- Mar 03, 2016
-
-
Jim Jagielski authored
mod_ssl: when SSLVerify is disabled (NONE), don't force a renegotiation if the SSLVerifyDepth applied with the default/handshaken vhost differs from the one applicable with the finally selected vhost. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733476 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Fix crash in ap_mpm_pod_check call caused by NULL dereference of its parameter when starting httpd as single process (httpd -X). Revert changes on mpm_event and mpm_worker from r1711479. The POD is not used in one process mode for those MPMs. Follow up to r1711479 and r1733064: CHANGES entry. Submitted by: jkaluza, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733475 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy: Play/restore the TLS-SNI on new backend connections which had to be issued because the remote closed the previous/reusable one during idle (keep-alive) time. mod_proxy: follow up to r1729826: really copy conn->ssl_hostname. mod_proxy: follow up to r1729826 + r1729847. Adjust stacked ssl_hostname maximum size. mod_proxy: follow up to r1729826 + r1729847 + r1732986. Don't use magic constants. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733474 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
event: slave connection init, vhost early config Submitted by: icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733473 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 02, 2016
-
-
Jim Jagielski authored
hostname: Test and log useragent_host per-request across various modules, including the scoreboard, expression and rewrite engines, setenvif, authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables. PR55348 [William Rowe] This is the complete change set which applies cleanly to 2.4.x as well, the server/scoreboard.c will follow, which does not apply due to drift. A rather ugly patch since the code was refactored recently to exclude the simple patch for 2.4.x, illustrated below. Completes the changeset r1729930 and resolves all 2.4.19-dev corrections, but other 2.5.0-dev specific changes may still be needed on trunk. --- server/scoreboard.c (revision 1729907) +++ server/scoreboard.c (working copy) @@ -491,9 +491,8 @@ ws->conn_bytes = 0; } if (r) { - const char *client = ap_get_remote_host(c, r->per_dir_config, - REMOTE_NOLOOKUP, NULL); - if (!client || !strcmp(client, c->client_ip)) { + const char *client; + if (!(client = ap_get_useragent_host(r, REMOTE_NOLOOKUP, NULL))) { apr_cpystrn(ws->client, r->useragent_ip, sizeof(ws->client)); } else { Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733282 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Introduce an ap_get_useragent_host() accessor to replace the old ap_get_remote_host() in most applications, but preserve the original behavior for all ap_get_remote_host() consumers (mostly, because we don't have the request_rec in the first place, and also to avoid any unintended consequences). This accessor continues to store the remote_host of connection based uesr agents within the conn_rec for optimization. Only where some other module modifies the useragent_addr will we perform a per-request query of the remote_host. (Fixed compilation issues noted by Ranier, applies to 2.4.x trunk, modulo CHANGES and ap_mmn.h) Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733281 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733278 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733259 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 01, 2016
-
-
Jim Jagielski authored
* Introduce SSLOCSPProxyURL in order to do OCSP requests via a HTTP proxy. Documentation to follow. * Change entry and documentation for SSLOCSPProxyURL Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733066 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 25, 2016
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1732281 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 18, 2016
-
-
Jim Jagielski authored
mod_cache_socache: Fix a possible cached entity body corruption when it is received from an origin server in multiple batches and forwarded by mod_proxy. Upstream buckets should be setaside when saving response body (store_body), but since those will finally be flatten in the cache buffer (commit_entity), let's save them directly into the buffer to avoid heap allocation(s) and the final copy. Reported by: Mike Pastore <mike oobak.org> Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1731082 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_alias: Introduce expression parser support for Alias, ScriptAlias and Redirect. Use unsigned bit fields. mod_alias: follow up to r1653941. Fill empty APLOGNO(). mod_alias: follow up to r1653941. Limit Redirect expressions to directory (Location) context and redirect statuses (implicit or explicit). mod_alias: follow up to r1686853. Factorize code (no functional change). Submitted by: minfrin, ylavic, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1731081 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 16, 2016
-
-
Jim Jagielski authored
Prevent an external proxy from presenting an internal proxy in mod_remoteip.c. PR 55962. Submitted by: mrumph Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1730684 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 11, 2016
-
-
Jim Jagielski authored
allow expressions to be used in SetHandler. Opt-in with expr= prefix. from feedback, assume all parameters to SetHandler are expressions. I couldnt come up with a plausible handler name that was an invalid expression. 1726233 temporarily broke UDS r->handler case sensitivity 1726233 temporarily broke UDS r->handler case sensitivity Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1729876 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
* Ensure that proto_num and protocol is set in another "error out early" edge case. This can happen with invalid CONNECT requests as described in the PR. PR: 58929 Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1729875 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
handling TIMEUP on SSL inputs by allowing later retries Submitted by: icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1729874 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 09, 2016
-
-
Rainer Jung authored
detected by coccinelle). There are some more but they are easier to backport once these here are applied. Backport of r1725392, r1725394, r1725395 and r1725468 from trunk. Submitted by: rjung Reviewed by: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1729495 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 28, 2016
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1727397 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1727393 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 21, 2016
-
-
Jim Jagielski authored
*) mod_proxy_fcgi: Suppress HTTP error 503 and message 01075, "Error dispatching request", when the cause appears to be the client closing the connection. PR58118. Submitted By: Tobias Adolph <adolph lrz.de> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726019 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
flush errors are TRACE1 in the core output filter now. Remove APLOGNO after moving log message to TRACE1 in r1724847. Submitted by: covener, rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726018 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
*) mod_rewrite: Avoid looping on relative substitutions that result in the same filename we started with. PR 58854. [Eric Covener] Previously, the comparison of old and new filename happened before some prefixes might be added. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726016 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 19, 2016
-
-
Jim Jagielski authored
Add common extension "m4a" for MPEG 4 Audio to mime.types. As a reference see Wikipedia: https://en.wikipedia.org/wiki/MPEG-4_Part_14#.MP4_versus_.M4A PR: 57895 Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1725509 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1725500 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 30, 2015
-
-
Jim Jagielski authored
add GlobalLog directive to allow a diagnostic log to be inherited by all virtual hosts, even if they define their own logs. Submitted By: Edward Lu <Chaosed0 gmail.com> Committed by: covener document GlobalLog Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1722340 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 28, 2015
-
-
Yann Ylavic authored
r1715014 somehow put it in 2.4.17, whereas it was really backported in 2.4.18. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1721907 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 08, 2015
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1718694 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1718692 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 07, 2015
-
-
Jim Jagielski authored
using c->master for ssl var lookups when c holds no valid SSLConnRec. Fixes PR58666. Submitted by: icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1718331 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Fix the use of the default 'flush' provider. Improve documentation for the "flusher" parameter. Remove useless empty lines. See http://mail-archives.apache.org/mod_mbox/httpd-dev/200812.mbox/%3C494226C0.4050407@force-elite.com%3E for some more explanation. A python script is given there to test. I had to tweak it to have it work (use: fd, payload = passfd.recvfd(conn.fileno()) instead of: fd = passfd.recvfd(conn.fileno()) ) This is a r1058621 regression, where somehow "char *flusher" has been turned into a "char flusher[]". So it is been broken since the beginning of 2.4.x After this change (i.e. r1058621), 'flusher' is no more a pointer (NULL'ed when the structure it belongs to is created) but the address of an array within a structure. It can not be NULL anymore. So, we now have to look at the content of the array itself to see if it has been initialized or if we have to use the default value instead. Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1718324 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 04, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1717980 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 26, 2015
-
-
Jim Jagielski authored
For the "SSLStaplingReturnResponderErrors off" case, make sure to only staple responses with certificate status "good". Also avoids including inaccurate responses when the OCSP responder is not completely up to date in terms of the CA-issued certificates (and provides interim "unknown" or "extended revoked" [RFC 6960] status replies). Log a certificate status other than "good" in stapling_check_response(). Propagate the "ok" status from stapling_check_response() back via both stapling_renew_response() and get_and_check_cached_response() to the callback code in stapling_cb(), enabling the decision whether to include or skip the response. insert missing LOGNO in ssl_util_stapling.c Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716652 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
core: Limit to ten the number of tolerated empty lines between request, and consume them before the pipelining check to avoid possible response delay when reading the next request without flushing. Before this commit, the maximum number of empty lines was the same as configured LimitRequestFields, defaulting to 100, which was way too much. We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES). check_pipeline() is changed to check for (up to the limit) and comsume the trailing [CR]LFs so that they won't be interpreted as pipelined requests, otherwise we would block on the next read without flushing data, and hence possibly delay pending response(s) until the next/real request comes in or the keepalive timeout expires. Finally, when the maximum number of empty line is reached in read_request_line(), or that request line does not contains at least a method and an (valid) URI, we can fail early and avoid some failure detected in further processing. core: follow up to r1710095. Simplify logic in check_pipeline(), and log unexpected errors. core: follow up to r1710095, r1710105. We can do this in a single (no inner) loop, and simplify again the logic. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716651 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 25, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716493 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 24, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716210 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 20, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715371 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 18, 2015
-
-
Jim Jagielski authored
mod_ssl: forward EOR (only) brigades to the core_output_filter(). mod_ssl: don't FLUSH output (blocking) on read. This defeats deferred write (and pipelining), eg. check_pipeline() is not expecting the pipe to be flushed under it. So let OpenSSL >= 0.9.8m issue the flush when necessary (earlier versions are known to not handle all the cases, so we keep flushing with those). mod_ssl: follow up to r1705823. Oups, every #if needs a #endif... mod_ssl: pass through metadata buckets untouched in ssl_io_filter_output(), the core output filter needs them. Proposed by: jorton mod_ssl: follow up to r1705194, r1705823, r1705826 and r1705828. Add CHANGES entry, and restore ap_process_request_after_handler()'s comment as prior to r1705194 (the change makes no sense now). mod_ssl: follow up to r1705823. We still need to flush in the middle of a SSL/TLS handshake. mod_ssl: follow up to r1705823. Flush SSL/TLS handshake data when writing (instead of before reading), and only when necessary (openssl < 0.9.8m or proxy/client side). mod_ssl: follow up to r1707230: fix (inverted) logic for SSL_in_connect_init(). Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715014 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 03, 2015
-
-
Graham Leggett authored
alignment (SPARC64, PPC64). Submitted by: ylavic Reviewed by: jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712294 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
fields as described in RFC7230. See OWS definition. Submitted by: jailletc36 Reviewed by: ylavic, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712293 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in. followup to r1710380 -- refactored name and didn't have 'make depend' Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712268 13f79535-47bb-0310-9956-ffa450edef68
-