Skip to content
  1. Aug 30, 2005
    • Joe Orton's avatar
      Fix CVE CAN-2005-2700: · a344c639
      Joe Orton authored
      * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
      renegotiation is performed for a transition from "SSLVerifyClient
      optional" to "SSLVerifyClient require".
      
      The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
      context merely has optional verification configured, since the
      definition of SSL_VERIFY_PEER_STRICT is
      (SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68
      a344c639
    • Colm MacCarthaigh's avatar
      · 390c36d0
      Colm MacCarthaigh authored
      Fix PR36410; Change how the get_suexec_identity hook is handled by CGID.
      Instead of using mod_userdir and mod_suexec specific hacks, we now run the hook
      on the httpd side of the handler. 
      
      If this is NULL, we pass on a magic empty_ugid constant, otherwise pass on the
      real ugid.
      
      On the cgid side of the equation, we add our own hook, with REALLY_FIRST, and
      then order the hooks. This ensures that cgid's doer runs before any other
      registered get_suexec_identity doers.
      
      We use cgid's request config to store the ugid. If ugid == empty_ugid, we DON'T
      call ap_os_create_privileged_process, because our doer would return the magic
      empty_ugid constant. Having the doer return NULL is no good, because then
      userdir and mod_suexec's doers would be called. Instead, we call plain old
      apr_proc_create(). 
      
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264759 13f79535-47bb-0310-9956-ffa450edef68
      390c36d0
  2. Aug 29, 2005
  3. Aug 28, 2005
  4. Aug 27, 2005
  5. Aug 26, 2005
    • Colm MacCarthaigh's avatar
      · c69524da
      Colm MacCarthaigh authored
      Implement a "graceful-stop" for the prefork MPM (might aswell do the hard one
      first). 
      
      General approach is to send SIGUSR1 to all children (which will de-listen, and
      exit when finished), and to gather all children as they exit. 
      
      We don't use a sleep(timeout) for the timeout implementation, because this
      would lead to a rut of defunct children until the timeout had expired.
      
      set_graceful_shutdown stolen from Ken Coar. See <3E84B1EC.3050007@Golux.Com>
      (28 Mar 2003).
      
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240270 13f79535-47bb-0310-9956-ffa450edef68
      c69524da
  6. Aug 25, 2005
  7. Aug 24, 2005
  8. Aug 23, 2005
  9. Aug 20, 2005
  10. Aug 19, 2005
  11. Aug 12, 2005
  12. Aug 11, 2005
  13. Aug 10, 2005
  14. Aug 09, 2005
  15. Jul 21, 2005
  16. Jul 20, 2005
  17. Jul 19, 2005
  18. Jul 18, 2005
  19. Jul 17, 2005
    • Ian Holsman's avatar
      This patch adds a new hook (request_status) that gets ran in proxy_handler · dd39e89f
      Ian Holsman authored
      just before the final return.  This gives modules an opportunity to do
      something based on the proxy status.
      
      A couple of examples where this is useful:
      
      -You are using a caching module and would rather return stale content rather
      than an error to the client if the origin is down.
      
      -you proxy some subrequests (using SSI - mod_include) and do not want SSI
      errors when the backend is down. If you would normally return
      HTTP_BAD_GATEWAY, you may have a module that serves some other content.
      
      
      new hook -- so mmn bump.. i made it a major one, hope thats ok 
      
      Patch From Brian Akins <Brian.Akins turner.com>
      
      
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219372 13f79535-47bb-0310-9956-ffa450edef68
      dd39e89f
  20. Jul 15, 2005
  21. Jul 14, 2005
    • William A. Rowe Jr's avatar
      · 07a78f67
      William A. Rowe Jr authored
        How can I fix thee?  let me count the ways...
      
        * pass a chunked body always (no-body requests don't go chunked).
      
        * validate that the C-L counted body length doesn't change.
      
        * follow RFC 2616 for C-L / T-E in the request body C-L / T-E
          election logic.
      
        * do not forward HTTP/1.0 requests as HTTP/1.1, unless the admin
          configures force-proxy-request-1.1
      
        * conn was illegible, use 2.0's p_conn.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@218978 13f79535-47bb-0310-9956-ffa450edef68
      07a78f67
  22. Jul 08, 2005
  23. Jul 07, 2005
  24. Jul 06, 2005