- May 23, 2015
-
-
Rainer Jung authored
This makes data consistent if a log format uses multiple %{...}T and/or %D. The end time of a request is only taken once and the same time is used for each log field. Backport of r979120 (partial) plus r1467765 from trunk resp. r979120 (partial) plus r1467981 from 2.4.x. Committed By: rjung Reviewed By: rjung, trawick, wrowe Backported By: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681269 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
internationalization. Backports: 1611165,1611169 Reviewed by: wrowe, gsmith git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681266 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681255 13f79535-47bb-0310-9956-ffa450edef68
-
- May 22, 2015
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681222 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681188 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Not critical but nice to have. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681051 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
r1675533 | breser | 2015-04-23 05:12:30 +0200 (Thu, 23 Apr 2015) | 3 lines mod_log_config: Add %M format to output request duration in milliseconds. r1680895 | rjung | 2015-05-21 17:07:15 +0200 (Thu, 21 May 2015) | 14 lines mod_log_config: instead of using the new dedicated pattern format "%M" for duration milliseconds, overload the existing "%D" to choose the time precision ("%{s}D" for seconds, "%{ms}D" for milliseconds and "%{us}D" for microseconds). The existing %T and %D without precision are kept for compatibility. The previously introduced "%M" (r1677187) is removed, it has not yet been released. Format pattern characters are rare, so we should only use a new one if an existing one isn't a good fit. r1680900 | rjung | 2015-05-21 17:17:50 +0200 (Thu, 21 May 2015) | 2 lines Fix syntax. r1680942 | trawick | 2015-05-21 21:20:44 +0200 (Thu, 21 May 2015) | 5 lines Follow-up to r1680895: Let %T be the format character which accepts time resolution arguments. Reviewed by: ylavic, wrowe, rjung Backported by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681047 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
r1663647 | jkaluza | 2015-03-03 12:12:18 +0100 (Tue, 03 Mar 2015) | 3 lines * mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free bug with postgresql r1679182 | ylavic | 2015-05-13 13:35:22 +0200 (Wed, 13 May 2015) | 1 line Follup up to r1679181: CHANGES entry. Reviewed by: ylavic, rjung, wrowe Backported by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681044 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681039 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
docs = CTR. Backport of r1681034 from 2.4.x. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681035 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Nearly all other directives use this quote style. No real functional change, only info output. Should be OK as CTR. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681032 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681031 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681030 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681028 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681026 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681024 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681022 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Vote up one patch, presume lazy concensus on second patch (platform specific with two affirmative reviewers) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681006 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Submitted by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681003 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
priority and add explanations relative to RFC 7525 guidance. Submitted by: wrowe Backports: 1679428, 1679432 Reviewed by: wrowe, ylavic, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681002 13f79535-47bb-0310-9956-ffa450edef68
-
- May 21, 2015
-
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680944 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
r1664205 | covener | 2015-03-05 03:33:16 +0100 (Thu, 05 Mar 2015) | 12 lines *) SECURITY: CVE-2015-0253 (cve.mitre.org) core: Fix a crash introduced in with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. PR 57531. [Yann Ylavic] Submitted By: ylavic Committed By: covener Reviewed by: ylavic, wrowe, rjung Backported by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680927 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
r1526189 | trawick | 2013-09-25 16:29:02 +0200 (Wed, 25 Sep 2013) | 8 lines mod_proxy: Add ap_connection_reusable() for checking if a connection is reusable as of this point in processing. mod_proxy_fcgi uses the new API to determine if FCGI_CONN_CLOSE should be enabled, but that doesn't change existing behavior since the connection is currently marked for closure elsewhere in the module. r1658765 | ylavic | 2015-02-10 18:25:54 +0100 (Tue, 10 Feb 2015) | 4 lines mod_proxy_http: Use the "Connection: close" header for requests to backends not recycling connections (disablereuse), including the default reverse and forward proxies. Reviewed by: ylavic, wrowe, rjung Backported by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680923 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_proxy: Reuse proxy/balancer workers' parameters and scores across graceful restarts, even if new workers are added, old ones removed, or the order changes. Proposed by: jkaluza Reviewed by: ylavic, jkaluza, wrowe Backported by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680920 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
r1653997 | ylavic | 2015-01-22 19:37:06 +0100 (Thu, 22 Jan 2015) | 7 lines mod_ssl: Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored in virtualhost context (new version of r1653906 reverted by r1653993). Submitted By: Michael Kaufmann <apache-bugzilla michael-kaufmann.ch> Committed/modified By: ylavic Reviewed by: ylavic, wrowe, rjung Backported by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680917 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
r1526168 | kbrand | 2013-09-25 14:52:35 +0200 (Wed, 25 Sep 2013) | 21 lines Streamline ephemeral key handling: - drop support for ephemeral RSA keys (only allowed/needed for export ciphers) - drop pTmpKeys from the per-process SSLModConfigRec, and remove the temp key generation at startup (unnecessary for DHE/ECDHE) - unconditionally disable null and export-grade ciphers by always prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string - do not configure per-connection SSL_tmp_*_callbacks, as it is sufficient to set them for the SSL_CTX - set default curve for ECDHE at startup, obviating the need for a per-handshake callback, for the time being (and also configure SSL_OP_SINGLE_ECDH_USE, previously left out) For additional background, see https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E r1527291 | kbrand | 2013-09-29 11:36:31 +0200 (Sun, 29 Sep 2013) | 9 lines Follow-up fixes for r1526168: - drop SSL_TMP_KEY_* constants from ssl_private.h, too - make sure we also disable aNULL, eNULL and EXP ciphers for per-directory SSLCipherSuite directives - apply the same treatment to SSLProxyCipherSuite r1527295 | kbrand | 2013-09-29 12:35:46 +0200 (Sun, 29 Sep 2013) | 20 lines Improve ephemeral key handling (companion to r1526168): - allow to configure custom DHE or ECDHE parameters via the SSLCertificateFile directive, and adapt its documentation accordingly (addresses PR 49559) - add standardized DH parameters from RFCs 2409 and 3526, use them based on the length of the certificate's RSA/DSA key, and add a FAQ entry for clients which limit DH support to 1024 bits (such as Java 7 and earlier) - move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to ssl_util_ssl.c, and add ssl_ec_GetParamFromFile() - drop ssl_engine_dh.c from mod_ssl For the standardized DH parameters, OpenSSL version 0.9.8a or later is required, which was therefore made a new minimum requirement in r1527294. r1563420 | kbrand | 2014-02-01 15:04:23 +0100 (Sat, 01 Feb 2014) | 3 lines enable auto curve selection for ephemeral ECDH keys when compiled against OpenSSL 1.0.2 or later r1588851 | kbrand | 2014-04-21 08:39:24 +0200 (Mon, 21 Apr 2014) | 3 lines ssl_callback_TmpDH: for OpenSSL 1.0.2 and later, set the current cert to the one actually used for the connection before calling SSL_get_privatekey(ssl) r1666363 | jkaluza | 2015-03-13 08:32:46 +0100 (Fri, 13 Mar 2015) | 4 lines * mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used. SSL_CTX_set_tmp_ecdh increases reference count, so we have to call EC_KEY_free, otherwise eckey will not be freed. r1679470 | ylavic | 2015-05-15 00:38:20 +0200 (Fri, 15 May 2015) | 5 lines mod_ssl: follow up to r1527291. Always prepend "!aNULL:!eNULL:" to SSL_DEFAULT_CIPHER_LIST (default for SSL[Proxy]CipherSuite) since we support OpenSSL versions where this was not yet included by default. Reviewed by: ylavic, wrowe, rjung Backported by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680916 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680913 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680912 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
r1200040 | pquerna | 2011-11-10 00:37:37 +0100 (Thu, 10 Nov 2011) | 5 lines Add support for RFC 5077 TLS Session tickets. This adds two new directives: * SSLTicketKeyFile: To store the private information for the encryption of the ticket. * SSLTicketKeyDefault To set the default, otherwise the first listed token is used. This enables key rotation across servers. r1200372 | pquerna | 2011-11-10 16:17:18 +0100 (Thu, 10 Nov 2011) | 4 lines Apply ap_server_root_relative to the path used for the ticket secrets file. Suggested by: Rüdiger Plüm r1200374 | pquerna | 2011-11-10 16:19:15 +0100 (Thu, 10 Nov 2011) | 4 lines Remove unneeded memcpy. Spotted by: Rüdiger Plüm r1213380 | kbrand | 2011-12-12 20:21:35 +0100 (Mon, 12 Dec 2011) | 9 lines Streamline TLS session ticket key handling (added in r1200040): - drop the SSLTicketKeyDefault directive, and only support a single ticket key per server/vhost - rename the SSLTicketKeyFile directive to SSLSessionTicketKeyFile, remove the keyname parameter - move ticket key parameters from SSLSrvConfigRec to modssl_ctx_t - configure the tlsext_ticket_key_cb only when in server mode - add documentation for SSLSessionTicketKeyFile git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680905 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680889 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680885 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680846 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
clength in request_rec is for response sizes, not request body size. It is initialized to 0, so the "if" branch was never taken and thus there's no functional change (and no CHANGES). Backport of r1649043 from trunk resp. r1651096 from 2.4.x. Committed By: rjung Reviewed By: rjung, ylavic, wrowe Backported By: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680815 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680810 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680804 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680803 13f79535-47bb-0310-9956-ffa450edef68
-
- May 19, 2015
-
-
Ben Reser authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680162 13f79535-47bb-0310-9956-ffa450edef68
-
- May 16, 2015
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1679705 13f79535-47bb-0310-9956-ffa450edef68
-
- May 15, 2015
-
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1679593 13f79535-47bb-0310-9956-ffa450edef68
-
- May 14, 2015
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1679474 13f79535-47bb-0310-9956-ffa450edef68
-