- Mar 03, 2014
-
-
Eric Covener authored
restore http://svn.apache.org/viewvc?view=revision&revision=233369 under a configurable option: don't run mod_dir if r->handler is already set. Backported by: covner Reviewed By: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573580 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 02, 2014
-
-
Jim Jagielski authored
* Do not perform SNI / Host header comparison in case of a forward proxy request as in case of a forward proxy request the host header can not be used for virtual host selection in our webserver. * Update comment. No functional change. * Put a note in CHANGES about r1553204 Submitted by: rpluem Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573362 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Throw away the myCtxVar{Set,Get} abomination and introduce a pphrase_cb_arg_t struct instead, for passing stuff between ssl_pphrase_Handle and ssl_pphrase_Handle_CB. Prefer struct members instead of using additional local variables, to make the data flow more transparent. (Doesn't "vastly simplify" the code yet, but hopefully we'll get there when further stripping down ssl_pphrase_Handle.) Remove the hardcoded algorithm-type dependency for the SSLCertificateFile and SSLCertificateKeyFile directives, and deprecate SSLCertificateChainFile Splitting the patch into smaller pieces turned out to be infeasible, unfortunately, due to the heavily intertwined code in ssl_engine_config.c, ssl_engine_init.c and ssl_engine_pphrase.c, which all depends on the modssl_pk_server_t data structure. For better comprehensibility, a detailed listing of the changes follows: ssl_private.h - drop the X509 certs and EVP_PKEY keys arrays from modssl_pk_server_t - use apr_array_header_t for cert_files and key_files - drop tPublicCert from SSLModConfigRec - drop the ssl_algo_t struct and the SSL_ALGO_* and SSL_AIDX_* constants ssl_engine_config.c - change to apr_array_header_t for SSLCertificate[Key]File - drop ssl_cmd_check_aidx_max, i.e. allow an arbitrary number of certs and keys (in theory; currently OpenSSL does not support more than one cert/key per algorithm type) - add deprecation warning for SSLCertificateChainFile ssl_engine_init.c - configure server certs/keys in ssl_init_server_certs (no longer via ssl_pphrase_Handle in ssl_init_Module) - in ssl_init_server_certs, read in certificates and keys with standard OpenSSL API functions (SSL_CTX_use_*_file), and only fall back to ssl_load_encrypted_pkey when encountering an encrypted private key - drop ssl_server_import_cert, ssl_server_import_key, ssl_init_server_check, and ssl_init_ctx_cleanup_server - move the "problematic re-initialization" check to ssl_init_server_ctx ssl_engine_pphrase.c - use servername:port:index as the key identifier, instead of the previously used servername:port:algorithm - ssl_pphrase_Handle overhaul: remove all cert/public-key handling, make it only load a single (encrypted) private key, and rename to ssl_load_encrypted_pkey - in the passphrase prompt message, show the private key file name instead of the vhost id and the algorithm name - do no longer supply the algorithm name as an argument to "exec"-type passphrase prompting programs ssl_util.c - drop ssl_util_algotypeof, ssl_util_algotypestr, ssl_asn1_keystr, and ssl_asn1_table_keyfmt ssl_util_ssl.{c,h} - drop SSL_read_X509 - constify the filename arg for SSL_read_PrivateKey CodeWarrior compiler doesnt allow vars as struct inits. Remove per-certificate chain handling code (obsoleted by https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b9fa413a08d436d6b522749b5e808fcd931fd943) make the ppcb_arg initialization a bit more uniform and easier to read Followup fix for r1553824: also pass the file name to ssl_load_encrypted_pkey, to make sure that we retry with the same filename we used for SSL_CTX_use_PrivateKey_file first With OpenSSL 1.0.2 or later, enable OCSP stapling in a loop based on SSL_CTX_set_current_cert(), near the end of ssl_init_server_ctx. update APLOGNO for r1564760 Submitted by: kbrand, fuankg, kbrand, kbrand, kbrand, kbrand, kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573360 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 21, 2014
-
-
Jim Jagielski authored
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore, and IgnoreInherit to allow RewriteRules to be pushed from parent scopes to child scopes without explicitly configuring each child scope. PR56153. Submitted By: Edward Lu Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570684 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570530 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 20, 2014
-
-
Jim Jagielski authored
PR: 54852. Only use a dummy_connection for idle processes Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570327 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
FreeBSD: Disable IPv4-mapped listening sockets by default for versions 5+ instead of just for FreeBSD 5. PR: 53824 Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570322 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
handle POLLERR/POLLHUP during poll() to avoid high CPU busy loop. Submitted By: Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener] Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570321 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570168 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1570162 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 17, 2014
-
-
Jim Jagielski authored
mod_proxy_fcgi: Fix error message when an unexpected protocol version number is received from the application. PR: 56110 Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1569007 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Correct the trusted proxy match test in mod_remoteip. PR 54651.\n\nSubmitted By: Yoshinori Ehara <yoshinori ehara gmail com>\nEndorsed By: Eugene L <eugenel amazon com>\nCommited By: mrumph Submitted by: mrumph Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1569006 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Use the correct IP addresses to populate the proxy_ips field in mod_remoteip.c. PR 55972. Submitted by: mrumph Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1569003 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 11, 2014
-
-
Eric Covener authored
mod_lua: Fix r:setcookie() to add, rather than replace, the Set-Cookie header. PR56105 Submitted By: Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com> Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1567328 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 10, 2014
-
-
Jim Jagielski authored
Add %{CONN_REMOTE_ADDR} to mod_rewrite. PR56094 Submitted By: Edward Lu <Chaosed0 gmail com> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1566702 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 05, 2014
-
-
Daniel Gruno authored
Backport r1564727: Fix support for uploading files by using pushlstring instead of pushstring when pushing binary data. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1564729 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 04, 2014
-
-
Jim Jagielski authored
In 2.4, the MPM leaves a copy of the non-disconnected FD sitting in context->accept_socket. This FD will be closed a second time, often shortly after a worker picks it up in this same FD being reused. The first recv fails with WSAENOTSOCK since the same FD was closed in the listener thread while the worker was pulling it off the queue (The second close is of the underlying FD/socket, not a shared apr_socket_t, so it's not short-circuited) This patch makes it a bit more 2.2.x-ish and solves my problem -- the context->accept_socket gets zapped at the bottom of the loop if !disconnected. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1564313 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 25, 2014
-
-
Eric Covener authored
of r1523974 in 9/2013, so they were in 2.4.7. retcon them into the bottom of 2.4.7 CHANGES. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1561358 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1561351 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 24, 2014
-
-
Jim Jagielski authored
mod_session: When we have a session we were unable to decode, behave as if there was no session at all. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1560991 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 23, 2014
-
-
Jim Jagielski authored
mod_session: Fix problems interpreting the SessionInclude and SessionExclude configuration. PR: 56038 Submitted by: Erik Pearson <erik adaptations.com> Reviewed by: trawick Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1560698 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 21, 2014
-
-
Jim Jagielski authored
Merge r1451633, r1451905, r1451921, r1452259, r1453981, r1501913, r1513508, r1531340, r1531370, r1531962, r1533065, r1540052 from trunk: Add in rough uds support (Bugx 54101) from Blaise Tarr <blaise.tarr@gmail.com> Make AF_UNIX aware... fix Windows/Netware?? Follow-up to r1451905 to fix NetWare/Windows compilation. apr trunk-able message tag for dom sock Note about new UDS support UDS subsequent request on a connection fix Reformat the UDS support inline with a new naming structure. Use a flag for speed for testing. syntax sugar... if the worker is associated w/ a UDS, then make sure the log reporting has a visual clue. Ensure that userland format of UDS is the same as how it is configured, no matter how we store and use it internally. Eclipse code analysis warning UDS urls need to be desockified when configuring... Submitted by: jim, fuankg, jim, jim, druggeri, druggeri, jim, jim, jim, jim, jim Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1560081 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 09, 2014
-
-
Jim Jagielski authored
Providers defined in <AuthnProviderAlias have not been usable under in virtual hosts since migrating from mod_authn_alias to mod_authn_core. PR 55622. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1556818 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout. Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout. Document r1524368 in CHANGES. Submitted by: jkaluza Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1556815 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 06, 2014
-
-
Eric Covener authored
Explicitly list in which directories to look for config*.m4 files. If some distributor patches a config*.m4 file with quilt, that will place a copy of the original file in .pc/ . Doing a naive "find ." will then cause both the original and the patched m4 file to be included, causing havoc later on. PR: 55787 Submitted by: sf Reviewed by: trawick, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555792 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk. PR: 55833 Submitted by: covener Reviewed by: jim, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555721 13f79535-47bb-0310-9956-ffa450edef68
-
Kaspar Brand authored
Add support for OpenSSL configuration commands by introducing the SSLOpenSSLConfCmd directive. Proposed by: kbrand Reviewed by: drh, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555683 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 05, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555639 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555563 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555560 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Remove <Proxy ~ wildcard-url> syntax which: - is equivalent to <ProxyMatch wildcard-url> - has never been documented - incorrectly checks parameters (!cmd->path should be !cmd->path[0]) - is buggy (! is missing in front of strncasecmp) Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555552 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_authz_user: Support the expression parser within the require directives. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555548 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_authnz_host: Support the expression parser within the require directives. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555545 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_authnz_groupfile: Support the expression parser within the require directives. Pass the correct pointer that made it past the test suite. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555543 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_authnz_dbm: Support the expression parser within the require directives. Pass the correct pointer that made it past the test suite. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555541 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_authnz_dbd: Support the expression parser within the require directives. Pass the correct pointer that made it past the test suite. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555540 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_authnz_ldap: Support the expression parser within the require directives. Submitted by: minfrin Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555539 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 26, 2013
-
-
Graham Leggett authored
trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1534321 http://svn.apache.org/viewvc?view=revision&revision=1550061 Submitted by: Jan Kaluza <jkaluza redhat.com> Reviewed by: jim, jorton, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1553540 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 18, 2013
-
-
Jim Jagielski authored
mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size previously limited to 64MB. Limit SHMCB_MAX_SIZE to min(UINT_MAX, APR_SIZE_MAX) to match the current code Submitted by: minfrin, sf Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1551932 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 29, 2013
-
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1546547 13f79535-47bb-0310-9956-ffa450edef68
-