- Jan 21, 2016
-
-
Jim Jagielski authored
*) mod_proxy_fcgi: Suppress HTTP error 503 and message 01075, "Error dispatching request", when the cause appears to be the client closing the connection. PR58118. Submitted By: Tobias Adolph <adolph lrz.de> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726019 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
flush errors are TRACE1 in the core output filter now. Remove APLOGNO after moving log message to TRACE1 in r1724847. Submitted by: covener, rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726018 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
*) mod_rewrite: Avoid looping on relative substitutions that result in the same filename we started with. PR 58854. [Eric Covener] Previously, the comparison of old and new filename happened before some prefixes might be added. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1726016 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 19, 2016
-
-
Jim Jagielski authored
Add common extension "m4a" for MPEG 4 Audio to mime.types. As a reference see Wikipedia: https://en.wikipedia.org/wiki/MPEG-4_Part_14#.MP4_versus_.M4A PR: 57895 Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1725509 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1725500 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 30, 2015
-
-
Jim Jagielski authored
add GlobalLog directive to allow a diagnostic log to be inherited by all virtual hosts, even if they define their own logs. Submitted By: Edward Lu <Chaosed0 gmail.com> Committed by: covener document GlobalLog Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1722340 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 28, 2015
-
-
Yann Ylavic authored
r1715014 somehow put it in 2.4.17, whereas it was really backported in 2.4.18. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1721907 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 08, 2015
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1718694 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1718692 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 07, 2015
-
-
Jim Jagielski authored
using c->master for ssl var lookups when c holds no valid SSLConnRec. Fixes PR58666. Submitted by: icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1718331 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Fix the use of the default 'flush' provider. Improve documentation for the "flusher" parameter. Remove useless empty lines. See http://mail-archives.apache.org/mod_mbox/httpd-dev/200812.mbox/%3C494226C0.4050407@force-elite.com%3E for some more explanation. A python script is given there to test. I had to tweak it to have it work (use: fd, payload = passfd.recvfd(conn.fileno()) instead of: fd = passfd.recvfd(conn.fileno()) ) This is a r1058621 regression, where somehow "char *flusher" has been turned into a "char flusher[]". So it is been broken since the beginning of 2.4.x After this change (i.e. r1058621), 'flusher' is no more a pointer (NULL'ed when the structure it belongs to is created) but the address of an array within a structure. It can not be NULL anymore. So, we now have to look at the content of the array itself to see if it has been initialized or if we have to use the default value instead. Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1718324 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 04, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1717980 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 26, 2015
-
-
Jim Jagielski authored
For the "SSLStaplingReturnResponderErrors off" case, make sure to only staple responses with certificate status "good". Also avoids including inaccurate responses when the OCSP responder is not completely up to date in terms of the CA-issued certificates (and provides interim "unknown" or "extended revoked" [RFC 6960] status replies). Log a certificate status other than "good" in stapling_check_response(). Propagate the "ok" status from stapling_check_response() back via both stapling_renew_response() and get_and_check_cached_response() to the callback code in stapling_cb(), enabling the decision whether to include or skip the response. insert missing LOGNO in ssl_util_stapling.c Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716652 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
core: Limit to ten the number of tolerated empty lines between request, and consume them before the pipelining check to avoid possible response delay when reading the next request without flushing. Before this commit, the maximum number of empty lines was the same as configured LimitRequestFields, defaulting to 100, which was way too much. We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES). check_pipeline() is changed to check for (up to the limit) and comsume the trailing [CR]LFs so that they won't be interpreted as pipelined requests, otherwise we would block on the next read without flushing data, and hence possibly delay pending response(s) until the next/real request comes in or the keepalive timeout expires. Finally, when the maximum number of empty line is reached in read_request_line(), or that request line does not contains at least a method and an (valid) URI, we can fail early and avoid some failure detected in further processing. core: follow up to r1710095. Simplify logic in check_pipeline(), and log unexpected errors. core: follow up to r1710095, r1710105. We can do this in a single (no inner) loop, and simplify again the logic. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716651 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 25, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716493 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 24, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716210 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 20, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715371 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 18, 2015
-
-
Jim Jagielski authored
mod_ssl: forward EOR (only) brigades to the core_output_filter(). mod_ssl: don't FLUSH output (blocking) on read. This defeats deferred write (and pipelining), eg. check_pipeline() is not expecting the pipe to be flushed under it. So let OpenSSL >= 0.9.8m issue the flush when necessary (earlier versions are known to not handle all the cases, so we keep flushing with those). mod_ssl: follow up to r1705823. Oups, every #if needs a #endif... mod_ssl: pass through metadata buckets untouched in ssl_io_filter_output(), the core output filter needs them. Proposed by: jorton mod_ssl: follow up to r1705194, r1705823, r1705826 and r1705828. Add CHANGES entry, and restore ap_process_request_after_handler()'s comment as prior to r1705194 (the change makes no sense now). mod_ssl: follow up to r1705823. We still need to flush in the middle of a SSL/TLS handshake. mod_ssl: follow up to r1705823. Flush SSL/TLS handshake data when writing (instead of before reading), and only when necessary (openssl < 0.9.8m or proxy/client side). mod_ssl: follow up to r1707230: fix (inverted) logic for SSL_in_connect_init(). Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715014 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 03, 2015
-
-
Graham Leggett authored
alignment (SPARC64, PPC64). Submitted by: ylavic Reviewed by: jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712294 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
fields as described in RFC7230. See OWS definition. Submitted by: jailletc36 Reviewed by: ylavic, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712293 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in. followup to r1710380 -- refactored name and didn't have 'make depend' Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712268 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 25, 2015
-
-
Rainer Jung authored
ssl variables in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function syntax "ssl(VARNAME)". Backport of r1707002 and r1709596 from trunk. Committed By: rjung Backported By: rjung Reviewed by: rjung, ylavic, sf git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1710433 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 09, 2015
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1707774 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1707772 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 08, 2015
-
-
Yann Ylavic authored
mod_proxy: only cleanup the socket for a connection asked to be closed but whose address can still be reused. This saves unnecessary socket pool destroy and creation at cleanup and reuse time, plus the same initialization of conn->pool's associated data which can be reused in that case. r1703807 | ylavic | 2015-09-18 12:58:58 +0200 (Fri, 18 Sep 2015) | 5 lines mod_proxy: don't recyle backend announced "Connection: close" connections. Failing to do this may lead to a race condition where we send a new request before the backend really closes the connection (or lost SSL-Alert/FIN make us think the connection is still alive, until the retransmission). r1703813 | ylavic | 2015-09-18 13:48:31 +0200 (Fri, 18 Sep 2015) | 1 line mod_proxy: follow up to r1703807: CHANGES entry. Submitted by: ylavic Committed by: ylavic Reviewed by: ylavic, rjung, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1707556 13f79535-47bb-0310-9956-ffa450edef68
-
- Oct 06, 2015
-
-
Jim Jagielski authored
Merge r1684900, r1687539, r1687680, r1688331, r1688339, r1688340, r1688341, r1688343, r1697013, r1697015 from trunk: mod_substitute: Fix configuraton merge order. PR 57641 [Marc.Stern] mod_substitute: follow up r1684900. Introduce the SubstituteInheritBefore directive to configure the merge order. This allows to preserve 2.4 and earlier behaviour. mod_substitute: follow up to r1687539. Use tristate single inherit_before variable instead of two, according to wrowe's advices. mod_substitute: follow up to r1687680. Fix dir config merger 'over'-write, thanks Bill (again). Very difficult to read, and therefore was wrong. Assert that the SubstituteInheritBefore option was explicitly toggled, and do not default in 2.x to this legacy behavior. Optimize in all cases that the members are all explicitly initialized. Useful for 2.2 and 2.4, but trunk will require the subsequent patch. Increase legibility of the max_line_length behavior, and adjust for the requirement that all members are initialized explicitly due to the previous patch. Net -8 LoC, my usual specialty. This didn't need to be reinvented; please use established helpers. mod_substitute: follow up r1688339. SubstituteInheritBefore is the default in 2.5.x but wasn't for ealier versions. mod_substitute: follow up r1697013. Update the doc. Submitted by: niq, ylavic, ylavic, ylavic, wrowe, wrowe, wrowe, wrowe, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1707039 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 30, 2015
-
-
Jim Jagielski authored
mod_proxy: Fix ProxySourceAddress binding failure with AH00938. PR 56687. Proposed by: Arne de Bruijn <apache arbruijn.dds.nl> Reviewed by: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706028 13f79535-47bb-0310-9956-ffa450edef68
-
asf-sync-process authored
Support compilation against libssl built with OPENSSL_NO_SSL3, and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3", in accordance with RFC 7568. PR 58349, PR 57120. Proposed by: kbrand Reviewed by: ylavic, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706008 13f79535-47bb-0310-9956-ffa450edef68
-
Kaspar Brand authored
Append :!aNULL:!eNULL:!EXP to the cipher string settings, instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7 and later). Enables support for configuring the SUITEB* cipher strings introduced in OpenSSL 1.0.2. PR 58213. Apply the same treatment to the "SSLOpenSSLConfCmd CipherString ..." directive. Proposed by: kbrand Reviewed by: ylavic, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706007 13f79535-47bb-0310-9956-ffa450edef68
-
Kaspar Brand authored
Add support for extracting the msUPN and dnsSRV forms of subjectAltName entries of type "otherName" into SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment variables. Addresses PR 58020. * docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_OTHER_*_n entries to the environment variables table * modules/ssl/ssl_engine_vars.c: add support for retrieving the SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n variables * modules/ssl/ssl_util_ssl.c: add parse_otherName_value, which currently recognizes the "msUPN" (1.3.6.1.4.1.311.20.2.3) and "id-on-dnsSRV" (1.3.6.1.5.5.7.8.7) otherName forms, and adapt modssl_X509_getSAN to take an optional otherName form argument for the GEN_OTHERNAME case * modules/ssl/ssl_util_ssl.h: adapt modssl_X509_getSAN prototype * modules/ssl/mod_ssl.c: register the id-on-dnsSRV otherName form OID (1.3.6.1.5.5.7.8.7) in OpenSSL's objects table Proposed by: kbrand Reviewed by: ylavic, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706006 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 28, 2015
-
-
Jim Jagielski authored
Don't count initial handshake I/O when determining the first byte. PR58454 Submitted By: Konstantin J. Chernov Committed By: covener Avoid storing request stuff in r->connection->conn_config to avoid problems with e.g. write completion. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705666 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 27, 2015
-
-
Graham Leggett authored
r->headers when mod_cache is enabled and the response is cached for the first time. Submitted by: elu Reviewed by: ylavic, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705528 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 26, 2015
-
-
Graham Leggett authored
can't create new (clear) slots while previous children gracefully stopping still use the old ones (e.g. Windows, OS2). PR 58024. Submitted by: ylavic Reviewed by: jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705499 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
PR 57785 Submitted by: niq Reviewed by: jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705496 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
records for scalability. Submitted by: Yingqi Lu <yingqi.lu@intel.com>, Jeff Trawick, Jim Jagielski, Yann Ylavic Reviewed by: ylavic, jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705492 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 23, 2015
-
-
Jim Jagielski authored
* Do not reset the retry timeout if the worker is in error at this stage even if the connection to the backend was successful. It was likely set into error by a different thread / process in parallel e.g. for a timeout or bad status. We should respect this and should not continue with a connection via this worker even if we got one. * Do a more complete cleanup here. At this point we cannot end up with something useful with the data we created so far. Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1704835 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 16, 2015
-
-
Jim Jagielski authored
allow autoindex w/o mod_dir/mod_mime setting the DIR_MAGIC_TYPE. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1703404 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 08, 2015
-
-
Jim Jagielski authored
With the current implementation, it is likely to connect/close a socket with the memcache server for each command sent. The root cause is a too small idle timeout (600 microseconds). Add a new directive, 'MemcacheConnTTL', to control this idle connection timeout with the memcache server(s). Change the default value from 600 usec (!) to 15 sec as per Yann suggestion. I've limited accepted values from 1 to 1800 seconds (half an hour) because internaly, the value passed to 'apr_memcache_server_create' is still in mirco-seconds. PR 58091 ~~~~~~~~~~~~~~~~~~~_ Homemade measurement (on a slighly modified version of httpd) shows a +30% in number of processed requests using memcache to cache /index.html. Comparison made between the 600 usec and 15 sec TTL. Memcache config: default httpd Config: CacheEnable socache / CacheSocache memcache:127.0.0.1 LoadModule mpm_event_module modules/mod_mpm_event.so httpd compiled with: ./configure --enable-mpms-shared=all --with-included-apr --with-mysql --with-libxml2 --enable-modules=reallyall --enable-ssl-ct=no --enable-maintainer-mode --prefix=$HOME/httpd-2.5 httpd and memcache running on the same VM running under Ubuntu 15.04 Load tested using: ab -n 20000 http://127.0.0.1/index.html Creation/closing of connections beetween httpd and memcache confirmed using the telnet connection to memcache and the stats command Allow 0 as a valid value (never close idle connections) Increased maximum allowed value to 3600 s (1 hour) Use 'ap_timeout_parameter_parse' to allow more flexible configuration (i.e. h, min, s, ms suffixes) Use 'apr_time_from_sec' when applicable. Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701771 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 07, 2015
-
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2@1701655 13f79535-47bb-0310-9956-ffa450edef68
-
- Sep 06, 2015
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701442 13f79535-47bb-0310-9956-ffa450edef68
-