- Sep 18, 2018
-
-
Joe Orton authored
* modules/ssl/ssl_engine_kernel.c (ssl_check_post_client_verify): Retrieve and set sslconn->client_cert here for both "modern" and classic access control. (ssl_hook_Access_classic, ssl_hook_Access_modern, ssl_hook_Access): Restore SSLRequire and FakeBasicAuth checks to ssl_hook_Access so tests are still applied for TLSv1.3. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1841219 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 12, 2018
-
-
Joe Orton authored
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Disable AUTO_RETRY mode for OpenSSL 1.1.1, which fixes post-handshake authentication. (ssl_init_proxy_certs): Fix proxy client cert support with TLSv1.3, which is now crippled by default. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1840711 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Fail with 403 if SSL_verify_client_post_handshake() fails, e.g. when the TLS/1.3 client didn't send the Post-Handshake Authentication extension. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1840664 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 11, 2018
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1840530 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 05, 2018
-
-
Stefan Eissing authored
Merged 1827912,1827924,1827992,1828222,1828720,1828723,1833588,1833589,1839920,1839946 from trunk *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9. SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for. Directive "SSLVerifyClient" now triggers certificate retrieval from the client. Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols, as this would need to trigger the master connection thread - which we do not support right now. Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite" does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate. Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they can match their needs onto the TLSv1.3 protocol. [Yann Ylavic, Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1840120 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1840105 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1840096 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 04, 2018
-
-
Rainer Jung authored
conversion from apr_time_t to milliseconds instead of hard-coded division by 1000. Backport of r1839780 from trunk. Submitted by: rjung Reviewed by: rjung, rpluem, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1840032 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1840030 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1840029 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 03, 2018
-
-
Ruediger Pluem authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839911 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 31, 2018
-
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839786 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
in milliseconds. Backport of remaining parts of r1837590 from trunk (only html mode changes, auto parts were already backported). Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839785 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
in mod_status when "ProxyStatus" is "On": add "busy" count to html mode. Backport of remaining parts of r1837588 from trunk (only html mode changes, auto parts were already backported). Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839784 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 29, 2018
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839584 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
server-status proposals back to the list. I have only applied the uncontroversial "auto" mode part of the accepted patches. The "html" part is now back in STATUS (with adjusted smaller patches) to give some more time for feedback whether the HTML output format is allowed to change during a patch release. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839535 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
format. Followon to r1839533. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839534 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
in milliseconds to auto mode. Partial backport of r1839532 from trunk (only auto mode changes, html parts not yet backported). Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839533 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
in mod_status when "ProxyStatus" is "On": add "busy" count to auto mode and show byte counts in auto mode always in units of kilobytes. Partial backport of r1837588 from trunk (only auto mode changes, html parts not yet backported). Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839532 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
processes in the "cu" and "cs" values. Add CPU time of the parent process to the "c" and "s" values. Backport of r1837595 from trunk. Submitted by: rjung Reviewed by: rjung, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839531 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
MPMs in "auto" mode. Added number of processes, number of stopping processes and number of busy and idle workers. This changes only the key/value list of the server-status "auto" output. The data is already part of the "html" output. Backport of r1837589 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839530 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 28, 2018
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839500 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
mod_ratelimit: Don't interfere with "chunked" encoding. By the time ap_http_header_filter() sends the header brigade and adds the "CHUNK" filter, we need to garantee that the header went through all the filters' stack, and more specifically above ap_http_chunk_filter() which assumes that all it receives is content data. Since rate_limit_filter() may retain the header brigade, make it run after ap_http_chunk_filter(), just before AP_FTYPE_CONNECTION filters. Also, ap_http_header_filter() shouldn't eat the EOS for HEAD/no-body responses. For instance mod_ratelimit depends on it since r1835168, but any next request filter may as well to flush and/or bail out approprietely. This fixes the regression introduced in 2.4.34 (r1835168). PR 62568. Submitted by: ylavic Reviewed by: covener, ylavic, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839497 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839446 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839443 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839438 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839437 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 27, 2018
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839328 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839327 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839318 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839309 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 26, 2018
-
-
Christophe Jaillet authored
r1839250 in trunk + remove some trailing spaces to synch with trunk + add the optional [s] in WatchdogInterval syntax git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839254 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
(r1839245 on trunk) + remove some trailling spaces to synch with trunk git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839246 13f79535-47bb-0310-9956-ffa450edef68
-
- Aug 24, 2018
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838953 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
Synch with trunk and improve alignment in examples. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838946 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838944 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838849 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838848 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838846 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838838 13f79535-47bb-0310-9956-ffa450edef68
-