- Sep 05, 2018
-
-
Stefan Eissing authored
Merged 1827912,1827924,1827992,1828222,1828720,1828723,1833588,1833589,1839920,1839946 from trunk *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9. SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for. Directive "SSLVerifyClient" now triggers certificate retrieval from the client. Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols, as this would need to trigger the master connection thread - which we do not support right now. Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite" does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate. Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they can match their needs onto the TLSv1.3 protocol. [Yann Ylavic, Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1840120 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 31, 2018
-
-
Rainer Jung authored
in milliseconds. Backport of remaining parts of r1837590 from trunk (only html mode changes, auto parts were already backported). Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839785 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
in mod_status when "ProxyStatus" is "On": add "busy" count to html mode. Backport of remaining parts of r1837588 from trunk (only html mode changes, auto parts were already backported). Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839784 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 29, 2018
-
-
Rainer Jung authored
in milliseconds to auto mode. Partial backport of r1839532 from trunk (only auto mode changes, html parts not yet backported). Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839533 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
in mod_status when "ProxyStatus" is "On": add "busy" count to auto mode and show byte counts in auto mode always in units of kilobytes. Partial backport of r1837588 from trunk (only auto mode changes, html parts not yet backported). Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839532 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
processes in the "cu" and "cs" values. Add CPU time of the parent process to the "c" and "s" values. Backport of r1837595 from trunk. Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839531 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
MPMs in "auto" mode. Added number of processes, number of stopping processes and number of busy and idle workers. This changes only the key/value list of the server-status "auto" output. The data is already part of the "html" output. Backport of r1837589 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839530 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 28, 2018
-
-
Yann Ylavic authored
mod_ratelimit: Don't interfere with "chunked" encoding. By the time ap_http_header_filter() sends the header brigade and adds the "CHUNK" filter, we need to garantee that the header went through all the filters' stack, and more specifically above ap_http_chunk_filter() which assumes that all it receives is content data. Since rate_limit_filter() may retain the header brigade, make it run after ap_http_chunk_filter(), just before AP_FTYPE_CONNECTION filters. Also, ap_http_header_filter() shouldn't eat the EOS for HEAD/no-body responses. For instance mod_ratelimit depends on it since r1835168, but any next request filter may as well to flush and/or bail out approprietely. This fixes the regression introduced in 2.4.34 (r1835168). PR 62568. Submitted by: ylavic Reviewed by: covener, ylavic, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839497 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 15, 2018
-
-
Jim Jagielski authored
Merge r1418761, r1418765, r1510295, r1757147, r1805163, r1818924, r1827374, r1831772, r1832351, r1832951, r1815004 from trunk: Don't claim "BIO dump follows" if it is not logged due to log level config. make ssl_io_data_dump respect per-conn loglevel add high trace level log messages for debugging buffering and write completion * modules/ssl/ssl_engine_kernel.c (ssl_callback_SessionTicket): Fail if RAND_bytes() fails; possible per API, although not in practice with the OpenSSL implementation. Fix typo in log message. ap_add_common_vars(): use apr_pstrmemdup(). This avoids a transient replacement/restore of '?' by '\0' in r->filename. Use 'ap_request_has_body()' instead of duplicating its implemenation. The logic in 'ap_request_has_body()' is: has_body = (!r->header_only && (r->kept_body || apr_table_get(r->headers_in, "Transfer-Encoding") || ( (cls = apr_table_get(r->headers_in, "Content-Length")) && (apr_strtoff(&cl, cls, &estr, 10) == APR_SUCCESS) && (!*estr) && (cl > 0) ) ) ); So the test is slighly different from the original code. (but this looks fine to me) This also has the advantage to avoid a redundant call to 'apr_table_get()' and to improve readability. While at it, move the test '!r->expecting_100' a few lines above because it is cheap. PR62368: Print the unparsed URI in AH03454 ... to include r->args and get otherwise get as close to possible to what came in over the wire. Submitted By: Hank Ibell <hwibell gmail.com> Committed By: covener All error handling paths of this function call 'apr_brigade_destroy()' , except this one. So add it here too. Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle) See PR 53016 * modules/proxy/proxy_util.c (ap_proxy_share_worker): Skip creating subpool for debugging unless debug-level logging is enabled. No functional change. mod_watchdog: Correct some log messages and fix compiler warning "'rv' may be used uninitialized in this function". Follow up to r1722154. Submitted by: sf, jorton, jorton, ylavic, jailletc36, covener, jailletc36, jorton, rjung Reviewed by: jailletc36, jim, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838103 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 14, 2018
-
-
Eric Covener authored
allow quoted paths in <IfFile> The boilerplate code for config sections conflicts with TAKE1 because of the trailing stuff to terminate the opening tag. Change from TAKE1 to RAW_ARGS and call ap_getword_conf() directly. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838053 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 03, 2018
-
-
Stefan Eissing authored
backport of r1837357 from trunk. *) mod_md: When the last domain name from an MD is moved to another one, that now empty MD gets moved to the store archive. PR 62572. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1837358 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 23, 2018
-
-
Joe Orton authored
Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder. Submitted by: trawick, Frank Meier <frank.meier ergon.ch> Reviewed by: rpluem, ylavic, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1836472 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
Fix APR 1.4 compatibility by avoiding use of apr_escape.h. Submitted by: jorton Reviewed by: jorton, rpluem, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1836471 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 18, 2018
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1836159 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 10, 2018
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835553 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 06, 2018
-
-
William A. Rowe Jr authored
Review by popcorner with further edits for clarity by both CodeingBoy and popcorner, their discussion at https://github.com/popcorner/chect/pull/1 Added CONTENT_LANGUAGE variable for both translations. Note user-visible update in CHANGES git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835289 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 05, 2018
-
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835189 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835180 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
In 'ap_proxy_cookie_reverse_map', iterate over each token of the 'Set-Cookie' header field in order to avoid updating the wrong one. This could happen if the header field has something like 'fakepath=foo;path=bar". In this case fakepath would be updated instead of path. We don't need regex anymore in order to parse the field values and 'ap_proxy_strmatch_domain' and 'ap_proxy_strmatch_path' are now useless. (and should be axed IMHO) PR 61560 Submitted by: jailletc36 Reviewed by: jailletc36, rpluem, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835171 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835169 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_ratelimit: fix behavior with proxied content mod_ratelimit works by splitting data in "chunks" to send to the client, sleeping a predefined amount of time between them (200ms). So for example, a rate-limit 40 value would correspond to a chunk size of 8192 bytes, flushed to the client every 200ms. The idea works fine when httpd directly serves the content, since the filter will be called once with a single bucket brigade. In the context of a proxied content though the filter is likely to be called multiple times, with a bucket brigade size that corresponds to the maximum allowed buffer size. If this value is lower or higher than the chunk size, the filter will not properly rate limit the data going to the client. This patch solves the problem with two fix: 1) do_sleep is now stored in the ctx context struct, so if the filter is invoked multiple times it will still sleep when needed. For example, say that the chunk_size is 8192 and the bucket brigate len is 10240: the filter will flush 8192 bytes on the first invocation, sleep 200ms, flush the remaining bytes and then finish. The next invocation will do the same, clearly not leading to the correct "sleeping pattern". 2) The example above highlights also another issue: mod_ratelimit should flush only chunk_size bytes at the time (I am now excluding the burst calculation from the picture), and buffer between invocations unless the brigade contains EOS. The change has been tested with various scenarios and it looks working as expected, but of course more feedback/testing is welcome. The original patch was written by me and then Yann refactored the code to be more precise and efficient, basically transforming an axe in a wonderful Japanese katana sword, so credits to him for this work. PR: 62362 Submitted by: elukey Reviewed by: elukey, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835168 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 02, 2018
-
-
Eric Covener authored
Re-allow '_' (underscore) in hostnames. '_' was not permitted in hostnames since 2.4.25's "HTTP Strict" changes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834895 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Ruggeri authored
*) mod_slotmem_shm: Add generation number to shm filename to fix races with graceful restarts. PRs 62044 and 62308. trunk patch: https://svn.apache.org/r1831868 https://svn.apache.org/r1831869 https://svn.apache.org/r1831870 https://svn.apache.org/r1831871 https://svn.apache.org/r1831872 https://svn.apache.org/r1831935 https://svn.apache.org/r1831938 https://svn.apache.org/r1832479 2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-balancer_slotmem-v2.patch +1: ylavic, jim, druggeri git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834887 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Russian translations of errordocs. Contributed by Alexander Gaganashvili. Error page translations submitted for zh-cn and zh-tw, contributed by CodeingBoy <codeingboy gmail.com>. Note that zh-tw is not a native translation; each translation aught be reviewed by a native reader before backporting to 2.4.x branch. Submitted by: niq, wrowe Reviewed by: jailletc36, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834843 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 29, 2018
-
-
Stefan Eissing authored
backport of current mod_md version and documentation. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834671 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 26, 2018
-
-
Joe Orton authored
Add default schema ports for websockets Nore userland/PR change PR: 62480 Submitted by: Lubos Uhliarik <luhliari redhat.com> Reviewed by: jim, rpluem, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834422 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 25, 2018
-
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834323 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 24, 2018
-
-
Rainer Jung authored
header value RFC compliant like the case of an Expires time in the past: allow to overwrite the non-caching decision using CacheStoreExpired and respect Cache-Control "max-age" and "s-maxage". Backport of r1833876 from trunk. Submitted by: rjung Reviewed by: rjung, ylavic, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834241 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 22, 2018
-
-
Yann Ylavic authored
mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180. All meta buckets are now aggregated (besides FLUSH) and forwarded down the chain, and the output filter bails out on EOS. Proposed by: Micha Lenk <micha lenk.info> mod_xml2enc: follow up to r1829038. If any, pass pending meta bucket down the chain before leaving. mod_xml2enc: follow up to r1829038 and r1829039. Use below pending_data logic for EOS bucket. This closes #48 Submitted by: ylavic Reviewed by: ylavic, jim, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834104 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834103 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
core: ap_getline_core() reads nothing for n == 0. PR62199: add worker parameter ResponseFieldSize to mod_proxy Submitted By: Hank Ibell Committed By: covener add log id for r1828926 core: Add and handle AP_GETLINE_NOSPC_EOL flag in ap_rgetline_core(). This tells the ap_getline() family of functions to consume the end of line when the buffer is exhausted. PR 62198. mod_proxy_http: make use of AP_GETLINE_NOSPC_EOL in ap_proxygetline(). Fixes response header thrown away after the previous one was considered too large and truncated. PR 62196. core: forward flags to recursive/folding call to ap_rgetline_core(). We still need them when folding, other than AP_GETLINE_FOLD itself of course. mod_proxy_http: follow up to r1829573: remain EBCDIC friendly. Keep using ap_rgetline() as before r1829573, since ap_rgetline_core() is EBCDIC agnostic. Submitted by: ylavic, covener, covener, ylavic, ylavic, ylavic, ylavic Reviewed by: ylavic, covener, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834093 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf of a certificate chain. PR62112 [Ricardo Martin Camarero <rickyepoderi yahoo.es>] Fixed OCSPEnable to keep accepting "off", not "none". Submitted by: icing Reviewedby: icing, ylavic, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834089 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 19, 2018
-
-
Jim Jagielski authored
* modules/http/http_request.c (ap_process_request_after_handler, ap_process_request): Cache and retrieve the brigade structure used to send EOR and FLUSH between requests in c->pool userdata, to avoid allocating a brigade structure per-request out of c->pool. Submitted by: rpluem, jorton Submitted by: jorton Reviewed by: jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1833841 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_html: Fix variable interpolation and memory allocation failure in ProxyHTMLURLMap. Proposed by: Ewald Dieterich <ewald mailbox.org> Reviewed by: ylavic Submitted by: ylavic Reviewed by: ylavic, jailletc36, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1833840 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 13, 2018
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1833471 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 06, 2018
-
-
Jim Jagielski authored
mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30. Overwriting server config in pre_config hook breaks EXEC_ON_READ directives, it's automatically created on purpose anyway. PR 62220. Follow up to r1832580: correct CHANGES entry. Submitted by: ylavic Reviewed by: ylavic, wrowe, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1833070 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_remoteip: Set useragent port to zero PR59931 When overriding the useragent address from X-Forwarded-For, zero out what had been initialized as the connection-level port. Submitted By: Hank Ibell <hwibell gmail.com> Reviewed by: ylavic, covener, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1833007 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mpm_unix(es): cleanup properly on exit in one_process mode. We can't destroy ap_pglobal in the MPMs because clean_child_exit() runs in a DSO which would be unloaded under us. So we defer an ap_terminate() with atexit() in ap_unixd_mpm_set_signals(), all this is static/builtin code in "os/unix/unixd.c". Follow up to r1822537: replace static variable with pool userdata. Also adds a comment and a CHANGES entry. Submitted by: ylavic Reviewed by: ylavic, jim, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1833005 13f79535-47bb-0310-9956-ffa450edef68
-
- May 31, 2018
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832644 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
add an <IfFile> config section like <IfDefine> It allows a non httpd config file to be used as a marker directly in httpd.conf without hiding logic in a script in front of apachectl to do test -f and pass extra -D's. This is something we've had in IBM's httpd distro for a little bit and hadn't remembered to share. I've seen some questions/config files come up in a few places lately that would benefit from this as an option. Remove duplicate implementations of conditional section function. No functional change. * server/core.c (start_cond_section): Factor out from start_if*. Adjust to use apr_strmemdup. (test_ifmod_section, test_iffile_section, test_ifdefine_section): Move container-specific tests into callbacks from start_if*. (core_cmds): Adjust <IfFile, <IfDefine, <IfModule to use start_cond_section with callbacks. Add <IfDirective> and <IfSection>: * server/core.c (test_ifdirective_section, test_ifsection_section): New callbacks. (core_cmds): Define new directives. * include/http_config.h, server/config.c (ap_exists_directive): New function. * include/ap_mmn.h: Bump MMN minor for above. * docs/manual/mod/core.xml: Add docs. * server/core.c (start_cond_section): Comment & variable name fixes, no functional change. Submitted by: covener, jorton Reviewed by: jorton, ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832623 13f79535-47bb-0310-9956-ffa450edef68
-