git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588808 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588763 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588762 13f79535-47bb-0310-9956-ffa450edef68

Merge r1588747 from trunk:

expr=value updates:
 update RequestHeader syntax, 
 add compat to Header and RequestHeader




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588748 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588738 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588705 13f79535-47bb-0310-9956-ffa450edef68

Also clear the error queue before calling SSL_CTX_use_certificate[_chain]_file
(workaround for OpenSSL versions before 0.9.8h, see
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1513).

PR 56410.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588496 13f79535-47bb-0310-9956-ffa450edef68

  *) mod_proxy_wstunnel: Don't pool backend websockets connections,
     because we need to handshake every time. PR 55890.
     [Eric Covener]



actually remove mod_reqtimeout, since the util_filter functions involved
only manipulate c->input_filters no matter what we pass. We need to make
copies of c->input_filters after, not before, it skips over reqtimeout.

Note: reqtimeout doesn't really interfere today with normal operation,
but this is misleading/confusing when dealing with other
wstunnel issues.



cleanup wstunnel error handling

Submitted By: covener, ylavic, Edward Lu
Commited By: covener



followup to r1587036.

if backend->close is set too early, proxy_util.c will close it right 
away and then blow away the field.

Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588495 13f79535-47bb-0310-9956-ffa450edef68

Correct logic... if this is a UDS socket, then bypass all
this.

make mod_rewrite and mod_proxy UDS work together...

Adjust url as required, following what we did to r->filename.
Save some cycles when searching...

Tuck away UDS path in request-rec, since worker isn't
thread-safe. Protect from NULL refs.

Reflow logic... pull UDS stuff out

handle leak. thx to Y^2

r->filename should maintain the proxy: prefix for PHP-FPM
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588494 13f79535-47bb-0310-9956-ffa450edef68

follow-up to r813376:

finish reverting r808965 (ServerTokens set foo)


tweak syntax strings for ServerTokens
Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588492 13f79535-47bb-0310-9956-ffa450edef68

Follow-up to r1546759: Fix compilation when exception hooks aren't enabled.


avoid duplication of APR_HOOK_LINK invocations

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588491 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588490 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588489 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588478 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588430 13f79535-47bb-0310-9956-ffa450edef68

Bring SNI behavior into better conformance with RFC 6066:

- no longer send a warning-level unrecognized_name(112) alert
  when no matching vhost is found (PR 56241)

- at startup, only issue warnings about IP/port conflicts and name-based
  SSL vhosts when running with an OpenSSL without TLS extension support
  (almost 5 years after SNI was added to 2.2.x, the
  "[...] only work for clients with TLS server name indication support"
  warning feels obsolete)

Proposed by: kbrand
Reviewed by: jorton, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588424 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588356 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588345 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588268 13f79535-47bb-0310-9956-ffa450edef68

introduced by r1587695 (and my silent killer proposal)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588267 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588257 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588254 13f79535-47bb-0310-9956-ffa450edef68

mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified.

Submitted by: minfrin
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588247 13f79535-47bb-0310-9956-ffa450edef68

Only read "active" values from the key_files array. PR 56306.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588246 13f79535-47bb-0310-9956-ffa450edef68

Reverse the order when merging global and vhost-level config arrays.
Putting the vhost-level elements last allows overriding global settings
(for the deprecated SSLRequire directive, the order is irrelevant,
all of them must be met, cf. ssl_engine_kernel.c:ssl_hook_Access).

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588245 13f79535-47bb-0310-9956-ffa450edef68

If the "value" argument is prefixed with expr=, parse it with ap_expr
rather than mod_headers' built-in format strings.


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588244 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588240 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588221 13f79535-47bb-0310-9956-ffa450edef68

  Add hint about RequestHeader


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588220 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588179 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588176 13f79535-47bb-0310-9956-ffa450edef68

* support/rotatelogs.c (main): Prevent creation of zombies from
  post-rotate programs.

Reviewed by: druggeri, ylavic, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588175 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588135 13f79535-47bb-0310-9956-ffa450edef68

add change to makefile.win missing from r1588054
which was merged to 2.4 in r1588064


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588076 13f79535-47bb-0310-9956-ffa450edef68

Merged /httpd/httpd/trunk:r1515403,1515411,1515420,1517175,1521909,1526647,1541181,1578762,1585054,1585072,1588054

mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.

Submitted by: trawick, jailletc36, gsmith
Approved by: trawick, jim, gsmith

(Thanks gsmith for the Windows build bits!)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588064 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588057 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587884 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587881 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587770 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587768 13f79535-47bb-0310-9956-ffa450edef68