Skip to content
  1. Jul 08, 2014
    • Jim Jagielski's avatar
      Merge r1583191, r1584098, r1584665, r1591401 from trunk: · d0629cf0
      Jim Jagielski authored 
      mod_ssl: send OCSP request's nonce according to SSLOCSPUseRequestNonce on/off. PR 56233.


mod_ssl: follow up to r1583191.

New SSLOCSPUseRequestNonce directive's manual and CHANGES.

Non functional code changes (modssl_ctx_t's field ocsp_use_request_nonce
grouped with other OCSP ones, nested if turned to a single AND condition).


Remove SSLOCSPUseRequestNonce OpenSSL-0.9.7 requirement (0.9.8 already required by httpd-2.4) and set availability to 2.5-dev until further notice.

mod_ssl: follow up to r1583191.

Use type BOOL for modssl_ctx_t's field ocsp_use_request_nonce.
Suggested by: kbrand.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608758 13f79535-47bb-0310-9956-ffa450edef68
      d0629cf0
  3. Jun 26, 2014
  5. Jun 25, 2014
  7. Jun 21, 2014
    • Yann Ylavic's avatar
      Merge r1572092 from trunk: · b28d15c9
      Yann Ylavic authored 
      mod_deflate: fix decompression of files larger than 4GB. According to RFC1952,
Input SIZE (compLen) contains the size of the original input data modulo 2^32.

PR: 56062
Submitted by: Lukas Bezdicka



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604460 13f79535-47bb-0310-9956-ffa450edef68
      b28d15c9
    • Yann Ylavic's avatar
      Merge r1572655, r1572663, r1572668, r1572669, r1572670, r1572671, r1573224,... · e14a33bd
      Yann Ylavic authored 
      Merge r1572655, r1572663, r1572668, r1572669, r1572670, r1572671, r1573224, r1586745, r1587594, r1587639, r1590509 from trunk.


Commit 1 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle Zlib header buffering in the inflate output filter :
- add the new deflate_ctx_t fields needed to re-enter the Zlib header parsing,
- introduce the new consume_zlib_flags() function to parse/consume the ZLib flags (will be used by the other filters too),
- use it to handle incomplete header in the output filter (deflate).

This alone fixes PR 55666, but the issue remains for PR 46146 (inflate/deflate input filters), hence the following patches.


Commit 2 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle Zlib header buffering in the inflate input filter :
- loop until all the header is received,
- handle non blocking reads returning empty brigade,
- fix a double ap_get_brigade() when an EOS brigade is encountered while reading the header,
- in that case and no data was received so far, don't return an error but SUCCESS with the EOS, otherwise fail,
- don't remove the Content-Length and Content-MD5 headers until some data is read.

Still does not handle Zlib flags for now, next commits.


Commit 3 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle Zlib validation bytes buffering (CRC + length) in the inflate input filter :
- use validation_buffer and validation_length as state,
- loop until all the bytes are received.


Commit 4 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle non blocking reads which would block in the inflate input filter (not an error).


Commit 5 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Handle Zlib flags in the inflate input filter as in the output filter, using consume_zlib_flags().


Commit 6 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)

Ignore empty buckets and split buckets longer than INT_MAX (since zlib uses 32-bit ints only) in all filters.


mod_deflate: when consuming zlibs flags, APR_INCOMPLETE implies no more bytes available.


mod_deflate: update empty log tags.


mod_deflate: Delay INFLATE input filter's self removal until all the buffered
             buckets are out (including EOS). PR 46146.


mod_deflate: Don't return gzip-ed data when reading FLUSH bucket in INFLATE
             input filter, forward the FLUSH but keep reading should EOS/more
             follow (should not happen, but mod_deflate won't fix it).


mod_deflate: follow up to r1587639.
Don't break the looped brigade when moving the FLUSH bucket to the returned bb
and continue reading.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604458 13f79535-47bb-0310-9956-ffa450edef68
      e14a33bd
    • Jeff Trawick's avatar
      Merge r1573626 from trunk: · 826997dd
      Jeff Trawick authored 
      mod_proxy: Allow reverse-proxy to be set via explicit handler.

Submitted by: ryo takatsuki <ryotakatsuki gmail com>
Reviewed by: ylavic, jim, mrumph


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604378 13f79535-47bb-0310-9956-ffa450edef68
      826997dd
    • Jeff Trawick's avatar
      Merge r1601076 from trunk: · 9542b00d
      Jeff Trawick authored 
      ab: support custom HTTP method with -m argument.

PR: 56604
Submitted by: Roman Jurkov <winfinit gmail.com>
Reviewed by: ylavic, trawick, covener

(r1601680 and r1601700 not reflected in mergeinfo due to
a collision with an unrelated trunk change)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604373 13f79535-47bb-0310-9956-ffa450edef68
      9542b00d
    • Daniel Gruno's avatar
      mod_lua: Backport disabling of early/late in LuaHookCheckUserID · 7120467d
      Daniel Gruno authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604340 13f79535-47bb-0310-9956-ffa450edef68
      7120467d
    • Daniel Gruno's avatar
      mod_lua: Sync 2.4.x with trunk (more or less); Backport a fix and some code harmonization: · 5d518594
      Daniel Gruno authored 
      - IVM changed to use shm
- More verbose error logging (no functional change)
- Miscellaneous refactoring that was in trunk but not in 2.4.x (no functional change as such)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604339 13f79535-47bb-0310-9956-ffa450edef68
      5d518594
  9. Jun 17, 2014
    • Jim Jagielski's avatar
      Merge r1572905, r1595305, r1597182, r1586827, r1534892, r1563193, r1597639 from trunk: · db4b2bfa
      Jim Jagielski authored 
      core: avoid a double apr_time_now() call on the first succeeding read.

* Correctly escape user provided data.

PR: 56532
Submitted by: Maksymilian <max cert.cx>
Reviewed by: rpluem


Save a few bytes of memory. This can be done in temp_pool.

Fix layout

don't pass uninitialized rv passed to ap_log_rerror()
  (rv wasn't interesting / follow an existing example)

stop throwing away a pointer on the heap

(clang scan-build)


add the URI to DEBUG message 00765 (and drop an exclamation point):

  Cache provider's store_body failed!



Doxygen fix + reorg to match how other header files are built
Submitted by: ylavic, rpluem, jailletc36, jailletc36, trawick, covener, jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1603141 13f79535-47bb-0310-9956-ffa450edef68
      db4b2bfa
  11. Jun 10, 2014
  13. Jun 03, 2014
    • Yann Ylavic's avatar
      Add some missing changes. · b24ed49f
      Yann Ylavic authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599597 13f79535-47bb-0310-9956-ffa450edef68
      b24ed49f
    • Jim Jagielski's avatar
      Merge r1546730, r1583008, r1571369, r1552130, r1578760, r1592615, r1592632,... · 2fe1d439
      Jim Jagielski authored 
      Merge r1546730, r1583008, r1571369, r1552130, r1578760, r1592615, r1592632, r1595321, r1550302, r1550307, r1585435 from trunk:

fix whitespace in a debug message

s/comment/self-documenting/

normalize an ugly construct which somehow manages to return the correct value

This is annoying to see in a casual "LogLevel debug foo:traceX ..."




Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory.

Follow-up to r1592529:

Define default port for "scgi" schemes (as chosen by
mod_proxy_scgi) in a common location.

Suggested by: jailletc36


fix Doxygen markup error

Submitted by: jailletc36


Tweak a AP_DEBUG_ASSERT condition.
Valid index to use 'req_header_var_names' are 0...6

mod_auth_form: Add a debug message when the fields on a form are not
recognised.


mod_auth_form: Make the trace logging consistent through the notes, session
and form authentication steps.


mod_auth_form: update empty log tags.
Submitted by: trawick, covener, jailletc36, trawick, trawick, jailletc36, minfrin, minfrin, ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599501 13f79535-47bb-0310-9956-ffa450edef68
      2fe1d439
  15. May 30, 2014
  17. May 19, 2014
  19. May 14, 2014
  21. May 07, 2014
  23. Apr 20, 2014
  25. Apr 18, 2014
    • Jim Jagielski's avatar
      Merge r1588427 from trunk: · 2b189730
      Jim Jagielski authored 
      Also clear the error queue before calling SSL_CTX_use_certificate[_chain]_file
(workaround for OpenSSL versions before 0.9.8h, see
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1513).

PR 56410.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588496 13f79535-47bb-0310-9956-ffa450edef68
      2b189730
    • Jim Jagielski's avatar
      Merge r1587036, r1587040, r1587053, r1587654 from trunk: · fa6d270c
      Jim Jagielski authored 
        *) mod_proxy_wstunnel: Don't pool backend websockets connections,
     because we need to handshake every time. PR 55890.
     [Eric Covener]



actually remove mod_reqtimeout, since the util_filter functions involved
only manipulate c->input_filters no matter what we pass. We need to make
copies of c->input_filters after, not before, it skips over reqtimeout.

Note: reqtimeout doesn't really interfere today with normal operation,
but this is misleading/confusing when dealing with other
wstunnel issues.



cleanup wstunnel error handling

Submitted By: covener, ylavic, Edward Lu
Commited By: covener



followup to r1587036.

if backend->close is set too early, proxy_util.c will close it right 
away and then blow away the field.

Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588495 13f79535-47bb-0310-9956-ffa450edef68
      fa6d270c
    • Kaspar Brand's avatar
      Merge r1585090 from trunk: · 33843d58
      Kaspar Brand authored 
      Bring SNI behavior into better conformance with RFC 6066:

- no longer send a warning-level unrecognized_name(112) alert
  when no matching vhost is found (PR 56241)

- at startup, only issue warnings about IP/port conflicts and name-based
  SSL vhosts when running with an OpenSSL without TLS extension support
  (almost 5 years after SNI was added to 2.2.x, the
  "[...] only work for clients with TLS server name indication support"
  warning feels obsolete)

Proposed by: kbrand
Reviewed by: jorton, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588424 13f79535-47bb-0310-9956-ffa450edef68
      33843d58
  27. Apr 17, 2014
  29. Apr 16, 2014
    • Jeff Trawick's avatar
      Merged... · 24e8776d
      Jeff Trawick authored 
      Merged /httpd/httpd/trunk:r1515403,1515411,1515420,1517175,1521909,1526647,1541181,1578762,1585054,1585072,1588054

mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.

Submitted by: trawick, jailletc36, gsmith
Approved by: trawick, jim, gsmith

(Thanks gsmith for the Windows build bits!)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588064 13f79535-47bb-0310-9956-ffa450edef68
      24e8776d
  31. Apr 15, 2014