summaryrefslogtreecommitdiffstats
path: root/modules/ssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* mod_ssl: Revert r1868929 on trunk (only).Yann Ylavic2024-10-161-8/+7
| | | | | | | | | | | | We discussed in 2019 that after 2.4.x's backport r1873907 we should apply normal/usual merging for SSLProtocol in next versions (thus trunk first). See: https://lists.apache.org/thread/76yh7j3fwj2tsmffsqcqpv4mcfph5vqx Make this happen finally. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921360 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1921336.Joe Orton2024-10-161-4/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921357 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Disallow SSLOpenSSLConfCmd within vhost context since itJoe Orton2024-10-151-0/+4
| | | | | | | | | | | | has global effect. * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLOpenSSLConfCmd): Disallow use within vhost context. PR: 69397 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921336 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_pphrase.c (modssl_load_keypair_engine):Joe Orton2024-10-011-2/+2
| | | | | | | Downgrade non-fatal errors to APLOG_NOTICE from APLOG_EMERG. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921076 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add SSLClientHelloVars directive which exposes variousJoe Orton2024-10-015-1/+161
| | | | | | | | | | | | | | | | | | | | | | | | | ClientHello properties in new SSL_CLIENTHELLO_* variables. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup_vars): Add SSL_CLIENTHELLO_* vars. (copy_clienthello_vars): New function. (ssl_callback_ClientHello): Call it when needed. * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_clienthello): New function. (ssl_var_lookup_ssl): Call it for SSL_CLIENTHELLO_*. * modules/ssl/ssl_private.h (modssl_clienthello_vars): Add type. (SSLConnRec): Add clienthello_vars pointer. * modules/ssl/ssl_engine_config.c, modules/ssl/mod_ssl.c: Add handling of new SSLClientHelloVars directive. Submitted by: Charles Smutz <csmutz gmail.com> Github: closes #483 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921074 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Fix regression in r1914365 preventing pkcs11: key/cert lookupJoe Orton2024-09-121-11/+20
| | | | | | | | | | | | | | | | via the ENGINE API without SSLCryptoDevice configured. * modules/ssl/ssl_engine_pphrase.c (modssl_load_keypair_engine): Return APR_ENOTIMPL if the ENGINE could not be loaded for the key. (modssl_load_engine_keypair): Always try loading via ENGINE (as prior to r1914365) but fall back to the STORE API for the new APR_ENOTIMPL case. Github: closes #480 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920597 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add SSL_HANDSHAKE_RTT environment variable.Joe Orton2024-08-302-0/+15
| | | | | | | | | | | | | | | * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl): Support SSL_HANDSHAKE_RTT. (ssl_var_lookup_ssl_handshake_rtt): New function. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup_vars): Add SSL_HANDSHAKE_RTT. Submitted by: csmutz Github: closes #477 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920297 13f79535-47bb-0310-9956-ffa450edef68
* * Check for correct OpenSSL version for mod_ssl_ctRuediger Pluem2024-07-051-1/+11
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1918935 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Let modssl_set_io_callbacks() whether which callback is needed.Yann Ylavic2024-07-033-13/+16
| | | | | | | | | | | | | | | | | | | | * modules/ssl/ssl_private.h: Add conn_rec and server_rec args to modssl_set_io_callbacks(). * modules/ssl/ssl_engine_io.c(modssl_set_io_callbacks): Don't set modssl_io_cb for log levels below TRACE4. * modules/ssl/ssl_engine_io.c(ssl_io_filter_init), modules/ssl/ssl_engine_kernel.c(ssl_find_vhost): Call modssl_set_io_callbacks() unconditionally. * modules/ssl/ssl_engine_io.c(modssl_io_cb): While at it, (cmd & BIO_CB_WRITE) is enough to differentiate a write from read. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1918883 13f79535-47bb-0310-9956-ffa450edef68
* * Restore SSL dumping for OpenSSL >= 3.0. Ruediger Pluem2024-07-031-14/+47
| | | | | | | | | | | | | | Since r1908537 BIO_set_callback_ex is used with OpenSSL >= 3.0 instead of BIO_set_callback to set the BIO callback. The meaning of parameters and their range of values in the callback function set by BIO_set_callback_ex has changed compared to the callback function set by BIO_set_callback although parameters kept their names. Accommodate for this and adjust the code accordingly. Furthermore limit the size of dumps to APR_UINT16_MAX bytes. Given the length of SSL records of 16k this should not have practical implications. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1918880 13f79535-47bb-0310-9956-ffa450edef68
* Fix ENGINE use with OpenSSL 3.2, which appears to be broken due to aJoe Orton2024-05-283-10/+28
| | | | | | | | | | | | | | | | | | refcounting issue in mod_ssl. * modules/ssl/ssl_engine_pphrase.c (modssl_engine_cleanup): New function. (modssl_load_keypair_engine): Take pconf & ptemp arguments, don't call ENGINE_finish() immediately but register the above cleanup. (modssl_load_engine_keypair): Pass through pconf & ptemp. * modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Pass through pconf and ptemp to modssl_load_engine_keypair. Github: closes #446 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1918024 13f79535-47bb-0310-9956-ffa450edef68
* Fail if SSLInsecureRenegotiation is used with mod_ssl, CVE-2009-3555Joe Orton2024-05-093-18/+1
| | | | | | | | | | | | | | | is now approaching 15 years old. * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLInsecureRenegotiation): Fail if used. (ssl_config_server_new, ssl_config_server_merge): Remove insecure reneg handling. * modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Remove insecure_reneg handling. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1917600 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl_ct: Fix format warnings.Yann Ylavic2024-04-121-2/+2
| | | | | | | | | | * modules/ssl/mod_ssl_ct.c(client_extension_add_callback, server_extension_add_callback): Variable ext_type is unsigned, so use %u instead of %hu. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916924 13f79535-47bb-0310-9956-ffa450edef68
* * Ensure that we set the default DH parameters for the keyRuediger Pluem2024-04-081-5/+6
| | | | | | | | | | | | | Replace else with an if as the if branch no longer ensures that custome DH parameters have been loaded. This fixes a regression that causes the default DH parameters for a key no longer set and thus effectively disabling DH ciphers when no explicit DH parameters are set. PR: 68863 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916863 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Allow for "SSLCompression off" still when OPENSSL_NO_COMP.Yann Ylavic2024-03-261-2/+4
| | | | | | | | | | | | Latest OpenSSL versions have OPENSSL_NO_COMP by default, avoid breaking existing "SSLCompression off" in configurations since it's a noop. * modules/ssl/ssl_engine_config.c(ssl_cmd_SSLCompression): Don't fail for OPENSSL_NO_COMP if the flag is "off". git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916561 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair):Joe Orton2024-02-291-9/+10
| | | | | | | | | Update to avoid GCC warning for no-engine builds where the SSLModConfigRec is not used. Also log an error for the ENOTIMPL path. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916057 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Check SSL_CTX_new() return valueJoe Orton2024-02-291-0/+5
| | | | | | | | | | SSL_CTX_new() will return NULL if there was an error creating a new SSL context. Submitted by: StephenWall Github: closes #402 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916054 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Follow up to r1913815: szCryptoDevice to NULL when ↵Yann Ylavic2024-02-201-3/+1
| | | | | | | | | | | | | | | | !MODSSL_HAVE_ENGINE_API Latest OpenSSL versions removed the ENGINE API completely, still provide NULL SSLModConfigRec::szCryptoDevice since it's used outside MODSSL_HAVE_ENGINE_API. SSLModConfigRec is a private struct, so no MMN change. * modules/ssl/ssl_private(SSLModConfigRec): Provide szCryptoDevice (NULL) even if !MODSSL_HAVE_ENGINE_API. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1915889 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair): FixJoe Orton2023-12-131-1/+6
| | | | | | | build (hopefully) for OpenSSL 3.x with OPENSSL_NO_ENGINE defined. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914622 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add support for loading keys from OpenSSL 3.x providers viaJoe Orton2023-12-054-12/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | the STORE API. Separates compile-time support for the STORE API (supported in 3.x) from support for the ENGINE API (deprecated in 3.x). * modules/ssl/ssl_private.h: Define MODSSL_HAVE_OPENSSL_STORE for OpenSSL 3.0+. * modules/ssl/ssl_engine_pphrase.c (modssl_load_store_uri, modssl_load_keypair_store): New functions. (modssl_load_keypair_engine): Renamed from modssl_load_keypair_engine. (modssl_load_engine_keypair): Reimplement to use new STORE-based functions if SSLCryptoDevice was not configured, or else old ENGINE implementation. * modules/ssl/ssl_util.c (modssl_is_engine_id): Match pkcs11: URIs also for the OpenSSL 3.x STORE API. * modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Tweak log message on error paths for the provider/STORE case. Signed-off-by: Ingo Franzki <ifranzki linux.ibm.com> Submitted by: Ingo Franzki <ifranzki linux.ibm.com> Github: closes #397, closes #398 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914365 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Follow up to r1908537: Fix typo ↵Yann Ylavic2023-12-041-1/+1
| | | | | | s/MODSSL_USE_ENGINE_API/MODSSL_HAVE_ENGINE_API/ git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914318 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1874101: Axe useless LIBRESSL_VERSION_NUMBER check.Yann Ylavic2023-11-161-2/+0
| | | | | | | | | | Since the fix to MODSSL_USE_OPENSSL_PRE_1_1_API in r1908537, we are sure that !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL in this block. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913838 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set. PR 68080Yann Ylavic2023-11-153-9/+4
| | | | | | | | | | | | | | | | | | Also, always allow for "SSLCryptoDevice builtin" even if the ENGINE API is not available, OPENSSL_NO_ENGINE or more generally with the new API (providers) available since OpenSSL >= 3. * ssl_private.h: Set MODSSL_HAVE_ENGINE_API to 0 if OPENSSL_NO_ENGINE. * mod_ssl.c, ssl_engine_config.c: Don't depend on HAVE_OPENSSL_ENGINE_H and HAVE_ENGINE_INIT to provide [ssl_cmd_]SSLCryptoDevice. Submitted by: ylavic, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913815 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Silence info log message "SSL Library Error: error:0A000126:Rainer Jung2023-08-301-0/+8
| | | | | | | | | SSL routines::unexpected eof while reading" when using OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if available. [Rainer Jung] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1912015 13f79535-47bb-0310-9956-ffa450edef68
* log an error if BIO_write(3) failsGiovanni Bechis2023-06-071-1/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1910269 13f79535-47bb-0310-9956-ffa450edef68
* check BIO_read return valuesGiovanni Bechis2023-06-071-5/+16
| | | | | | | | submitted by Jiasheng Jiang bz #65922 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1910268 13f79535-47bb-0310-9956-ffa450edef68
* add SSL_CTX_set_session_id_context(3) checksGiovanni Bechis2023-04-041-3/+13
| | | | | | | bz #66226 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908971 13f79535-47bb-0310-9956-ffa450edef68
* check SSL_do_handshake(3) return value Giovanni Bechis2023-04-041-3/+7
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908964 13f79535-47bb-0310-9956-ffa450edef68
* SSL_do_handshake can fail with 0 or <0 status codes.Giovanni Bechis2023-04-031-1/+1
| | | | | | | spotted and fixed by rpluem@ git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908936 13f79535-47bb-0310-9956-ffa450edef68
* check for more possible SSL failuresGiovanni Bechis2023-03-301-4/+1
| | | | | | | bz #66225 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908805 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Fix deprecation warnings with openssl-3.Yann Ylavic2023-03-1913-140/+288
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * mod_ssl_openssl.h: Make it the first openssl to be included openssl header, selecting the OpenSSL api based on OPENSSL_API_COMPAT eventually. * ssl_private.h; Define OPENSSL_API_COMPAT to version 1.1.1 (last one supporting EGINE_ API) before including mod_ssl_openssl.h to enable the ENGINE_ api (TODO: switch to new "providers" api before the ENGINE_ api is abandonned..). mod_ssl.h is now implicitely included from there. Fix preprocessor "#define FOO (COND)" to "#if COND #define FOO 1 #else #define FOO 0". Define MODSSL_HAVE_ENGINE_API iff OPENSSL_API_COMPAT < 3.0 (otherwise all the engine features are disabled, only "builtin" is accepted). Define HAVE_SRP iff OPENSSL_API_COMPAT < 3.0 (no replacement for this api above, so it might not be implemenentedain httpd anymore at some point..). Define X509_get_not{Before,After} if missing to the non deprecated version. New modssl_set_io_callbacks() to factorize compat code for io callbacks. ssl_dh_GetParamFromFile() becomes modssl_dh_from_file() for openssl < 3.0 and modssl_dh_pkey_from_file() for openssl >= 3.0. * mod_ssl.c, mod_ssl_ct.c, ssl_util_stapling: Including "ssl_private.h" only is suited/enough now. * mod_ssl_ct.c, ssl_ct_log_config: Use EVP api with openssl >= 3 instead of the deprecated SHA256 one. * ssl_engine_config.c(ssl_cmd_SSLCryptoDevice): Disabled engines (besides NULL/"builtin"/NULL) unless MODSSL_HAVE_ENGINE_API. * ssl_engine_init: New compat modssl_runtime_lib_version() to address deprecated SSLeay(). ssl_init_Engine() does nothing unless MODSSL_HAVE_ENGINE_API. Simplify ssl_init_server_certs() (less #ifdef-ery) with scoped local vars. Compat loading DH parameters and EC curve from cert. * ssl_engine_io.c, ssl_engine_kernel.c: Implement common modssl_set_io_callbacks() and use it. * ssl_engine_pphrase(modssl_load_engine_keypair): Depend on MODSSL_HAVE_ENGINE_API, or return ENOTIMPL. * ssl_util.c(modssl_is_engine_id): No engine supported unless MODSSL_HAVE_ENGINE_API. * ssl_util_ssl.c(modssl_dh_pkey_from_file, modssl_ec_group_from_file): Compat with openssl >= 3.0. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908537 13f79535-47bb-0310-9956-ffa450edef68
* * Favour HUGE_STRING_LEN * 2 over 1024 * 16Ruediger Pluem2023-03-131-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908339 13f79535-47bb-0310-9956-ffa450edef68
* Add SSL_SHARED_CIPHER environment variableDirk-Willem van Gulik2023-03-062-0/+6
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908132 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_ssl: when a proxy connection had handled a request using SSL, anStefan Eissing2022-08-011-0/+7
| | | | | | | | | | error was logged when "SSLProxyEngine" was only configured in the location/proxy section and not the overall server. The connection continued to work, the error log was in error. Fixed PR66190. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903167 13f79535-47bb-0310-9956-ffa450edef68
* check BN_bn2dec return valueGiovanni Bechis2022-06-281-1/+6
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1902302 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Missing bit from r1901470 to handle OpenSSL-3+ FIPS.Yann Ylavic2022-06-091-1/+1
| | | | | | | | OPENSSL_FIPS is no longer defined with openssl-3, it always HAVE_FIPS. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901772 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: SSLFIPS compatible with OpenSSL 3.0. PR 66063.Yann Ylavic2022-06-012-4/+14
| | | | | | | | | | | | | | | | * modules/ssl/ssl_private.h(): #define modssl_fips_is_enabled() and modssl_fips_enable() to wrap the native OpenSSL FIPS functions available on OPENSSL_VERSION_NUMBER. * modules/ssl/ssl_engine_init.c(ssl_init_Module, modssl_fips_cleanup): Use the new wrappers instead of the OPENSSL_VERSION_NUMBER < 3.0 functions. Submitted by: Petr Sumbera <petr.sumbera oracle.com>, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901470 13f79535-47bb-0310-9956-ffa450edef68
* Fix some typosChristophe Jaillet2022-05-082-3/+3
| | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900694 13f79535-47bb-0310-9956-ffa450edef68
* Fix a typoChristophe Jaillet2022-05-081-1/+1
| | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900693 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_io.c:Joe Orton2022-04-271-72/+8
| | | | | | | | | | | | | Drop noop functions for BIO methods mod_ssl doesn't implement. OpenSSL handles missing BIO methods internally in BIO_xxxx() wrappers. Consistently log at TRACE4 unhandled _ctrl commands, but note these are not a "BUG" as in the previous log message. PR: 66028 Github: closes #316 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900309 13f79535-47bb-0310-9956-ffa450edef68
* free memory when neededGiovanni Bechis2022-02-251-1/+6
| | | | | | | bz #65905 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898410 13f79535-47bb-0310-9956-ffa450edef68
* return early if X509_STORE_CTX_init failsGiovanni Bechis2022-02-241-1/+4
| | | | | | | bz 65902 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898368 13f79535-47bb-0310-9956-ffa450edef68
* return early if ASN1_STRING_new failsGiovanni Bechis2022-02-241-0/+4
| | | | | | | bz 65902 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898367 13f79535-47bb-0310-9956-ffa450edef68
* release memory if neededGiovanni Bechis2022-02-242-2/+7
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898366 13f79535-47bb-0310-9956-ffa450edef68
* *) core/mod_ssl/mpm_event: reverting changes to nonblocing SSL handshakesStefan Eissing2022-02-042-112/+17
| | | | | | | | | | to stabilize CI tests again. Previous revision of trunk has been copied to branches/trunk-ssl-handshake-unblocking to make those into a PR where changes can be discussed and tested separately. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897760 13f79535-47bb-0310-9956-ffa450edef68
* check BIO_new(3) return valuesGiovanni Bechis2022-02-015-8/+25
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897663 13f79535-47bb-0310-9956-ffa450edef68
* core: Efficient ap_thread_current() when apr_thread_local() is missing.Yann Ylavic2022-01-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | #define ap_thread_create, ap_thread_current_create and ap_thread_current to their apr-1.8+ equivalent if available, or implement them using the compiler's thread_local mechanism if available, or finally provide stubs otherwise. #define AP_HAS_THREAD_LOCAL to 1 in the two former case or 0 otherwise, while AP_THREAD_LOCAL is defined to the compiler's keyword iff AP_HAS_THREAD_LOCAL. Replace all apr_thread_create() calls with ap_thread_create() so that httpd threads can use ap_thread_current()'s pool data as Thread Local Storage. Bump MMN minor. * include/httpd.h(): Define AP_HAS_THREAD_LOCAL, AP_THREAD_LOCAL (eventually), ap_thread_create(), ap_thread_current_create() and ap_thread_current(). * server/util.c: Implement ap_thread_create(), ap_thread_current_create() and ap_thread_current() when APR < 1.8. * modules/core/mod_watchdog.c, modules/http2/h2_workers.c, modules/ssl/mod_ssl_ct.c: Use ap_thread_create() instead of apr_thread_create. * server/main.c: Use AP_HAS_THREAD_LOCAL and ap_thread_current_create instead of APR's. * server/util_pcre.c: Use AP_HAS_THREAD_LOCAL and ap_thread_current instead of APR's. * server/mpm/event/event.c, server/mpm/worker/worker.c, server/mpm/prefork/prefork.c: Use ap_thread_create() instead of apr_thread_create. Create an apr_thread_t/ap_thread_current() for the main chaild thread usable at child_init(). * server/mpm/winnt/child.c: Use ap_thread_create() instead of CreateThread(). Create an apr_thread_t/ap_thread_current() for the main chaild thread usable git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897460 13f79535-47bb-0310-9956-ffa450edef68
* Begone, foul tabs.Graham Leggett2022-01-241-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897424 13f79535-47bb-0310-9956-ffa450edef68
* event: Add AP_MPM_CAN_AGAIN and AGAIN to signal to the MPM thatGraham Leggett2022-01-241-5/+5
| | | | | | | non blocking behaviour is requested. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897423 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Use AP_FILTER_ERROR to indicate when the SSL filter hasGraham Leggett2022-01-242-2/+2
| | | | | | | handled its own errors. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897418 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 20:04:16 +0100