summaryrefslogtreecommitdiffstats
path: root/CMakeLists.txt (follow)
Commit message (Collapse)AuthorAgeFilesLines
* *) mod_http2:Stefan Eissing2021-10-121-12/+9
| | | | | | | | | | | | | | | | | | | | | | - Fixed an issue since 1.15.24 that "Server" headers in proxied requests were overwritten instead of preserved. [PR by @daum3ns] - Added directove 'H2StreamTimeout' to configure a separate value for HTTP/2 streams, overriding server's 'Timeout' configuration. [rpluem] - HTTP/2 connections now use pollsets to monitor the status of the ongoing streams and their main connection when host OS allows this. - Removed work-arounds for older versions of libnghttp2 and checking during configure that at least version 1.15.0 is present. - The HTTP/2 connection state handler, based on an experiment and draft at the IETF http working group (abandoned for some time), has been removed. - H2SerializeHeaders no longer has an effect. A warning is logged when it is set to "on". The switch enabled the internal writing of requests to be parsed by the internal HTTP/1.1 protocol handler and was introduced to avoid potential incompatibilities during the introduction of HTTP/2. - Removed the abort/redo of tasks when mood swings lower the active limit. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894163 13f79535-47bb-0310-9956-ffa450edef68
* *) core: provide ap_ssl_* functions in new http_ssl.h header file.Stefan Eissing2021-03-261-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888083 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: v2.4.0 with improvements and bugfixesStefan Eissing2021-03-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - MDPrivateKeys allows the specification of several types. Beside "RSA" plus optional key lengths elliptic curves can be configured. This means you can have multiple certificates for a Managed Domain with different key types. With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA certificate and all modern client will use the shorter ECDSA, while older client will get the RSA certificate. Many thanks to @tlhackque who pushed and helped on this. - Support added for MDomains consisting of a wildcard. Configuring ```MDomain *.host.net``` will match all virtual hosts matching that pattern and obtain one certificate for it (assuming you have 'dns-01' challenge support configured). Addresses #239. - Removed support for ACMEv1 servers. The only known installation used to be Let's Encrypt which has disabled that version more than a year ago for new accounts. - Andreas Ulm (<https://github.com/root360-AndreasUlm>) implemented the ```renewing``` call to ```MDMessageCmd``` that can deny a certificate renewal attempt. This is useful in clustered installations, as discussed in #233). - New event ```challenge-setup:<type>:<domain>```, triggered when the challenge data for a domain has been created. This is invoked before the ACME server is told to check for it. The type is one of the ACME challenge types. This is invoked for every DNS name in a MDomain. - The max delay for retries has been raised to daily (this is like all retries jittered somewhat to avoid repeats at fixed time of day). - Certain error codes reported by the ACME server that indicate a problem with the configured data now immediately switch to daily retries. For example: if the ACME server rejects a contact email or a domain name, frequent retries will most likely not solve the problem. But daily retries still make sense as there might be an error at the server and un-supervised certificate renewal is the goal. Refs #222. - Test case and work around for domain names > 64 octets. Fixes #227. When the first DNS name of an MD is longer than 63 octets, the certificate request will not contain a CN field, but leave it up to the CA to choose one. Currently, Lets Encrypt looks for a shorter name in the SAN list given and fails the request if none is found. But it is really up to the CA (and what browsers/libs accept here) and may change over the years. That is why the decision is best made at the CA. - Retry delays now have a random +/-[0-50]% modification applied to let retries from several servers spread out more, should they have been restarted at the same time of day. - Fixed several places where the 'badNonce' return code from an ACME server was not handled correctly. The test server 'pebble' simulates this behaviour by default and helps nicely in verifying this behaviour. Thanks, pebble! - Set the default `MDActivationDelay` to 0. This was confusing to users that new certificates were deemed not usably before a day of delay. When clocks are correct, using a new certificate right away should not pose a problem. - When handling ACME authorization resources, the module no longer requires the server to return a "Location" header, as was necessary in ACMEv1. Fixes #216. - Fixed a theoretical uninitialized read when testing for JSON error responses from the ACME CA. Reported at <https://bz.apache.org/bugzilla/show_bug.cgi?id=64297>. - ACME problem reports from CAs that include parameters in the Content-Type header are handled correctly. (Previously, the problem text would not be reported and retries could exist CA limits.) - Account Update transactions to V2 CAs now use the correct POST-AS-GET method. Previously, an empty JSON object was sent - which apparently LE accepted, but others reject. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887337 13f79535-47bb-0310-9956-ffa450edef68
* Support PCRE2 compile and linkage on WindowsWilliam A. Rowe Jr2020-09-051-2/+9
| | | | | | | | | | - Embeds the HAVE_PCRE2 define as a compiler flag rather than try to work around .h file substitutions, because the flag is only relevant to compiling the single server/util_pcre.c file. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1881478 13f79535-47bb-0310-9956-ffa450edef68
* Remove problematic version check for OpenSSL < 1.0.2William A. Rowe Jr2020-08-101-13/+0
| | | | | | | | | | | | | This addresses several concerns; - There is no valid release of OpenSSL < 1.0.2 to incorporate security fixes, particularly on Windows, and particularly as vetted by the project. - File structure of opensslv.h has changed in such as a way as to completely invalidate the CMake FindOpenSSL macros, so 3.0.0 cannot be determined. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1880754 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: Adding the several new features.Stefan Eissing2019-10-161-1/+2
| | | | | | | | | | | | | | | | | The module offers an implementation of OCSP Stapling that can replace fully or for a limited set of domains the existing one from mod_ssl. OCSP handling is part of mod_md's monitoring and message notifications. If can be used for sites that do not have ACME certificates. The url for a CTLog Monitor can be configured. It is used in the server-status to link to the external status page of a certicate. The MDMessageCmd is called with argument "installed" when a new certificate has been activated on server restart/reload. This allows for processing of the new certificate, for example to applications that require it in different locations or formats. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868506 13f79535-47bb-0310-9956-ffa450edef68
* Complete mod_md CMake config by adding a _requires iterator, using the officialWilliam A. Rowe Jr2019-08-301-25/+20
| | | | | | | | curl FIND_PACKAGE logic and completing the jansson detection logic. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1866131 13f79535-47bb-0310-9956-ffa450edef68
* Improvement to mod_md cmake support. thanks to bill.Stefan Eissing2019-08-301-1/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1866119 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: copy recent fixes, adding new sources to mod_md.dspStefan Eissing2019-06-251-0/+50
| | | | | | | | Adding module to CMakeLists, needs testing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862041 13f79535-47bb-0310-9956-ffa450edef68
* Removing no longer existing h2 source file from cmake.Stefan Eissing2019-04-041-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1856910 13f79535-47bb-0310-9956-ffa450edef68
* Patch PR 62567. Fix by Michal Karm Babacek <michal.babacek gmail.com>Jim Jagielski2018-08-091-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837717 13f79535-47bb-0310-9956-ffa450edef68
* * Forward port r1832855 missing in trunk.Ruediger Pluem2018-07-251-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836613 13f79535-47bb-0310-9956-ffa450edef68
* Avoid cyclic dependency by moving ap_set_etag() from module http to core.Yann Ylavic2018-06-061-1/+1
| | | | | | | | | | | | | This function, along with ap_make_etag(), is used by the default_handler in core.c, and in several modules other than builtin mod_http, breaking static linking and httpdunit tests build. The move is done by "svn move modules/http/http_etag.c server/util_etag.c". MMN major bumped, not backportable (as is) to 2.4.x. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833083 13f79535-47bb-0310-9956-ffa450edef68
* modules/md/mod_md.h is now a new public APIRainer Jung2018-04-091-0/+1
| | | | | | | | | | | | | also used by other modules (currently mod_ssl), so it must be in the include path. It was missing for cmake builds. Note that this change does not yet enable building mod_md itself using cmake. That part is still missing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828669 13f79535-47bb-0310-9956-ffa450edef68
* Fix missing util_debug.c omitted from CMakeLists.txtWilliam A. Rowe Jr2018-02-271-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1825504 13f79535-47bb-0310-9956-ffa450edef68
* httpdunit: add CMake support for WindowsJacob Champion2017-05-251-0/+67
| | | | | | | | Add a CMake version of the httpdunit build system. At the moment, the only annoyance is that CMake doesn't like globbing source files, so the generator must be re-run whenever test cases are added. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/httpdunit@1796206 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-03-251-1/+1
| | | | | | | | | | mod_http2: h2 workers with improved scalability for better scheduling performance. There are H2MaxWorkers threads created at start and the number is kept constant. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1788672 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-01-211-1/+1
| | | | | | | | | | | | *) mod_http2: rework of stream resource cleanup to avoid a crash in a close of a lingering connection. Prohibit special file bucket beaming for shared buckets. Files sent in stream output now use the stream pool as read buffer, reducing memory footprint of connections. [Yann Ylavic, Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1779738 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1768070, wire mod_socache_redis into windows build schemesWilliam A. Rowe Jr2016-12-161-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1774657 13f79535-47bb-0310-9956-ffa450edef68
* mod_brotli: Update makefiles to use the library layout of the officialEvgeny Kotkov2016-11-291-2/+2
| | | | | | | | | | | | | Brotli repository. With the recent update (https://github.com/google/brotli/pull/464), the official repository now produces pkg-config metadata files (brotli.pc), and has a fixed library layout (libbrotlicommon/libbrotlienc/libbrotlidec) on both Windows and Linux. Expect this layout in the makefiles, and take advantage of the pkg-config metadata, if it's available. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1771827 13f79535-47bb-0310-9956-ffa450edef68
* various fixes, mod_cgid interop, response/trailer forwarding rewritten, ↵Stefan Eissing2016-10-031-1/+1
| | | | | | stability git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1763158 13f79535-47bb-0310-9956-ffa450edef68
* mod_brotli: Add initial implementation.Evgeny Kotkov2016-09-211-0/+29
| | | | | | | | | | | | | | | | | | | | | This new module supports dynamic Brotli (RFC 7932) compression. Existing mod_deflate installations can benefit from better compression ratio by sending Brotli-compressed data to the clients that support it: SetOutputFilter BROTLI_COMPRESS;DEFLATE The module features zero-copy processing, which is only possible with the new API from the upcoming 1.0.x series of brotli [1]. The Linux makefile works against libbrotli [2], as currently the core brotli repository doesn't offer a way to build a library [3]. Apart from that, only the CMake build is now supported. [1] https://github.com/google/brotli [2] https://github.com/bagder/libbrotli [3] https://github.com/google/brotli/pull/332 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1761714 13f79535-47bb-0310-9956-ffa450edef68
* CMake: quote installation pathsJacob Champion2016-07-121-5/+5
| | | | | | | Deal with installation paths with spaces in them (e.g. "C:\Program Files") by quoting the arguments to perl and xcopy. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1752333 13f79535-47bb-0310-9956-ffa450edef68
* CMake: use generator expressions to find output filesJacob Champion2016-07-121-9/+9
| | | | | | | | | Multi-configuration generators, like Visual Studio, use a different output directory (Debug, Release, etc.) for each configuration. To find the output files reliably, switch to using generator expressions instead of hardcoding the file paths for PDBs, export files, etc. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1752332 13f79535-47bb-0310-9956-ffa450edef68
* CMake: use CMAKE_REQUIRED_INCLUDES to find APR macrosJacob Champion2016-07-121-1/+2
| | | | | | | | | | | | When using CMake with Visual Studio on Windows, invoking the CHECK_SYMBOL_EXISTS macro with the full paths to the include files seems to always result in failure. Instead, use the documented CMAKE_REQUIRED_INCLUDES variable to set the include directory, and pass only the headers' base names to CHECK_SYMBOL_EXISTS. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1752331 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http2: own h2_proxy_util.c source file to avoid duplicate use of ↵Stefan Eissing2016-06-091-1/+1
| | | | | | h2_util.c, updated dsp and cmake as well as configure files git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1747550 13f79535-47bb-0310-9956-ffa450edef68
* applied mod_proxy_http2 related cmake biuld changes as proposed by Evgeny KotkovStefan Eissing2016-05-121-2/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1743512 13f79535-47bb-0310-9956-ffa450edef68
* mod_http2/mod_proxy_http2: no longer reusing h2_request.o for proxy moduleStefan Eissing2016-04-291-2/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1741596 13f79535-47bb-0310-9956-ffa450edef68
* mod_http2: elimination of h2_io intermediate stream instancesStefan Eissing2016-04-201-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1740155 13f79535-47bb-0310-9956-ffa450edef68
* mod_http2: new bucket beams for tranporting buckets across threads without ↵Stefan Eissing2016-04-151-5/+3
| | | | | | buffer copy. Code cleanup git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1739303 13f79535-47bb-0310-9956-ffa450edef68
* mod_http2: support for several different request engines per connection, ↵Stefan Eissing2016-03-051-1/+1
| | | | | | fixes CVE-2016-1546 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1733727 13f79535-47bb-0310-9956-ffa450edef68
* goodbye h2_stream_set, hello h2_ihash in h2_utilStefan Eissing2016-02-251-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1732295 13f79535-47bb-0310-9956-ffa450edef68
* using proxy http2 connection concurrently, if main connection also uses ↵Stefan Eissing2016-02-181-1/+1
| | | | | | http/2, needs more hardening git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1731096 13f79535-47bb-0310-9956-ffa450edef68
* More mod_proxy_http2 build support:Rainer Jung2016-02-121-0/+9
| | | | | | | | | - include in Windows and Netware LoadModule lists - add to cmake build file Untested. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1730075 13f79535-47bb-0310-9956-ffa450edef68
* Follow-up r1720608, hello h2_filter.cGregg Lewis Smith2015-12-171-10/+11
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1720651 13f79535-47bb-0310-9956-ffa450edef68
* goodbye h2_to_h1, hello h2_push.cGregg Lewis Smith2015-11-111-6/+6
| | | | | | | followup to r1713887 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1713937 13f79535-47bb-0310-9956-ffa450edef68
* add new h2_bucket_* files to cmake buildGregg Lewis Smith2015-11-031-1/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1712382 13f79535-47bb-0310-9956-ffa450edef68
* leave LoadModule of mod_http2 commented-out by defaultJeff Trawick2015-10-041-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1706640 13f79535-47bb-0310-9956-ffa450edef68
* Support mod_http2 in cmake-based build for WindowsJeff Trawick2015-10-031-0/+39
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1706627 13f79535-47bb-0310-9956-ffa450edef68
* Fix a cmake compatiblity issue related to quoting with cmake 2.8.12Jeff Trawick2014-09-161-3/+3
| | | | | | | | | | and later. PR: 56615 Submitted by: Chuck Liu <cliu81 gmail.com>, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1625196 13f79535-47bb-0310-9956-ffa450edef68
* follow-up to r1588987:Jeff Trawick2014-04-221-0/+24
| | | | | | | Support build of mod_ssl_ct on Windows git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1589009 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add hooks to allow other modules to perform processing atJeff Trawick2014-04-151-0/+2
| | | | | | | | | | | several stages of initialization and connection handling. See mod_ssl_openssl.h. This is enough to allow implementation of Certificate Transparency outside of mod_ssl. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1587607 13f79535-47bb-0310-9956-ffa450edef68
* Report OpenSSL directories in configuration summaryJeff Trawick2014-03-291-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1583005 13f79535-47bb-0310-9956-ffa450edef68
* Workaround issue with defining a preprocessor symbol to a string valueJeff Trawick2013-11-181-6/+21
| | | | | | | | | | | with embedded blanks. The extra, escaped quoting in the original version is required for passing the definition over the command-line, but it broke Visual Studio builds. For now, avoid the extra quoting when generating for Visual Studio. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1543149 13f79535-47bb-0310-9956-ffa450edef68
* fix versioninfo fields for abs.exeJeff Trawick2013-11-181-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1543147 13f79535-47bb-0310-9956-ffa450edef68
* cmake build support for Windows is now in the 2.4.x branch; remove support ↵Jeff Trawick2013-11-141-47/+18
| | | | | | for building that branch git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1541922 13f79535-47bb-0310-9956-ffa450edef68
* When building modules with prereqs, search httpd include dirsJeff Trawick2013-10-051-1/+1
| | | | | | | | | before prereq include dirs in case httpd is installed to the same place as the prereq, in which case we might be using an older httpd .h file. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1529452 13f79535-47bb-0310-9956-ffa450edef68
* skiplist is goneJeff Trawick2013-10-051-1/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1529440 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1527295:Jeff Trawick2013-09-301-0/+5
| | | | | | | | ssl_engine_dh.c is still in 2.4.x, and (perhaps unexpectedly) this cmake list supports both trunk and 2.4.x for the time being. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1527570 13f79535-47bb-0310-9956-ffa450edef68
* Improve ephemeral key handling (companion to r1526168):Kaspar Brand2013-09-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | - allow to configure custom DHE or ECDHE parameters via the SSLCertificateFile directive, and adapt its documentation accordingly (addresses PR 49559) - add standardized DH parameters from RFCs 2409 and 3526, use them based on the length of the certificate's RSA/DSA key, and add a FAQ entry for clients which limit DH support to 1024 bits (such as Java 7 and earlier) - move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to ssl_util_ssl.c, and add ssl_ec_GetParamFromFile() - drop ssl_engine_dh.c from mod_ssl For the standardized DH parameters, OpenSSL version 0.9.8a or later is required, which was therefore made a new minimum requirement in r1527294. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1527295 13f79535-47bb-0310-9956-ffa450edef68