- Jul 14, 2014
-
-
Jeff Trawick authored
core: Include any error notes set by modules in the canned error response for 403 errors. Submitted by: trawick Reviewed by: minfrin, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610328 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
mod_ssl: Set an error note for requests rejected due to SSLStrictSNIVHostCheck Submitted by: trawick Reviewed by: minfrin, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610327 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
SNI errors. Submitted by: trawick Reviewed by: minfrin, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610326 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 12, 2014
-
-
Jeff Trawick authored
mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer larger keys and support up to 8192-bit keys. Submitted by: rpluem, jorton Reviewed by: ylavic, kbrand git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610014 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
Fix PR 56480: PROPFIND walker doesn't encode hrefs properly Reverts r1529559 partially (specifically the dav_xml_escape_uri) bit. Reverts r1531505 entirely. * modules/dav/main/mod_dav.c (dav_xml_escape_uri): Revert the piece of r1529559 that removes the URI escaping from this function. * modules/dav/main/props.c (dav_do_prop_subreq): Escape the URI before doing a sub request with it. This resolves some properties like getcontenttype from failing to be returned for files that contain characters that require encoding in their path. * modules/dav/main/mod_dav.h (dav_resource): Note the inconsistency in the documentation. * modules/dav/fs/repos.c (dav_fs_get_resource): Don't use the unparsed_uri to set the uri field of the resource. This is the correct fix for the double encoding in mod_dav_fs that led to the dav_xml_escape_uri() change and r1531505. (dav_fs_walker, dav_fs_append_uri): Revert r1531505 changes. Submitted by: breser Reviewed by: ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610013 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 08, 2014
-
-
Jeff Trawick authored
Follow up to r1527220/r1588852: Implement better error checking/reporting around notification of abrupt parent process termination. It is likely that something bad is happening here based on these user reports: https://www.apachelounge.com/viewtopic.php?p=27848 http://mail-archives.apache.org/mod_mbox/httpd-users/201406.mbox/%3CCAC%2BRZnuwLD%2BJnoy2TYO8oeAWt6bFLMa%3DEhfDf9hS3cuuGUHXAw%40mail.gmail.com%3E w-up to r1606368: HANDLE is PVOID which is void * (fix format string) Submitted by: trawick Reviewed by: covener, gsmith git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608907 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608780 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy: When ping/pong is configured for a worker, don't send or forward "100 Continue" (interim) response to the client if it does not expect one. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608762 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_ssl: send OCSP request's nonce according to SSLOCSPUseRequestNonce on/off. PR 56233. mod_ssl: follow up to r1583191. New SSLOCSPUseRequestNonce directive's manual and CHANGES. Non functional code changes (modssl_ctx_t's field ocsp_use_request_nonce grouped with other OCSP ones, nested if turned to a single AND condition). Remove SSLOCSPUseRequestNonce OpenSSL-0.9.7 requirement (0.9.8 already required by httpd-2.4) and set availability to 2.5-dev until further notice. mod_ssl: follow up to r1583191. Use type BOOL for modssl_ctx_t's field ocsp_use_request_nonce. Suggested by: kbrand. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608758 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 26, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605642 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
mod_proxy_fcgi: Fix occasional high CPU when handling request bodies. Submitted by: trawick Reviewed by: covener, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605639 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 25, 2014
-
-
Eric Covener authored
* event MPM: fix a race where a worker looks at a conn_rec after it might be in use by another thread or may have been freed and re-allocated. Submitted By: Edward Lu git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605619 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
authnzldap: support "none" as a filter to suppress using a search filter, which is required by some mainframe security products serving native registry over LDAP. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605618 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 21, 2014
-
-
Yann Ylavic authored
mod_deflate: fix decompression of files larger than 4GB. According to RFC1952, Input SIZE (compLen) contains the size of the original input data modulo 2^32. PR: 56062 Submitted by: Lukas Bezdicka git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604460 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Merge r1572655, r1572663, r1572668, r1572669, r1572670, r1572671, r1573224, r1586745, r1587594, r1587639, r1590509 from trunk. Commit 1 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle Zlib header buffering in the inflate output filter : - add the new deflate_ctx_t fields needed to re-enter the Zlib header parsing, - introduce the new consume_zlib_flags() function to parse/consume the ZLib flags (will be used by the other filters too), - use it to handle incomplete header in the output filter (deflate). This alone fixes PR 55666, but the issue remains for PR 46146 (inflate/deflate input filters), hence the following patches. Commit 2 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle Zlib header buffering in the inflate input filter : - loop until all the header is received, - handle non blocking reads returning empty brigade, - fix a double ap_get_brigade() when an EOS brigade is encountered while reading the header, - in that case and no data was received so far, don't return an error but SUCCESS with the EOS, otherwise fail, - don't remove the Content-Length and Content-MD5 headers until some data is read. Still does not handle Zlib flags for now, next commits. Commit 3 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle Zlib validation bytes buffering (CRC + length) in the inflate input filter : - use validation_buffer and validation_length as state, - loop until all the bytes are received. Commit 4 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle non blocking reads which would block in the inflate input filter (not an error). Commit 5 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle Zlib flags in the inflate input filter as in the output filter, using consume_zlib_flags(). Commit 6 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Ignore empty buckets and split buckets longer than INT_MAX (since zlib uses 32-bit ints only) in all filters. mod_deflate: when consuming zlibs flags, APR_INCOMPLETE implies no more bytes available. mod_deflate: update empty log tags. mod_deflate: Delay INFLATE input filter's self removal until all the buffered buckets are out (including EOS). PR 46146. mod_deflate: Don't return gzip-ed data when reading FLUSH bucket in INFLATE input filter, forward the FLUSH but keep reading should EOS/more follow (should not happen, but mod_deflate won't fix it). mod_deflate: follow up to r1587639. Don't break the looped brigade when moving the FLUSH bucket to the returned bb and continue reading. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604458 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
mod_proxy: Allow reverse-proxy to be set via explicit handler. Submitted by: ryo takatsuki <ryotakatsuki gmail com> Reviewed by: ylavic, jim, mrumph git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604378 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
ab: support custom HTTP method with -m argument. PR: 56604 Submitted by: Roman Jurkov <winfinit gmail.com> Reviewed by: ylavic, trawick, covener (r1601680 and r1601700 not reflected in mergeinfo due to a collision with an unrelated trunk change) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604373 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604340 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
- IVM changed to use shm - More verbose error logging (no functional change) - Miscellaneous refactoring that was in trunk but not in 2.4.x (no functional change as such) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604339 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 17, 2014
-
-
Jim Jagielski authored
core: avoid a double apr_time_now() call on the first succeeding read. * Correctly escape user provided data. PR: 56532 Submitted by: Maksymilian <max cert.cx> Reviewed by: rpluem Save a few bytes of memory. This can be done in temp_pool. Fix layout don't pass uninitialized rv passed to ap_log_rerror() (rv wasn't interesting / follow an existing example) stop throwing away a pointer on the heap (clang scan-build) add the URI to DEBUG message 00765 (and drop an exclamation point): Cache provider's store_body failed! Doxygen fix + reorg to match how other header files are built Submitted by: ylavic, rpluem, jailletc36, jailletc36, trawick, covener, jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1603141 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 10, 2014
-
-
Jeff Trawick authored
mod_proxy_fcgi: Support iobuffersize parameter. Submitted by: trawick Reviewed by: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1601749 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 03, 2014
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599597 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Merge r1546730, r1583008, r1571369, r1552130, r1578760, r1592615, r1592632, r1595321, r1550302, r1550307, r1585435 from trunk: fix whitespace in a debug message s/comment/self-documenting/ normalize an ugly construct which somehow manages to return the correct value This is annoying to see in a casual "LogLevel debug foo:traceX ..." Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory. Follow-up to r1592529: Define default port for "scgi" schemes (as chosen by mod_proxy_scgi) in a common location. Suggested by: jailletc36 fix Doxygen markup error Submitted by: jailletc36 Tweak a AP_DEBUG_ASSERT condition. Valid index to use 'req_header_var_names' are 0...6 mod_auth_form: Add a debug message when the fields on a form are not recognised. mod_auth_form: Make the trace logging consistent through the notes, session and form authentication steps. mod_auth_form: update empty log tags. Submitted by: trawick, covener, jailletc36, trawick, trawick, jailletc36, minfrin, minfrin, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599501 13f79535-47bb-0310-9956-ffa450edef68
-
- May 30, 2014
-
-
Jim Jagielski authored
mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:" scheme. PR55320. Submitted by: Alex Liu <alex.leo.ca gmail.com> Committed by: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1598603 13f79535-47bb-0310-9956-ffa450edef68
-
- May 19, 2014
-
-
Jim Jagielski authored
mod_socache_shmcb: Correct counting of expirations for status display. Expirations happening during retrieval were not counted. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1595918 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_cache: Retry unconditional request with the full URL (including the query-string) when the origin server's 304 response does not match the conditions used to revalidate the stale entry. http://www.mail-archive.com/dev@httpd.apache.org/msg59884.html Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1595917 13f79535-47bb-0310-9956-ffa450edef68
-
- May 14, 2014
-
-
Jeff Trawick authored
mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment variables as a result of AliasMatch. Submitted by: covener Reviewed by: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1594539 13f79535-47bb-0310-9956-ffa450edef68
-
- May 07, 2014
-
-
Jim Jagielski authored
mod_proxy_scgi: Support Unix sockets. ap_proxy_port_of_scheme(): Support default SCGI port (4000). Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593004 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
programs, and implement a special merging algorithm for SSLCertificate[Key]File to emulate the behavior in versions <= 2.4.7 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593003 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Fix errors with CacheLock on Windows: cache_util.c(757): (OS 80)The file exists. : [client 127.0.0.1:63889] AH00784: Attempt to obtain a cache lock for stale cached URL failed, revalidating entry anyway: Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593000 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_expires: don't add Expires header to error responses (4xx/5xx), be they generated or forwarded. PR 55669. Follow up to r1584430. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592999 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_fcgi: Don't segfault when failing to connect to the backend. now understood why users haven't reported the segfault (yet) when mod_proxy_fcgi can't connect to the application Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592998 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
on startup if default socache_provider is used and AuthnCacheEnable or AuthnCacheProvideFor is used. This problem has been introduced in r1531961. PR 56371. Submitted by: jkaluza Reviewed by: ylavic, jim, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592991 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 20, 2014
-
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588763 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 18, 2014
-
-
Jim Jagielski authored
Also clear the error queue before calling SSL_CTX_use_certificate[_chain]_file (workaround for OpenSSL versions before 0.9.8h, see https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1513). PR 56410. Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588496 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
*) mod_proxy_wstunnel: Don't pool backend websockets connections, because we need to handshake every time. PR 55890. [Eric Covener] actually remove mod_reqtimeout, since the util_filter functions involved only manipulate c->input_filters no matter what we pass. We need to make copies of c->input_filters after, not before, it skips over reqtimeout. Note: reqtimeout doesn't really interfere today with normal operation, but this is misleading/confusing when dealing with other wstunnel issues. cleanup wstunnel error handling Submitted By: covener, ylavic, Edward Lu Commited By: covener followup to r1587036. if backend->close is set too early, proxy_util.c will close it right away and then blow away the field. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588495 13f79535-47bb-0310-9956-ffa450edef68
-
Kaspar Brand authored
Bring SNI behavior into better conformance with RFC 6066: - no longer send a warning-level unrecognized_name(112) alert when no matching vhost is found (PR 56241) - at startup, only issue warnings about IP/port conflicts and name-based SSL vhosts when running with an OpenSSL without TLS extension support (almost 5 years after SNI was added to 2.2.x, the "[...] only work for clients with TLS server name indication support" warning feels obsolete) Proposed by: kbrand Reviewed by: jorton, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588424 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 17, 2014
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588356 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_auth_form: Make sure the optional functions are loaded even when the AuthFormProvider isn't specified. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588247 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Only read "active" values from the key_files array. PR 56306. Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588246 13f79535-47bb-0310-9956-ffa450edef68
-