git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809888 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809885 13f79535-47bb-0310-9956-ffa450edef68

or function call (e.g. ap_log) may use one while DSOs are unloaded.

See PR 61558 (double/second fault).



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809881 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809746 13f79535-47bb-0310-9956-ffa450edef68

mod_md: v0.9.7
     - Use of the new module flag
     - Removed obsolete function from interface to mod_ssl. 
     - Fallback certificates has version set and no longer claims to be a CA. (re issue #32)
     - MDRequireHttps now happens before any Redirect.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809719 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: make the new module flag used.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809713 13f79535-47bb-0310-9956-ffa450edef68

Fix for maintainer-mode compiler errors when including check.h in unit tests.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809633 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809438 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809437 13f79535-47bb-0310-9956-ffa450edef68

Associate ap_get_module_flags() to MMN bump.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809314 13f79535-47bb-0310-9956-ffa450edef68

Provide a convenient function to get module flags, and remove useless
AP_MODULE_HAS_FLAGS checks in the core, core's version is at current MMN.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809311 13f79535-47bb-0310-9956-ffa450edef68

We need to check that the module itself is at the right version.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809305 13f79535-47bb-0310-9956-ffa450edef68

Make use of AP_MODULE_FLAG_ALWAYS_MERGE.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809303 13f79535-47bb-0310-9956-ffa450edef68

First one is AP_MODULE_FLAG_ALWAYS_MERGE.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809302 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809297 13f79535-47bb-0310-9956-ffa450edef68

around pending output data handing; no functional change.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809276 13f79535-47bb-0310-9956-ffa450edef68

worker vs listener race condition.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809273 13f79535-47bb-0310-9956-ffa450edef68

PR 61546 [Lubos Uhliarik <luhliari redhat.com>]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809209 13f79535-47bb-0310-9956-ffa450edef68

mpm_common.h: guarding AP_ENABLE_EXCEPTION_HOOK against use when undefined so that -Wundef does not triggger.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809135 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: unshare SSLSrvConfigRec instances between base server and virtual hosts. This avoids
     overwrites of later initializattions (vhost_id), selective disables by "SSLEngine addr-list"
     and certificate/key pickup from mod_md. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809037 13f79535-47bb-0310-9956-ffa450edef68

This is a follow up of r1808746 after a chat
with Yann on dev@:

- the HTTP:Host variable suffers from the same problem
- the strcasecmp should be used to allow case-sensitive
  comparisons.
- in mod_rewrite is less cumbersome and more clean to just
  make the Host header check in lookup_header, so it will
  be automatically picked up by every part of the code
  that uses it. It shouldn't be a relevant overhead for
  mod_rewrite.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809028 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808911 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808780 13f79535-47bb-0310-9956-ffa450edef68

In PR 58231 is was brought up that httpd adds the
Vary: Host header whenever a condition is set to true
in mod_rewrite or in an <If> block.

The https://tools.ietf.org/html/rfc7231#section-7.1.4
section seems to disallow this use case:

"The "Vary" header field in a response describes "
"what parts of a request message, "
"aside from the method, Host header field, [...]"

I had a chat with the folks in #traffic-server and
they don't see much point in having a Vary: Host header,
plus it was reported that Varnish doesn't like it very
much (namely it does not cache the response when
it sees the header, links of the report in the PR).

I don't see much value in this behavior of httpd so
I am inclined to remove this response header value,
but I'd be glad to get a more experienced opinion.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808746 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808723 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808671 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808542 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808541 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808453 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808446 13f79535-47bb-0310-9956-ffa450edef68

mod_md: v0.9.6: a "MDRequireHttps permament" configured domain automatically sends out HSTS (rfc 6797) headers in https: responses. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808444 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: adding ssl_policies.h[.in] for policy cipher/protocol definitions. Use 
     update_policies.py to update manually from Mozilla JSON definitions at
     https://statics.tls.security.mozilla.org/server-side-tls-conf.json



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808335 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808250 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808249 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808245 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808244 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808243 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808242 13f79535-47bb-0310-9956-ffa450edef68

mod_md: v0.9.5:
     - New directive (srly: what do you expect at this point?) "MDMustStaple on|off" to control if
       new certificates are requested with the OCSP Must Staple extension.
     - Known limitation: when the server is configured to ditch and restart child processes, for example
       after a certain number of connections/requests, the mod_md watchdog instance might migrate 
       to a new child process. Since not all its state is persisted, some messsages might appear a
       second time in the logs.
     - Adding checks when 'MDRequireHttps' is used. It is considered an error when 'MDPortMap 443:-'
       is used - which negates that a https: port exists. Also, a warning is logged if no 
       VirtualHost can be found for a Managed Domain that has port 443 (or the mapped one) in
       its address list.
     - New directive 'MDRequireHttps' for redirecting http: traffic to a Managed Domain, permanently
       or temporarily.
     - Fix for using a fallback certificate on initial signup of a Managed Domain. Requires also
       a changed mod_ssl patch (v5) to take effect.
     - compatibility with libressl



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808241 13f79535-47bb-0310-9956-ffa450edef68

  length filter to avoid arbitrary memory consumption for streaming
  responses (e.g. large CGI script output).  Ensures C-L is still
  generated in common cases (static content, small CGI script output),
  but this DOES change behaviour and some responses will end up
  chunked rather than C-L computed.

PR: 61222
Submitted by: jorton, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808230 13f79535-47bb-0310-9956-ffa450edef68