Skip to content
  1. May 18, 2015
  2. May 13, 2015
    • Jim Jagielski's avatar
      Merge r1674542, r1675410, r1676842 from trunk: · ddef530a
      Jim Jagielski authored
      mod_ssl: Check for RAND_egd() at configure time and only use it if present.
      Fixes the build with LibreSSL which does not provide this function.
      
      Submitted by: Bernard Spil <pil.oss gmail com>, stsp
      Committed by: stsp
      
      
      mod_ssl: Make the config parser complain if SSLRandomSeed specifies
      the Entropy Gathering Daemon (EGD) as source while the underlying
      SSL library does not support EGD (e.g. in case of LibreSSL).
      
      Suggested and reviewed by: kbrand
      
      
      Follow up to r1674542 and r1675410: CHANGES entry.
      Submitted by: stsp, ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1679199 13f79535-47bb-0310-9956-ffa450edef68
      ddef530a
  3. May 11, 2015
  4. May 07, 2015
  5. May 01, 2015
  6. Apr 26, 2015
    • Kaspar Brand's avatar
      Merge r1650047 from trunk: · 8a1c04de
      Kaspar Brand authored
      Add support for extracting subjectAltName entries of type
      rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n
      variables.
      
      * docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the
        environment variables table
      
      * modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction
        of subjectAltName entries for the "StdEnvVars" case
      
      * modules/ssl/ssl_engine_vars.c: add support for retrieving the
        SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with
        individual on-demand lookup (ssl_var_lookup_ssl_cert_san),
        or with full-list extraction to the environment ("StdEnvVars")
      
      * modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype
      
      * modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and
        SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common
        code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where
        suitable. Limit SSL_X509_getSAN to the two most common subjectAltName
        entry types appearing in user or server certificates (i.e., rfc822Name
        and dNSName), for the time being.
      
      * modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8
        and SSL_X509_getSAN prototypes
      
      
      Proposed by: kbrand
      Reviewed by: ylavic, druggeri
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1676087 13f79535-47bb-0310-9956-ffa450edef68
      8a1c04de
  7. Apr 20, 2015
    • Jim Jagielski's avatar
      Merge r1666468, r1666618, r1674697 from trunk: · f89fe72a
      Jim Jagielski authored
      mpm_event: Allow for timer events duplicates. 
      Meanwhile ap[r]_skiplist_add()...
      
      
      mpm_event: follow up to r1666468.
      We only need one compare function for add semantic with apr_skiplist_insert()
      and unique timers (pointers). It also should work with apr_skiplist_remove()
      and apr_skiplist_find(), be they used some day.
      
      
      mpm_event: follow up to r1666468 and r1666618.
      We don't need to return 0 in the compare function, but for debugging purpose
      which we could implement later if necessary (in a separate function).
      For now, keep the function simple as in 2.4.x to ease backport, and add a
      comment about why we never return 0 here.
      
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674921 13f79535-47bb-0310-9956-ffa450edef68
      f89fe72a
  8. Apr 19, 2015
  9. Apr 16, 2015
  10. Apr 15, 2015
  11. Apr 07, 2015
  12. Apr 05, 2015
  13. Mar 31, 2015
    • Jim Jagielski's avatar
      Merge r1669289, r1669292 from trunk: · 28603f7f
      Jim Jagielski authored
      core_filters: restore/disable TCP_NOPUSH option after non-blocking sendfile.
      
      CHANGES: follow up to r1669289.
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670328 13f79535-47bb-0310-9956-ffa450edef68
      28603f7f
    • Jim Jagielski's avatar
      Merge r1664071, r1664299 from trunk: · dcbe9564
      Jim Jagielski authored
      core: If explicitly configured, use the KeepaliveTimeout value of the
      virtual host which handled the latest request on the connection, or by
      default the one of the first virtual host bound to the same IP:port.
      
      For non-async MPMs, use either r->server's or c->base_server's value in
      ap_process_http_sync_connection() depending on a new server_rec's flag
      called keep_alive_timeout_set and determined at config time.
      
      For event MPM, use a queue per timeout value, chaining the queues per
      type (keepalive wrt KeepAliveTimeout, write completion wrt to Timeout)
      so that maintenance can be done on all the queues from the head, and such
      that insertions/maintenance remain in O(1).
      A server config is created and pointing to the queue of each vhost at
      post_config time, hence the config can be associated to the connection
      state (cs) at post_read_request time (keep_alive_timeout_set is used to
      determine r->server vs c->base_server here), and we can simply insert
      with TO_QUEUE_INSERT(cs->sc->q, cs).  PR56226.
      
      While at it, since each queue now embeds it own timeout and hence the
      expiration_time of the cs has changed to a queue_timestamp (the time it
      was queued), we can detect clock skews and expire entries immediatly if
      the system is set (eg. far) in the past during runtime and we want to
      avoid waiting for (eg.) centuries before the current logic kills them.
      Any entry which is registered above now + q->timeout is concerned, and
      is now cleaned from the queue when encountered.  PR57374.
      
      
      core: Follow up to r1664071: comments on new keep_alive_timeout_set flag.
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670326 13f79535-47bb-0310-9956-ffa450edef68
      dcbe9564
    • Jim Jagielski's avatar
      Merge r1668532, r1668535, r1668553 from trunk: · 39136793
      Jim Jagielski authored
      core: Initialize scoreboard's used optional functions on graceful restarts to
      avoid a crash when relocation occurs.  PR 57177.
      
      
      core: follow up to r1668532: CHANGES entry.
      
      core: follow up to r1668532: always initialize optional_fn pointers in ap_create_scoreboard().
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670325 13f79535-47bb-0310-9956-ffa450edef68
      39136793
    • Jim Jagielski's avatar
      Merge r1657636, r1657638, r1669130 from trunk: · 2d5c6f78
      Jim Jagielski authored
      mod_proxy_connect/wstunnel: If both client and backend sides get readable
      at the same time, don't lose errors occuring while forwarding on the first
      side when none occurs next on the other side, and abort.
      
      
      CHANGES: Follow up to r1657636, clarify message.
      
      
      mod_proxy_{connect,wstunnel}: follow up to r1657636.
      Since rv is not used as an apr_status_t in the loop (it's logging is done by
      proxy_{connect,wstunnel}_transfer() when necessary/relevent), use a boolean
      instead to avoid the ugly ORs between APR error codes.
      
      Submitted by: ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670324 13f79535-47bb-0310-9956-ffa450edef68
      2d5c6f78
    • Jim Jagielski's avatar
      Merge r1661448 from trunk: · 241d0adc
      Jim Jagielski authored
      core: Add expression support to ErrorDocument. Switch from a fixed
      sized 664 byte array per merge to a hash table.
      
      Submitted by: minfrin
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670320 13f79535-47bb-0310-9956-ffa450edef68
      241d0adc
    • Jim Jagielski's avatar
      Merge r1666361 from trunk: · 4ab0b8cf
      Jim Jagielski authored
      Avoid a potential integer underflow in the lock timeout value sent back to a client. The answer to a LOCK request could be an extremly large integer if the time needed to lock the resource was longer that the requested timeout given in the LOCK request. In such a case, we now answer "Second-0".  PR55420
      Submitted by: jailletc36
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670319 13f79535-47bb-0310-9956-ffa450edef68
      4ab0b8cf
  14. Mar 27, 2015
  15. Mar 24, 2015
  16. Mar 05, 2015