Skip to content
  1. Feb 04, 2014
    • Jim Jagielski's avatar
      Merge r1523387 from trunk: · 76a50d75
      Jim Jagielski authored 
      In 2.4, the MPM leaves a copy of the non-disconnected FD sitting in
context->accept_socket. This FD will be closed a second time, often
shortly after a worker picks it up in this same FD being reused.  The
first recv fails with WSAENOTSOCK since the same FD was closed in the
listener thread while the worker was pulling it off the queue

(The second close is of the underlying FD/socket, not a shared
apr_socket_t, so it's not short-circuited)

This patch makes it a bit more 2.2.x-ish and solves my problem -- the
context->accept_socket gets zapped at the bottom of the loop if
!disconnected.


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1564313 13f79535-47bb-0310-9956-ffa450edef68
      76a50d75
  3. Jan 25, 2014
  5. Jan 24, 2014
  7. Jan 23, 2014
  9. Jan 21, 2014
    • Jim Jagielski's avatar
      Merge r1451633, r1451905, r1451921, r1452259, r1453981, r1501913, r1513508,... · 625d5a11
      Jim Jagielski authored 
      Merge r1451633, r1451905, r1451921, r1452259, r1453981, r1501913, r1513508, r1531340, r1531370, r1531962, r1533065, r1540052 from trunk:

Add in rough uds support (Bugx 54101) from Blaise Tarr <blaise.tarr@gmail.com>

Make AF_UNIX aware... fix Windows/Netware??

Follow-up to r1451905 to fix NetWare/Windows compilation.


apr trunk-able


message tag for dom sock

Note about new UDS support

UDS subsequent request on a connection fix

Reformat the UDS support inline with a new naming structure.
Use a flag for speed for testing.

syntax sugar... if the worker is associated w/ a UDS,
then make sure the log reporting has a visual clue.

Ensure that userland format of UDS is the same as how it is
configured, no matter how we store and use it internally.

Eclipse code analysis warning

UDS urls need to be desockified when configuring...
Submitted by: jim, fuankg, jim, jim, druggeri, druggeri, jim, jim, jim, jim, jim
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1560081 13f79535-47bb-0310-9956-ffa450edef68
      625d5a11
  11. Jan 09, 2014
  13. Jan 06, 2014
  15. Jan 05, 2014
  17. Dec 26, 2013
  19. Dec 18, 2013
  21. Nov 29, 2013
  23. Nov 22, 2013
  25. Nov 19, 2013
  27. Nov 17, 2013
  29. Nov 16, 2013
  31. Nov 15, 2013
    • Jim Jagielski's avatar
      Merge r1523281, r1524368, r1525276, r1525280, r1525281 from trunk: · 675e9c8f
      Jim Jagielski authored 
      Switch from private FastCGI protocol handling to util_fcgi API.


Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout.


Bring some envvar flexibility from mod_authnz_fcgi to mod_proxy_fcgi:

mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted.


Borrow a fix from mod_authnz_fcgi:

mod_proxy_fcgi: Handle reading protocol data that is split between
packets.


Use ap_log_rdata() to dump the FastCGI header, axing a bunch
of custom data dumping code.

Submitted by: trawick, jkaluza, trawick, trawick, trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542330 13f79535-47bb-0310-9956-ffa450edef68
      675e9c8f
    • Jim Jagielski's avatar
      Merge r1526168, r1527291, r1527294, r1527295, r1527926 from trunk: · 3a14aba1
      Jim Jagielski authored 
      Streamline ephemeral key handling:

- drop support for ephemeral RSA keys (only allowed/needed
  for export ciphers)

- drop pTmpKeys from the per-process SSLModConfigRec, and remove
  the temp key generation at startup (unnecessary for DHE/ECDHE)

- unconditionally disable null and export-grade ciphers by always
  prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string

- do not configure per-connection SSL_tmp_*_callbacks, as it is
  sufficient to set them for the SSL_CTX

- set default curve for ECDHE at startup, obviating the need
  for a per-handshake callback, for the time being (and also
  configure SSL_OP_SINGLE_ECDH_USE, previously left out)

For additional background, see
https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E


Follow-up fixes for r1526168:

- drop SSL_TMP_KEY_* constants from ssl_private.h, too

- make sure we also disable aNULL, eNULL and EXP ciphers
  for per-directory SSLCipherSuite directives

- apply the same treatment to SSLProxyCipherSuite


Increase minimum required OpenSSL version to 0.9.8a (in preparation
for the next mod_ssl commit, which will rely on the get_rfcX_prime_Y
functions added in that release):

- remove obsolete #defines / macros

- in ssl_private.h, regroup definitions based on whether
  they depend on TLS extension support or not

- for ECC and SRP support, set HAVE_X and change the rather awkward
  #ifndef OPENSSL_NO_X lines accordingly

For the discussion prior to taking this step, see
https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C524275C7.9060408%40velox.ch%3E


Improve ephemeral key handling (companion to r1526168):

- allow to configure custom DHE or ECDHE parameters via the
  SSLCertificateFile directive, and adapt its documentation
  accordingly (addresses PR 49559)

- add standardized DH parameters from RFCs 2409 and 3526,
  use them based on the length of the certificate's RSA/DSA key,
  and add a FAQ entry for clients which limit DH support
  to 1024 bits (such as Java 7 and earlier)

- move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
  ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()

- drop ssl_engine_dh.c from mod_ssl

For the standardized DH parameters, OpenSSL version 0.9.8a
or later is required, which was therefore made a new minimum
requirement in r1527294.


PR 55616 (add missing APLOGNO), part 2
Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542327 13f79535-47bb-0310-9956-ffa450edef68
      3a14aba1
  33. Nov 14, 2013
  35. Nov 13, 2013
  37. Nov 09, 2013