PR: 34264


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264866 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".

The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68

Fix PR36410; Change how the get_suexec_identity hook is handled by CGID.
Instead of using mod_userdir and mod_suexec specific hacks, we now run the hook
on the httpd side of the handler. 

If this is NULL, we pass on a magic empty_ugid constant, otherwise pass on the
real ugid.

On the cgid side of the equation, we add our own hook, with REALLY_FIRST, and
then order the hooks. This ensures that cgid's doer runs before any other
registered get_suexec_identity doers.

We use cgid's request config to store the ugid. If ugid == empty_ugid, we DON'T
call ap_os_create_privileged_process, because our doer would return the magic
empty_ugid constant. Having the doer return NULL is no good, because then
userdir and mod_suexec's doers would be called. Instead, we call plain old
apr_proc_create(). 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264759 13f79535-47bb-0310-9956-ffa450edef68

  Correct mod_cgid's argv[0] so that the full path can be delved by the
  invoked cgi application, to conform to the behavior of mod_cgi.

PR: 34542
Reviewed by: Andre, OtherBill
Submitted by: Pradeep Kumar S <pradeep.smani gmail.com>



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264623 13f79535-47bb-0310-9956-ffa450edef68

Implement graceful stop in the event MPM. Implementation is identical to
the worker MPM implementation. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264105 13f79535-47bb-0310-9956-ffa450edef68

submited by: Neale Ranns neale ranns.org
reviewed by: Ian Holsman



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263931 13f79535-47bb-0310-9956-ffa450edef68

Update CHANGES to reflect that worker now supports graceful-stop, that Bill
wrote some of the graceful-stop code I stole from Ken, and to get rid of
exraneous `'`'s.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@241820 13f79535-47bb-0310-9956-ffa450edef68

Implement a "graceful-stop" for the prefork MPM (might aswell do the hard one
first). 

General approach is to send SIGUSR1 to all children (which will de-listen, and
exit when finished), and to gather all children as they exit. 

We don't use a sleep(timeout) for the timeout implementation, because this
would lead to a rut of defunct children until the timeout had expired.

set_graceful_shutdown stolen from Ken Coar. See <3E84B1EC.3050007@Golux.Com>
(28 Mar 2003).



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240270 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240101 13f79535-47bb-0310-9956-ffa450edef68

Append the .PID to the ScriptSock filename. This change ensures that multiple
running instances of httpd will not clobber each others script sockets. 

Because a different socket will be created for each instance, this change also
unlinks the script-socket on exit, to prevent pollution. 

unlink() happens from within the parent process, since the change in userid's
means the cgid process likely won't have the correct permissions.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240044 13f79535-47bb-0310-9956-ffa450edef68

Implement "de-listening" in the worker MPM. Fixes PR28167.  Comments in CHANGES
file also cover r239710-1. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@239740 13f79535-47bb-0310-9956-ffa450edef68

graceful restart signal. Frees up SIGWINCH for implementing graceful stop.
See <20050727114058.GA3390@stdlib.net> and subsequent thread on httpd-dev.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@239430 13f79535-47bb-0310-9956-ffa450edef68

Enhance CacheEnable/CacheDisable to control caching on a per-protocol, per-host
and per-path basis. Makes Cache(En|Dis)able useful for forward proxy servers.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@239421 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@234109 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@234104 13f79535-47bb-0310-9956-ffa450edef68

parsing:

* srclib/pcre/pcre.c (read_repeat_counts): Check for integer overflow.

Obtained from: pcre 6.2 upstream


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@233493 13f79535-47bb-0310-9956-ffa450edef68

without requiring code changes to mod_proxy/mod_proxy_balancer;
these can be implemented via sub-modules now.

Let the games begin...


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@232282 13f79535-47bb-0310-9956-ffa450edef68

is valid, but cache is unwritable and headers cannot be updated.

Submitted by: Colm MacCarthaigh <colm stdlib.net>
Reviewed by: Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@231488 13f79535-47bb-0310-9956-ffa450edef68

Remove entities from the cache when re-validation receives a 404 or other
content-no-longer-present error.

Suggested by: Paul Querna, Justin Erenkrantz
Submitted by: Rudiger Plum <ruediger.pluem vodafone.com>
Reviewed by: Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@231487 13f79535-47bb-0310-9956-ffa450edef68

(Minor tweaks and comment fixes by Justin.)

Suggested by: Paul Querna, Justin Erenkrantz
Submitted by: Rudiger Plum <ruediger.pluem vodafone.com>
Reviewed by: Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@231486 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@231352 13f79535-47bb-0310-9956-ffa450edef68

links for clients not using an Authorization header.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@231044 13f79535-47bb-0310-9956-ffa450edef68

Document change to mod_ssl's SSLRequire directive, bump version to 2.3.0 as already done in the ap_release.h header

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@220040 13f79535-47bb-0310-9956-ffa450edef68

Submitted by: Hansjoerg Pehofer


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@220036 13f79535-47bb-0310-9956-ffa450edef68

easier for admins to manage the cache.

Still requires modifications to htcacheclean to work.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219945 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219913 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219908 13f79535-47bb-0310-9956-ffa450edef68

Check an alternative return value for when a file or directory does not exist.  Previously this would return a forbidden on the documentation website for any URL ending in .html.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219879 13f79535-47bb-0310-9956-ffa450edef68

otherwise.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219666 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219435 13f79535-47bb-0310-9956-ffa450edef68

just before the final return.  This gives modules an opportunity to do
something based on the proxy status.

A couple of examples where this is useful:

-You are using a caching module and would rather return stale content rather
than an error to the client if the origin is down.

-you proxy some subrequests (using SSI - mod_include) and do not want SSI
errors when the backend is down. If you would normally return
HTTP_BAD_GATEWAY, you may have a module that serves some other content.


new hook -- so mmn bump.. i made it a major one, hope thats ok 

Patch From Brian Akins <Brian.Akins turner.com>




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219372 13f79535-47bb-0310-9956-ffa450edef68

  Backported a few already

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219231 13f79535-47bb-0310-9956-ffa450edef68

  How can I fix thee?  let me count the ways...

  * pass a chunked body always (no-body requests don't go chunked).

  * validate that the C-L counted body length doesn't change.

  * follow RFC 2616 for C-L / T-E in the request body C-L / T-E
    election logic.

  * do not forward HTTP/1.0 requests as HTTP/1.1, unless the admin
    configures force-proxy-request-1.1

  * conn was illegible, use 2.0's p_conn.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@218978 13f79535-47bb-0310-9956-ffa450edef68

  Added TraceEnable, and note Request Splitting/Response Splitting.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209903 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209854 13f79535-47bb-0310-9956-ffa450edef68

Fix the CHANGES to reflect when things were really fixed. Also remove the security tag from the proxy change, as suggested by Joe.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209832 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209827 13f79535-47bb-0310-9956-ffa450edef68

So don't bother to store it, but still force OpenSSL
to provide a Session ID.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209723 13f79535-47bb-0310-9956-ffa450edef68

  Add notation of Georg's patch to capture SSL_COMPRESS_METHOD.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209656 13f79535-47bb-0310-9956-ffa450edef68