- Mar 20, 2016
-
-
Jim Jagielski authored
mod_ssl: Add hooks to allow other modules to perform processing at several stages of initialization and connection handling. See mod_ssl_openssl.h. This is enough to allow implementation of Certificate Transparency outside of mod_ssl. Initialize post_handshake_rc for case where a failure has already occurred (doesn't change execution but avoids warning with some levels of gcc). Pointed out by: kbrand Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735886 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 19, 2016
-
-
Jim Jagielski authored
* mod_ssl: Free dhparams when getting DH params. This fixes issue when SSLCryptoDevice does not get unregistered because of non-zero refcount during the mod_ssl unload happening on httpd startup. mod_ssl: follow up to r1720129. Free ecparams read from certificate file(s) on startup. Follow up to r1720129 and r1723295: CHANGES entry. Rephrase r1733088 since leaking means horrible things in cryptography. This is not a security fix :p Submitted by: jkaluza, ylavic, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735770 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
expr support for HTTP2 variable Submitted by: icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735769 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 18, 2016
-
-
Yann Ylavic authored
Since ssl_run_pre_handshake() is not (yet) in 2.4.x, mention ssl_init_ssl_connection() instead. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735650 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
mod_http2: stream cleanup on GOAWAY handling, PUSHes prohibited after client GOAWAY. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735610 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 17, 2016
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735457 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
Ensure that httpd exits with an error status when the MPM fails to run. [Yann Ylavic] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735381 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
[PATCH] mod_rewrite: double escaping of query strings in server context (like PR50447, for server context) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735379 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 16, 2016
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735239 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 14, 2016
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1734917 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 10, 2016
-
-
Stefan Eissing authored
mod_reqtimeout: Prevent long response times from triggering a timeout once the request has been fully read. PR 59045. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1734416 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1734413 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_ssl: Don't lose track of the SSL context if the ssl_run_pre_handshake() hook returns an error. Submitted by: minfrin Reviewed by: minfrin, jim, ylavic Backported by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1734396 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 09, 2016
-
-
Eric Covener authored
mod_rewrite: Add QSL|qslast flag to allow rewrites to files with literal question marks in their names. PR 58777. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1734259 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
reverted in trunk in r1732896. The fix is bad and breaks old loop avoidance. Reviewed By: covener, ylavic, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1734257 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 03, 2016
-
-
Jim Jagielski authored
mod_ssl: when SSLVerify is disabled (NONE), don't force a renegotiation if the SSLVerifyDepth applied with the default/handshaken vhost differs from the one applicable with the finally selected vhost. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733476 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Fix crash in ap_mpm_pod_check call caused by NULL dereference of its parameter when starting httpd as single process (httpd -X). Revert changes on mpm_event and mpm_worker from r1711479. The POD is not used in one process mode for those MPMs. Follow up to r1711479 and r1733064: CHANGES entry. Submitted by: jkaluza, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733475 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy: Play/restore the TLS-SNI on new backend connections which had to be issued because the remote closed the previous/reusable one during idle (keep-alive) time. mod_proxy: follow up to r1729826: really copy conn->ssl_hostname. mod_proxy: follow up to r1729826 + r1729847. Adjust stacked ssl_hostname maximum size. mod_proxy: follow up to r1729826 + r1729847 + r1732986. Don't use magic constants. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733474 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
event: slave connection init, vhost early config Submitted by: icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733473 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 02, 2016
-
-
Jim Jagielski authored
hostname: Test and log useragent_host per-request across various modules, including the scoreboard, expression and rewrite engines, setenvif, authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables. PR55348 [William Rowe] This is the complete change set which applies cleanly to 2.4.x as well, the server/scoreboard.c will follow, which does not apply due to drift. A rather ugly patch since the code was refactored recently to exclude the simple patch for 2.4.x, illustrated below. Completes the changeset r1729930 and resolves all 2.4.19-dev corrections, but other 2.5.0-dev specific changes may still be needed on trunk. --- server/scoreboard.c (revision 1729907) +++ server/scoreboard.c (working copy) @@ -491,9 +491,8 @@ ws->conn_bytes = 0; } if (r) { - const char *client = ap_get_remote_host(c, r->per_dir_config, - REMOTE_NOLOOKUP, NULL); - if (!client || !strcmp(client, c->client_ip)) { + const char *client; + if (!(client = ap_get_useragent_host(r, REMOTE_NOLOOKUP, NULL))) { apr_cpystrn(ws->client, r->useragent_ip, sizeof(ws->client)); } else { Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733282 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Introduce an ap_get_useragent_host() accessor to replace the old ap_get_remote_host() in most applications, but preserve the original behavior for all ap_get_remote_host() consumers (mostly, because we don't have the request_rec in the first place, and also to avoid any unintended consequences). This accessor continues to store the remote_host of connection based uesr agents within the conn_rec for optimization. Only where some other module modifies the useragent_addr will we perform a per-request query of the remote_host. (Fixed compilation issues noted by Ranier, applies to 2.4.x trunk, modulo CHANGES and ap_mmn.h) Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733281 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733278 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733259 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 01, 2016
-
-
Jim Jagielski authored
* Introduce SSLOCSPProxyURL in order to do OCSP requests via a HTTP proxy. Documentation to follow. * Change entry and documentation for SSLOCSPProxyURL Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733066 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 25, 2016
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1732281 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 18, 2016
-
-
Jim Jagielski authored
mod_cache_socache: Fix a possible cached entity body corruption when it is received from an origin server in multiple batches and forwarded by mod_proxy. Upstream buckets should be setaside when saving response body (store_body), but since those will finally be flatten in the cache buffer (commit_entity), let's save them directly into the buffer to avoid heap allocation(s) and the final copy. Reported by: Mike Pastore <mike oobak.org> Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1731082 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_alias: Introduce expression parser support for Alias, ScriptAlias and Redirect. Use unsigned bit fields. mod_alias: follow up to r1653941. Fill empty APLOGNO(). mod_alias: follow up to r1653941. Limit Redirect expressions to directory (Location) context and redirect statuses (implicit or explicit). mod_alias: follow up to r1686853. Factorize code (no functional change). Submitted by: minfrin, ylavic, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1731081 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 16, 2016
-
-
Jim Jagielski authored
Prevent an external proxy from presenting an internal proxy in mod_remoteip.c. PR 55962. Submitted by: mrumph Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1730684 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 11, 2016
-
-
Jim Jagielski authored
allow expressions to be used in SetHandler. Opt-in with expr= prefix. from feedback, assume all parameters to SetHandler are expressions. I couldnt come up with a plausible handler name that was an invalid expression. 1726233 temporarily broke UDS r->handler case sensitivity 1726233 temporarily broke UDS r->handler case sensitivity Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1729876 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
* Ensure that proto_num and protocol is set in another "error out early" edge case. This can happen with invalid CONNECT requests as described in the PR. PR: 58929 Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1729875 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
handling TIMEUP on SSL inputs by allowing later retries Submitted by: icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1729874 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 09, 2016
-
-
Rainer Jung authored
detected by coccinelle). There are some more but they are easier to backport once these here are applied. Backport of r1725392, r1725394, r1725395 and r1725468 from trunk. Submitted by: rjung Reviewed by: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1729495 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 28, 2016
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1727397 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1727393 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 21, 2016
-
-
Jim Jagielski authored
*) mod_proxy_fcgi: Suppress HTTP error 503 and message 01075, "Error dispatching request", when the cause appears to be the client closing the connection. PR58118. Submitted By: Tobias Adolph <adolph lrz.de> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726019 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
flush errors are TRACE1 in the core output filter now. Remove APLOGNO after moving log message to TRACE1 in r1724847. Submitted by: covener, rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726018 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
*) mod_rewrite: Avoid looping on relative substitutions that result in the same filename we started with. PR 58854. [Eric Covener] Previously, the comparison of old and new filename happened before some prefixes might be added. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726016 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 19, 2016
-
-
Jim Jagielski authored
Add common extension "m4a" for MPEG 4 Audio to mime.types. As a reference see Wikipedia: https://en.wikipedia.org/wiki/MPEG-4_Part_14#.MP4_versus_.M4A PR: 57895 Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1725509 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1725500 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 30, 2015
-
-
Jim Jagielski authored
add GlobalLog directive to allow a diagnostic log to be inherited by all virtual hosts, even if they define their own logs. Submitted By: Edward Lu <Chaosed0 gmail.com> Committed by: covener document GlobalLog Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1722340 13f79535-47bb-0310-9956-ffa450edef68
-