programs, and implement a special merging algorithm for
             SSLCertificate[Key]File to emulate the behavior in versions <= 2.4.7



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593003 13f79535-47bb-0310-9956-ffa450edef68

Fix errors with CacheLock on Windows:

cache_util.c(757): (OS 80)The file exists.  : [client 127.0.0.1:63889] 
AH00784: Attempt to obtain a cache lock for stale cached URL failed, 
revalidating entry anyway: 

Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593000 13f79535-47bb-0310-9956-ffa450edef68

mod_expires: don't add Expires header to error responses (4xx/5xx),
             be they generated or forwarded. PR 55669.


Follow up to r1584430.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592999 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_fcgi: Don't segfault when failing to connect to the backend.


now understood why users haven't reported the segfault (yet) when mod_proxy_fcgi
can't connect to the application

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592998 13f79535-47bb-0310-9956-ffa450edef68

                   on startup if default socache_provider is used and
                   AuthnCacheEnable or AuthnCacheProvideFor is used.
                   This problem has been introduced in r1531961.
                   PR 56371.

Submitted by: jkaluza
Reviewed by: ylavic, jim, trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592991 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588763 13f79535-47bb-0310-9956-ffa450edef68

Also clear the error queue before calling SSL_CTX_use_certificate[_chain]_file
(workaround for OpenSSL versions before 0.9.8h, see
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1513).

PR 56410.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588496 13f79535-47bb-0310-9956-ffa450edef68

  *) mod_proxy_wstunnel: Don't pool backend websockets connections,
     because we need to handshake every time. PR 55890.
     [Eric Covener]



actually remove mod_reqtimeout, since the util_filter functions involved
only manipulate c->input_filters no matter what we pass. We need to make
copies of c->input_filters after, not before, it skips over reqtimeout.

Note: reqtimeout doesn't really interfere today with normal operation,
but this is misleading/confusing when dealing with other
wstunnel issues.



cleanup wstunnel error handling

Submitted By: covener, ylavic, Edward Lu
Commited By: covener



followup to r1587036.

if backend->close is set too early, proxy_util.c will close it right 
away and then blow away the field.

Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588495 13f79535-47bb-0310-9956-ffa450edef68

Bring SNI behavior into better conformance with RFC 6066:

- no longer send a warning-level unrecognized_name(112) alert
  when no matching vhost is found (PR 56241)

- at startup, only issue warnings about IP/port conflicts and name-based
  SSL vhosts when running with an OpenSSL without TLS extension support
  (almost 5 years after SNI was added to 2.2.x, the
  "[...] only work for clients with TLS server name indication support"
  warning feels obsolete)

Proposed by: kbrand
Reviewed by: jorton, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588424 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588356 13f79535-47bb-0310-9956-ffa450edef68

mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified.

Submitted by: minfrin
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588247 13f79535-47bb-0310-9956-ffa450edef68

Only read "active" values from the key_files array. PR 56306.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588246 13f79535-47bb-0310-9956-ffa450edef68

Reverse the order when merging global and vhost-level config arrays.
Putting the vhost-level elements last allows overriding global settings
(for the deprecated SSLRequire directive, the order is irrelevant,
all of them must be met, cf. ssl_engine_kernel.c:ssl_hook_Access).

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588245 13f79535-47bb-0310-9956-ffa450edef68

If the "value" argument is prefixed with expr=, parse it with ap_expr
rather than mod_headers' built-in format strings.


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588244 13f79535-47bb-0310-9956-ffa450edef68

* support/rotatelogs.c (main): Prevent creation of zombies from
  post-rotate programs.

Reviewed by: druggeri, ylavic, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588175 13f79535-47bb-0310-9956-ffa450edef68

Merged /httpd/httpd/trunk:r1515403,1515411,1515420,1517175,1521909,1526647,1541181,1578762,1585054,1585072,1588054

mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.

Submitted by: trawick, jailletc36, gsmith
Approved by: trawick, jim, gsmith

(Thanks gsmith for the Windows build bits!)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588064 13f79535-47bb-0310-9956-ffa450edef68

* Do not parse URL in case of regular expression as they likely do not follow
  the URL syntax.

PR: 56074

Submitted by: rpluem
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587699 13f79535-47bb-0310-9956-ffa450edef68

mod_reqtimeout: Resolve unexpected timeouts on keepalive requests 
under the Event MPM. PR56216.  

Submitted By: Frank Meier <frank meier ergon ch>
Committed By: covener



Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587697 13f79535-47bb-0310-9956-ffa450edef68

Add suspend_connection and resume_connection hooks to notify modules
when the thread/connection relationship changes.  (Currently implemented
only for the Event MPM; should be implemented for all async MPMs.)


follow-up to r1546759: remove an inadvertently committed testcase
Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587695 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_fcgi: Fix sending of response without some HTTP headers
that might be set by filters.

The problem occurs when no body bytes were read while reading the
response headers, resulting in an empty brigade being sent down
the filter stack.  One particualr filter that mishandles the empty
initial brigade is mod_deflate.  It neglects to add to the response
header fields.

PR: 55558
Submitted by: Jim Riggs <jim riggs.me>
Reviewed by: trawick

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587694 13f79535-47bb-0310-9956-ffa450edef68

Do not delete the wrong data from HTML code when a "http-equiv" meta tag specifies a Content-Type behind any other "http-equiv" meta tag.
PR 56287 [Micha Lenk <micha lenk info>]
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587693 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1584443 13f79535-47bb-0310-9956-ffa450edef68

with proxy under the 2.4.8 section

it had already been added the the proper (2.4.7) section


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1583378 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582968 13f79535-47bb-0310-9956-ffa450edef68

mod_lua: Prevent HTTP Response Splitting by not allowing tables in the request_rec to be set with values containing newlines. 

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582264 13f79535-47bb-0310-9956-ffa450edef68

mod_lua: escape key/value pairs when setting cookies to prevent header splitting with tainted cookies.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582255 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582251 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1578965 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1578964 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577237 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577218 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577157 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577146 13f79535-47bb-0310-9956-ffa450edef68

for LuaMapHandler. This fixes a bug where FallbackResource invalidates the 
LuaMapHandler directive in certain cases by changing the URI before the map 
handler code executes [Daniel Gruno].

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577145 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577139 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1576466 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1576408 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1576403 13f79535-47bb-0310-9956-ffa450edef68

Update rationale


draft-ietf-httpbis-p1-messaging-23 fixes regarding interactions
between TE and content-length in the same req/resp.

PR 55616 (add missing APLOGNO), part 1

Wrap at 80 still, here at httpd project

Use a distinguishing APLOGNO for unk t-e with read-until-close behavior
Submitted by: jim, kbrand, wrowe, wrowe
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575934 13f79535-47bb-0310-9956-ffa450edef68

CVE-2014-0098 (reported by Rainer Canavan <rainer-apache 7val com>)
Segfaults w/ truncated cookie logging.

Clean up the cookie logging parser to recognize only the cookie=value pairs,
not valueless cookies.  This refactors multiple passes over the same string
buffer into a single pass parser.

Submitted by: wrowe
Reviewed by: rpluem, jim 


Submitted by: wrowe
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1575904 13f79535-47bb-0310-9956-ffa450edef68