Skip to content
GitLab
  1. 23 Nov, 2018 7 commits
  3. 09 Nov, 2018 1 commit
  5. 07 Nov, 2018 1 commit
  7. 18 Oct, 2018 3 commits
  9. 17 Oct, 2018 1 commit
  11. 10 Oct, 2018 6 commits
  13. 09 Oct, 2018 1 commit
  15. 25 Sep, 2018 1 commit
  17. 21 Sep, 2018 1 commit
  19. 19 Sep, 2018 1 commit
    • Jim Jagielski's avatar
      Merge r1749402, r1656549, r1840776, r1800126, r1817131, r1834226 from trunk: · 8a4e7e56
      Jim Jagielski authored 
      Style only

Be more consistent:
   - add space between (if|while) and \(
   - place of 'break ' statement

Fix cut and paste typo in error message + remove empty lines to be consistent

follow-up to r1656549.

Instead of logging a password (which is not a good practice), clarify the associated message

* Silence compiler warning

Be less tolerant when parsing the credencial for Basic authorization. Only spaces  should be accepted after the authorization scheme. \t are also tolerated.

The current code accepts \v and \f as well.

The same behavior is already used in 'ap_get_basic_auth_pw()' which is mostly the same function as 'get_basic_auth()'.

Function used as 'apr_reslist_destructor' when calling 'apr_reslist_create()' should have the following prototype:

apr_status_t (*apr_reslist_destructor)(void *resource, void *params, apr_pool_t *pool);
Submitted by: jailletc36, rpluem, jailletc36, jailletc36
Reviewed by: jailletc36, minfrin, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1841329 13f79535-47bb-0310-9956-ffa450edef68
      8a4e7e56
  21. 18 Sep, 2018 6 commits
  23. 11 Sep, 2018 3 commits
  25. 05 Sep, 2018 1 commit
    • Stefan Eissing's avatar
      On the tlsv1.3-for-2.4.x branch: · d5943f3e
      Stefan Eissing authored 
      Merged 1827912,1827924,1827992,1828222,1828720,1828723,1833588,1833589,1839920,1839946 from trunk

  *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9. 
     SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for.
     Directive "SSLVerifyClient" now triggers certificate retrieval from the client.
     Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols,
     as this would need to trigger the master connection thread - which we do not support
     right now.
     Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite"
     does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and
     TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate.
     Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they 
     can match their needs onto the TLSv1.3 protocol.
     [Yann Ylavic, Stefan Eissing]



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1840120 13f79535-47bb-0310-9956-ffa450edef68
      d5943f3e
  27. 31 Aug, 2018 2 commits
  29. 29 Aug, 2018 4 commits
  31. 28 Aug, 2018 1 commit
    • Yann Ylavic's avatar
      Merge r1837130 from trunk: · ae583b57
      Yann Ylavic authored 
      mod_ratelimit: Don't interfere with "chunked" encoding.

By the time ap_http_header_filter() sends the header brigade and adds the
"CHUNK" filter, we need to garantee that the header went through all the
filters' stack, and more specifically above ap_http_chunk_filter() which
assumes that all it receives is content data.
Since rate_limit_filter() may retain the header brigade, make it run after
ap_http_chunk_filter(), just before AP_FTYPE_CONNECTION filters.

Also, ap_http_header_filter() shouldn't eat the EOS for HEAD/no-body responses.
For instance mod_ratelimit depends on it since r1835168, but any next request
filter may as well to flush and/or bail out approprietely.

This fixes the regression introduced in 2.4.34 (r1835168).
PR 62568.

Submitted by: ylavic
Reviewed by: covener, ylavic, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839497 13f79535-47bb-0310-9956-ffa450edef68
      ae583b57