summaryrefslogtreecommitdiffstats
path: root/modules (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Simplify the ssl_asn1_table API, remove abstraction (it is used onlyJoe Orton2018-05-043-45/+27
| | | | | | | | | | | | | | | | to cache serialized EVP_PKEYs not any char * blobs), and document. * modules/ssl/ssl_util.c (ssl_asn1_table_set): Take the EVP_PKEY and serialize internally. Use ap_realloc. Return the ssl_asn1_t * pointer. Don't call apr_hash_set() for unchanged pointer case. * modules/ssl/ssl_engine_pphrase.c (ssl_load_encrypted_pkey): Adjust for the above. * modules/ssl/ssl_private.h: Adjust as above, add docs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830927 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_util_ssl.c (modssl_read_privatekey): Remove unusedJoe Orton2018-05-043-9/+8
| | | | | | | | | | second argument. * modules/ssl/ssl_engine_pphrase.c (ssl_load_encrypted_pkey): Adjust accordingly. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830913 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_util_ssl.c, modules/ssl/ssl_util_ssl.h:Joe Orton2018-05-042-28/+0
| | | | | | | | Remove modssl_read_encrypted_pkey() and helpers, added in r1804087 but never used. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830912 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_pphrase.c (ssl_load_encrypted_pkey):Joe Orton2018-05-031-11/+6
| | | | | | | Simplify code, no functional change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830836 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add support for loading private keys from ENGINEs. SupportJoe Orton2018-05-035-6/+91
| | | | | | | | | | | | | | | | | | | | | for PKCS#11 URIs only, and PIN entry is not threaded through SSLPassPhraseDialog config yet. * modules/ssl/ssl_util.c (modssl_is_engine_key): New function. * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCertificateKeyFile): Use it, skip check for file existence for engine keys. * modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_pkey): New function. * modules/ssl/ssl_engine_init.c (ssl_init_server_certs): For engine keys, load via modssl_load_engine_pkey. Submitted by: Anderson Sasaki <ansasaki redhat.com>, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830819 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl: Add some missing logno tags.Joe Orton2018-05-032-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830816 13f79535-47bb-0310-9956-ffa450edef68
* mod_slomem_shm: Handle a generation number when the slotmem size changes.Yann Ylavic2018-05-031-63/+94
| | | | | | | | | | | | | | | | | | | | | | | Modifying the number of proxy balancers or balancer members on restart could have prevented the server to load, notably on Windows. PR 62308. The generation number integrated in the SHM filename allows to create a new/resized SHM while the previous is still in use by previous generation gracefully shutting down (Windows prevents SHM/file to be removed in this case, but even on Unix(es) an unlinked file might not be re-openable while an inode exists). The generation number is added/incremented only if the size requirement changed, such that unrelated restarts continue to share SHMs between generations. The cleanup handling is also simplified because both the parent process and the Windows child process need to cleanup everything on exit. This translates to cleanup_slotmem() being always registered but in the dry load state (AP_SQ_MS_CREATE_PRE_CONFIG), for both cases still. [Reverted by r1831868] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830800 13f79535-47bb-0310-9956-ffa450edef68
* * modules/md/config2.m4: Only export "md_module" symbolJoe Orton2018-05-021-1/+4
| | | | | | | for a DSO build. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830747 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_html: Fix variable interpolation and memory allocation failure in ↵Yann Ylavic2018-05-021-0/+6
| | | | | | | | | | | ProxyHTMLURLMap. Proposed by: Ewald Dieterich <ewald mailbox.org> Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830746 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-301-1/+13
| | | | | | | | mod_http2: restoring the v1.10.16 keepalive timeout behavioud of mod_http2 (to be verified). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830562 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-302-3/+11
| | | | | | | | | mod_http2: adding an abort function to slave connections' pools, so out-of-memory events lead to a control process abort, as on HTTP/1.x connections. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830534 13f79535-47bb-0310-9956-ffa450edef68
* mod_xml2enc: follow up to r1829038 and r1829039.Yann Ylavic2018-04-301-10/+7
| | | | | | | | Use below pending_data logic for EOS bucket. This closes #48 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830523 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1828222: fix "defined but not used 'prot'" warning with libressl.Yann Ylavic2018-04-301-1/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830522 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-282-2/+3
| | | | | | | | | | mod_http2: adding regular memory cleanup when transferring large response bodies. This reduces memory footprint and avoids memory exhaustion when transferring large files on 32-bit architectures. Fixes PR 62325. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830419 13f79535-47bb-0310-9956-ffa450edef68
* mod_log_json: fixing compilation errors in maintainer mode.Stefan Eissing2018-04-281-3/+19
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830417 13f79535-47bb-0310-9956-ffa450edef68
* Add mod_log_jsonPaul Querna2018-04-232-0/+180
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829898 13f79535-47bb-0310-9956-ffa450edef68
* Move APACHE_CHECK_JANSSON m4 macro to general includes so additional modules ↵Paul Querna2018-04-231-108/+0
| | | | | | can use it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829895 13f79535-47bb-0310-9956-ffa450edef68
* Axe ap_rgetline_core(), not used anymore.Yann Ylavic2018-04-222-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829790 13f79535-47bb-0310-9956-ffa450edef68
* Delay some memory allocation.Christophe Jaillet2018-04-201-1/+2
| | | | | | If this handler will not handle the request, no need to waste bytes in the request pool. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829676 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http: follow up to r1829573: remain EBCDIC friendly.Yann Ylavic2018-04-201-1/+1
| | | | | | | | | Keep using ap_rgetline() as before r1829573, since ap_rgetline_core() is EBCDIC agnostic. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829657 13f79535-47bb-0310-9956-ffa450edef68
* Restore comment about LimitRequestBody vs proxied responses.Yann Ylavic2018-04-201-2/+3
| | | | | | | | | ResponseFieldSize actually applies to headers (not body), so the comment was valid but did match the code (addressed by r1829642 still). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829643 13f79535-47bb-0310-9956-ffa450edef68
* http: LimitRequestBody applies to proxied requests.Yann Ylavic2018-04-201-4/+3
| | | | | | | | | | If f->r->proxyreq is PROXYREQ_PROXY or PROXYREQ_REVERSE in ap_http_filter(), we are still handling the request, not the response where LimitRequestBody does not apply. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829642 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http: make use of AP_GETLINE_NOSPC_EOL in ap_proxygetline().Yann Ylavic2018-04-191-41/+24
| | | | | | | | | | | Fixes response header thrown away after the previous one was considered too large and truncated. PR 62196. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829573 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_init.c (ssl_init_Module): Don't enable SSLJoe Orton2018-04-191-1/+2
| | | | | | | | | | for a vhost if SSLEnable is not used and no certs are configured, even if the Listen protocol is "https". Restores behaviour to that prior to r1809303 for configs which would now otherwise fail at startup. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829513 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_util.c (modssl_request_is_tls): AdjustJoe Orton2018-04-163-15/+16
| | | | | | | | | | to take SSLConnRec * out parameter rather than SSL *. * modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Use it here. (ssl_hook_Fixup): Adjust use. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829263 13f79535-47bb-0310-9956-ffa450edef68
* Factor out logic to determine if request is using SSL/TLS and use itJoe Orton2018-04-164-24/+25
| | | | | | | | | | | | | | | | consistently. * modules/ssl/ssl_util.c (modssl_request_is_tls): New function. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Use it. * modules/ssl/mod_ssl.c (ssl_hook_http_scheme, ssl_hook_default_port): Use it. PR: 61519 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829250 13f79535-47bb-0310-9956-ffa450edef68
* mod_xml2enc: follow up to r1829038.Yann Ylavic2018-04-131-0/+10
| | | | | | | | If any, pass pending meta bucket down the chain before leaving. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829039 13f79535-47bb-0310-9956-ffa450edef68
* mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180.Yann Ylavic2018-04-131-9/+28
| | | | | | | | | | | All meta buckets are now aggregated (besides FLUSH) and forwarded down the chain, and the output filter bails out on EOS. Proposed by: Micha Lenk <micha lenk.info> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829038 13f79535-47bb-0310-9956-ffa450edef68
* add log id for r1828926Eric Covener2018-04-111-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828927 13f79535-47bb-0310-9956-ffa450edef68
* PR62199: add worker parameter ResponseFieldSize to mod_proxyEric Covener2018-04-113-8/+62
| | | | | | | | | | Submitted By: Hank Ibell Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828926 13f79535-47bb-0310-9956-ffa450edef68
* PR62186: preserve %<m for ErrorDocument internal redirectsEric Covener2018-04-111-1/+7
| | | | | | | | | | | | *) core: Preserve the original HTTP request method in the '%<m' LogFormat when an path-based ErrorDocument is used. PR 62186. [Micha Lenk <micha lenk.info>] Submitted By: Micha Lenk Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828920 13f79535-47bb-0310-9956-ffa450edef68
* COMPAT BREAK: This may change the hash keys used to cache privkeysJoe Orton2018-04-111-5/+5
| | | | | | | | | | | | across a reload so don't backport this to 2.4. Otherwise it's only user-visible in logging output. * modules/ssl/ssl_engine_init.c (ssl_init_Module): Derive the vhost_id *after* potentially setting sc->enabled to default-on, since the port used may change if not specified explicitly. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828913 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_util.c (ssl_util_vhostid): Simplify code,Joe Orton2018-04-111-9/+3
| | | | | | | no functional change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828912 13f79535-47bb-0310-9956-ffa450edef68
* * modules/generators/mod_info.c: Constify fixed tables and markJoe Orton2018-04-111-6/+6
| | | | | | | module-private global variables static. No functional change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828909 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_balancer: Add hot spare member type and corresponding flag (R). ↵Jim Riggs2018-04-117-232/+193
| | | | | | | | | | Hot spare members are used as drop-in replacements for unusable workers in the same load balancer set. This differs from hot standbys which are only used when all workers in a set are unusable. PR 61140. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828890 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-111-6/+5
| | | | | | | mod_http2: always wake up any conditional waits when streams are aborted. Fixes race conditions where timeouts would trigger instead. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828879 13f79535-47bb-0310-9956-ffa450edef68
* We need to get the SSL_CTX for further processing down below.Ruediger Pluem2018-04-101-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828793 13f79535-47bb-0310-9956-ffa450edef68
* * Fix copy and paste typo.Ruediger Pluem2018-04-101-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828792 13f79535-47bb-0310-9956-ffa450edef68
* * The sslconn parameter is not used.Ruediger Pluem2018-04-101-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828791 13f79535-47bb-0310-9956-ffa450edef68
* * Whitespace fixes. No functional changeRuediger Pluem2018-04-101-16/+16
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828790 13f79535-47bb-0310-9956-ffa450edef68
* mod_logio: Add LogIOTrackTTFU and %^FU logformatRainer Jung2018-04-091-2/+83
| | | | | | | | to log the time difference between request start and last request body byte read (finished upload). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828727 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-091-22/+10
| | | | | | | | Fix buildbot unused vars errors introduced by last checkin. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828723 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-091-92/+248
| | | | | | | SSLVerifyClient support for TLSv1.3 protocol now fails similarly to TLSv1.2 in my setups. (Read: I cannot get client certs to work, but I think this change is an improvement) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828720 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-0914-54/+97
| | | | | | | | | mod_http2: accurate reporting of h2 data input/output per request via mod_logio. Fixes an issue where output sizes where counted n-times on reused slave connections. See gituhub issue: https://github.com/icing/mod_h2/issues/158 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828687 13f79535-47bb-0310-9956-ffa450edef68
* Use apr_pcalloc in the 'create' function. All the fields are initialized in ↵Christophe Jaillet2018-04-081-2/+2
| | | | | | | | the 'init' function, but it is It is cleaner and more future proof. Small style correction (remove extra spaces) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828624 13f79535-47bb-0310-9956-ffa450edef68
* needs mod_http2.hGregg Lewis Smith2018-04-061-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828485 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections.Yann Ylavic2018-04-051-2/+10
| | | | | | | | | | | | | Regression introduced in 2.4.30. PR 62232. The proxy SSL_CTX was not inherited from the vhost (the only available in 2.4.29) in/for any directory context besides <Proxy>... Mostly debugged and fixed by Rainer, thanks! git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828390 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-031-1/+1
| | | | | | | * mod_http2: calculate unencrypted connection sniffing base64 only when log level is at required height. [Ruediger Pluem] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828232 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-034-10/+14
| | | | | | | | | mod_ssl: proper checks for libressl 2.07/8 and its TLSv1_3 support, see PR 62236. [Bernard Spil <brnrd@freebsd.org>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828222 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-031-1/+6
| | | | | | | | mod_ssl: guard use of TLS1_3_VERSION with proper #ifdefs git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828220 13f79535-47bb-0310-9956-ffa450edef68