- Aug 10, 2016
-
-
Rainer Jung authored
- ab: use new API SSL_CTX_set_max_proto_version() and SSL_CTX_set_min_proto_version() in combination with TLS_client_method() instead of the old deprecated methods. Backport of r1735891 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755851 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- The callback function passed to SSL_CTX_sess_set_get_cb() now needs the session id argument to be const. So constify the session id. Backport of r1735883 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755850 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- use new API SSL_CTX_set_max_proto_version() and SSL_CTX_set_min_proto_version() instead of SSL_CTX_set_options() - use new methods TLS_client_method() and TLS_server_method() Partial backport of r1735882 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755849 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- ERR_remove_thread_state() no longer has an argument. Backport of r1735878 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755848 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- SRP_VBASE_get_by_user() is deprecated now, one should use SRP_VBASE_get1_by_user() instead. The new function returns a pointer owned by the callee. It must be freed after use. Backport of r1735877 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755846 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- remove thread locking. It is now builtin for OpenSSL 1.1.0 Backport of r1735875 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755845 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- Simplify code by using new 1.1.0 variant also for older OpenSSL. Also tested with 1.0.2f and 0.9.8zh. No ssl test suite failures. Backport of r1731423 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755844 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- 1.1.0-pre3 was relesed - remove pre2 comments which no longer apply - one more struct has been made opaque, use accessor function instead Backport of r1731012 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755843 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- use common code for OpenSSL pre-1.1.0 and 1.1.0 where possible. Partial backport of r1730422 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755841 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Partial backport of r1730351 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755839 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- use SSL_peek instead of looping with has_buffered_data(). This fixes t/security/CVE-2009-3555.t where has_buffered_data() doesn't help, because it finds the buffered data and doesn't call SSL_read(), so the reneg handshake isn't triggered. SSL_peek() for 0 bytes seems to reliably trigger the reneg in every case. No more polling/sleeping. The code for the OpenSSL 1.1.0 case is now again very close to the pre 1.1.0 case. Still need to run the full test suite with a clean build. Backport of r1730316 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755838 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- Fix typo in loop end condition This code will be removed next. Thex fix is for the case we want to roll teh code back to this state. Backport of r1730314 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755837 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- Fix renegotiation for the client side of a proxy connection. Backport of r1730146 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755835 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- fix copy&paste typos (wrong version number in "#if"). Backport r1729998 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755832 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- fix rejecting client initiated renegotiations Backport of r1729968 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755830 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- further improvements for renegotiation No more test suite failures for reneg, but still using not so nice polling. Backport of r1729927 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755829 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Backport of r1729581 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755827 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- no need to check for opaque "valid" cert flag, since we get here only if internal certificate verification of OpenSSL returned ok=1. Backport of r1729500 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755825 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- improve renegotiation loop. Should now also work in case only the cipher changes. Should now also work in case the handshake ends with an error. Backport of r1729498 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755824 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
The old compatibility macro check no longer works, because those are now actual functions, so an ifndef is not the correct check. Backport of r1729435 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755822 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- partial support for renegotiations. - Not a good design, need to poll until renegotitation has finished. - Loop criterion not right, if no client certs will be send. - Also doesn't work for EC or DH ciphers. Unclear how to fix with current 1.1.0 API. - Details see http://marc.info/?t=145493359200002&r=1&w=2 Backport of r1729341 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755821 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Only exist in OpenSSL 1.1.0. They were renamed from EVP_MD_CTX_create() and EVP_MD_CTX_destroy(). Followup to r1728979. Partial backport of r1729037 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755819 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Backport of r1729032 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755818 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- don't check for SSLeay_version() in configure The function no longer exists in 1.1.0. It was replaced by OpenSSL_version(). - Switch between SSLeay_version(U) and OpenSSL_version() depending on version in modules/ssl/ssl_util_ssl.h. - Use MODSSL_LIBRARY_DYNTEXT everywhere. Backport of r1728981 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755817 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- followup to r1728909 (incomplete switch from struct to struct pointer). Partial backport of r1728979 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755816 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- mod_ssl Look out for "XXX: OpenSSL 1.1.0:" for a few open problems. Not tested with test suite yet. Partial backport of r1728909 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755814 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
- ab Backport of r1728907 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755813 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
1.1.0 compatibility from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755809 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 06, 2016
-
-
Nilgun Belma Buguner authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755408 13f79535-47bb-0310-9956-ffa450edef68
-
Nilgun Belma Buguner authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755407 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 05, 2016
-
-
Rich Bowen authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755364 13f79535-47bb-0310-9956-ffa450edef68
-
Rich Bowen authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755363 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 04, 2016
-
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755217 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755196 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 03, 2016
-
-
Jim Jagielski authored
Unclear whether fdpass is common enough to justify a 'most' configuration, but for the time being, assign it -something- for a build priority. Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755078 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
PR59815: rewrite per-directory + fcgi broken in 2.4.23 remove the query string from r->filename before calculating environment (SCRIPT_FILENAME) in mod_proxy_fcgi. Before PR59618, php-fpm would see proxy:fcgi:// and do some of this same stripping. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755077 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755076 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755074 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755073 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Permit mod_proxy_hcheck.c to compile on Win32 32-bit architectures. This decoration is required for all apr_thread fn() entry points, at least on some platforms. Submitted by: wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1755072 13f79535-47bb-0310-9956-ffa450edef68
-