Submitted by Lucien Gentis <lucien.gentis lorraine.iufm.fr>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601634 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601377 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601365 13f79535-47bb-0310-9956-ffa450edef68

  SSL_renegotiate makes no sense here; remove copied comment.  No
  functional change.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601003 13f79535-47bb-0310-9956-ffa450edef68

with a hanging '*')


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600651 13f79535-47bb-0310-9956-ffa450edef68

Determined to be not generally exploitable, but a flaw in any case.

PR: 44014
Submitted by: Victor Stinner <victor.stinner inl.fr>




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600645 13f79535-47bb-0310-9956-ffa450edef68

  functional change.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600497 13f79535-47bb-0310-9956-ffa450edef68

  validity period from the OCSP response and check it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600493 13f79535-47bb-0310-9956-ffa450edef68

  log message since the passed-in cert may be e.g. the peer's issuer.

* modules/ssl/ssl_private.h (ssl_log_cxerror): Don't mention the word
  peer here either.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600486 13f79535-47bb-0310-9956-ffa450edef68

  response-header count is exceeded.  Also bump to APLOG_ERR the log
  message given after a header read error.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600482 13f79535-47bb-0310-9956-ffa450edef68

  TLS upgrade, require only the presence of a "TLS/1.0" token
  somewhere in the Upgrade request-header, rather than as the exact
  header value.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600479 13f79535-47bb-0310-9956-ffa450edef68

  ssl_io_filter_init): Don't clear f->r here after adding connection
  filters since ap_add_*_filter now guarantee to do it internally.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600477 13f79535-47bb-0310-9956-ffa450edef68

request_rec pointer when adding connection filters; minor MMN bump:

* server/util_filter.c (add_any_filter_handle): Set f->r for
  connection filters even if passed-in r is non-NULL.  Style nit fix
  also.

* include/util_filter.h (ap_add_output_filter,
  ap_add_output_filter_handle): Document new API guarantee.

* include/ap_mmn.h: Minor MMN bump.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600473 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600246 13f79535-47bb-0310-9956-ffa450edef68

Reported by: Takashi Sato <serai lans-tv.com>
Confirmed by: Vincent Jong <megaspaz tron.megaspaz.net> & noodl


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600245 13f79535-47bb-0310-9956-ffa450edef68

  This will not change the logic if no "-l" gets used, and it will spare
  one call to apr_time_now() in case "-l" gets used and more important
  it gives the code better atomicity, because in fact between the two calls
  there is a slight change of jumping oder the DST boundary

- for historic reasons the same code block is used two times with a
  slightly different way of transforming apr_time_t to int
  (once division by APR_USEC_PER_SEC, once call to apr_time_sec()),
  so let's unify it.

- finally move the block into a function, because it gets used already
  two times.

PR: 44004
Submitted by: Rainer Jung <rainer.jung kippdata.de>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600154 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600038 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600037 13f79535-47bb-0310-9956-ffa450edef68

is no longer required due to the more optimal way the list of subgroup attributes
is now handled.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600017 13f79535-47bb-0310-9956-ffa450edef68

associated with processing of subgroup lists. There were some
problems that arose when the cache was referenced across possible
expirations. As of this fix the nested group code (and the caching
of queries related to nested groups) should be working correctly.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600013 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599900 13f79535-47bb-0310-9956-ffa450edef68

complicated code with a simple list.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599877 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599872 13f79535-47bb-0310-9956-ffa450edef68

Submitted by: jorton
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599711 13f79535-47bb-0310-9956-ffa450edef68

need to be leaving historical info around.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599657 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599656 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599655 13f79535-47bb-0310-9956-ffa450edef68

Try to be graceful and harmless in cases where we run out of SHM.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599654 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599651 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599646 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599603 13f79535-47bb-0310-9956-ffa450edef68

  avoids that the autoindex test (t/modules/autoindex) fails. Adjusting
  the autoindex test would cause it to fail with older versions and would
  make it harder to recognize regressions.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599589 13f79535-47bb-0310-9956-ffa450edef68

  tweaks, no functional change.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599497 13f79535-47bb-0310-9956-ffa450edef68

  handling.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599496 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599446 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599445 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599425 13f79535-47bb-0310-9956-ffa450edef68

filter_init problem remains, we should make it clear to users at startup time.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599393 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_config.c (modssl_ctx_init,
  modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
  (ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
  ssl_cmd_SSLOCSPEnable): Add functions.

* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.

* modules/ssl/ssl_private.h: Add prototypes, config options to
  modssl_ctx_t.

* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
  dispatching OCSP requests.

* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
  OCSP validation.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
  OCSP validation if configured, and the cert is so-far verified to be
  trusted.  Fail if OCSP validation is configured an the optional-no-ca 
  check tripped.

* modules/ssl/config.m4: Check for OCSP support, build new files.

* modules/ssl/mod_ssl.dsp: Build new files.

* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
  interfaces.

PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68

  r394065.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599326 13f79535-47bb-0310-9956-ffa450edef68