Skip to content
  1. Jan 21, 2014
    • Jim Jagielski's avatar
      Merge r1451633, r1451905, r1451921, r1452259, r1453981, r1501913, r1513508,... · 625d5a11
      Jim Jagielski authored
      Merge r1451633, r1451905, r1451921, r1452259, r1453981, r1501913, r1513508, r1531340, r1531370, r1531962, r1533065, r1540052 from trunk:
      
      Add in rough uds support (Bugx 54101) from Blaise Tarr <blaise.tarr@gmail.com>
      
      Make AF_UNIX aware... fix Windows/Netware??
      
      Follow-up to r1451905 to fix NetWare/Windows compilation.
      
      
      apr trunk-able
      
      
      message tag for dom sock
      
      Note about new UDS support
      
      UDS subsequent request on a connection fix
      
      Reformat the UDS support inline with a new naming structure.
      Use a flag for speed for testing.
      
      syntax sugar... if the worker is associated w/ a UDS,
      then make sure the log reporting has a visual clue.
      
      Ensure that userland format of UDS is the same as how it is
      configured, no matter how we store and use it internally.
      
      Eclipse code analysis warning
      
      UDS urls need to be desockified when configuring...
      Submitted by: jim, fuankg, jim, jim, druggeri, druggeri, jim, jim, jim, jim, jim
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1560081 13f79535-47bb-0310-9956-ffa450edef68
      625d5a11
  2. Jan 09, 2014
  3. Jan 06, 2014
  4. Jan 05, 2014
  5. Dec 26, 2013
  6. Dec 18, 2013
  7. Nov 29, 2013
  8. Nov 22, 2013
  9. Nov 19, 2013
  10. Nov 17, 2013
  11. Nov 16, 2013
  12. Nov 15, 2013
    • Jim Jagielski's avatar
      Merge r1523281, r1524368, r1525276, r1525280, r1525281 from trunk: · 675e9c8f
      Jim Jagielski authored
      Switch from private FastCGI protocol handling to util_fcgi API.
      
      
      Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout.
      
      
      Bring some envvar flexibility from mod_authnz_fcgi to mod_proxy_fcgi:
      
      mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
      An individual envvar with an encoded length of more than 16K will be
      omitted.
      
      
      Borrow a fix from mod_authnz_fcgi:
      
      mod_proxy_fcgi: Handle reading protocol data that is split between
      packets.
      
      
      Use ap_log_rdata() to dump the FastCGI header, axing a bunch
      of custom data dumping code.
      
      Submitted by: trawick, jkaluza, trawick, trawick, trawick
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542330 13f79535-47bb-0310-9956-ffa450edef68
      675e9c8f
    • Jim Jagielski's avatar
      Merge r1526168, r1527291, r1527294, r1527295, r1527926 from trunk: · 3a14aba1
      Jim Jagielski authored
      Streamline ephemeral key handling:
      
      - drop support for ephemeral RSA keys (only allowed/needed
        for export ciphers)
      
      - drop pTmpKeys from the per-process SSLModConfigRec, and remove
        the temp key generation at startup (unnecessary for DHE/ECDHE)
      
      - unconditionally disable null and export-grade ciphers by always
        prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string
      
      - do not configure per-connection SSL_tmp_*_callbacks, as it is
        sufficient to set them for the SSL_CTX
      
      - set default curve for ECDHE at startup, obviating the need
        for a per-handshake callback, for the time being (and also
        configure SSL_OP_SINGLE_ECDH_USE, previously left out)
      
      For additional background, see
      https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E
      
      
      Follow-up fixes for r1526168:
      
      - drop SSL_TMP_KEY_* constants from ssl_private.h, too
      
      - make sure we also disable aNULL, eNULL and EXP ciphers
        for per-directory SSLCipherSuite directives
      
      - apply the same treatment to SSLProxyCipherSuite
      
      
      Increase minimum required OpenSSL version to 0.9.8a (in preparation
      for the next mod_ssl commit, which will rely on the get_rfcX_prime_Y
      functions added in that release):
      
      - remove obsolete #defines / macros
      
      - in ssl_private.h, regroup definitions based on whether
        they depend on TLS extension support or not
      
      - for ECC and SRP support, set HAVE_X and change the rather awkward
        #ifndef OPENSSL_NO_X lines accordingly
      
      For the discussion prior to taking this step, see
      https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C524275C7.9060408%40velox.ch%3E
      
      
      Improve ephemeral key handling (companion to r1526168):
      
      - allow to configure custom DHE or ECDHE parameters via the
        SSLCertificateFile directive, and adapt its documentation
        accordingly (addresses PR 49559)
      
      - add standardized DH parameters from RFCs 2409 and 3526,
        use them based on the length of the certificate's RSA/DSA key,
        and add a FAQ entry for clients which limit DH support
        to 1024 bits (such as Java 7 and earlier)
      
      - move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
        ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()
      
      - drop ssl_engine_dh.c from mod_ssl
      
      For the standardized DH parameters, OpenSSL version 0.9.8a
      or later is required, which was therefore made a new minimum
      requirement in r1527294.
      
      
      PR 55616 (add missing APLOGNO), part 2
      Submitted by: kbrand
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542327 13f79535-47bb-0310-9956-ffa450edef68
      3a14aba1
  13. Nov 14, 2013
  14. Nov 13, 2013
  15. Nov 09, 2013
  16. Oct 28, 2013
  17. Oct 18, 2013
    • Jim Jagielski's avatar
      Merge r1529559, r1531505 from trunk: · 484255f2
      Jim Jagielski authored
      Fix PR 55397: dav_resource->uri treated as an unparsed uri.
      
      The change made for PR 54611 caused this field to be treated as
      unescaped.  mod_dav_svn however, provided escaped URIs.  Essentially
      breaking support for paths with non-URI safe characters in SVN.
      
      Adjust the code so that dav_resource->uri is assumed to be escaped and
      adjust mod_dav_fs so that it uses escaped URIs in this field.
      
      * modules/dav/fs/repos.c
        (dav_fs_get_resource): Use the unparsed_uri to contruct the resource uri.
      
      * modules/dav/main/mod_dav.c
        (dav_xml_escape_uri): Do not uri escape, just handle xml escaping.
        (dav_created): Assume that locn if provided is escaped.
        (dav_method_copymove, dav_method_bind): Use the unparsed_uri on the request
          when calling dav_created() to adjust to locn assuming it is escaped.
      
      * modules/dav/main/mod_dav.h
        (dav_resource): Document that uri is escaped.
      
      
      Followup to r1529559: mod_dav_fs: Fix encoding of hrefs in PROPFIND response.
      
      Previous commit missed encoding the names of the children of the PROPFIND
      request when the depth wasn't 0.
      
      * modules/dav/fs/repos.c
        (dav_fs_append_uri): New function
        (dav_fs_walker): Use dav_fs_append_uri() and adjust length calculations to
          use the encoded length.
      
      
      Submitted by: breser
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1533448 13f79535-47bb-0310-9956-ffa450edef68
      484255f2
    • Jim Jagielski's avatar
      Merge r1528718 from trunk: · da9cdf04
      Jim Jagielski authored
      mod_dav: Fix PR 55306.
      
      Makes mod_dav no longer require that the lock token be provided when the
      source of a COPY is locked.  The prior behavior was in violating of
      RFC 4918 which says that the lock token is only required on resources
      that may be modified by the method.
      
      * modules/dav/main/mod_dav.h
        (DAV_VALIDATE_NO_MODIFY): New flag to be passed to dav_validate_* functions.
      
      * modules/dav/main/mod_dav.c
        (dav_method_copymove): Use the new flag when calling dav_validate_request()
          on the COPY source.
      
      * modules/dav/main/util.c
        (dav_validate_resource_state): Use the flag to decide to ignore if the lock
          token is not provided.
      
      Submitted by: breser
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1533447 13f79535-47bb-0310-9956-ffa450edef68
      da9cdf04