than calling apr_dir_open/read/close(), a caller uses
resource->repos->get_children() or somesuch.
- Note that things like mod_dir, mod_autoindex, and mod_negotation
+ Note that things like mod_dir, mod_autoindex, and mod_negotiation
need to be converted to use these mechanisms so that their
functions will work on logical repositories rather than just
filesystems.
<p>Additionally, because the operating system knows when files are
deleted or modified, it can automatically remove file contents from the
- cache when neccessary. This is a big advantage over httpd's in-memory
+ cache when necessary. This is a big advantage over httpd's in-memory
caching which has no way of knowing when a file has changed.</p>
</section>
represents.</p>
<p>The full list of headers recognized is available in the <a
- href="mod/mod_negotiation.html#typemaps">mod_negotation
+ href="mod/mod_negotiation.html#typemaps">mod_negotiation
typemap</a> documentation.</p>
</section>
directive of <module>mod_file_cache</module> maps a list of
statically configured files into memory through the system call
<code>mmap()</code>. This system call is available on most modern
- Unix derivates, but not on all. There are sometimes system-specific
+ Unix derivatives, but not on all. There are sometimes system-specific
limits on the size and number of files that can be
<code>mmap()</code>ed, experimentation is probably the easiest way
to find out.</p>
<p>The <code>NegotiatedOnly</code> option provides that every extension
following the base name must correlate to a recognized
- <module>mod_mime</module> extension for content negotation, <em>e.g.</em>
+ <module>mod_mime</module> extension for content negotiation, <em>e.g.</em>
Charset, Content-Type, Language, or Encoding. This is the strictest
implementation with the fewest unexpected side effects, and is the
default behavior.</p>
<p>The <directive>ForceLanguagePriority</directive> directive uses
the given <directive
module="mod_negotiation">LanguagePriority</directive> to satisfy
- negotation where the server could otherwise not return a single
+ negotiation where the server could otherwise not return a single
matching document.</p>
<p><code>ForceLanguagePriority Prefer</code> uses
<summary>
<p>This module provides SSL v2/v3 and TLS v1 support for the Apache
-HTTP Server. It was contributed by Ralf S. Engeschall based on his
+HTTP Server. It was contributed by Ralf S. Engelschall based on his
mod_ssl project and originally derived from work by Ben Laurie.</p>
<p>This module relies on <a href="http://www.openssl.org/">OpenSSL</a>
consumes minimum CPU cycles under runtime and hence can be always used
without drawbacks. The source used for seeding the PRNG contains of the
current time, the current process id and (when applicable) a randomly
- choosen 1KB extract of the inter-process scoreboard structure of Apache.
+ chosen 1KB extract of the inter-process scoreboard structure of Apache.
The drawback is that this is not really a strong source and at startup
time (where the scoreboard is still not available) this source just
produces a few bytes of entropy. So you should always, at least for the
the first argument). Use this especially at startup time, for instance
with an available <code>/dev/random</code> and/or
<code>/dev/urandom</code> devices (which usually exist on modern Unix
- derivates like FreeBSD and Linux).</p>
+ derivatives like FreeBSD and Linux).</p>
<p>
<em>But be careful</em>: Usually <code>/dev/random</code> provides only as
much entropy data as it actually has, i.e. when you request 512 bytes of
clients request inlined images and other data via parallel requests (usually
up to four parallel requests are common) those requests are served by
<em>different</em> pre-forked server processes. Here an inter-process cache
-helps to avoid unneccessary session handshakes.</p>
+helps to avoid unnecessary session handshakes.</p>
<p>
The following four storage <em>type</em>s are currently supported:</p>
<ul>
client is permitted to negotiate in the SSL handshake phase. Notice that this
directive can be used both in per-server and per-directory context. In
per-server context it applies to the standard SSL handshake when a connection
-is established. In per-directory context it forces a SSL renegotation with the
+is established. In per-directory context it forces a SSL renegotiation with the
reconfigured Cipher Suite after the HTTP request was read but before the HTTP
response is sent.</p>
<p>
MD5, SHA or SHA1.
</li>
</ul>
-<p>An SSL cipher can also be an export cipher and is either a SSLv2 or SSLv3/TLSv1
+<p>An SSL cipher can also be an export cipher and is either an SSLv2 or SSLv3/TLSv1
cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use,
one can either specify all the Ciphers, one at a time, or use aliases to
specify the preference and order for the ciphers (see <a href="#table1">Table
Authentication. Notice that this directive can be used both in per-server and
per-directory context. In per-server context it applies to the client
authentication process used in the standard SSL handshake when a connection is
-established. In per-directory context it forces a SSL renegotation with the
+established. In per-directory context it forces a SSL renegotiation with the
reconfigured client verification level after the HTTP request was read but
before the HTTP response is sent.</p>
<p>
used both in per-server and per-directory context. In per-server context it
applies to the client authentication process used in the standard SSL
handshake when a connection is established. In per-directory context it forces
-a SSL renegotation with the reconfigured client verification depth after the
+a SSL renegotiation with the reconfigured client verification depth after the
HTTP request was read but before the HTTP response is sent.</p>
<p>
The depth actually is the maximum number of intermediate certificate issuers,
used both in per-server and per-directory context. In per-server
context it applies to the remote server authentication process used in
the standard SSL handshake when a connection is established by the
-proxy. In per-directory context it forces a SSL renegotation with the
+proxy. In per-directory context it forces a SSL renegotiation with the
reconfigured remote server verification level after the HTTP request
was read but before the HTTP response is sent.</p>
used both in per-server and per-directory context. In per-server context it
applies to the client authentication process used in the standard SSL
handshake when a connection is established. In per-directory context it forces
-a SSL renegotation with the reconfigured remote server verification depth after the
+a SSL renegotiation with the reconfigured remote server verification depth after the
HTTP request was read but before the HTTP response is sent.</p>
<p>
The depth actually is the maximum number of intermediate certificate issuers,
<dd>Install the system administrator executables in <var>DIR</var>.
Those are server programs like <program>httpd</program>,
<program>apachectl</program>, <program>suexec</program>, etc. which
- are neccessary to run the Apache HTTP Server. By default
+ are necessary to run the Apache HTTP Server. By default
<code>sbindir</code> is set to
<code><var>EPREFIX</var>/sbin</code>.</dd>
/* setup domain attribute. We want to send this attribute wherever
* possible so that the client won't send the Authorization header
- * unneccessarily (it's usually > 200 bytes!).
+ * unnecessarily (it's usually > 200 bytes!).
*/
sizeof(struct tlsclientopts), NULL, 0, NULL,
NULL, NULL);
- /* make sure that it was successfull */
+ /* make sure that it was successful */
if(SOCKET_ERROR == rcode ){
ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"Error: %d with ioctl (SO_TLS_SET_CLIENT)", WSAGetLastError());
* not passed, and a completion context was defined, we will invoke the
* completion function immediately following the transfer, and then
* return to the caller. If HSE_IO_SYNC is passed, there is no call
- * neccessary to the completion context.
+ * necessary to the completion context.
*/
#define HSE_IO_SYNC 1
#define HSE_IO_ASYNC 2
found = 1;
}
/* The following extensions are not 'Found'. That is, they don't
- * make any contribution to metadata negotation, so they must have
+ * make any contribution to metadata negotiation, so they must have
* been explicitly requested by name.
*/
if (exinfo->handler && r->proxyreq == PROXYREQ_NONE) {
* @param conf current proxy server configuration
* @param url url containing worker name
* @param id slotnumber id or -1 for auto allocation
- * @return error message or NULL if successfull
+ * @return error message or NULL if successful
*/
PROXY_DECLARE(const char *) ap_proxy_add_worker_wid(proxy_worker **worker,
apr_pool_t *p,
* @param p memory pool to allocate worker from
* @param conf current proxy server configuration
* @param url url containing worker name
- * @return error message or NULL if successfull
+ * @return error message or NULL if successful
*/
PROXY_DECLARE(const char *) ap_proxy_add_worker(proxy_worker **worker,
apr_pool_t *p,
/*
* If we have an existing SSL connection it might be possible that the
- * server sent some SSL message we have not read so far (e.g. a SSL
+ * server sent some SSL message we have not read so far (e.g. an SSL
* shutdown message if the server closed the keepalive connection while
* the connection was held unused in our pool).
* So ensure that if present (=> APR_NONBLOCK_READ) it is read and
* data from network filter.
*
* (This is usually the case when the client forces an SSL
- * renegotation which is handled implicitly by OpenSSL.)
+ * renegotiation which is handled implicitly by OpenSSL.)
*/
inctx->rc = APR_EAGAIN;
* data at the network filter.
*
* (This is usually the case when the client forces an SSL
- * renegotation which is handled implicitly by OpenSSL.)
+ * renegotiation which is handled implicitly by OpenSSL.)
*/
outctx->rc = APR_EAGAIN;
}
* Additionally the following optimization is possible here: When the
* currently active verify type is "none" but a client certificate is
* already known/present, it's enough to manually force a client
- * verification but at least skip the I/O-intensive renegotation
+ * verification but at least skip the I/O-intensive renegotiation
* handshake.
*/
if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) ||
*/
if (renegotiate) {
/*
- * Now we force the SSL renegotation by sending the Hello Request
+ * Now we force the SSL renegotiation by sending the Hello Request
* message to the client. Here we have to do a workaround: Actually
* OpenSSL returns immediately after sending the Hello Request (the
* intent AFAIK is because the SSL/TLS protocol says it's not a must
}
/*
- * Because SSL renegotations can happen at any time (not only after
+ * Because SSL renegotiations can happen at any time (not only after
* SSL_accept()), the best way to log the current connection details is
* right after a finished handshake.
*/
projects / apache / commitdiff