summaryrefslogtreecommitdiffstats
path: root/changes-entries (follow)
Commit message (Collapse)AuthorAgeFilesLines
* *) mod_md: fixed a bug leading to failed transfers for OCSPStefan Eissing2022-05-061-0/+3
| | | | | | | | | stapling information when more than 6 certificates needed updates in the same run. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900628 13f79535-47bb-0310-9956-ffa450edef68
* ab: Add the -W option to use worker threads.Yann Ylavic2022-04-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows for multiple CPUs to handle the load, the number of requests and concurrency level asked are distributed over the configured number of workers, allowing for as much parallelism. On unixes (only for now), -W0 will use all the CPUs available on the system. To avoid synchronization during runtime, the stats and requests times are gathered per worker and consolidated at the end of the run before being printed. Connection closes, keepalives and errors are now handled in a single place, namely cleanup_connection(), which takes care of the good/bad state of each request based on the response fully received or not. When multiple workers are running, SIGINT is handled by the main thread only and masked in workers, workers are asked to stop and woken up if waiting in poll(). A single worker is started first to determine the connectivity with the peer, if that fails (10 tries) ab will stop early still without starting the other workers, otherwise the first worker will signal the main thread to start the others. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900362 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: remove unused and insecure code. Fixes PR66037.Stefan Eissing2022-04-281-0/+3
| | | | | | | | Thanks to Ronald Crane (Zippenhop LLC) for reporting this. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900356 13f79535-47bb-0310-9956-ffa450edef68
* * removing duplicatae changes entryStefan Eissing2022-04-271-5/+0
| | | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900315 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: implement full auto status ("key: value" type status output).Stefan Eissing2022-04-271-0/+5
| | | | | | | | | | | | Especially not only status summary counts for certificates and OCSP stapling but also lists. Auto status format is similar to what was used for mod_proxy_balancer. added change desription for code added in r1900313. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900314 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: added support for managing certificates via aStefan Eissing2022-04-271-0/+5
| | | | | | | | | | local tailscale demon for users of that secure networking. This gives trusted certificates for tailscale assigned domain names in the *.ts.net space. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900313 13f79535-47bb-0310-9956-ffa450edef68
* * Use apr_size_t instead of int to avoid an overflowRuediger Pluem2022-04-271-0/+2
| | | | | | | PR: 66034 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900307 13f79535-47bb-0310-9956-ffa450edef68
* * Avoid an overflow on large inputsRuediger Pluem2022-04-271-0/+2
| | | | | | | PR: 66033 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900306 13f79535-47bb-0310-9956-ffa450edef68
* ab: Allow for TLSv1.3 when the SSL library supports it.Yann Ylavic2022-04-221-0/+2
| | | | | | | | | | | | | | | | When TLS1_3_VERSION is defined by the SSL library, bump the maximum TLS protocol to that and use it for "-f ALL" or "-f TLSv1.3". This mixes proposed patches from BZ 63594 and 64699. BZ: 63594, 64699 Submitted by: abhilash <abhilash1232 gmail.com> Submitted by: xiaolongx.jiang intel.com Submitted & Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900157 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: a possible NULL pointer deref was fixed inStefan Eissing2022-04-221-0/+4
| | | | | | | | | the JSON code for persisting time periods (start+end). Fixes #282 on mod_md's github. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900145 13f79535-47bb-0310-9956-ffa450edef68
* core: Disable TCP_NOPUSH optimization on OSX. BZ 66019.Yann Ylavic2022-04-211-0/+2
| | | | | | | | | | | | | | | | | | OSX supports TCP_NOPUSH but does not release the data retained (in TCP stack) when the option is unset. It seems that unsetting it before the last write does not help either so just disable the optimization for OSX in the core output filter to avoid uncontrollable transmission delays. * server/core_filters.c(): Add the sock_nopush() helper that does nothing on OSX and platforms not supporting TCP_NOPUSH or TCP_CORK. * server/core_filters.c(send_brigade_nonblocking): Use sock_nopush() instead of apr_socket_opt_set() for APR_TCP_NOPUSH option. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900100 13f79535-47bb-0310-9956-ffa450edef68
* * Implement full auto status ("key: value" type status output).Stefan Eissing2022-04-191-0/+5
| | | | | | | | | | | Especially not only status summary counts for certificates and OCSP stapling but also lists. Auto status format is similar to what was used for mod_proxy_balancer. [Rainer Jung] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900039 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_proxy: Add backend port to log messages toRainer Jung2022-04-191-0/+2
| | | | | | | ease identification of involved service. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900028 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_heartmonitor: Set the documented default valueRainer Jung2022-04-191-0/+3
| | | | | | | | "10" for HeartbeatMaxServers instead of "0". With "0" no shared memory slotmem was initialized. [Rainer Jung] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900026 13f79535-47bb-0310-9956-ffa450edef68
* * Add Changelog for r1899451, r1899454, r1899562, r1899564, r1899584Ruediger Pluem2022-04-151-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899886 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: use the new REQUEST buckets to forward requestStefan Eissing2022-04-131-0/+4
| | | | | | | | | on secondary connections. Use the now generic ap_process_connection() in h2 workers to process those. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899802 13f79535-47bb-0310-9956-ffa450edef68
* Merge PR 311:Stefan Eissing2022-04-131-0/+10
| | | | | | | | | | | | | | | | *) core/mod_http: use REQUEST meta buckets and a new HTTP/1.x specific input filter to separate the handling for HTTP requests from the handling of HTTP/1.x request parsing and checks. A new HTTP1_REQUEST_IN filter installs itself on http/1.1 connections before a request is being read. It generates either a REQUEST meta bucket on success or an ERROR bucket with the proposed response status. The core connection processing, relying on ap_read_request(), now expects a REQUEST or ERROR bucket from the input filters and is agnostic to specific HTTP versions and how they bring requests into the server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899799 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1899777: CHANGES entry [skip ci].Yann Ylavic2022-04-121-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899786 13f79535-47bb-0310-9956-ffa450edef68
* *) core/mod_http: use RESPONSE meta buckets and a new HTTP/1.x specificStefan Eissing2022-04-071-0/+9
| | | | | | | | | | | | | | filter to send responses through the output filter chain. Specifically: the HTTP_HEADER output filter and ap_send_interim_response() create a RESPONSE bucket and no longer are concerned with HTTP/1.x serialization. A new HTTP1_RESPONSE_OUT transcode filter writes the proper HTTP/1.x bytes when dealing with a RESPONSE bucket. That filter installs itself on the pre_read_request hook when the connection has protocol 'http/1.1'. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899648 13f79535-47bb-0310-9956-ffa450edef68
* *) core: make ap_escape_quotes() work correctly on stringsStefan Eissing2022-04-061-0/+4
| | | | | | | | | with more than MAX_INT/2 characters, counting quotes double. Credit to <generalbugs@zippenhop.com> for finding this. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899609 13f79535-47bb-0310-9956-ffa450edef68
* *) core: adding a new hook and method to the API:Stefan Eissing2022-03-181-0/+11
| | | | | | | | | | | | | | | | | create_secondary_connection and ap_create_secondary_connection() to setup connections related to a "master" one, as used in the HTTP/2 protocol implementation. *) mod_http2: using the new API calls to get rid of knowledge about how the core handles conn_rec specifics. Improvements in pollset stream handling to use less sets. Using atomic read/writes instead of volatiles now. Keeping a reserve of "transit" pools and bucket_allocs for use on secondary connections to avoid repeated setup/teardowns. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899032 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries [skip ci]Yann Ylavic2022-03-0713-51/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898697 13f79535-47bb-0310-9956-ffa450edef68
* core: Make sure and check that LimitXMLRequestBody fits in system memory.Yann Ylavic2022-03-071-0/+2
| | | | | | | | | | | | LimitXMLRequestBody can not exceed the size needed to ap_escape_html2() the body without failing to allocate memory, so enforce this at load time based on APR_SIZE_MAX, and make sure that ap_escape_html2() is within the bounds. Document the limits for LimitXMLRequestBody in our docs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898686 13f79535-47bb-0310-9956-ffa450edef68
* core: Simpler connection close logic if discarding the request body fails.Yann Ylavic2022-03-071-0/+2
| | | | | | | | | If ap_discard_request_body() sets AP_CONN_CLOSE by itself it simplifies and allows to consolidate end_output_stream() and error_output_stream(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898683 13f79535-47bb-0310-9956-ffa450edef68
* mod_rewrite: URI-to-filename rewrites to transparently handle proxy mappings.Yann Ylavic2022-03-011-0/+2
| | | | | | | | | | | | | | | | | | | | Since mod_rewrite works on r->filename and mod_proxy's mapping=servlet|decoded sets its "proxy:" URL there at pre_translate_name stage (i.e. before mod_rewrite's translate_name hook), users have to match the full proxy URL in their RewriteRules to handle proxy mappings, which is not very friendly nor consistent with how proxy non-mapping requests have to be matched. Let's use r->filename = r->uri in hook_uri2file() for pre_trans'ed reverse proxy requests, and restore r->filename to its original value if the request was finally DECLINED (like in hook_fixup). But if a proxy mapping gets rewritten to a non-proxy request, clear any proxy specific r->proxyreq or r->handler so that processing continues accordingly. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898509 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_watchdog: use the `child_stopping` and `child_stopped` hooksStefan Eissing2022-02-241-0/+4
| | | | | | | | | to shutdown workers before pool destruction releases global resources and libraries. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898370 13f79535-47bb-0310-9956-ffa450edef68
* * core/mpm: add hook 'child_stopped` that gets called when the MPM hasStefan Eissing2022-02-241-0/+5
| | | | | | | | | | stopped all processing in a child process. This is when all running threads shall be stopped and joined. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898369 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: preserve the port number given in a HTTP/1.1Stefan Eissing2022-02-171-0/+3
| | | | | | | | request that was Upgraded to HTTP/2. Fixes PR65881. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898146 13f79535-47bb-0310-9956-ffa450edef68
* * Change the logic to choose the maximum of both timeouts (front end socket,Ruediger Pluem2022-02-161-0/+5
| | | | | | | | | | | | backend socket) instead of the minimum as backend timeouts can be configured more selectively (per worker if needed) as front end timeouts and typically the backend timeouts reflect the application requirements better. PR: 65886 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898127 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: :scheme pseudo-header values, not matching theStefan Eissing2022-02-101-3/+7
| | | | | | | | | | | | connection scheme, are forwarded via absolute uris to the http protocol processing to preserve semantics of the request. Checks on combinations of pseudo-headers values/absence have been added as described in RFC 7540. Fixes <https://github.com/icing/mod_h2/issues/230>. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897940 13f79535-47bb-0310-9956-ffa450edef68
* ab: Fix the detection for when the server performed a legitimateGraham Leggett2022-02-091-0/+5
| | | | | | | | | connection close as per RFC7230 6.3.1. We must check whedther the connection was previously kept alive, and not whether the current closed request is keepalive. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897912 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: when a h2 request carries a ':scheme' pseudoheader,Stefan Eissing2022-02-081-0/+3
| | | | | | | | | it gives a 400 response if the scheme does not match the connection. Fixes <https://github.com/icing/mod_h2/issues/230>. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897872 13f79535-47bb-0310-9956-ffa450edef68
* ab: Add an optional ramp delay when starting concurrent connections soGraham Leggett2022-02-081-0/+5
| | | | | | | | | as to not trigger denial of service protection in the network. Report levels of concurrency achieved in cases where the test completes before full concurrency is achieved. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897866 13f79535-47bb-0310-9956-ffa450edef68
* * mod_md) do not interfere with requests to /.well-known/acme-challenge/Stefan Eissing2022-02-081-0/+4
| | | | | | | | | resources if challenge type 'http-01' is not configured for a domain. Fixes <https://github.com/icing/mod_md/issues/279>. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897863 13f79535-47bb-0310-9956-ffa450edef68
* Reinstate r1897458 accidentally reverted in r1897760.Graham Leggett2022-02-081-0/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897861 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1896253: CHANGES entry. [skip ci]Yann Ylavic2022-02-081-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897859 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries. [skip ci]Yann Ylavic2022-02-087-20/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897858 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: the status description in MDomain's JSON, exposed in theStefan Eissing2022-02-071-0/+4
| | | | | | | | | | md-status handler (if configure) did sometimes not carry the correct message when certificates needed renew. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897819 13f79535-47bb-0310-9956-ffa450edef68
* *) core/mod_ssl/mpm_event: reverting changes to nonblocing SSL handshakesStefan Eissing2022-02-041-5/+0
| | | | | | | | | | to stabilize CI tests again. Previous revision of trunk has been copied to branches/trunk-ssl-handshake-unblocking to make those into a PR where changes can be discussed and tested separately. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897760 13f79535-47bb-0310-9956-ffa450edef68
* * Stupid mine. Evgeny is a committer hereRuediger Pluem2022-01-311-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897619 13f79535-47bb-0310-9956-ffa450edef68
* * Fix typoRuediger Pluem2022-01-311-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897615 13f79535-47bb-0310-9956-ffa450edef68
* * CHANGES entry for r1897182Ruediger Pluem2022-01-311-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897614 13f79535-47bb-0310-9956-ffa450edef68
* ab: Respond appropriately to SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE.Graham Leggett2022-01-251-0/+5
| | | | | | | | Previously the correct event was polled for, but the response to the poll would call write instead of read, and read instead of write. PR 55952 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897458 13f79535-47bb-0310-9956-ffa450edef68
* mod_reqtimeout: Set socket timeout for AP_MODE_INIT.Yann Ylavic2022-01-241-0/+1
| | | | | | | | | | If the SSL handshake is initiated by ssl_hook_process_connection() in AP_MODE_INIT mode, we still want to adapt the socket timeout according to the time left for the handshake. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897422 13f79535-47bb-0310-9956-ffa450edef68
* mod_unixd: Make CoreDumpDirectory work for FreeBSD 11+. PR 65819.Yann Ylavic2022-01-201-0/+2
| | | | | | | | | | FreeBSD 11+ coredumping requires tracing enabled via procctl(PROC_TRACE_CTL). Submitted by: David CARLIER <devnexen gmail.com> Reviewed by: ylavic (by inspection) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897269 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1897240: CHANGES entry.Yann Ylavic2022-01-201-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897242 13f79535-47bb-0310-9956-ffa450edef68
* mpm_event: Fix a possible listener deadlock. PR 65769.Yann Ylavic2021-12-291-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the listener starts accepting more connections than the number of workers already started (due to scheduling), the listening sockets gets disabled (per AH03269) but nothing was re-enabling them before the end of the connections, despite the creation of more idle/available workers in the meantime. In the wost case there is no idle worker when the listener accepts the first connection thus nothing to wake up the listener blocked in poll() with no socket, hence a deadlock. Fix this by waking up the listener when a worker becomes idle and this unblocks connections_above_limit(). This is also worthwhile when all the workers are started (fully initialized runtime) since the number of idle workers is a condition for connections_above_limit() anyway so the sooner the listeners are re-enabled the better (the other condition is the number of connections which is unblocked appropriately by decrement_connection_count() already). Also when a child exists with ps->quiescing == 1 and it's caught by server_main_loop() before perform_idle_server_maintenance(), active_daemons was not decrement as needed (including accross restarts), leading to an invalid active_daemons accounting. * server/mpm/event/event.c(should_enable_listensocks): New helper that returns whether listenning sockets can be poll()ed again. * server/mpm/event/event.c(decrement_connection_count, listener_thread): Use should_enable_listensocks() where previously open-coded. * server/mpm/event/event.c(worker_thread): Wake up the listener when is_idle => 1 and should_enable_listensocks(). Have a single point of exit when workers_may_exit to make sure that the wake always occurs (even when exiting). * server/mpm/event/event.c(server_main_loop): Decrement active_daemons not only when !ps->quiescing but also when ps->quiescing == 1, i.e. all the cases not handled by perform_idle_server_maintenance() already. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896505 13f79535-47bb-0310-9956-ffa450edef68
* Add a change entry for r1896278Christophe Jaillet2021-12-221-0/+6
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896279 13f79535-47bb-0310-9956-ffa450edef68
* Sync changes-entries [skip ci].Yann Ylavic2021-12-143-12/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895953 13f79535-47bb-0310-9956-ffa450edef68
* http: Enforce that fully qualified uri-paths not to be forward-proxiedYann Ylavic2021-12-131-0/+3
| | | | | | | | | | | | have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. The early checks avoid failing the request later on and thus save cycles for those invalid cases. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895921 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 00:02:11 +0100