summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_lua: Make r.ap_auth_type writableJoe Orton2024-10-114-2/+10
| | | | | | | | | | | | | | | | | This completes the option of setting the remote user by the authentication mechanism which actually verified the user. One possible usecase is that a proxied (upstream) server performs the authentication, but the access log of HTTPd does not contain this information. The upstream server can pass this kind of information back to HTTPd and both servers will have consistent access logs. Submitted by: Michael Osipov <michaelo apache.org> PR: 62497 Github: closes #67 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921260 13f79535-47bb-0310-9956-ffa450edef68
* ErrorLogFormat %{c}t is actually what ISO 8601 calls "extended" format.Yann Ylavic2024-10-111-5/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921259 13f79535-47bb-0310-9956-ffa450edef68
* xforms [skip ci]Yann Ylavic2024-10-1112-688/+791
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921258 13f79535-47bb-0310-9956-ffa450edef68
* Document the %{cuz}t and %{<strftime-format>}t time formats for ErrorLogFormat.Yann Ylavic2024-10-111-0/+9
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921257 13f79535-47bb-0310-9956-ffa450edef68
* ab: Map -c0 to -c<number of workers>. PR 69383Yann Ylavic2024-10-111-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921256 13f79535-47bb-0310-9956-ffa450edef68
* * modules/http/http_filters.c (parse_chunk_size): Joe Orton2024-10-111-2/+8
| | | | | | | | | Update comment after some investigation of a Squid interoperability issue handling BWS after chunk-size, which httpd allows although it is not permitted by RFC 7230 or RFC 9112. [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921254 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_fggi: Follow up to r1919547: Accurate dirwalk for ↵Yann Ylavic2024-10-101-14/+50
| | | | | | | | | | | proxy-fcgi-pathinfo=full Use the proxied uri-path, and try to resolve the script's path first without then with the DocumentRoot prefix. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921238 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_fgci: Follow up to r1919628: Simplify.Yann Ylavic2024-10-101-6/+6
| | | | | | | | Variable from_handler is used once so axe it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921237 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_pphrase.c (modssl_load_keypair_engine):Joe Orton2024-10-011-2/+2
| | | | | | | Downgrade non-fatal errors to APLOG_NOTICE from APLOG_EMERG. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921076 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add SSLClientHelloVars directive which exposes variousJoe Orton2024-10-017-1/+196
| | | | | | | | | | | | | | | | | | | | | | | | | ClientHello properties in new SSL_CLIENTHELLO_* variables. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup_vars): Add SSL_CLIENTHELLO_* vars. (copy_clienthello_vars): New function. (ssl_callback_ClientHello): Call it when needed. * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_clienthello): New function. (ssl_var_lookup_ssl): Call it for SSL_CLIENTHELLO_*. * modules/ssl/ssl_private.h (modssl_clienthello_vars): Add type. (SSLConnRec): Add clienthello_vars pointer. * modules/ssl/ssl_engine_config.c, modules/ssl/mod_ssl.c: Add handling of new SSLClientHelloVars directive. Submitted by: Charles Smutz <csmutz gmail.com> Github: closes #483 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921074 13f79535-47bb-0310-9956-ffa450edef68
* * Take care for the case where nkey is NULLRuediger Pluem2024-10-011-3/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921067 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: Stefan Eissing2024-10-011-1/+2
| | | | | | | | | | | | | | | | h2_mplx: fix debug check when stream was not found A "this should never happen" check logic was wrong when looking *why* a stream that SHOULD be there was not. The loop did not properly match streams in "purge" state. The log warning issued has never been reported, so this code seems to never actually do anything. Still fix the logic to do what it is intended to. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921066 13f79535-47bb-0310-9956-ffa450edef68
* * Fix typo [skip ci]Ruediger Pluem2024-09-271-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920992 13f79535-47bb-0310-9956-ffa450edef68
* fr doc xml file reviewed and corrected.Lucien Gentis2024-09-251-33/+33
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920909 13f79535-47bb-0310-9956-ffa450edef68
* fr doc xml file reviewed and corrected.Lucien Gentis2024-09-241-165/+165
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920873 13f79535-47bb-0310-9956-ffa450edef68
* fr doc rebuild.Lucien Gentis2024-09-232-74/+74
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920857 13f79535-47bb-0310-9956-ffa450edef68
* fr doc xml file reviewed ans corrected.Lucien Gentis2024-09-231-352/+353
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920856 13f79535-47bb-0310-9956-ffa450edef68
* allmodules.xml.fr did not have to be modified, revertingLucien Gentis2024-09-2111-74/+35
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920831 13f79535-47bb-0310-9956-ffa450edef68
* fr doc XML file update.Lucien Gentis2024-09-211-1/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920830 13f79535-47bb-0310-9956-ffa450edef68
* mod_md pytest: fix run on a clean test/gen to createStefan Eissing2024-09-174-3/+10
| | | | | | | | all needed directories. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920751 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: update to version 2.4.28Stefan Eissing2024-09-1715-147/+254
| | | | | | | | | | | | | | | | | - When the server starts, it looks for new, staged certificates to activate. If the staged set of files in 'md/staging/<domain>' is messed up, this could prevent further renewals to happen. Now, when the staging set is present, but could not be activated due to an error, purge the whole directory. [icing] - Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. [icing] - Restore compatibility with OpenSSL < 1.1. [ylavic] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920747 13f79535-47bb-0310-9956-ffa450edef68
* removed experimental mod_tls. source, documenation and test casesStefan Eissing2024-09-1757-9853/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920744 13f79535-47bb-0310-9956-ffa450edef68
* some text formatting cleanupStefan Eissing2024-09-171-17/+17
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920741 13f79535-47bb-0310-9956-ffa450edef68
* update changesStefan Eissing2024-09-1761-225/+274
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920740 13f79535-47bb-0310-9956-ffa450edef68
* fr doc rebuild.Lucien Gentis2024-09-146-4/+12
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920622 13f79535-47bb-0310-9956-ffa450edef68
* fr doc XML files updates.Lucien Gentis2024-09-142-2/+12
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920621 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Fix regression in r1914365 preventing pkcs11: key/cert lookupJoe Orton2024-09-122-11/+22
| | | | | | | | | | | | | | | | via the ENGINE API without SSLCryptoDevice configured. * modules/ssl/ssl_engine_pphrase.c (modssl_load_keypair_engine): Return APR_ENOTIMPL if the ENGINE could not be loaded for the key. (modssl_load_engine_keypair): Always try loading via ENGINE (as prior to r1914365) but fall back to the STORE API for the new APR_ENOTIMPL case. Github: closes #480 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920597 13f79535-47bb-0310-9956-ffa450edef68
* Add jxl mime typeJoe Orton2024-09-122-0/+2
| | | | | | | | Submitted by: printfn <printfn users.noreply.github.com> Github: closes #478 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920589 13f79535-47bb-0310-9956-ffa450edef68
* * modules/core/mod_macro.c (process_content): Return error if there'sJoe Orton2024-09-122-2/+10
| | | | | | | | | | | | enough not space to store the macro. Replaced MAX_STRING_LEN by sizeof(line). PR: 69258 Submitted by: Marc Stern <marc.stern approach-cyber.com> Github: closes #479 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920588 13f79535-47bb-0310-9956-ffa450edef68
* Add Multipath TCP (MPTCP) support (Proxy)Joe Orton2024-09-129-4/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Multipath TCP (MPTCP), standardized in RFC8684 [1], is a TCP extension that enables a TCP connection to use different paths. Multipath TCP has been used for several use cases. On smartphones, MPTCP enables seamless handovers between cellular and Wi-Fi networks while preserving established connections. This use-case is what pushed Apple to use MPTCP since 2013 in multiple applications [2]. On dual-stack hosts, Multipath TCP enables the TCP connection to automatically use the best performing path, either IPv4 or IPv6. If one path fails, MPTCP automatically uses the other path. To benefit from MPTCP, both the client and the server have to support it. Multipath TCP is a backward-compatible TCP extension that is enabled by default on recent Linux distributions (Debian, Ubuntu, Redhat, ...). Multipath TCP is included in the Linux kernel since version 5.6 [3]. To use it on Linux, an application must explicitly enable it when creating the socket. No need to change anything else in the application. Adding the possibility to create MPTCP sockets would thus be a really fine addition to httpd, by allowing clients to make use of their different interfaces. This patch introduces the possibilty to connect to backend servers using MPTCP. Note however that these changes are only available on Linux, as IPPROTO_MPTCP is Linux specific for the time being. For proxies, we can connect using MPTCP by passing the \"multipathtcp\" parameter: ProxyPass \"/example\" \"http://backend.example.com\" multipathtcp=On We then store this information in the worker and create sockets appropriately according to this value. Link: https://www.rfc-editor.org/rfc/rfc8684.html [1] Link: https://www.tessares.net/apples-mptcp-story-so-far/ [2] Link: https://www.mptcp.dev [3] Add Multipath TCP (MPTCP) support (Core) Multipath TCP (MPTCP), standardized in RFC8684 [1], is a TCP extension that enables a TCP connection to use different paths. Multipath TCP has been used for several use cases. On smartphones, MPTCP enables seamless handovers between cellular and Wi-Fi networks while preserving established connections. This use-case is what pushed Apple to use MPTCP since 2013 in multiple applications [2]. On dual-stack hosts, Multipath TCP enables the TCP connection to automatically use the best performing path, either IPv4 or IPv6. If one path fails, MPTCP automatically uses the other path. To benefit from MPTCP, both the client and the server have to support it. Multipath TCP is a backward-compatible TCP extension that is enabled by default on recent Linux distributions (Debian, Ubuntu, Redhat, ...). Multipath TCP is included in the Linux kernel since version 5.6 [3]. To use it on Linux, an application must explicitly enable it when creating the socket. No need to change anything else in the application. Adding the possibility to create MPTCP sockets would thus be a really fine addition to httpd, by allowing clients to make use of their different interfaces. This patch introduces the possibility to listen with MPTCP sockets. Note however that these changes are only available on Linux, as IPPROTO_MPTCP is Linux specific for the time being. To do so, we extended the Listen directive to include a \"multipathtcp\" option, allowing to create MPTCP sockets instead of regular TCP ones: Listen 80 options=multipathtcp We then store this information in flags for the listen directive and create sockets appropriately according to this value. Link: https://www.rfc-editor.org/rfc/rfc8684.html [1] Link: https://www.tessares.net/apples-mptcp-story-so-far/ [2] Link: https://www.mptcp.dev [3] Submitted by: Aperence <anthony.doeraene hotmail.com> Github: closes #476 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920586 13f79535-47bb-0310-9956-ffa450edef68
* * Mention the additional bug [skip ci]Ruediger Pluem2024-09-111-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920572 13f79535-47bb-0310-9956-ffa450edef68
* * Leave the proper escaping of the URL and the adding of r->args to theRuediger Pluem2024-09-111-19/+10
| | | | | | | | | proxy module which runs after us after r1920570. Just take care to add r->args in case the proxy rule has the [NE] flag set and tell the proxy module to not escape in this case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920571 13f79535-47bb-0310-9956-ffa450edef68
* mod_rewrite, mod_proxy: mod_proxy to cononicalize rewritten [P] URLs. PR 69235.Yann Ylavic2024-09-113-14/+13
| | | | | | | | | | | | | When mod_rewrite sets a "proxy:" URL with [P], it should be canonicalized by mod_proxy still, notably to handle any "unix:" local socket part. To avoid double encoding in perdir context, a follow up commit should remove the ap_escape_uri() done in mod_rewrite since it's now on mod_proxy to canonicalize, per PR 69260. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920570 13f79535-47bb-0310-9956-ffa450edef68
* mod_rewrite: Follow up to r1919325: Simplify QSLAST tracking.Yann Ylavic2024-09-111-18/+14
| | | | | | | | We don't need to loop to skip the safe qmarks (thanks rpluem!). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920566 13f79535-47bb-0310-9956-ffa450edef68
* Windows: fix "Include" of UNC paths Eric Covener2024-09-112-1/+3
| | | | | | | ... by making UNCList EXEC_ON_READ (since Include is EXEC_ON_READ) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920564 13f79535-47bb-0310-9956-ffa450edef68
* CI: Update to OpenSSL 3.1.7/3.3.2.Joe Orton2024-09-031-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920440 13f79535-47bb-0310-9956-ffa450edef68
* fr doc rebuild.Lucien Gentis2024-08-312-4/+8
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920323 13f79535-47bb-0310-9956-ffa450edef68
* fr doc XML file update.Lucien Gentis2024-08-311-4/+8
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920322 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add SSL_HANDSHAKE_RTT environment variable.Joe Orton2024-08-304-0/+17
| | | | | | | | | | | | | | | * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl): Support SSL_HANDSHAKE_RTT. (ssl_var_lookup_ssl_handshake_rtt): New function. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup_vars): Add SSL_HANDSHAKE_RTT. Submitted by: csmutz Github: closes #477 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920297 13f79535-47bb-0310-9956-ffa450edef68
* Update tr.xml (#1)Joe Orton2024-08-301-1/+1
| | | | | | | | | | Update translation string Submitted by: Serhat <49079271+onwp users.noreply.github.com> Github: closes #456 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920287 13f79535-47bb-0310-9956-ffa450edef68
* ap_log_error: Include apu_version header to pick up apr-utilGraham Leggett2024-08-291-0/+1
| | | | | | | version number. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920273 13f79535-47bb-0310-9956-ffa450edef68
* fr doc rebuild.Lucien Gentis2024-08-241-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920161 13f79535-47bb-0310-9956-ffa450edef68
* fr doc XML file update.Lucien Gentis2024-08-241-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920160 13f79535-47bb-0310-9956-ffa450edef68
* * Fix typo in anchor [skip ci]Ruediger Pluem2024-08-211-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920109 13f79535-47bb-0310-9956-ffa450edef68
* CI: Install libsasl2-dev to fix build errors with APR trunk/apr-util 1.7.xJoe Orton2024-08-201-1/+14
| | | | | | | | | | | https://lists.apache.org/thread/8hhs2otod7fo44964yd1csck3ddm1fq2 CI: Add job to test LDAP with the (apr 1.7.x, apr-util 1.7.x) combination. Github: closes #474 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920050 13f79535-47bb-0310-9956-ffa450edef68
* ap_log_error: Include text strings from apr-util in additionGraham Leggett2024-08-191-0/+15
| | | | | | | to apr. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920013 13f79535-47bb-0310-9956-ffa450edef68
* don't merge slashes on perdir prefixEric Covener2024-08-132-1/+7
| | | | | | | | | Submitted by: Eric Covener Github: closes #472 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919860 13f79535-47bb-0310-9956-ffa450edef68
* fr doc rebuildLucien Gentis2024-08-052-2/+8
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919678 13f79535-47bb-0310-9956-ffa450edef68
* fr doc XML files updates.Lucien Gentis2024-08-052-4/+10
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919677 13f79535-47bb-0310-9956-ffa450edef68
* CI: Enable Windows job for 2.4.x branch.Ivan Zhakov2024-08-041-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919665 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 00:56:09 +0100