It has been reported multiple times that nested
If/ElseIf/Else sections are not evaluated but
silently ignored.

This patch adds a simple recursion to the ap_if_walk
logic in order to allow arbitrary nested configs.
The overhead seems negligible compared to the actual
version of the ap_if_walk, but more expert feedback
is surely needed since this code gets called for every
HTTP request.

Tests are going to be added to t/apache/if_sections.t



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792589 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792395 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792394 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792336 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792335 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792297 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792296 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792216 13f79535-47bb-0310-9956-ffa450edef68

Where Accept-Lanuage is da Q=1 and ru Q=1, leaving these out of the priority
list results in English as the tie-breaker, which is incorrect.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792214 13f79535-47bb-0310-9956-ffa450edef68

mod_http2: update after backport



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792212 13f79535-47bb-0310-9956-ffa450edef68

mod_http2: fixed possible deadlock that could occur when connections were 
     terminated early with ongoing streams. Fixed possible hanger with timeout
     on race when connection considers itself idle.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792195 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792169 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792168 13f79535-47bb-0310-9956-ffa450edef68

That allows to upgrade to jboss-remoting for example
or to run an HTTP/1.1 backend that needs to upgrade to
WebSocket.
See also:
 https://issues.jboss.org/browse/JBCS-254
 https://issues.jboss.org/browse/JBCS-291


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792092 13f79535-47bb-0310-9956-ffa450edef68

A configtest isn't useful if you're just trying to get compile settings.
Move the settings dump up to just after ap_read_config(), which has
already done the minimum necessary to figure out which MPM is in use.

Even if ap_read_config() failed, still print as many compile settings as
we can. The user will see the error log entry on stderr.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791975 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791849 13f79535-47bb-0310-9956-ffa450edef68

Start from 10027 to match the current trunk (r1791845), which will be
merged into shortly.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791848 13f79535-47bb-0310-9956-ffa450edef68

This should help during testing and debugging. Use APLOG_NOTICE for now,
until we fix PR60999, so that people can actually see the log message.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791847 13f79535-47bb-0310-9956-ffa450edef68

This is most likely a follow-up to r1628833.

At some point during the OpenSSL 1.0.2 beta, the contract for custom
extension callbacks changed from "returning -1 skips the extension" to
"returning -1 will issue a TLS fatal alert". This caused mod_ssl_ct to
abort TLS connections that it intended to ignore. Zero is the correct
return value for "do nothing" in 1.0.2.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791845 13f79535-47bb-0310-9956-ffa450edef68

LanguagePriority by a first-order comparison and drop negligable translations
from our ordered priority preference list entirely.

A better comparison would be total number of documents in-sync, or some
convoluted weight ordering each document by which are more in sync than
others. Leaving that puzzle to an interested hacker.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791807 13f79535-47bb-0310-9956-ffa450edef68

update after mod_http2 backport.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791790 13f79535-47bb-0310-9956-ffa450edef68

mod_http2: normalize zombie slot state before pushing it on the free list.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791773 13f79535-47bb-0310-9956-ffa450edef68

...but at the moment, this won't actually get logged unless you're
running in debug mode, due to an unrelated bug (PR60999).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791733 13f79535-47bb-0310-9956-ffa450edef68

CRYPTO_THREADID_set_callback() is write-once, so if mod_ssl is unloaded
and reloaded into a different address, we'll crash if OpenSSL wasn't
also unloaded and reloaded at the same time. This can happen if another
module or library is using OpenSSL as well.

- OpenSSL 1.1.0 isn't affected.
- Certain platforms (Windows, BeOS, and POSIX-compliant systems) can
  make use of the default THREADID callback in OpenSSL 1.0.x.
- If the deprecated CRYPTO_set_id_callback() is available, we can use it
  instead of CRYPTO_THREADID_set_callback().

Otherwise, we have to fall back to CRYPTO_THREADID_set_callback(), but
hopefully that applies to a small percentage of users at this point.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791732 13f79535-47bb-0310-9956-ffa450edef68

Mark the things that are busted.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791731 13f79535-47bb-0310-9956-ffa450edef68

Should make it easier to see what's going on in the next few changes.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791730 13f79535-47bb-0310-9956-ffa450edef68

mod_http2: MaxKeepAliveRequests now limits the number of times a 
     slave connection gets reused. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791669 13f79535-47bb-0310-9956-ffa450edef68

On platforms where the APR_ASCII_LF != '\n', like EBCDIC systems,
strmatch or pcre patterns from the source or config will be in
the native encoding, and this module will really only work on 
content in the native encoding.

(mod_substitute runs before mod_charset_lite for a similar reason)

I thought #if APR_CHARSET_EBCDIC or even #ifdef __MVS__ was overkill
here. 




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791400 13f79535-47bb-0310-9956-ffa450edef68

mod_http2: client streams that lack the EOF flag get now forcefully
     closed with a RST_STREAM (NO_ERROR) when the request has been answered.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791388 13f79535-47bb-0310-9956-ffa450edef68

mod_http2: only when 'HttpProtocolOptions Unsafe' is configured, will
     control characters in response headers or trailers be forwarded to the
     client. Otherwise, in the default configuration, a request will eiher 
     fail with status 500 or the stream will be reset by a RST_STREAM frame. 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791377 13f79535-47bb-0310-9956-ffa450edef68

Increase the number of threads from three to ten. Patch by rjung.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791309 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791238 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791234 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1791055 13f79535-47bb-0310-9956-ffa450edef68

This is step one for fixing, or at least mitigating, PR60947. Determine
which platforms can use the default OpenSSL (1.0.x) threadid-callback,
by recording the address of errno for several threads and testing that
they're all different.

The result of this test is put into the new macro,
AP_OPENSSL_USE_ERRNO_THREADID.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791054 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791053 13f79535-47bb-0310-9956-ffa450edef68

do not recycle the socket.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1790978 13f79535-47bb-0310-9956-ffa450edef68

mpm_winnt: always invoke ap_lingering_close() at connection end.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1790973 13f79535-47bb-0310-9956-ffa450edef68

the "Serving pre-compressed content" section of the docs.

Generally speaking, this section would benefit from a rewrite pointing
out how to configure a mod_deflate + mod_brotli configuration with
precompressed contents, but for now at least fix the mistakes in the
configuration.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1790871 13f79535-47bb-0310-9956-ffa450edef68

in the documentation (BrotliCompressionQuality, BrotliCompressionWindow,
BrotliCompressionMaxInputBlock, BrotliAlterETag).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1790870 13f79535-47bb-0310-9956-ffa450edef68