Skip to content
  1. Jul 08, 2014
    • Jim Jagielski's avatar
      Merge r1588519 from trunk: · 6f4241ff
      Jim Jagielski authored
      mod_proxy: When ping/pong is configured for a worker, don't send or forward
                 "100 Continue" (interim) response to the client if it does not
                 expect one.
      
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608762 13f79535-47bb-0310-9956-ffa450edef68
      6f4241ff
    • Jim Jagielski's avatar
      Merge r1583191, r1584098, r1584665, r1591401 from trunk: · d0629cf0
      Jim Jagielski authored
      mod_ssl: send OCSP request's nonce according to SSLOCSPUseRequestNonce on/off. PR 56233.
      
      
      mod_ssl: follow up to r1583191.
      
      New SSLOCSPUseRequestNonce directive's manual and CHANGES.
      
      Non functional code changes (modssl_ctx_t's field ocsp_use_request_nonce
      grouped with other OCSP ones, nested if turned to a single AND condition).
      
      
      Remove SSLOCSPUseRequestNonce OpenSSL-0.9.7 requirement (0.9.8 already required by httpd-2.4) and set availability to 2.5-dev until further notice.
      
      mod_ssl: follow up to r1583191.
      
      Use type BOOL for modssl_ctx_t's field ocsp_use_request_nonce.
      Suggested by: kbrand.
      
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608758 13f79535-47bb-0310-9956-ffa450edef68
      d0629cf0
  2. Jun 26, 2014
  3. Jun 25, 2014
  4. Jun 21, 2014
    • Yann Ylavic's avatar
      Merge r1572092 from trunk: · b28d15c9
      Yann Ylavic authored
      mod_deflate: fix decompression of files larger than 4GB. According to RFC1952,
      Input SIZE (compLen) contains the size of the original input data modulo 2^32.
      
      PR: 56062
      Submitted by: Lukas Bezdicka
      
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604460 13f79535-47bb-0310-9956-ffa450edef68
      b28d15c9
    • Yann Ylavic's avatar
      Merge r1572655, r1572663, r1572668, r1572669, r1572670, r1572671, r1573224,... · e14a33bd
      Yann Ylavic authored
      Merge r1572655, r1572663, r1572668, r1572669, r1572670, r1572671, r1573224, r1586745, r1587594, r1587639, r1590509 from trunk.
      
      
      Commit 1 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
      PR 46146 (patches from duplicated PR 55666)
      
      Handle Zlib header buffering in the inflate output filter :
      - add the new deflate_ctx_t fields needed to re-enter the Zlib header parsing,
      - introduce the new consume_zlib_flags() function to parse/consume the ZLib flags (will be used by the other filters too),
      - use it to handle incomplete header in the output filter (deflate).
      
      This alone fixes PR 55666, but the issue remains for PR 46146 (inflate/deflate input filters), hence the following patches.
      
      
      Commit 2 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
      PR 46146 (patches from duplicated PR 55666)
      
      Handle Zlib header buffering in the inflate input filter :
      - loop until all the header is received,
      - handle non blocking reads returning empty brigade,
      - fix a double ap_get_brigade() when an EOS brigade is encountered while reading the header,
      - in that case and no data was received so far, don't return an error but SUCCESS with the EOS, otherwise fail,
      - don't remove the Content-Length and Content-MD5 headers until some data is read.
      
      Still does not handle Zlib flags for now, next commits.
      
      
      Commit 3 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
      PR 46146 (patches from duplicated PR 55666)
      
      Handle Zlib validation bytes buffering (CRC + length) in the inflate input filter :
      - use validation_buffer and validation_length as state,
      - loop until all the bytes are received.
      
      
      Commit 4 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
      PR 46146 (patches from duplicated PR 55666)
      
      Handle non blocking reads which would block in the inflate input filter (not an error).
      
      
      Commit 5 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
      PR 46146 (patches from duplicated PR 55666)
      
      Handle Zlib flags in the inflate input filter as in the output filter, using consume_zlib_flags().
      
      
      Commit 6 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
      PR 46146 (patches from duplicated PR 55666)
      
      Ignore empty buckets and split buckets longer than INT_MAX (since zlib uses 32-bit ints only) in all filters.
      
      
      mod_deflate: when consuming zlibs flags, APR_INCOMPLETE implies no more bytes available.
      
      
      mod_deflate: update empty log tags.
      
      
      mod_deflate: Delay INFLATE input filter's self removal until all the buffered
                   buckets are out (including EOS). PR 46146.
      
      
      mod_deflate: Don't return gzip-ed data when reading FLUSH bucket in INFLATE
                   input filter, forward the FLUSH but keep reading should EOS/more
                   follow (should not happen, but mod_deflate won't fix it).
      
      
      mod_deflate: follow up to r1587639.
      Don't break the looped brigade when moving the FLUSH bucket to the returned bb
      and continue reading.
      
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604458 13f79535-47bb-0310-9956-ffa450edef68
      e14a33bd
    • Jeff Trawick's avatar
      Merge r1573626 from trunk: · 826997dd
      Jeff Trawick authored
      mod_proxy: Allow reverse-proxy to be set via explicit handler.
      
      Submitted by: ryo takatsuki <ryotakatsuki gmail com>
      Reviewed by: ylavic, jim, mrumph
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604378 13f79535-47bb-0310-9956-ffa450edef68
      826997dd
    • Jeff Trawick's avatar
      Merge r1601076 from trunk: · 9542b00d
      Jeff Trawick authored
      ab: support custom HTTP method with -m argument.
      
      PR: 56604
      Submitted by: Roman Jurkov <winfinit gmail.com>
      Reviewed by: ylavic, trawick, covener
      
      (r1601680 and r1601700 not reflected in mergeinfo due to
      a collision with an unrelated trunk change)
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604373 13f79535-47bb-0310-9956-ffa450edef68
      9542b00d
    • Daniel Gruno's avatar
    • Daniel Gruno's avatar
      mod_lua: Sync 2.4.x with trunk (more or less); Backport a fix and some code harmonization: · 5d518594
      Daniel Gruno authored
      - IVM changed to use shm
      - More verbose error logging (no functional change)
      - Miscellaneous refactoring that was in trunk but not in 2.4.x (no functional change as such)
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604339 13f79535-47bb-0310-9956-ffa450edef68
      5d518594
  5. Jun 17, 2014
    • Jim Jagielski's avatar
      Merge r1572905, r1595305, r1597182, r1586827, r1534892, r1563193, r1597639 from trunk: · db4b2bfa
      Jim Jagielski authored
      core: avoid a double apr_time_now() call on the first succeeding read.
      
      * Correctly escape user provided data.
      
      PR: 56532
      Submitted by: Maksymilian <max cert.cx>
      Reviewed by: rpluem
      
      
      Save a few bytes of memory. This can be done in temp_pool.
      
      Fix layout
      
      don't pass uninitialized rv passed to ap_log_rerror()
        (rv wasn't interesting / follow an existing example)
      
      stop throwing away a pointer on the heap
      
      (clang scan-build)
      
      
      add the URI to DEBUG message 00765 (and drop an exclamation point):
      
        Cache provider's store_body failed!
      
      
      
      Doxygen fix + reorg to match how other header files are built
      Submitted by: ylavic, rpluem, jailletc36, jailletc36, trawick, covener, jailletc36
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1603141 13f79535-47bb-0310-9956-ffa450edef68
      db4b2bfa
  6. Jun 10, 2014
  7. Jun 03, 2014
    • Yann Ylavic's avatar
      Add some missing changes. · b24ed49f
      Yann Ylavic authored
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599597 13f79535-47bb-0310-9956-ffa450edef68
      b24ed49f
    • Jim Jagielski's avatar
      Merge r1546730, r1583008, r1571369, r1552130, r1578760, r1592615, r1592632,... · 2fe1d439
      Jim Jagielski authored
      Merge r1546730, r1583008, r1571369, r1552130, r1578760, r1592615, r1592632, r1595321, r1550302, r1550307, r1585435 from trunk:
      
      fix whitespace in a debug message
      
      s/comment/self-documenting/
      
      normalize an ugly construct which somehow manages to return the correct value
      
      This is annoying to see in a casual "LogLevel debug foo:traceX ..."
      
      
      
      
      Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory.
      
      Follow-up to r1592529:
      
      Define default port for "scgi" schemes (as chosen by
      mod_proxy_scgi) in a common location.
      
      Suggested by: jailletc36
      
      
      fix Doxygen markup error
      
      Submitted by: jailletc36
      
      
      Tweak a AP_DEBUG_ASSERT condition.
      Valid index to use 'req_header_var_names' are 0...6
      
      mod_auth_form: Add a debug message when the fields on a form are not
      recognised.
      
      
      mod_auth_form: Make the trace logging consistent through the notes, session
      and form authentication steps.
      
      
      mod_auth_form: update empty log tags.
      Submitted by: trawick, covener, jailletc36, trawick, trawick, jailletc36, minfrin, minfrin, ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599501 13f79535-47bb-0310-9956-ffa450edef68
      2fe1d439
  8. May 30, 2014
  9. May 19, 2014
  10. May 14, 2014
  11. May 07, 2014
  12. Apr 20, 2014
  13. Apr 18, 2014
    • Jim Jagielski's avatar
      Merge r1588427 from trunk: · 2b189730
      Jim Jagielski authored
      Also clear the error queue before calling SSL_CTX_use_certificate[_chain]_file
      (workaround for OpenSSL versions before 0.9.8h, see
      https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1513).
      
      PR 56410.
      
      Submitted by: kbrand
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588496 13f79535-47bb-0310-9956-ffa450edef68
      2b189730
    • Jim Jagielski's avatar
      Merge r1587036, r1587040, r1587053, r1587654 from trunk: · fa6d270c
      Jim Jagielski authored
        *) mod_proxy_wstunnel: Don't pool backend websockets connections,
           because we need to handshake every time. PR 55890.
           [Eric Covener]
      
      
      
      actually remove mod_reqtimeout, since the util_filter functions involved
      only manipulate c->input_filters no matter what we pass. We need to make
      copies of c->input_filters after, not before, it skips over reqtimeout.
      
      Note: reqtimeout doesn't really interfere today with normal operation,
      but this is misleading/confusing when dealing with other
      wstunnel issues.
      
      
      
      cleanup wstunnel error handling
      
      Submitted By: covener, ylavic, Edward Lu
      Commited By: covener
      
      
      
      followup to r1587036.
      
      if backend->close is set too early, proxy_util.c will close it right 
      away and then blow away the field.
      
      Submitted by: covener
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588495 13f79535-47bb-0310-9956-ffa450edef68
      fa6d270c
    • Kaspar Brand's avatar
      Merge r1585090 from trunk: · 33843d58
      Kaspar Brand authored
      Bring SNI behavior into better conformance with RFC 6066:
      
      - no longer send a warning-level unrecognized_name(112) alert
        when no matching vhost is found (PR 56241)
      
      - at startup, only issue warnings about IP/port conflicts and name-based
        SSL vhosts when running with an OpenSSL without TLS extension support
        (almost 5 years after SNI was added to 2.2.x, the
        "[...] only work for clients with TLS server name indication support"
        warning feels obsolete)
      
      Proposed by: kbrand
      Reviewed by: jorton, ylavic
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588424 13f79535-47bb-0310-9956-ffa450edef68
      33843d58
  14. Apr 17, 2014
  15. Apr 16, 2014
    • Jeff Trawick's avatar
      Merged... · 24e8776d
      Jeff Trawick authored
      Merged /httpd/httpd/trunk:r1515403,1515411,1515420,1517175,1521909,1526647,1541181,1578762,1585054,1585072,1588054
      
      mod_authnz_fcgi: New module to enable FastCGI authorizer
      applications to authenticate and/or authorize clients.
      
      Submitted by: trawick, jailletc36, gsmith
      Approved by: trawick, jim, gsmith
      
      (Thanks gsmith for the Windows build bits!)
      
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588064 13f79535-47bb-0310-9956-ffa450edef68
      24e8776d
  16. Apr 15, 2014