summaryrefslogtreecommitdiffstats
path: root/modules (follow)
Commit message (Collapse)AuthorAgeFilesLines
* event: Add support for non blocking behaviour in theGraham Leggett2022-01-213-13/+65
| | | | | | | | | CONN_STATE_READ_REQUEST_LINE phase, in addition to the existing CONN_STATE_WRITE_COMPLETION phase. Update mod_ssl to perform non blocking TLS handshakes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897281 13f79535-47bb-0310-9956-ffa450edef68
* Revert 1897156.Graham Leggett2022-01-201-93/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897273 13f79535-47bb-0310-9956-ffa450edef68
* SEDERR_TMAMES and SEDERR_TMRMES are used only in sed1.c with 'eval->lnum' as ↵Christophe Jaillet2022-01-201-2/+2
| | | | | | | | | | an argument. 'eval' is of type 'struct sed_eval_s' and 'lnum' is an apr_int64_t. So use APR_INT64_T_FMT format specifier to be more consistent. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897271 13f79535-47bb-0310-9956-ffa450edef68
* The format specifier is APR_SIZE_T_FMT, so there is no point in trying to ↵Christophe Jaillet2022-01-201-4/+2
| | | | | | | | log -1 if apr_file_read() fails, because size_t is unsigned. It is more straighforward to log the real value returned by apr_file_read() in such a case. The error code is also logged anyway. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897270 13f79535-47bb-0310-9956-ffa450edef68
* mod_unixd: Make CoreDumpDirectory work for FreeBSD 11+. PR 65819.Yann Ylavic2022-01-201-0/+16
| | | | | | | | | | FreeBSD 11+ coredumping requires tracing enabled via procctl(PROC_TRACE_CTL). Submitted by: David CARLIER <devnexen gmail.com> Reviewed by: ylavic (by inspection) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897269 13f79535-47bb-0310-9956-ffa450edef68
* mod_dav: Follow up to r1897156: Fix warning.Yann Ylavic2022-01-181-1/+1
| | | | | | | | | | | | | | | | | | In file included from mod_dav.c:51: mod_dav.c: In function ‘uripath_is_canonical’: mod_dav.c:774:38: error: passing argument 1 of ‘ap_strchr’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 774 | dot_pos = strchr(dot_pos + 1, '.')) { | ~~~~~~~~^~~ /home/travis/build/apache/httpd/include/httpd.h:2469:34: note: in definition of macro ‘strchr’ 2469 | # define strchr(s, c) ap_strchr(s,c) | ^ /home/travis/build/apache/httpd/include/httpd.h:2457:36: note: expected ‘char *’ but argument is of type ‘const char *’ 2457 | AP_DECLARE(char *) ap_strchr(char *s, int c); | ~~~~~~^ git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897183 13f79535-47bb-0310-9956-ffa450edef68
* * Allocate the dav_liveprop_elem structure only once in the lifetime of theRuediger Pluem2022-01-181-2/+8
| | | | | | | | resource->pool and reuse it to avoid unnecessary huge memory allocations during collection walks. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897182 13f79535-47bb-0310-9956-ffa450edef68
* core: Allow an optional expression to be specified for an effectiveGraham Leggett2022-01-171-2/+93
| | | | | | | | | path in the DirectoryMatch and LocationMatch directives. This allows modules like mod_dav to map URLs to URL spaces or to directories on the filesystem. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897156 13f79535-47bb-0310-9956-ffa450edef68
* Follow-up to r1896361.Christophe Jaillet2022-01-071-3/+2
| | | | | | Use a cleaner solution. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896817 13f79535-47bb-0310-9956-ffa450edef68
* Fix some typo.Christophe Jaillet2021-12-269-13/+13
| | | | | | Add some missing spaces spotted here and there to better comply with coding style git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896409 13f79535-47bb-0310-9956-ffa450edef68
* Fix some typoChristophe Jaillet2021-12-2510-23/+23
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896393 13f79535-47bb-0310-9956-ffa450edef68
* Close a file handle in case of error in ct_static_scts()Christophe Jaillet2021-12-241-0/+1
| | | | | | PR 65760 <ryancaicse gmail.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896361 13f79535-47bb-0310-9956-ffa450edef68
* Try to workaround a linkage issue with rustls.Christophe Jaillet2021-12-221-0/+13
| | | | | | | | | See https://github.com/rustls/rustls-ffi/issues/133 for discussion about it. Only 1.55, 1.56 and 1.57 should be affected. Tested with 1.56.1 on Linux pop-os 5.15.5 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896278 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: Bump max worker name to 384 chars.Yann Ylavic2021-12-211-2/+3
| | | | | | | | | | The worker name is a fully qualified URI while the hostname's limit is 256 already, so potentially more than 256 are needed to store the name. Let's use 384. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896253 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Fix -Werror=unused-value in ssl_var_lookup_ssl_cert_data().Yann Ylavic2021-12-151-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1896008 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: Axe useless setting of *balancer to NULL in ap_proxy_pre_request()Yann Ylavic2021-12-151-4/+2
| | | | | | | | | | It's already NULL per the enclosing "if" test. Also, while at a non-functional change, break a close long log line to <80 col. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895986 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: follow up to r1895921: Don't prevent forwarding URIs w/ no hostname.Yann Ylavic2021-12-153-8/+14
| | | | | | | | | | | | | | r1895921 changed proxy_detect() to disable forward proxying for URIs with no hostname which is wrong, there might exist a third-party proxy module handling the "urn:" scheme for instance (thanks Roy for the catch!). For this to work, we also need to leave the forward proxied URI alone in ap_proxy_pre_request() with no UDS special case or alike, a proxy module can then catch (or not) the original URI as expected. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895981 13f79535-47bb-0310-9956-ffa450edef68
* * Improve error handlingRuediger Pluem2021-12-151-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895970 13f79535-47bb-0310-9956-ffa450edef68
* http: Enforce that fully qualified uri-paths not to be forward-proxiedYann Ylavic2021-12-133-8/+8
| | | | | | | | | | | | have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. The early checks avoid failing the request later on and thus save cycles for those invalid cases. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895921 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: Detect unix: scheme syntax errors at load time.Yann Ylavic2021-12-132-7/+28
| | | | | | | | | | | | | * modules/proxy/mod_proxy.c(add_pass, add_member, set_proxy_param, proxysection): Check return value of ap_proxy_de_socketfy(). * modules/proxy/proxy_util.c(ap_proxy_get_worker_ex): Check return value of ap_proxy_de_socketfy(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895914 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_io.c (bio_filter_in_ctrl): Remove debuggingJoe Orton2021-12-101-1/+0
| | | | | | | | | | | | | assert for unexpected control commands, matching bio_filter_out_ctrl which also ignores such invocations. Fixes core dumps in debug builds with OpenSSL 3.0.0 which triggers this via the BIO_get_ktls_recv() call on the SSL bio, aka BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, ...); See: https://github.com/openssl/openssl/blob/105af0ad923a665ca5fee296b52dbf34b524a2aa/ssl/record/rec_layer_s3.c#L274 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895774 13f79535-47bb-0310-9956-ffa450edef68
* * When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 ↵Stefan Eissing2021-12-092-3/+13
| | | | | | | | | | | | | | | | | connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request. See PR65731 at <https://bz.apache.org/bugzilla/show_bug.cgi?id=65731>. The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. No changes-entries, since this fix is proposed for backport on the 1.15.x module codebase in 2.4.x in a separate PR. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895724 13f79535-47bb-0310-9956-ffa450edef68
* * Correctly sent a 100 Continue status code when sending an interimRuediger Pluem2021-12-091-0/+3
| | | | | | | | | | response as result of an Expect: 100-Continue in the request and not the current status code of the request. PR: 65725 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895719 13f79535-47bb-0310-9956-ffa450edef68
* * Do not change the status code after we already sent it to the client.Ruediger Pluem2021-12-092-5/+0
| | | | | | | | | Changing the status code after we sent it to the client causes a status code being logged that is different from the one sent to the client which can be confusing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895715 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: fixed a bug in v2.0.0 that could lead to an infiniteStefan Eissing2021-12-0614-112/+154
| | | | | | | | | | loop when clients close connections prematurely. Enhanced the scoreboard status updates on h2 connections for mod_status. 'server-status' now gives a better idea what the connection is working on. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895614 13f79535-47bb-0310-9956-ffa450edef68
* * modules/filters/mod_deflate.c (deflate_in_filter): Handle FLUSH inJoe Orton2021-12-031-29/+31
| | | | | | | | | | | the input brigade even if done inflating (ctx->done is true), but don't try to flush the inflate stream in that case. (Caught by Coverity) Github: closes #280 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895552 13f79535-47bb-0310-9956-ffa450edef68
* * mod_tls: remove modules.mk, should not be under version controlStefan Eissing2021-12-011-7/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895472 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_tls: added mod_tls from abetterinternet, donatedStefan Eissing2021-11-3024-0/+7223
| | | | | | | | | | | | | | by ISRG/Prossimo <https://github.com/abetterinternet/mod_tls>. - adds font-/backend TLS (v1.2/v1.3) via the Rust rustls crate and its rustls-ffi C binding <https://github.com/rustls/rustls-ffi>. - documentation at <https://github.com/abetterinternet/mod_tls> (adding to Apache's manual TBD) - build support for Apache httpd configure on *nix platforms, rustls is linked statically into mod_tls. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895432 13f79535-47bb-0310-9956-ffa450edef68
* * mod_md: install the early config hook with _FIRST, so thatStefan Eissing2021-11-301-1/+1
| | | | | | | | they run before any ssl modules runs get_certificates hooks. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895428 13f79535-47bb-0310-9956-ffa450edef68
* * mod_http2: handle gracefully when SSL_PROTOCOL variable is not available.Stefan Eissing2021-11-301-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895427 13f79535-47bb-0310-9956-ffa450edef68
* * mod_http2: the new pollset implementation is disabled whenStefan Eissing2021-11-261-1/+3
| | | | | | | | compiling with an APR version less than 1.6. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895349 13f79535-47bb-0310-9956-ffa450edef68
* Revert spurious commit r1895340.Yann Ylavic2021-11-252-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895341 13f79535-47bb-0310-9956-ffa450edef68
* Trigger ci.Yann Ylavic2021-11-252-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895340 13f79535-47bb-0310-9956-ffa450edef68
* mod_http2: fix logic for non-proxy Server and Date response headers.Yann Ylavic2021-11-251-5/+5
| | | | | | | | | | | | First error was in r1890564 where the test for !PROXYREQ_NONE was replaced by PROXYREQ_RESPONSE (which is never the case besides the fake proxy origin request) so a mod_h2 PR tried to fix that but the logic is now incorrect. Let's finally use the same logic as ap_basic_http_header(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895336 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: SetEnv proxy-nohalfclose to disable half-close tunneling. PR 65662.Yann Ylavic2021-11-242-3/+18
| | | | | | | | | Some connect/wstunnel protocols might want half-close forwarding while some might not, let's provide an r->subprocess_env opt-out. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895304 13f79535-47bb-0310-9956-ffa450edef68
* * mod_md: resurrection of r1893969 after accidental overwrite in r1894610Stefan Eissing2021-11-242-7/+12
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895287 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: values for External Account Binding (EAB) canStefan Eissing2021-11-242-5/+45
| | | | | | | | | | now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895285 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: always return an EOS bucket for requestsStefan Eissing2021-11-111-4/+4
| | | | | | | | that have no body on c2 connection input filter. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894949 13f79535-47bb-0310-9956-ffa450edef68
* * mod_http2: a regression in v1.15.24 of the modules was fixed thatStefan Eissing2021-11-042-4/+2
| | | | | | | | | | | | could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See <https://github.com/icing/mod_h2/issues/212>. [@hansborr, @famzah, Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894728 13f79535-47bb-0310-9956-ffa450edef68
* * mod_md: EC private key generation for openssl 3.0 in separateStefan Eissing2021-11-031-0/+16
| | | | | | | | | way since the previous code does not work with it. Keeping old code for known interop with other *SSL libs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894718 13f79535-47bb-0310-9956-ffa450edef68
* * mod_ssl: fix in CHECK_PRIVKEY_ERROR for openssl 3.0Stefan Eissing2021-11-031-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894716 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: adding v2.4.8 with the following changesStefan Eissing2021-10-2923-343/+814
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `<MDomain dnsname>` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See <https://github.com/icing/mod_md/issues/268> - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894610 13f79535-47bb-0310-9956-ffa450edef68
* followup to r1894456: use a DirectorySlash argument insteadEric Covener2021-10-221-22/+28
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894460 13f79535-47bb-0310-9956-ffa450edef68
* add DirectorySlashNotFound to silence scannersEric Covener2021-10-211-0/+17
| | | | | | | | Almost as awkwardly named as IndexForbiddenReturn404 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894456 13f79535-47bb-0310-9956-ffa450edef68
* add IndexForbiddenReturn404 to help silence scannersEric Covener2021-10-211-1/+7
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894455 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_connect: Honor the smallest of the backend or client timeout.Yann Ylavic2021-10-151-0/+8
| | | | | | | | | | | | | | It seems that mod_proxy_connect has never applied any timeout in its tunneling loop. Address this by setting a default timeout in ap_proxy_tunnel_create() since mod_proxy_connect does not overwrite tunnel->timeout (while proxy_http and proxy_wstunnel do). This default timeout is set to the smallest of the backend side or the client side timeout. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894290 13f79535-47bb-0310-9956-ffa450edef68
* * mod_http2: hopeful (as always) fix for the stalling in 400_20.Stefan Eissing2021-10-141-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894252 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: another travis test of the 400_20 and 401_31 tests that ↵Stefan Eissing2021-10-143-10/+17
| | | | | | | | | | produce a timeout only on travis and never locally. sorry about the cycles. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894241 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: when pollset signals output, resume a streams dataStefan Eissing2021-10-141-19/+12
| | | | | | | | | | in nghttp2 every time without checks that response body bytes are available. This resolves the situation that a stream may stall when 2 consecutive H2HEADER buckets are sent (e.g. 103+200). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894228 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: H2HEADER buckets have the correct lenght of zero and noStefan Eissing2021-10-145-6/+33
| | | | | | | | | longer smuggle the contained field lengths in this field. Instead the bytes reportded to mod_logio are counted specifically. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894226 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 22:17:58 +0100