| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908132 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907983 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
[Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904518 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904517 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
[Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904516 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903745 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1902370 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901596 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901551 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901035 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901034 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
changes-entries method for CHANGES handling.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900025 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
"10" for HeartbeatMaxServers instead of "0". With "0"
no shared memory slotmem was initialized.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899809 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until this change httpd was linking libsystemd to the main httpd binary. If you want to run lightweight version of httpd in container, sometimes you just want to install
httpd binary with as little dependencies as possible to make container small in size and do not pull uncencessary dependencies and libraries.
This change will move all systemd library calls from listen.c to mod_systemd module and remove systemd linking from the main httpd bin.
Fixed mixed declaration and wrongly declared variable.
Submitted by: Luboš Uhliarik <luhliari redhat.com>
Github: closes #312
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899784 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899479 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
to dynamically added balancers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899390 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898697 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897862 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897858 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
to stabilize CI tests again. Previous revision of trunk has been copied
to branches/trunk-ssl-handshake-unblocking to make those into a PR where
changes can be discussed and tested separately.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897760 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
non blocking behaviour is requested.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897423 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
CONN_STATE_READ_REQUEST_LINE phase, in addition to the existing
CONN_STATE_WRITE_COMPLETION phase. Update mod_ssl to perform non blocking
TLS handshakes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897281 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897273 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
path in the DirectoryMatch and LocationMatch directives. This allows
modules like mod_dav to map URLs to URL spaces or to directories on
the filesystem.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897156 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895957 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895953 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895718 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895558 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893983 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
[skip ci]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893735 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893590 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893049 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892879 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892737 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891478 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891217 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
an attempt to load a dbm driver fails, log clearly which driver triggered
the error (not "default"), and what the error was.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891019 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889961 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
[skip ci]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888963 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
[skip ci]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888925 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888270 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
- MDCertificateFile and MDCertificateKeyFile can now be specified several
times to add multiple, static certificates to a MDomain.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887923 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- MDPrivateKeys allows the specification of several types. Beside "RSA" plus
optional key lengths elliptic curves can be configured. This means you can
have multiple certificates for a Managed Domain with different key types.
With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA
certificate and all modern client will use the shorter ECDSA, while older
client will get the RSA certificate.
Many thanks to @tlhackque who pushed and helped on this.
- Support added for MDomains consisting of a wildcard. Configuring
```MDomain *.host.net``` will match all virtual hosts matching that pattern
and obtain one certificate for it (assuming you have 'dns-01' challenge
support configured). Addresses #239.
- Removed support for ACMEv1 servers. The only known installation used to
be Let's Encrypt which has disabled that version more than a year ago for
new accounts.
- Andreas Ulm (<https://github.com/root360-AndreasUlm>) implemented the
```renewing``` call to ```MDMessageCmd``` that can deny a certificate
renewal attempt. This is useful in clustered installations, as
discussed in #233).
- New event ```challenge-setup:<type>:<domain>```, triggered when the
challenge data for a domain has been created. This is invoked before the
ACME server is told to check for it. The type is one of the ACME challenge
types. This is invoked for every DNS name in a MDomain.
- The max delay for retries has been raised to daily (this is like all
retries jittered somewhat to avoid repeats at fixed time of day).
- Certain error codes reported by the ACME server that indicate a problem
with the configured data now immediately switch to daily retries. For
example: if the ACME server rejects a contact email or a domain name,
frequent retries will most likely not solve the problem. But daily retries
still make sense as there might be an error at the server and un-supervised
certificate renewal is the goal. Refs #222.
- Test case and work around for domain names > 64 octets. Fixes #227.
When the first DNS name of an MD is longer than 63 octets, the certificate
request will not contain a CN field, but leave it up to the CA to choose one.
Currently, Lets Encrypt looks for a shorter name in the SAN list given and
fails the request if none is found. But it is really up to the CA (and what
browsers/libs accept here) and may change over the years. That is why
the decision is best made at the CA.
- Retry delays now have a random +/-[0-50]% modification applied to let
retries from several servers spread out more, should they have been
restarted at the same time of day.
- Fixed several places where the 'badNonce' return code from an ACME server
was not handled correctly. The test server 'pebble' simulates this behaviour
by default and helps nicely in verifying this behaviour. Thanks, pebble!
- Set the default `MDActivationDelay` to 0. This was confusing to users that
new certificates were deemed not usably before a day of delay. When clocks are
correct, using a new certificate right away should not pose a problem.
- When handling ACME authorization resources, the module no longer requires
the server to return a "Location" header, as was necessary in ACMEv1.
Fixes #216.
- Fixed a theoretical uninitialized read when testing for JSON error responses
from the ACME CA. Reported at <https://bz.apache.org/bugzilla/show_bug.cgi?id=64297>.
- ACME problem reports from CAs that include parameters in the Content-Type
header are handled correctly. (Previously, the problem text would not be
reported and retries could exist CA limits.)
- Account Update transactions to V2 CAs now use the correct POST-AS-GET method.
Previously, an empty JSON object was sent - which apparently LE accepted,
but others reject.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887337 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
[skip ci]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887311 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
| |
certificate and key instead of file names.
Added support for this in mod_ssl and verified with a local mod_md
version that uses it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887151 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- ap_ssl_add_cert_files() to enable other modules like mod_md to provide
certificate and keys for an SSL module like mod_ssl.
- ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
provide a fallback certificate in case no 'proper' certificate is
available for an SSL module like mod_ssl.
- ap_ssl_answer_challenge() to enable other modules like mod_md to
provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge
for the ACME protocol for an SSL module like mod_ssl.
- Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and
'ssl_answer_challenge' where modules like mod_md can provide providers
to the above mentioned functions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887085 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887053 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
default, rather than as an opt-in configure flag. (This has been
tested in Fedora for >12 months without seeing any new problems)
* configure.in: Check for CMSG_DATA here, and define HAVE_FDPASSING
and $ap_has_fdpassing if fd passing is supported.
* modules/generator/config5.m4,
modules/generator/mod_cgid.c: Drop configure flag for mod_cgid
fdpassing support, instead enable where possible by default.
* modules/proxy/config.m4: Rely on configure test for CMSG_DATA.
* .travis.yml: Switch test for cgid fdpassing for testing w/o
CMSG_DATA.
Github: closes #172
PR: 54221
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1886912 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885661 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885658 13f79535-47bb-0310-9956-ffa450edef68
|
