Skip to content
  1. Sep 30, 2015
    • Jim Jagielski's avatar
      Merge r1703902 from trunk: · dbda2446
      Jim Jagielski authored
      mod_proxy: Fix ProxySourceAddress binding failure with AH00938.  PR 56687.
      Proposed by: Arne de Bruijn <apache arbruijn.dds.nl>
      Reviewed by: ylavic
      
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706028 13f79535-47bb-0310-9956-ffa450edef68
      dbda2446
    • asf-sync-process's avatar
      merge r1703952 from trunk · 6278188c
      asf-sync-process authored
      Support compilation against libssl built with OPENSSL_NO_SSL3,
      and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",
      in accordance with RFC 7568. PR 58349, PR 57120.
      
      Proposed by: kbrand
      Reviewed by: ylavic, jorton
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706008 13f79535-47bb-0310-9956-ffa450edef68
      6278188c
    • Kaspar Brand's avatar
      merge r1702643 from trunk · 213c5b06
      Kaspar Brand authored
      Append :!aNULL:!eNULL:!EXP to the cipher string settings,
      instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
      and later). Enables support for configuring the SUITEB* cipher
      strings introduced in OpenSSL 1.0.2. PR 58213.
      
      Apply the same treatment to the "SSLOpenSSLConfCmd CipherString ..." directive.
      
      Proposed by: kbrand
      Reviewed by: ylavic, jorton
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706007 13f79535-47bb-0310-9956-ffa450edef68
      213c5b06
    • Kaspar Brand's avatar
      merge r1693792 from trunk · c41d0340
      Kaspar Brand authored
      Add support for extracting the msUPN and dnsSRV forms
      of subjectAltName entries of type "otherName" into
      SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment
      variables. Addresses PR 58020.
      
      * docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_OTHER_*_n entries to the
        environment variables table
      
      * modules/ssl/ssl_engine_vars.c: add support for retrieving the
        SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n variables
      
      * modules/ssl/ssl_util_ssl.c: add parse_otherName_value, which
        currently recognizes the "msUPN" (1.3.6.1.4.1.311.20.2.3) and
        "id-on-dnsSRV" (1.3.6.1.5.5.7.8.7) otherName forms, and
        adapt modssl_X509_getSAN to take an optional otherName form
        argument for the GEN_OTHERNAME case
      
      * modules/ssl/ssl_util_ssl.h: adapt modssl_X509_getSAN prototype
      
      * modules/ssl/mod_ssl.c: register the id-on-dnsSRV otherName form
        OID (1.3.6.1.5.5.7.8.7) in OpenSSL's objects table
      
      Proposed by: kbrand
      Reviewed by: ylavic, jorton
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706006 13f79535-47bb-0310-9956-ffa450edef68
      c41d0340
  2. Sep 28, 2015
  3. Sep 27, 2015
  4. Sep 26, 2015
  5. Sep 23, 2015
    • Jim Jagielski's avatar
      Merge r1664709, r1697323 from trunk: · 243d5eab
      Jim Jagielski authored
       * Do not reset the retry timeout if the worker is in error at this stage even
         if the connection to the backend was successful. It was likely set into
         error by a different thread / process in parallel e.g. for a timeout or
         bad status. We should respect this and should not continue with a connection
         via this worker even if we got one.
      
      
      * Do a more complete cleanup here. At this point we cannot end up with something useful with the data we created so far.
      Submitted by: rpluem
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1704835 13f79535-47bb-0310-9956-ffa450edef68
      243d5eab
  6. Sep 16, 2015
  7. Sep 08, 2015
    • Jim Jagielski's avatar
      Merge r1696105, r1700418 from trunk: · b7f7b509
      Jim Jagielski authored
      With the current implementation, it is likely to connect/close a socket with the memcache server for each command sent.
      The root cause is a too small idle timeout (600 microseconds).
      
      Add a new directive, 'MemcacheConnTTL',  to control this idle connection timeout with the memcache server(s).
      Change the default value from 600 usec (!) to 15 sec as per Yann suggestion.
      
      I've limited accepted values from 1 to 1800 seconds (half an hour) because internaly, the value passed to 'apr_memcache_server_create' is still in mirco-seconds.
      
      PR 58091
      ~~~~~~~~~~~~~~~~~~~_
      Homemade measurement (on a slighly modified version of httpd) shows a +30% in number of processed requests using memcache to cache /index.html.
      Comparison made between the 600 usec and 15 sec TTL.
      
      Memcache config:
          default
      httpd Config:
          CacheEnable socache /
          CacheSocache memcache:127.0.0.1
          LoadModule mpm_event_module modules/mod_mpm_event.so
      httpd compiled with:
          ./configure --enable-mpms-shared=all --with-included-apr --with-mysql --with-libxml2 --enable-modules=reallyall --enable-ssl-ct=no --enable-maintainer-mode --prefix=$HOME/httpd-2.5
      httpd and memcache running on the same VM running under Ubuntu 15.04
      Load tested using:
          ab -n 20000 http://127.0.0.1/index.html
      
      Creation/closing of connections beetween httpd and memcache confirmed using the telnet connection to memcache and the stats command
      
      
      
      Allow 0 as a valid value (never close idle connections)
      Increased maximum allowed value to 3600 s (1 hour)
      Use 'ap_timeout_parameter_parse' to allow more flexible configuration (i.e. h, min, s, ms suffixes)
      Use 'apr_time_from_sec' when applicable.
      Submitted by: jailletc36
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701771 13f79535-47bb-0310-9956-ffa450edef68
      b7f7b509
  8. Sep 07, 2015
  9. Sep 06, 2015
  10. Sep 05, 2015
  11. Aug 28, 2015
  12. Jul 29, 2015
  13. Jul 10, 2015
  14. Jul 09, 2015
  15. Jul 08, 2015
  16. Jul 03, 2015
  17. Jun 19, 2015
  18. Jun 18, 2015
  19. Jun 17, 2015
  20. Jun 16, 2015
  21. Jun 11, 2015
  22. Jun 09, 2015
  23. Jun 04, 2015
  24. Jun 02, 2015
    • Jim Jagielski's avatar
      Merge r1681694, r1682907 from trunk: · 755dd84e
      Jim Jagielski authored
      mod_proxy: Don't put the worker in error state for 500 or 503 errors
      returned by the backend unless failonstatus is configured to.  PR 56925.
      
      
      mod_proxy: follow up to r1681694.
      
      Handle the proxy-error-override note also in mod_proxy_ajp.
      
      The note is not needed in mod_proxy_fcgi (which also handles
      ProxyErrorOverride) since it calls ap_die() by itself, and always
      returns OK to proxy_handler().
      
      Add a comment about the note where used.
      
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1683112 13f79535-47bb-0310-9956-ffa450edef68
      755dd84e
  25. Jun 01, 2015
  26. May 29, 2015