mod_ssl: send OCSP request's nonce according to SSLOCSPUseRequestNonce on/off. PR 56233.


mod_ssl: follow up to r1583191.

New SSLOCSPUseRequestNonce directive's manual and CHANGES.

Non functional code changes (modssl_ctx_t's field ocsp_use_request_nonce
grouped with other OCSP ones, nested if turned to a single AND condition).


Remove SSLOCSPUseRequestNonce OpenSSL-0.9.7 requirement (0.9.8 already required by httpd-2.4) and set availability to 2.5-dev until further notice.

mod_ssl: follow up to r1583191.

Use type BOOL for modssl_ctx_t's field ocsp_use_request_nonce.
Suggested by: kbrand.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608758 13f79535-47bb-0310-9956-ffa450edef68

Remove wonky and unneeded code. We have access
cross forks, so child processes have access.

When we need true external access, this is something
that APR shm must provide. We should have no
knowledge of APR internals.
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608757 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608756 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608754 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608747 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608741 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608739 13f79535-47bb-0310-9956-ffa450edef68

conservative.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1607962 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1606336 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1606333 13f79535-47bb-0310-9956-ffa450edef68

r1604353 in trunk

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1606297 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605642 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_fcgi: Fix occasional high CPU when handling request bodies.

Submitted by: trawick
Reviewed by: covener, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605639 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605638 13f79535-47bb-0310-9956-ffa450edef68

* event MPM: fix a race where a worker looks at a conn_rec after it might be
  in use by another thread or may have been freed and 
  re-allocated.

Submitted By: Edward Lu



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605619 13f79535-47bb-0310-9956-ffa450edef68

authnzldap: support "none" as a filter to suppress using a search filter,
which is required by some mainframe security products serving native
registry over LDAP.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605618 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605606 13f79535-47bb-0310-9956-ffa450edef68

mod_lua backport: Make httpd find lua 5.2 headers/lib during configure if present on the system (mod_lua is fully compatible with 5.2).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605276 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605232 13f79535-47bb-0310-9956-ffa450edef68

the busy-loop patch, 3.6-4.7% CPU with the busy-loop patch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605214 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605210 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605010 13f79535-47bb-0310-9956-ffa450edef68

Translated by: Nilgün Belma Bugüner <nilgun belgeler.gen.tr>
Reviewed by:  Orhan Berent <berent belgeler.gen.tr>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605009 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605004 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604789 13f79535-47bb-0310-9956-ffa450edef68

agreed in the thread following r1583175



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604787 13f79535-47bb-0310-9956-ffa450edef68

Follow up to r1604336: Comment out hooks whose only references are
now commented out, fixing a "-Wunused-function" warning


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604633 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604588 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604587 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604583 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604582 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604581 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604534 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604469 13f79535-47bb-0310-9956-ffa450edef68

Follow-up to r1601076: Provide documentation for -m option.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604463 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604462 13f79535-47bb-0310-9956-ffa450edef68

mod_deflate: fix decompression of files larger than 4GB. According to RFC1952,
Input SIZE (compLen) contains the size of the original input data modulo 2^32.

PR: 56062
Submitted by: Lukas Bezdicka



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604460 13f79535-47bb-0310-9956-ffa450edef68

Merge r1572655, r1572663, r1572668, r1572669, r1572670, r1572671, r1573224, r1586745, r1587594, r1587639, r1590509 from trunk.


Commit 1 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle Zlib header buffering in the inflate output filter :
- add the new deflate_ctx_t fields needed to re-enter the Zlib header parsing,
- introduce the new consume_zlib_flags() function to parse/consume the ZLib flags (will be used by the other filters too),
- use it to handle incomplete header in the output filter (deflate).

This alone fixes PR 55666, but the issue remains for PR 46146 (inflate/deflate input filters), hence the following patches.


Commit 2 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle Zlib header buffering in the inflate input filter :
- loop until all the header is received,
- handle non blocking reads returning empty brigade,
- fix a double ap_get_brigade() when an EOS brigade is encountered while reading the header,
- in that case and no data was received so far, don't return an error but SUCCESS with the EOS, otherwise fail,
- don't remove the Content-Length and Content-MD5 headers until some data is read.

Still does not handle Zlib flags for now, next commits.


Commit 3 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle Zlib validation bytes buffering (CRC + length) in the inflate input filter :
- use validation_buffer and validation_length as state,
- loop until all the bytes are received.


Commit 4 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle non blocking reads which would block in the inflate input filter (not an error).


Commit 5 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle Zlib flags in the inflate input filter as in the output filter, using consume_zlib_flags().


Commit 6 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Ignore empty buckets and split buckets longer than INT_MAX (since zlib uses 32-bit ints only) in all filters.


mod_deflate: when consuming zlibs flags, APR_INCOMPLETE implies no more bytes available.


mod_deflate: update empty log tags.


mod_deflate: Delay INFLATE input filter's self removal until all the buffered
             buckets are out (including EOS). PR 46146.


mod_deflate: Don't return gzip-ed data when reading FLUSH bucket in INFLATE
             input filter, forward the FLUSH but keep reading should EOS/more
             follow (should not happen, but mod_deflate won't fix it).


mod_deflate: follow up to r1587639.
Don't break the looped brigade when moving the FLUSH bucket to the returned bb
and continue reading.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604458 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604385 13f79535-47bb-0310-9956-ffa450edef68

Follow up r1573626 with some wordsmithing, a compatibility note,
and indentation.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604383 13f79535-47bb-0310-9956-ffa450edef68