Backport r1772559, r1774492, r1774493, r1774505 + reorder section/module in order to synch with trunk.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796131 13f79535-47bb-0310-9956-ffa450edef68

which had been approved and committed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795908 13f79535-47bb-0310-9956-ffa450edef68

ab: don't call malloc_init for OpenSSL 1.1.0

Patch by rjung.

The 1.1.0 compatibility macro for OpenSSL_malloc_init() causes problems
when mixed with procedure linkage stubs with some toolchains (e.g. GCC).
OpenSSL's malloc implementation doesn't recognize that the PLT stub
points back to it, which leads to infinite recursion.

Since the 1.1.0 documentation states that calling this function
explicitly is no longer necessary except "in certain shared-library
situations"(?), get rid of it.
Submitted by: jchampion
Reviewed by: jchampion, ylavic, gsmith


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795907 13f79535-47bb-0310-9956-ffa450edef68

Evaluate nested If/ElseIf/Else config sections

It has been reported multiple times that nested
If/ElseIf/Else sections are not evaluated but
silently ignored.

This patch adds a simple recursion to the ap_if_walk
logic in order to allow arbitrary nested configs.
The overhead seems negligible compared to the actual
version of the ap_if_walk, but more expert feedback
is surely needed since this code gets called for every
HTTP request.

Tests are going to be added to t/apache/if_sections.t


Submitted by: elukey
Reviewed by: elukey, jim, yalvic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795906 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795877 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795865 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795852 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795851 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795850 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795831 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795811 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795809 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795808 13f79535-47bb-0310-9956-ffa450edef68

has been reclassified in current OpenSSL releases as WEAK due to 112
or fewer bits of remaining cipher strength, while the Sweet32 disclosure
extended the criticism of RC4 on to 3DES. (IDEA, which potentially has the
same issue, is never enabled by default in OpenSSL, due to patent concerns.)

This commit does not change default httpd behavior, but alters the suggested
behavior of newly provisioned httpd servers. Where adopted, XP with IE8 will
no longer handshake with mod_ssl (previously, XP with IE6 would not handshake.)
The same net effect occurs where OpenSSL is updated to 1.1.0.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795359 13f79535-47bb-0310-9956-ffa450edef68

mod_substitute: use local/native LF for splitting

On platforms where the APR_ASCII_LF != '\n', like EBCDIC systems,
strmatch or pcre patterns from the source or config will be in
the native encoding, and this module will really only work on 
content in the native encoding.

(mod_substitute runs before mod_charset_lite for a similar reason)

I thought #if APR_CHARSET_EBCDIC or even #ifdef __MVS__ was overkill
here. 



(CTR due to ebcdic-only)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1794856 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1794164 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1794162 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1794064 13f79535-47bb-0310-9956-ffa450edef68

Merged /httpd/httpd/trunk:r1793533,1794049

mod_http2: fail requests without ERROR log in case we need to read interim
     responses and see only garbage. This can happen if proxied servers send
     data where none should be, e.g. a body for a HEAD request.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1794052 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1794007 13f79535-47bb-0310-9956-ffa450edef68

Merged /httpd/httpd/trunk:r1792212,1793525

mod_proxy_http2: adding support for Reverse Proxy Request headers.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793532 13f79535-47bb-0310-9956-ffa450edef68

Save a few bytes in the conf pool.

'push_item' and 'add_alt' already duplicate their parameters, so we can safely use the temp_pool here.

Use 'ap_cstr_casecmp' to simplify code.

Remove useless case. We know that to can not be NULL at this point.

Follow up to r1772812: update APLOGNO().

* modules/ssl/ssl_engine_kernel.c: Constify the ssl_hook_Fixup_vars array itself.


winnt/service: each log message should use its own APLOGNO.
Submitted by: jailletc36, ylavic, jorton, ylavic
Reviewed by: jailletc36, covener, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793466 13f79535-47bb-0310-9956-ffa450edef68

PR61009: be as helpful as possible during -V operation

A configtest isn't useful if you're just trying to get compile settings.
Move the settings dump up to just after ap_read_config(), which has
already done the minimum necessary to figure out which MPM is in use.

Even if ap_read_config() failed, still print as many compile settings as
we can. The user will see the error log entry on stderr.
Submitted by: jchampion
Reviewed by: jchampion, covener, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793465 13f79535-47bb-0310-9956-ffa450edef68

mod_brotli: Unbreak building other filter modules without libbrotlienc.

Don't add -lbrotlienc to the MOD_LDFLAGS unconditionally.  And, when
adding it, use MOD_BROTLI_LDADD to avoid linking all filter modules
against this library.


mod_brotli: Rewrite the autoconf script in a, hopefully, less convoluted way.

Explicitly handle different cases when we do a pkg-config lookup
(<nothing>, --with-brotli or --with-brotli=yes) or examine the path
provided by the user (--with-brotli=PATH).

This lays the groundwork to simplify the switch to the official Brotli
library (https://github.com/google/brotli), instead of expecting the
install layout of a third-party wrapper (https://github.com/bagder/libbrotli).


mod_brotli: Update makefiles to use the library layout of the official
Brotli repository.

With the recent update (https://github.com/google/brotli/pull/464), the
official repository now produces pkg-config metadata files (brotli.pc),
and has a fixed library layout (libbrotlicommon/libbrotlienc/libbrotlidec)
on both Windows and Linux.  Expect this layout in the makefiles, and take
advantage of the pkg-config metadata, if it's available.


mod_brotli: Update makefile to cope with the pkg-config layout change
in https://github.com/google/brotli/commit/fe9f9a9

There's a typo in the upstream commit [1] (s/brotlicommon/libbrotlicommon)
that currently produces an unusable libbrotlienc.pc file, but hopefully
this is going to be fixed there.

[1] https://github.com/google/brotli/commit/fe9f9a9#diff-af3b638bc2a3e6c650974192a53c7291R409

Submitted by: kotkov
Reviewed by: kotkov, covener, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793464 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793463 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793462 13f79535-47bb-0310-9956-ffa450edef68

quick votes


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793416 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793410 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793380 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793334 13f79535-47bb-0310-9956-ffa450edef68

This is just a cut'n'paste from trunk.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793289 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793201 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1793200 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1792984 13f79535-47bb-0310-9956-ffa450edef68

Prepare now, remove old location once 1.0.0 is released


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1792912 13f79535-47bb-0310-9956-ffa450edef68

   Merged /httpd/httpd/trunk:r1784203,1784205,1784227-1784228,1784275,1785871,1786009,1789387

mod_proxy_hcheck: Honor checks in Vhosts w/o hanging



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1792905 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1792904 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1792903 13f79535-47bb-0310-9956-ffa450edef68

r1771789, r1771827, r1779111) for backport.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1792806 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1792753 13f79535-47bb-0310-9956-ffa450edef68