- Mar 10, 2014
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575913 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575912 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575911 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
CVE-2014-0098 (reported by Rainer Canavan <rainer-apache 7val com>) Segfaults w/ truncated cookie logging. Clean up the cookie logging parser to recognize only the cookie=value pairs, not valueless cookies. This refactors multiple passes over the same string buffer into a single pass parser. Submitted by: wrowe Reviewed by: rpluem, jim Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575904 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575900 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575898 13f79535-47bb-0310-9956-ffa450edef68
-
Guenter Knauf authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575790 13f79535-47bb-0310-9956-ffa450edef68
-
Guenter Knauf authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575784 13f79535-47bb-0310-9956-ffa450edef68
-
Guenter Knauf authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575783 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 09, 2014
-
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575775 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575774 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 08, 2014
-
-
Andre Malo authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575629 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575579 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 07, 2014
-
-
Richard Bowen authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575409 13f79535-47bb-0310-9956-ffa450edef68
-
Richard Bowen authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575408 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575404 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 06, 2014
-
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1574777 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 05, 2014
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1574519 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
More debugging More debug messaging... useful for tracking down if we used attach or create c89 fix follow-up to r1562472, 1561262, and 1561923: Improve messaging... * easier to tell what went wrong in some cases * reduce number of debug messages without losing information in some cases Submitted by: jim, covener, trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1574476 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1574474 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1574472 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1574264 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 04, 2014
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1574217 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1574155 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 03, 2014
-
-
Andre Malo authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573760 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573588 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573583 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
restore http://svn.apache.org/viewvc?view=revision&revision=233369 under a configurable option: don't run mod_dir if r->handler is already set. Backported by: covner Reviewed By: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573580 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573578 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573575 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573574 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 02, 2014
-
-
Jim Jagielski authored
* Do not perform SNI / Host header comparison in case of a forward proxy request as in case of a forward proxy request the host header can not be used for virtual host selection in our webserver. * Update comment. No functional change. * Put a note in CHANGES about r1553204 Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573362 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Throw away the myCtxVar{Set,Get} abomination and introduce a pphrase_cb_arg_t struct instead, for passing stuff between ssl_pphrase_Handle and ssl_pphrase_Handle_CB. Prefer struct members instead of using additional local variables, to make the data flow more transparent. (Doesn't "vastly simplify" the code yet, but hopefully we'll get there when further stripping down ssl_pphrase_Handle.) Remove the hardcoded algorithm-type dependency for the SSLCertificateFile and SSLCertificateKeyFile directives, and deprecate SSLCertificateChainFile Splitting the patch into smaller pieces turned out to be infeasible, unfortunately, due to the heavily intertwined code in ssl_engine_config.c, ssl_engine_init.c and ssl_engine_pphrase.c, which all depends on the modssl_pk_server_t data structure. For better comprehensibility, a detailed listing of the changes follows: ssl_private.h - drop the X509 certs and EVP_PKEY keys arrays from modssl_pk_server_t - use apr_array_header_t for cert_files and key_files - drop tPublicCert from SSLModConfigRec - drop the ssl_algo_t struct and the SSL_ALGO_* and SSL_AIDX_* constants ssl_engine_config.c - change to apr_array_header_t for SSLCertificate[Key]File - drop ssl_cmd_check_aidx_max, i.e. allow an arbitrary number of certs and keys (in theory; currently OpenSSL does not support more than one cert/key per algorithm type) - add deprecation warning for SSLCertificateChainFile ssl_engine_init.c - configure server certs/keys in ssl_init_server_certs (no longer via ssl_pphrase_Handle in ssl_init_Module) - in ssl_init_server_certs, read in certificates and keys with standard OpenSSL API functions (SSL_CTX_use_*_file), and only fall back to ssl_load_encrypted_pkey when encountering an encrypted private key - drop ssl_server_import_cert, ssl_server_import_key, ssl_init_server_check, and ssl_init_ctx_cleanup_server - move the "problematic re-initialization" check to ssl_init_server_ctx ssl_engine_pphrase.c - use servername:port:index as the key identifier, instead of the previously used servername:port:algorithm - ssl_pphrase_Handle overhaul: remove all cert/public-key handling, make it only load a single (encrypted) private key, and rename to ssl_load_encrypted_pkey - in the passphrase prompt message, show the private key file name instead of the vhost id and the algorithm name - do no longer supply the algorithm name as an argument to "exec"-type passphrase prompting programs ssl_util.c - drop ssl_util_algotypeof, ssl_util_algotypestr, ssl_asn1_keystr, and ssl_asn1_table_keyfmt ssl_util_ssl.{c,h} - drop SSL_read_X509 - constify the filename arg for SSL_read_PrivateKey CodeWarrior compiler doesnt allow vars as struct inits. Remove per-certificate chain handling code (obsoleted by https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b9fa413a08d436d6b522749b5e808fcd931fd943) make the ppcb_arg initialization a bit more uniform and easier to read Followup fix for r1553824: also pass the file name to ssl_load_encrypted_pkey, to make sure that we retry with the same filename we used for SSL_CTX_use_PrivateKey_file first With OpenSSL 1.0.2 or later, enable OCSP stapling in a loop based on SSL_CTX_set_current_cert(), near the end of ssl_init_server_ctx. update APLOGNO for r1564760 Submitted by: kbrand, fuankg, kbrand, kbrand, kbrand, kbrand, kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573360 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Cleanup the client to backend brigade before returning an error (if any) to avoid buckets lifetime issues (backend connection's pool destroyed before request's one). PR 50335. Suggested by rpluem. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573359 13f79535-47bb-0310-9956-ffa450edef68
-
Andre Malo authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573358 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_http: don't recycle backend connections known to be closed (eg. EOS by close). This saves a useless ap_is_socket_connected() call when reused. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573357 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Log an error in mod_proxy_http when reading the request body fails. Follow-up to r1538776 where incomplete bodies are detected and an error returned through the input filters. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573356 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573353 13f79535-47bb-0310-9956-ffa450edef68
-
Stephen Henson authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573335 13f79535-47bb-0310-9956-ffa450edef68
-
Kaspar Brand authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573314 13f79535-47bb-0310-9956-ffa450edef68
-