| Commit message (Collapse) | Author | Files | Lines |
|---|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920830 13f79535-47bb-0310-9956-ffa450edef68
|
|
all needed directories.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920751 13f79535-47bb-0310-9956-ffa450edef68
|
|
- When the server starts, it looks for new, staged certificates to
activate. If the staged set of files in 'md/staging/<domain>' is messed
up, this could prevent further renewals to happen. Now, when the staging
set is present, but could not be activated due to an error, purge the
whole directory. [icing]
- Fix certificate retrieval on ACME renewal to not require a 'Location:'
header returned by the ACME CA. This was the way it was done in ACME
before it became an IETF standard. Let's Encrypt still supports this,
but other CAs do not. [icing]
- Restore compatibility with OpenSSL < 1.1. [ylavic]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920747 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920744 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920741 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920740 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920622 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920621 13f79535-47bb-0310-9956-ffa450edef68
|
|
via the ENGINE API without SSLCryptoDevice configured.
* modules/ssl/ssl_engine_pphrase.c
(modssl_load_keypair_engine): Return APR_ENOTIMPL if the ENGINE
could not be loaded for the key.
(modssl_load_engine_keypair): Always try loading via ENGINE
(as prior to r1914365) but fall back to the STORE API for
the new APR_ENOTIMPL case.
Github: closes #480
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920597 13f79535-47bb-0310-9956-ffa450edef68
|
|
Submitted by: printfn <printfn users.noreply.github.com>
Github: closes #478
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920589 13f79535-47bb-0310-9956-ffa450edef68
|
|
enough not space to store the macro. Replaced MAX_STRING_LEN by
sizeof(line).
PR: 69258
Submitted by: Marc Stern <marc.stern approach-cyber.com>
Github: closes #479
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920588 13f79535-47bb-0310-9956-ffa450edef68
|
|
Multipath TCP (MPTCP), standardized in RFC8684 [1],
is a TCP extension that enables a TCP connection to
use different paths.
Multipath TCP has been used for several use cases.
On smartphones, MPTCP enables seamless handovers between
cellular and Wi-Fi networks while preserving established
connections. This use-case is what pushed Apple to use
MPTCP since 2013 in multiple applications [2]. On dual-stack
hosts, Multipath TCP enables the TCP connection to
automatically use the best performing path, either IPv4
or IPv6. If one path fails, MPTCP automatically uses
the other path.
To benefit from MPTCP, both the client and the server
have to support it. Multipath TCP is a backward-compatible
TCP extension that is enabled by default on recent
Linux distributions (Debian, Ubuntu, Redhat, ...). Multipath
TCP is included in the Linux kernel since version 5.6 [3].
To use it on Linux, an application must explicitly enable
it when creating the socket. No need to change anything
else in the application.
Adding the possibility to create MPTCP sockets would thus
be a really fine addition to httpd, by allowing clients
to make use of their different interfaces.
This patch introduces the possibilty to connect to backend
servers using MPTCP. Note however that these changes are
only available on Linux, as IPPROTO_MPTCP is Linux specific
for the time being.
For proxies, we can connect using MPTCP by passing the
\"multipathtcp\" parameter:
ProxyPass \"/example\" \"http://backend.example.com\" multipathtcp=On
We then store this information in the worker and create sockets
appropriately according to this value.
Link: https://www.rfc-editor.org/rfc/rfc8684.html [1]
Link: https://www.tessares.net/apples-mptcp-story-so-far/ [2]
Link: https://www.mptcp.dev [3]
Add Multipath TCP (MPTCP) support (Core)
Multipath TCP (MPTCP), standardized in RFC8684 [1],
is a TCP extension that enables a TCP connection to
use different paths.
Multipath TCP has been used for several use cases.
On smartphones, MPTCP enables seamless handovers between
cellular and Wi-Fi networks while preserving established
connections. This use-case is what pushed Apple to use
MPTCP since 2013 in multiple applications [2]. On dual-stack
hosts, Multipath TCP enables the TCP connection to
automatically use the best performing path, either IPv4
or IPv6. If one path fails, MPTCP automatically uses
the other path.
To benefit from MPTCP, both the client and the server
have to support it. Multipath TCP is a backward-compatible
TCP extension that is enabled by default on recent
Linux distributions (Debian, Ubuntu, Redhat, ...). Multipath
TCP is included in the Linux kernel since version 5.6 [3].
To use it on Linux, an application must explicitly enable
it when creating the socket. No need to change anything
else in the application.
Adding the possibility to create MPTCP sockets would thus
be a really fine addition to httpd, by allowing clients
to make use of their different interfaces.
This patch introduces the possibility to listen with MPTCP
sockets. Note however that these changes are only available
on Linux, as IPPROTO_MPTCP is Linux specific for the time being.
To do so, we extended the Listen directive to include
a \"multipathtcp\" option, allowing to create MPTCP sockets
instead of regular TCP ones:
Listen 80 options=multipathtcp
We then store this information in flags for the listen directive
and create sockets appropriately according to this value.
Link: https://www.rfc-editor.org/rfc/rfc8684.html [1]
Link: https://www.tessares.net/apples-mptcp-story-so-far/ [2]
Link: https://www.mptcp.dev [3]
Submitted by: Aperence <anthony.doeraene hotmail.com>
Github: closes #476
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920586 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920572 13f79535-47bb-0310-9956-ffa450edef68
|
|
proxy module which runs after us after r1920570.
Just take care to add r->args in case the proxy rule has the
[NE] flag set and tell the proxy module to not escape in this case.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920571 13f79535-47bb-0310-9956-ffa450edef68
|
|
When mod_rewrite sets a "proxy:" URL with [P], it should be canonicalized by
mod_proxy still, notably to handle any "unix:" local socket part.
To avoid double encoding in perdir context, a follow up commit should remove the
ap_escape_uri() done in mod_rewrite since it's now on mod_proxy to canonicalize,
per PR 69260.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920570 13f79535-47bb-0310-9956-ffa450edef68
|
|
We don't need to loop to skip the safe qmarks (thanks rpluem!).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920566 13f79535-47bb-0310-9956-ffa450edef68
|
|
... by making UNCList EXEC_ON_READ (since Include is EXEC_ON_READ)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920564 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920440 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920323 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920322 13f79535-47bb-0310-9956-ffa450edef68
|
|
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl): Support
SSL_HANDSHAKE_RTT. (ssl_var_lookup_ssl_handshake_rtt): New
function.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup_vars): Add
SSL_HANDSHAKE_RTT.
Submitted by: csmutz
Github: closes #477
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920297 13f79535-47bb-0310-9956-ffa450edef68
|
|
Update translation string
Submitted by: Serhat <49079271+onwp users.noreply.github.com>
Github: closes #456
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920287 13f79535-47bb-0310-9956-ffa450edef68
|
|
version number.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920273 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920161 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920160 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920109 13f79535-47bb-0310-9956-ffa450edef68
|
|
https://lists.apache.org/thread/8hhs2otod7fo44964yd1csck3ddm1fq2
CI: Add job to test LDAP with the (apr 1.7.x, apr-util 1.7.x) combination.
Github: closes #474
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920050 13f79535-47bb-0310-9956-ffa450edef68
|
|
to apr.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920013 13f79535-47bb-0310-9956-ffa450edef68
|
|
Submitted by: Eric Covener
Github: closes #472
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919860 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919678 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919677 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919665 13f79535-47bb-0310-9956-ffa450edef68
|
|
Otherwise, ir breaks ./build.sh validate-xml
I forgot to push that in r1919560.
Thanks lucien Gentis for reporting it to me.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919653 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919628 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919623 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919621 13f79535-47bb-0310-9956-ffa450edef68
|
|
Before r1918550 (r1918559 in 2.4.60), "SetHandler proxy:..." configurations
did not pass through proxy_fixup() hence the proxy_canon_handler hooks, leaving
fcgi's SCRIPT_FILENAME environment variable (from r->filename) decoded, or more
exactly not re-encoded.
We still want to call ap_proxy_canon_url() for "fcgi:" to handle/strip the UDS
"unix:" case and check that r->filename is valid and contains no controls, but
proxy_fcgi_canon() will not ap_proxy_canonenc_ex() thus re-encode anymore.
Note that this will do the same for "ProxyPass fcgi:...", there is no reason
that using SetHandler or ProxyPass don't result in the same thing. If an opt
in/out makes sense we should probably look at ProxyFCGIBackendType.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919620 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919619 13f79535-47bb-0310-9956-ffa450edef68
|
|
substitution. PR 69233.
With "ProxyPassMatch ^/([^/]+)/(.*)$ https://$1/$2", ap_proxy_get_worker_ex()
should not consider the length of scheme://host part of the given URL because
of the globbing match on the host part.
Fix it by setting worker->s>is_host_matchable when creating a worker with host
substitution and avoiding the min_match check in worker_matches() in this case.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919617 13f79535-47bb-0310-9956-ffa450edef68
|
|
MODULES_SYMBOLS)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919602 13f79535-47bb-0310-9956-ffa450edef68
|
|
to generate modules.c file because configure_file() doesn't change
timestamp of file if contents is the the same.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919587 13f79535-47bb-0310-9956-ffa450edef68
|
|
than a 400 where r->path_info is not empty for a file; a valid but
unsatisfiable request to a path which cannot exist,
e.g. /dav/foo.txt/blah where /dav/foo.txt is not a directory.
Github: closes #465
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919580 13f79535-47bb-0310-9956-ffa450edef68
|
|
releases.
Make use of the new <since>.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919564 13f79535-47bb-0310-9956-ffa450edef68
|
|
This is much less verbose and will make wording more consistent in the generated html files.
It is declared in synopsis.xsl because its main use should be here, but it is usable anywhere.
Only the French translation is provided.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919560 13f79535-47bb-0310-9956-ffa450edef68
|
|
r->filename is a "proxy:" one for mod_proxy modules, and ap_directory_walk()
can't cope with that, so force r->uri.
Github: closes #468
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919547 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919543 13f79535-47bb-0310-9956-ffa450edef68
|
|
Using "unix:/udspath|scheme:" or "unix:/udspath|scheme://" for a ProxyPass URL
does not work currently, while it works for SetHandler "proxy:unix:...".
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919533 13f79535-47bb-0310-9956-ffa450edef68
|
|
in <Location> (incomplete fix in 2.4.62). PR 69160.
When SetHandler "unix:..." is used in a <Location "/path"> block, the path
gets appended (including $DOCUMENT_ROOT somehow) to r->filename hence the
current checks in fixup_uds_filename() to add "localhost" when missing don't
work. Fix them.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919532 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919527 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919526 13f79535-47bb-0310-9956-ffa450edef68
|
