- Apr 17, 2014
-
-
Jim Jagielski authored
Only read "active" values from the key_files array. PR 56306. Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588246 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Reverse the order when merging global and vhost-level config arrays. Putting the vhost-level elements last allows overriding global settings (for the deprecated SSLRequire directive, the order is irrelevant, all of them must be met, cf. ssl_engine_kernel.c:ssl_hook_Access). Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588245 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
If the "value" argument is prefixed with expr=, parse it with ap_expr rather than mod_headers' built-in format strings. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588244 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* support/rotatelogs.c (main): Prevent creation of zombies from post-rotate programs. Reviewed by: druggeri, ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588175 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 16, 2014
-
-
Jeff Trawick authored
Merged /httpd/httpd/trunk:r1515403,1515411,1515420,1517175,1521909,1526647,1541181,1578762,1585054,1585072,1588054 mod_authnz_fcgi: New module to enable FastCGI authorizer applications to authenticate and/or authorize clients. Submitted by: trawick, jailletc36, gsmith Approved by: trawick, jim, gsmith (Thanks gsmith for the Windows build bits!) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588064 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 15, 2014
-
-
Jim Jagielski authored
* Do not parse URL in case of regular expression as they likely do not follow the URL syntax. PR: 56074 Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587699 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_reqtimeout: Resolve unexpected timeouts on keepalive requests under the Event MPM. PR56216. Submitted By: Frank Meier <frank meier ergon ch> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587697 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Add suspend_connection and resume_connection hooks to notify modules when the thread/connection relationship changes. (Currently implemented only for the Event MPM; should be implemented for all async MPMs.) follow-up to r1546759: remove an inadvertently committed testcase Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587695 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_fcgi: Fix sending of response without some HTTP headers that might be set by filters. The problem occurs when no body bytes were read while reading the response headers, resulting in an empty brigade being sent down the filter stack. One particualr filter that mishandles the empty initial brigade is mod_deflate. It neglects to add to the response header fields. PR: 55558 Submitted by: Jim Riggs <jim riggs.me> Reviewed by: trawick Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587694 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Do not delete the wrong data from HTML code when a "http-equiv" meta tag specifies a Content-Type behind any other "http-equiv" meta tag. PR 56287 [Micha Lenk <micha lenk info>] Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587693 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 03, 2014
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1584443 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 31, 2014
-
-
Jeff Trawick authored
with proxy under the 2.4.8 section it had already been added the the proper (2.4.7) section git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1583378 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 29, 2014
-
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582968 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 27, 2014
-
-
Daniel Gruno authored
mod_lua: Prevent HTTP Response Splitting by not allowing tables in the request_rec to be set with values containing newlines. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582264 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
mod_lua: escape key/value pairs when setting cookies to prevent header splitting with tainted cookies. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582255 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582251 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 18, 2014
-
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1578965 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1578964 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 13, 2014
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577237 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577218 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577157 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577146 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the LuaMapHandler directive in certain cases by changing the URI before the map handler code executes [Daniel Gruno]. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577145 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577139 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 11, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1576466 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1576408 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1576403 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 10, 2014
-
-
Jim Jagielski authored
Update rationale draft-ietf-httpbis-p1-messaging-23 fixes regarding interactions between TE and content-length in the same req/resp. PR 55616 (add missing APLOGNO), part 1 Wrap at 80 still, here at httpd project Use a distinguishing APLOGNO for unk t-e with read-until-close behavior Submitted by: jim, kbrand, wrowe, wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575934 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
CVE-2014-0098 (reported by Rainer Canavan <rainer-apache 7val com>) Segfaults w/ truncated cookie logging. Clean up the cookie logging parser to recognize only the cookie=value pairs, not valueless cookies. This refactors multiple passes over the same string buffer into a single pass parser. Submitted by: wrowe Reviewed by: rpluem, jim Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575904 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 03, 2014
-
-
Eric Covener authored
restore http://svn.apache.org/viewvc?view=revision&revision=233369 under a configurable option: don't run mod_dir if r->handler is already set. Backported by: covner Reviewed By: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573580 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 02, 2014
-
-
Jim Jagielski authored
* Do not perform SNI / Host header comparison in case of a forward proxy request as in case of a forward proxy request the host header can not be used for virtual host selection in our webserver. * Update comment. No functional change. * Put a note in CHANGES about r1553204 Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573362 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Throw away the myCtxVar{Set,Get} abomination and introduce a pphrase_cb_arg_t struct instead, for passing stuff between ssl_pphrase_Handle and ssl_pphrase_Handle_CB. Prefer struct members instead of using additional local variables, to make the data flow more transparent. (Doesn't "vastly simplify" the code yet, but hopefully we'll get there when further stripping down ssl_pphrase_Handle.) Remove the hardcoded algorithm-type dependency for the SSLCertificateFile and SSLCertificateKeyFile directives, and deprecate SSLCertificateChainFile Splitting the patch into smaller pieces turned out to be infeasible, unfortunately, due to the heavily intertwined code in ssl_engine_config.c, ssl_engine_init.c and ssl_engine_pphrase.c, which all depends on the modssl_pk_server_t data structure. For better comprehensibility, a detailed listing of the changes follows: ssl_private.h - drop the X509 certs and EVP_PKEY keys arrays from modssl_pk_server_t - use apr_array_header_t for cert_files and key_files - drop tPublicCert from SSLModConfigRec - drop the ssl_algo_t struct and the SSL_ALGO_* and SSL_AIDX_* constants ssl_engine_config.c - change to apr_array_header_t for SSLCertificate[Key]File - drop ssl_cmd_check_aidx_max, i.e. allow an arbitrary number of certs and keys (in theory; currently OpenSSL does not support more than one cert/key per algorithm type) - add deprecation warning for SSLCertificateChainFile ssl_engine_init.c - configure server certs/keys in ssl_init_server_certs (no longer via ssl_pphrase_Handle in ssl_init_Module) - in ssl_init_server_certs, read in certificates and keys with standard OpenSSL API functions (SSL_CTX_use_*_file), and only fall back to ssl_load_encrypted_pkey when encountering an encrypted private key - drop ssl_server_import_cert, ssl_server_import_key, ssl_init_server_check, and ssl_init_ctx_cleanup_server - move the "problematic re-initialization" check to ssl_init_server_ctx ssl_engine_pphrase.c - use servername:port:index as the key identifier, instead of the previously used servername:port:algorithm - ssl_pphrase_Handle overhaul: remove all cert/public-key handling, make it only load a single (encrypted) private key, and rename to ssl_load_encrypted_pkey - in the passphrase prompt message, show the private key file name instead of the vhost id and the algorithm name - do no longer supply the algorithm name as an argument to "exec"-type passphrase prompting programs ssl_util.c - drop ssl_util_algotypeof, ssl_util_algotypestr, ssl_asn1_keystr, and ssl_asn1_table_keyfmt ssl_util_ssl.{c,h} - drop SSL_read_X509 - constify the filename arg for SSL_read_PrivateKey CodeWarrior compiler doesnt allow vars as struct inits. Remove per-certificate chain handling code (obsoleted by https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b9fa413a08d436d6b522749b5e808fcd931fd943) make the ppcb_arg initialization a bit more uniform and easier to read Followup fix for r1553824: also pass the file name to ssl_load_encrypted_pkey, to make sure that we retry with the same filename we used for SSL_CTX_use_PrivateKey_file first With OpenSSL 1.0.2 or later, enable OCSP stapling in a loop based on SSL_CTX_set_current_cert(), near the end of ssl_init_server_ctx. update APLOGNO for r1564760 Submitted by: kbrand, fuankg, kbrand, kbrand, kbrand, kbrand, kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573360 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 21, 2014
-
-
Jim Jagielski authored
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore, and IgnoreInherit to allow RewriteRules to be pushed from parent scopes to child scopes without explicitly configuring each child scope. PR56153. Submitted By: Edward Lu Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570684 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570530 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 20, 2014
-
-
Jim Jagielski authored
PR: 54852. Only use a dummy_connection for idle processes Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570327 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
FreeBSD: Disable IPv4-mapped listening sockets by default for versions 5+ instead of just for FreeBSD 5. PR: 53824 Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570322 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
handle POLLERR/POLLHUP during poll() to avoid high CPU busy loop. Submitted By: Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener] Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570321 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570168 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570162 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 17, 2014
-
-
Jim Jagielski authored
mod_proxy_fcgi: Fix error message when an unexpected protocol version number is received from the application. PR: 56110 Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1569007 13f79535-47bb-0310-9956-ffa450edef68
-