* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".

The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68

If uid_t and gid_t are unsigned on a platform (hurd, for example), using -1
may cause a compiler warning. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264788 13f79535-47bb-0310-9956-ffa450edef68

Fix PR36410; Change how the get_suexec_identity hook is handled by CGID.
Instead of using mod_userdir and mod_suexec specific hacks, we now run the hook
on the httpd side of the handler. 

If this is NULL, we pass on a magic empty_ugid constant, otherwise pass on the
real ugid.

On the cgid side of the equation, we add our own hook, with REALLY_FIRST, and
then order the hooks. This ensures that cgid's doer runs before any other
registered get_suexec_identity doers.

We use cgid's request config to store the ugid. If ugid == empty_ugid, we DON'T
call ap_os_create_privileged_process, because our doer would return the magic
empty_ugid constant. Having the doer return NULL is no good, because then
userdir and mod_suexec's doers would be called. Instead, we call plain old
apr_proc_create(). 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264759 13f79535-47bb-0310-9956-ffa450edef68

reached.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264737 13f79535-47bb-0310-9956-ffa450edef68

  Correct mod_cgid's argv[0] so that the full path can be delved by the
  invoked cgi application, to conform to the behavior of mod_cgi.

PR: 34542
Reviewed by: Andre, OtherBill
Submitted by: Pradeep Kumar S <pradeep.smani gmail.com>



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264623 13f79535-47bb-0310-9956-ffa450edef68

  Noticed in the development of fips-enabled mod_ssl, when we are
  configured to support exactly one protocol, use that explicit server
  and client mechansim to handshake with the client or proxied machine,
  rather than the generic SSLv23_[client|server]_method().

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264621 13f79535-47bb-0310-9956-ffa450edef68

Implement graceful stop in the event MPM. Implementation is identical to
the worker MPM implementation. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264105 13f79535-47bb-0310-9956-ffa450edef68

*how* did I mis-spell that.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264104 13f79535-47bb-0310-9956-ffa450edef68

Move the "GracefulShutdownTimeout" command definition into mpm_common



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264103 13f79535-47bb-0310-9956-ffa450edef68

submited by: Neale Ranns neale ranns.org
reviewed by: Ian Holsman



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263931 13f79535-47bb-0310-9956-ffa450edef68

Add graceful-stop to the list of new features. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263906 13f79535-47bb-0310-9956-ffa450edef68

Update transformations to reflect the graceful-stop XML documentation.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263901 13f79535-47bb-0310-9956-ffa450edef68

Add a note on the possible pit-falls that lie ahead when running multiple
instances of httpd at the same time.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263857 13f79535-47bb-0310-9956-ffa450edef68

If it makes it in to 2.2, leave it. Otherwise bump it later.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263854 13f79535-47bb-0310-9956-ffa450edef68

Update CHANGES to reflect that worker now supports graceful-stop, that Bill
wrote some of the graceful-stop code I stole from Ken, and to get rid of
exraneous `'`'s.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@241820 13f79535-47bb-0310-9956-ffa450edef68

Implement a graceful-stop for the worker MPM. We close our listeners, and then
ask each child process to do the same. We then monitor until all children have
exited.

The change to ap_start_shutdown(void) to ap_start_shutdown(int) may look like
an external API change, but the function is defined static, and used only in
one place.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@241819 13f79535-47bb-0310-9956-ffa450edef68

CGId keeps a copy of the listening sockets open, which interferes with a 
graceful shutdown/start. Close the listening sockets on cgid start.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@241815 13f79535-47bb-0310-9956-ffa450edef68

Re-add a simple, obvious, speed-up.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@241814 13f79535-47bb-0310-9956-ffa450edef68

Remove as many ghastly scoreboard loops from the graceful-shutdown code, and
replace with the new ap_relieve_child_processes() call. Add a sleep() call now,
as we lost the timeout inherent in ap_wait_or_timeout(). 1 second seems a sane
choice.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240466 13f79535-47bb-0310-9956-ffa450edef68

Add ap_relieve_child_processess(), a non-infanticidal copy of
ap_reclaim_child_processes(). Allows us to waitpid() each process in the
scoreboard and each "extra" process with a single call.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240465 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240426 13f79535-47bb-0310-9956-ffa450edef68

longer removed. Added httxt2dbm to the sbin directory.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240349 13f79535-47bb-0310-9956-ffa450edef68

update transformations.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240306 13f79535-47bb-0310-9956-ffa450edef68

Make the reference to the 1.3 FAQ a little more up-to-date; and
add a FAQ on SELinux.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240301 13f79535-47bb-0310-9956-ffa450edef68

PR: 36166


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240299 13f79535-47bb-0310-9956-ffa450edef68

Allow htcacheclean to deal in gigabytes.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240297 13f79535-47bb-0310-9956-ffa450edef68

Move the "GracefulShutdownTimeout" directive into mpm_common, for re-use
with other MPM's.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240296 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240281 13f79535-47bb-0310-9956-ffa450edef68

Update the transformations to reflect the new graceful-stop argument.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240275 13f79535-47bb-0310-9956-ffa450edef68

Silly me, I forgot to commit this; the definitions for the GRACEFUL_STOP
signal.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240274 13f79535-47bb-0310-9956-ffa450edef68

Allow apachectl to support "graceful-stop" argument



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240273 13f79535-47bb-0310-9956-ffa450edef68

Documentation changes relevant to new graceful-stop command line argument
for httpd and apachectl, and the the "GracefulShutdownTimeout" directive.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240271 13f79535-47bb-0310-9956-ffa450edef68

Implement a "graceful-stop" for the prefork MPM (might aswell do the hard one
first). 

General approach is to send SIGUSR1 to all children (which will de-listen, and
exit when finished), and to gather all children as they exit. 

We don't use a sleep(timeout) for the timeout implementation, because this
would lead to a rut of defunct children until the timeout had expired.

set_graceful_shutdown stolen from Ken Coar. See <3E84B1EC.3050007@Golux.Com>
(28 Mar 2003).



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240270 13f79535-47bb-0310-9956-ffa450edef68

Make the neccessary changes to mpm_common and main to support a graceful-stop
command line argument. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240269 13f79535-47bb-0310-9956-ffa450edef68

Remove the note about WINCH on certain platforms. As of r239430, this is no
longer the case and USR1 will be used on all platforms.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240258 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240101 13f79535-47bb-0310-9956-ffa450edef68

for the same port, switch them so that the bind to [::] is attempted
first.

Submitted by: colm, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240096 13f79535-47bb-0310-9956-ffa450edef68

(open_listeners): Simplify using the new macros; no functional change.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240092 13f79535-47bb-0310-9956-ffa450edef68

A very minor, but particularly annoying whitespace fix. It took me 15 minutes
to try and parse what was going on :-)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240089 13f79535-47bb-0310-9956-ffa450edef68

Update the documentation for the ScriptSock directive to match the
.PID extension.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240049 13f79535-47bb-0310-9956-ffa450edef68