_filter_input_pending() stopped accounting for its pending data.

But ap_core_input_filter() can't (and doesn't need to) setaside its socket
bucket, so ap_filter_setaside_brigade() is not an option. This commit adds
ap_filter_adopt_brigade() which simply moves the given buckets (brigade) into
f->priv->bb, and since this is not something to be done blindly (the buckets
need to have c->pool/bucket_alloc lifetime, which is the case in the core
filter) the function is not AP_DECLAREd/exported thus can be used in core only.

With ap_filter_adopt_brigade() and ap_filter_reinstate_brigade(), the core
input is now ap_filter_input_pending() friendly.

Also, ap_filter_recycle() is no more part of the API (AP_DECLARE removed too),
there really is no point to call it outside core code. MAJOR bumped once again
because of this.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840265 13f79535-47bb-0310-9956-ffa450edef68