From: Jim Jagielski <jim@apache.org>
Date: Fri, 11 Nov 2011 17:36:46 +0000 (+0000)
Subject: Merge r1200475, r1200478, r1200482, r1200491, r1200513, r1200550, r1200580, r1200605... 
X-Git-Tag: 2.3.16~198
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ca0f90bb48e074a6953862b3e4e17603cf453663;p=apache

Merge r1200475, r1200478, r1200482, r1200491, r1200513, r1200550, r1200580, r1200605, r1200612, r1200614, r1200639, r1200646, r1200656, r1200667, r1200679, r1200699, r1200957, r1200961, r1200963 from trunk:

fix issue with incorrect munging of the lua package path -- LuaPackagePath directives were not working

Default to not allowing htaccess in /, instead of just the documentroot, which gets a nice 10% performance boost by default for me.

* modules/ssl/ssl_private.h, modules/ssl/ssl_engine_kernel.c
  (ssl_callback_tlsext_tickets): Use unsigned char * to fix gcc
  -Wpointer-sign warnings.


Only load the really imporant modules (i.e. those enabled by the 'few'
selection) by default. Don't handle modules enabled with --enable-foo
specially.

This fixes problems with module dependencies until someone implements a
mechanism for resolving module dependencies.


remove last traces of the code cache

* modules/proxy/mod_proxy_html.c (comp_urlmap): Fix const-ness warning.


* modules/lua/mod_lua.c (ap_lua_ssl_is_https): New function.
  (lua_post_config): Pick up ssl_is_https optional function.

* modules/lua/lua_request.c (req_ssl_is_https_field): New function.
  (ap_lua_load_request): Map is_https field to above.


remove some debug logging which snuck in

remove ability to set min and max pool sizes for server scope in prep for removing server scope

remove lingering reslist references before killing server scope

replace server scope with thread scope

use a sub-pool for scope_once

Fix installation of conf/extra/proxy-html.conf.

Otherwise httpd does no longer start, because
it is the only extra file required in the main
config at the moment.


Rebuild xdoc transform


Clarify docs for LimitRequestLine, as per bug #51665.


Rebuild doc transforms.

Submitted by: brianm, pquerna, jorton, sf, brianm, jorton, jorton, sf, pquerna, brianm, brianm, brianm, brianm, brianm, jorton, rjung, rbowen, rbowen, rbowen
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1200981 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 1e5b0a59f4..c921965922 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.3.16
 
+  *) configure: Only load the really imporant modules (i.e. those enabled by
+     the 'few' selection) by default. Don't handle modules enabled with
+     --enable-foo specially. [Stefan Fritsch]
+
   *) end-generation hook: Fix false notification of end-of-generation for
      temporary intervals with no active MPM children.  [Jeff Trawick]
 
diff --git a/acinclude.m4 b/acinclude.m4
index 76d79fcb52..2911fba1aa 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -359,7 +359,7 @@ AC_DEFUN(APACHE_MODULE,[
       sharedobjs=yes
       shared=yes
       DSO_MODULES="$DSO_MODULES $1"
-      if test "$_apmod_required" = "yes" ; then
+      if test "$5" = "yes" ; then
         ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},$1"
       fi
       ;;
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index d59952f366..6edb323cfd 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -112,6 +112,7 @@ ServerAdmin you@example.com
 # <Directory> blocks below.
 #
 <Directory />
+    AllowOverride none
     Require all denied
 </Directory>
 
diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 68ae427259..4ad851d925 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -2420,7 +2420,7 @@ client</td></tr>
     that will be allowed in an HTTP request header.</p>
 
     <p>The <code class="directive">LimitRequestFieldSize</code> directive
-    allows the server administrator to reduce or increase the limit
+    allows the server administrator to set the limit
     on the allowed size of an HTTP request header field. A server
     needs this value to be large enough to hold any one header field
     from a normal client request. The size of a normal request header
@@ -2440,7 +2440,8 @@ client</td></tr>
     </code></p></div>
 
     <div class="note">Under normal conditions, the value should not be changed from
-    the default.</div>
+    the default. Also, you can't set this higher than 8190 without
+    modifying the source code and rebuilding.</div>
 
     <div class="warning"><h3>Warning</h3>
     <p> When name-based virtual hosting is used, the value for this
@@ -2464,7 +2465,7 @@ from the client</td></tr>
     allowed on the HTTP request-line.</p>
 
     <p>The <code class="directive">LimitRequestLine</code> directive allows
-    the server administrator to reduce or increase the limit on the allowed size
+    the server administrator to set the limit on the allowed size
     of a client's HTTP request-line. Since the request-line consists of the
     HTTP method, URI, and protocol version, the
     <code class="directive">LimitRequestLine</code> directive places a
@@ -2484,7 +2485,8 @@ from the client</td></tr>
     </code></p></div>
 
     <div class="note">Under normal conditions, the value should not be changed from
-    the default.</div>
+    the default. Also, you can't set this higher than 8190 without
+    modifying the source and rebuilding.</div>
 
     <div class="warning"><h3>Warning</h3>
     <p> When name-based virtual hosting is used, the value for this
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index a9e9866feb..7b3cbf5b1b 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -2409,7 +2409,7 @@ client</description>
     that will be allowed in an HTTP request header.</p>
 
     <p>The <directive>LimitRequestFieldSize</directive> directive
-    allows the server administrator to reduce or increase the limit
+    allows the server administrator to set the limit
     on the allowed size of an HTTP request header field. A server
     needs this value to be large enough to hold any one header field
     from a normal client request. The size of a normal request header
@@ -2429,7 +2429,8 @@ client</description>
     </example>
 
     <note>Under normal conditions, the value should not be changed from
-    the default.</note>
+    the default. Also, you can't set this higher than 8190 without
+    modifying the source code and rebuilding.</note>
 
     <note type="warning"><title>Warning</title>
     <p> When name-based virtual hosting is used, the value for this
@@ -2452,7 +2453,7 @@ from the client</description>
     allowed on the HTTP request-line.</p>
 
     <p>The <directive>LimitRequestLine</directive> directive allows
-    the server administrator to reduce or increase the limit on the allowed size
+    the server administrator to set the limit on the allowed size
     of a client's HTTP request-line. Since the request-line consists of the
     HTTP method, URI, and protocol version, the
     <directive>LimitRequestLine</directive> directive places a
@@ -2472,7 +2473,8 @@ from the client</description>
     </example>
 
     <note>Under normal conditions, the value should not be changed from
-    the default.</note>
+    the default. Also, you can't set this higher than 8190 without
+    modifying the source and rebuilding.</note>
 
     <note type="warning"><title>Warning</title>
     <p> When name-based virtual hosting is used, the value for this
diff --git a/docs/manual/mod/core.xml.de b/docs/manual/mod/core.xml.de
index 279e61a3df..48f3ad8b2c 100644
--- a/docs/manual/mod/core.xml.de
+++ b/docs/manual/mod/core.xml.de
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.de.xsl"?>
-<!-- English Revision: 344972:1199485 (outdated) -->
+<!-- English Revision: 344972:1200961 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
diff --git a/docs/manual/mod/core.xml.ja b/docs/manual/mod/core.xml.ja
index 3687df1408..8b36240180 100644
--- a/docs/manual/mod/core.xml.ja
+++ b/docs/manual/mod/core.xml.ja
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 669847:1199485 (outdated) -->
+<!-- English Revision: 669847:1200961 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
diff --git a/docs/manual/mod/core.xml.tr b/docs/manual/mod/core.xml.tr
index a30d46eeb9..3c4ebe8900 100644
--- a/docs/manual/mod/core.xml.tr
+++ b/docs/manual/mod/core.xml.tr
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?>
-<!-- English Revision: 813376:1199485 (outdated) -->
+<!-- English Revision: 813376:1200961 (outdated) -->
 <!-- =====================================================
  Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
    Reviewed by: Orhan Berent <berent belgeler.org>
diff --git a/docs/manual/mod/mod_proxy.html.en b/docs/manual/mod/mod_proxy.html.en
index 625cfe1c0c..cfd15af24d 100644
--- a/docs/manual/mod/mod_proxy.html.en
+++ b/docs/manual/mod/mod_proxy.html.en
@@ -1502,10 +1502,23 @@ proxied server</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
 </table>
-<p>Usage is basically similar to
-<code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>, but instead of
-rewriting headers that are a URL, this rewrites the <code>path</code>
-string in <code>Set-Cookie</code> headers.</p>
+<p>
+Useful in conjunction with
+<code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>
+in situations where backend URL paths are mapped to public paths on the
+reverse proxy. This directive rewrites the <code>path</code> string in
+<code>Set-Cookie</code> headers. If the beginning of the cookie path matches
+<var>internal-path</var>, the cookie path will be replaced with
+<var>public-path</var>.
+</p><p>
+In the example given with 
+<code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>, the directive:
+    <div class="example"><p><code>
+      ProxyPassReverseCookiePath  /  /mirror/foo/
+    </code></p></div>
+will rewrite a cookie with backend path <code>/</code> (or
+<code>/example</code> or, in fact, anything) to <code>/mirror/foo/</code>.
+</p>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
diff --git a/docs/manual/mod/mod_proxy.xml.ja b/docs/manual/mod/mod_proxy.xml.ja
index 6e2035d3f0..da5194c4b5 100644
--- a/docs/manual/mod/mod_proxy.xml.ja
+++ b/docs/manual/mod/mod_proxy.xml.ja
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 344971:1179272 (outdated) -->
+<!-- English Revision: 344971:1200955 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
diff --git a/modules/filters/mod_proxy_html.c b/modules/filters/mod_proxy_html.c
index a7cbc4a5cf..857bfaf737 100644
--- a/modules/filters/mod_proxy_html.c
+++ b/modules/filters/mod_proxy_html.c
@@ -1054,7 +1054,7 @@ static const char* comp_urlmap(cmd_parms *cmd, urlmap* newmap,
            /* we got a substitution.  Check for the case (3) above
             * that the regexp gets wrong: a negation without a comparison.
             */
-            if ((cond[0] == '!') && !strchr(cond, '=')) {
+            if ((cond[0] == '!') && !ap_strchr_c(cond, '=')) {
                 memmove(newcond+1, newcond, strlen(newcond)-1);
                 newcond[0] = '!';
             }
diff --git a/modules/lua/lua_config.c b/modules/lua/lua_config.c
index 8a967dc5f2..84356d71fd 100644
--- a/modules/lua/lua_config.c
+++ b/modules/lua/lua_config.c
@@ -39,16 +39,16 @@ static cmd_parms *check_cmd_parms(lua_State *L, int index)
 static int apl_toscope(const char *name)
 {
     if (0 == strcmp("once", name))
-        return APL_SCOPE_ONCE;
+        return AP_LUA_SCOPE_ONCE;
     if (0 == strcmp("request", name))
-        return APL_SCOPE_REQUEST;
+        return AP_LUA_SCOPE_REQUEST;
     if (0 == strcmp("connection", name))
-        return APL_SCOPE_CONN;
+        return AP_LUA_SCOPE_CONN;
     if (0 == strcmp("conn", name))
-        return APL_SCOPE_CONN;
-    if (0 == strcmp("server", name))
-        return APL_SCOPE_SERVER;
-    return APL_SCOPE_ONCE;
+        return AP_LUA_SCOPE_CONN;
+    if (0 == strcmp("thread", name))
+        return AP_LUA_SCOPE_THREAD;
+    return AP_LUA_SCOPE_ONCE;
 }
 
 AP_LUA_DECLARE(apr_status_t) ap_lua_map_handler(ap_lua_dir_cfg *cfg,
@@ -114,7 +114,7 @@ static int cfg_lua_map_handler(lua_State *L)
         handler->scope = apl_toscope(scope);
     }
     else {
-        handler->scope = APL_SCOPE_ONCE;
+        handler->scope = AP_LUA_SCOPE_ONCE;
     }
     lua_pop(L, 1);
 
@@ -155,7 +155,6 @@ static const struct luaL_Reg cfg_methods[] = {
 };
 
 
-
 static int cmd_foo(lua_State *L)
 {
     cmd_parms *cmd = check_cmd_parms(L, 1);
@@ -261,7 +260,6 @@ static int cmd_trace8(lua_State *L)
     return 0;
 }
 
-
 static const struct luaL_Reg cmd_methods[] = {
     {"foo", cmd_foo},
 
diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
index cc3837a46a..ffb3088650 100644
--- a/modules/lua/lua_request.c
+++ b/modules/lua/lua_request.c
@@ -358,6 +358,11 @@ static apr_table_t* req_notes(request_rec *r)
   return r->notes;
 }
 
+static int req_ssl_is_https_field(request_rec *r)
+{
+    return ap_lua_ssl_is_https(r->connection);
+}
+
 /* END dispatch mathods for request_rec fields */
 
 static int req_dispatch(lua_State *L)
@@ -645,6 +650,8 @@ AP_LUA_DECLARE(void) ap_lua_load_request_lmodule(lua_State *L, apr_pool_t *p)
                  makefun(&req_escape_html, APL_REQ_FUNTYPE_LUACFUN, p));
     apr_hash_set(dispatch, "ssl_var_lookup", APR_HASH_KEY_STRING,
                  makefun(&req_ssl_var_lookup, APL_REQ_FUNTYPE_LUACFUN, p));
+    apr_hash_set(dispatch, "is_https", APR_HASH_KEY_STRING,
+                 makefun(&req_ssl_is_https_field, APL_REQ_FUNTYPE_BOOLEAN, p));
     apr_hash_set(dispatch, "assbackwards", APR_HASH_KEY_STRING,
                  makefun(&req_assbackwards_field, APL_REQ_FUNTYPE_BOOLEAN, p));
     apr_hash_set(dispatch, "status", APR_HASH_KEY_STRING,
diff --git a/modules/lua/lua_vmprep.c b/modules/lua/lua_vmprep.c
index fb730cfe24..6af677a62c 100644
--- a/modules/lua/lua_vmprep.c
+++ b/modules/lua/lua_vmprep.c
@@ -16,7 +16,6 @@
  */
 #include "mod_lua.h"
 #include "http_log.h"
-#include "apr_reslist.h"
 #include "apr_uuid.h"
 #include "lua_config.h"
 #include "apr_file_info.h"
@@ -245,6 +244,23 @@ static apr_status_t cleanup_lua(void *l)
     return APR_SUCCESS;
 }
 
+/*
+        munge_path(L, 
+                   "path", 
+                   "?.lua", 
+                   "./?.lua", 
+                   lifecycle_pool,
+                   spec->package_paths, 
+                   spec->file);
+*/
+/**
+ * field -> "path" or "cpath"
+ * sub_pat -> "?.lua"
+ * rep_pat -> "./?.lua"
+ * pool -> lifecycle pool for allocations
+ * paths -> things to add
+ * file -> ???
+ */
 static void munge_path(lua_State *L,
                        const char *field,
                        const char *sub_pat,
@@ -261,17 +277,24 @@ static void munge_path(lua_State *L,
 
     lua_getglobal(L, "package");
     lua_getfield(L, -1, field);
+    
     current = lua_tostring(L, -1);
+
     parent_dir = ap_make_dirstr_parent(pool, file);
+ 
     pattern = apr_pstrcat(pool, parent_dir, sub_pat, NULL);
+
     luaL_gsub(L, current, rep_pat, pattern);
     lua_setfield(L, -3, field);
     lua_getfield(L, -2, field);
     modified = lua_tostring(L, -1);
+
+
     lua_pop(L, 2);
 
-    part = apr_pstrcat(pool, modified, apr_array_pstrcat(pool, paths, ';'),
+    part = apr_pstrcat(pool, modified, ";", apr_array_pstrcat(pool, paths, ';'),
                        NULL);
+
     lua_pushstring(L, part);
     lua_setfield(L, -2, field);
     lua_pop(L, 1);              /* pop "package" off the stack     */
@@ -308,8 +331,11 @@ static apr_status_t vm_construct(void **vm, void *params, apr_pool_t *lifecycle_
 #endif
     luaL_openlibs(L);
     if (spec->package_paths) {
-        munge_path(L, "path", "?.lua", "./?.lua", lifecycle_pool,
-            spec->package_paths, spec->file);
+        munge_path(L, 
+                   "path", "?.lua", "./?.lua", 
+                   lifecycle_pool,
+                   spec->package_paths, 
+                   spec->file);
     }
     if (spec->package_cpaths) {
         munge_path(L, "cpath", "?.so", "./?.so", lifecycle_pool,
@@ -376,67 +402,32 @@ static apr_status_t vm_destruct(void *vm, void *params, apr_pool_t *pool)
     return APR_SUCCESS;
 }
 
-static apr_status_t vm_release(void *vm)
-{
-    apr_reslist_t* reslist;
-    lua_pushlightuserdata(vm,vm);
-    lua_rawget(vm,LUA_REGISTRYINDEX);
-    reslist = (apr_reslist_t*)lua_topointer(vm,-1);
-
-    return apr_reslist_release(reslist, vm);
-}
-
-static apr_status_t vm_reslist_destroy(void *data)
-{
-    return apr_reslist_destroy(data);
-}
-
+/**
+ * Function used to create a lua_State instance bound into the web
+ * server in the appropriate scope.
+ */
 AP_LUA_DECLARE(lua_State*)ap_lua_get_lua_state(apr_pool_t *lifecycle_pool,
                                                ap_lua_vm_spec *spec)
 {
     lua_State *L = NULL;
 
-    if (spec->scope == APL_SCOPE_SERVER) {
-        apr_reslist_t *reslist;
-
-        if (apr_pool_userdata_get((void **)&reslist,
-                                  "mod_lua", spec->pool) == APR_SUCCESS) {
-            if(reslist==NULL) {
-                if(apr_reslist_create(&reslist,
-                                      spec->vm_server_pool_min,
-                                      spec->vm_server_pool_max,
-                                      spec->vm_server_pool_max,
-                                      0,
-                                      vm_construct,
-                                      vm_destruct,
-                                      spec,
-                                      spec->pool) != APR_SUCCESS)
-                    return NULL;
-
-                apr_pool_userdata_set(reslist, "mod_lua",
-                                      vm_reslist_destroy, spec->pool);
-            }
-            apr_reslist_acquire(reslist, (void **)&L);
-            lua_pushlightuserdata(L, L);
-            lua_pushlightuserdata(L, reslist);
-            lua_rawset(L,LUA_REGISTRYINDEX);
-            apr_pool_userdata_set(L, spec->file, vm_release, lifecycle_pool);
-        }
-    } else {
-        if (apr_pool_userdata_get((void **)&L, spec->file,
-                                  lifecycle_pool) == APR_SUCCESS) {
-
-            if(L==NULL) {
-                ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, lifecycle_pool,
-                              "creating lua_State with file %s", spec->file);
-                /* not available, so create */
-
-                if(!vm_construct((void **)&L, spec, lifecycle_pool))
-                    apr_pool_userdata_set(L, spec->file, cleanup_lua,
-                                          lifecycle_pool);
-            }
+    if (apr_pool_userdata_get((void **)&L, spec->file,
+                              lifecycle_pool) == APR_SUCCESS) {
+      
+      if(L==NULL) {
+        ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, lifecycle_pool,
+                      "creating lua_State with file %s", spec->file);
+        /* not available, so create */
+        
+        if(!vm_construct((void **)&L, spec, lifecycle_pool)) {
+          apr_pool_userdata_set(L, 
+                                spec->file, 
+                                cleanup_lua,
+                                lifecycle_pool);
         }
+      }
     }
+        /*}*/
 
     return L;
 }
diff --git a/modules/lua/lua_vmprep.h b/modules/lua/lua_vmprep.h
index c2ca8d21cf..ed9c65ef28 100644
--- a/modules/lua/lua_vmprep.h
+++ b/modules/lua/lua_vmprep.h
@@ -34,28 +34,11 @@
 #ifndef VMPREP_H
 #define VMPREP_H
 
-#define APL_CODE_CACHE_STAT     1
-#define APL_CODE_CACHE_FOREVER  2
-#define APL_CODE_CACHE_NEVER    3
+#define AP_LUA_SCOPE_ONCE          1
+#define AP_LUA_SCOPE_REQUEST       2
+#define AP_LUA_SCOPE_CONN          3
+#define AP_LUA_SCOPE_THREAD        4
 
-#define APL_SCOPE_ONCE          1
-#define APL_SCOPE_REQUEST       2
-#define APL_SCOPE_CONN          3
-#define APL_SCOPE_SERVER        4
-
-
-/**
- * the ap_lua_?getvm family of functions is used to create and/or obtain
- * a handle to a lua state. If there is not an extant vm matching the
- * spec then a new one is created.
- */
-/* lua_State* ap_lua_rgetvm(request_rec *r, ap_lua_vm_spec *spec); */
-
-/* returns NULL if the spec requires a request scope */
-/* lua_State* ap_lua_cgetvm(conn_rec *r, ap_lua_vm_spec *spec);*/
-
-/* returns NULL if the spec requires a request scope or conn scope */
-/* lua_State* ap_lua_sgetvm(server_rec *r, ap_lua_vm_spec *spec); */
 
 typedef void (*ap_lua_state_open_callback) (lua_State *L, apr_pool_t *p,
                                              void *ctx);
@@ -65,7 +48,6 @@ typedef void (*ap_lua_state_open_callback) (lua_State *L, apr_pool_t *p,
  */
 typedef struct
 {
-
     /* NEED TO ADD ADDITIONAL PACKAGE PATHS AS PART OF SPEC INSTEAD OF DIR CONFIG */
     apr_array_header_t *package_paths;
     apr_array_header_t *package_cpaths;
@@ -73,16 +55,12 @@ typedef struct
     /* name of base file to load in the vm */
     char *file;
 
-    /* APL_CODE_CACHE_STAT | APL_CODE_CACHE_FOREVER | APL_CODE_CACHE_NEVER */
-    int code_cache_style;
-
-    /* APL_SCOPE_ONCE | APL_SCOPE_REQUEST | APL_SCOPE_CONN | APL_SCOPE_SERVER */
+    /* APL_SCOPE_ONCE | APL_SCOPE_REQUEST | APL_SCOPE_CONN | APL_SCOPE_THREAD */
     int scope;
-        unsigned int vm_server_pool_min;
-        unsigned int vm_server_pool_max;
 
-        ap_lua_state_open_callback cb;
-        void* cb_arg;
+    ap_lua_state_open_callback cb;
+    void* cb_arg;
+
     /* pool to use for lifecycle if APL_SCOPE_ONCE is set, otherwise unused */
     apr_pool_t *pool;
 
@@ -96,7 +74,6 @@ typedef struct
 
 typedef struct
 {
-    int code_cache_style;
     char *function_name;
     char *file_name;
     int scope;
@@ -105,13 +82,6 @@ typedef struct
     apr_size_t bytecode_len;
 } ap_lua_mapped_handler_spec;
 
-typedef struct
-{
-    apr_pool_t *pool;
-    apr_hash_t *compiled_files;
-    apr_thread_rwlock_t *compiled_files_lock;
-} ap_lua_code_cache;
-
 /* remove and make static once out of mod_wombat.c */
 AP_LUA_DECLARE(void) ap_lua_openlibs(lua_State *L);
 
diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c
index a3adf4a5d0..3450d27205 100644
--- a/modules/lua/mod_lua.c
+++ b/modules/lua/mod_lua.c
@@ -25,6 +25,10 @@
 #include "apr_optional.h"
 #include "mod_ssl.h"
 
+#ifdef APR_HAS_THREADS
+#include "apr_thread_proc.h"
+#endif
+
 APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ap_lua, AP_LUA, int, lua_open,
                                     (lua_State *L, apr_pool_t *p),
                                     (L, p), OK, DECLINED)
@@ -33,6 +37,7 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ap_lua, AP_LUA, int, lua_request,
                                     (lua_State *L, request_rec *r),
                                     (L, r), OK, DECLINED)
 static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *lua_ssl_val = NULL;
+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *lua_ssl_is_https = NULL;
 
      module AP_MODULE_DECLARE_DATA lua_module;
 
@@ -73,32 +78,6 @@ static int lua_open_hook(lua_State *L, apr_pool_t *p)
     return OK;
 }
 
-/*
-static apr_status_t luahood(ap_filter_t *f, apr_bucket_brigade *bb) {
-    apr_bucket* b;
-    apr_status_t rs;
-    for ( b = APR_BRIGADE_FIRST(bb);
-          b != APR_BRIGADE_SENTINEL(bb);
-          b = APR_BUCKET_NEXT(b))
-    {
-        if (APR_BUCKET_IS_EOS(b)) {kl
-            break;
-        }
-        const char *buffer;
-        size_t bytes;
-        if (( rs = apr_bucket_read(b, &buffer, &bytes, APR_BLOCK_READ))) {
-            ap_log_rerror(APLOG_MARK, APLOG_WARNING, rs, f->r, "read failure in luahood");
-            return rs;
-        }
-        char *mine = apr_pstrmemdup(f->r->pool, buffer, bytes);
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r, "sending '%s'", mine);
-    }
-
-    ap_pass_brigade(f->next, bb);
-
-    return OK;
-}
-*/
 
 /**
  * "main"
@@ -109,7 +88,7 @@ static int lua_handler(request_rec *r)
     if (strcmp(r->handler, "lua-script")) {
         return DECLINED;
     }
-
+  
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "handling [%s] in mod_lua",
                   r->filename);
     dcfg = ap_get_module_config(r->per_dir_config, &lua_module);
@@ -120,35 +99,45 @@ static int lua_handler(request_rec *r)
                                                          &lua_module);
         ap_lua_request_cfg *rcfg = ap_get_module_config(r->request_config,
                                                         &lua_module);
-        mapped_request_details *d = rcfg->mapped_request_details;
-        ap_lua_vm_spec *spec = NULL;
 
-        if (!d) {
-            d = apr_palloc(r->pool, sizeof(mapped_request_details));
-            spec = apr_pcalloc(r->pool, sizeof(ap_lua_vm_spec));
-            spec->scope = dcfg->vm_scope;
-            spec->pool = spec->scope==APL_SCOPE_SERVER ? cfg->pool : r->pool;
-            spec->file = r->filename;
-            spec->code_cache_style = dcfg->code_cache_style;
-            spec->package_paths = cfg->package_paths;
-            spec->package_cpaths = cfg->package_cpaths;
-            spec->vm_server_pool_min = cfg->vm_server_pool_min;
-            spec->vm_server_pool_max = cfg->vm_server_pool_max;
-            spec->cb = &lua_open_callback;
-            spec->cb_arg = NULL;
-            d->spec = spec;
-            d->function_name = "handle";
-        }
+        ap_lua_vm_spec *spec = NULL;
 
+        spec = apr_pcalloc(r->pool, sizeof(ap_lua_vm_spec));
+        spec->scope = dcfg->vm_scope;
+        spec->pool = r->pool;
+        spec->file = r->filename;
+        spec->package_paths = cfg->package_paths;
+        spec->package_cpaths = cfg->package_cpaths;
+        spec->cb = &lua_open_callback;
+        spec->cb_arg = NULL;
+      
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                      "request details scope:%u, cache:%u, filename:%s, function:%s",
-                      d->spec->scope,
-                      d->spec->code_cache_style,
-                      d->spec->file,
-                      d->function_name);
-        L = ap_lua_get_lua_state(r->pool,
-                              d->spec);
+                      "request details scope:%u, filename:%s, function:%s",
+                      spec->scope,
+                      spec->file,
+                      "handle");
+
+        apr_pool_t *pool;
+        switch (dcfg->vm_scope) {
+        case AP_LUA_SCOPE_ONCE:
+          apr_pool_create(&pool, r->pool);
+          break;
+        case AP_LUA_SCOPE_REQUEST:
+          pool = r->pool;
+          break;
+        case AP_LUA_SCOPE_CONN:
+          pool = r->connection->pool;
+          break;
+        case AP_LUA_SCOPE_THREAD:
+          #if APR_HAS_THREADS
+          pool = apr_thread_pool_get(r->connection->current_thread);
+          break;
+          #endif
+        }
 
+        L = ap_lua_get_lua_state(pool,
+                                 spec);
+        
         if (!L) {
             /* TODO annotate spec with failure reason */
             r->status = HTTP_INTERNAL_SERVER_ERROR;
@@ -156,12 +145,12 @@ static int lua_handler(request_rec *r)
             return HTTP_INTERNAL_SERVER_ERROR;
         }
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "got a vm!");
-        lua_getglobal(L, d->function_name);
+        lua_getglobal(L, "handle");
         if (!lua_isfunction(L, -1)) {
             ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
                           "lua: Unable to find function %s in %s",
-                          d->function_name,
-                          d->spec->file);
+                          "handle",
+                          spec->file);
             return HTTP_INTERNAL_SERVER_ERROR;
         }
         ap_lua_run_lua_request(L, r);
@@ -174,56 +163,6 @@ static int lua_handler(request_rec *r)
 
 
 
-/**
- * Like mod_alias except for lua handler fun :-)
- */
-static int lua_alias_munger(request_rec *r)
-{
-    ap_lua_vm_spec *spec;
-    ap_lua_request_cfg *rcfg = ap_get_module_config(r->request_config,
-                                                    &lua_module);
-    const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config,
-                                                     &lua_module);
-    int i;
-    ap_regmatch_t matches[AP_MAX_REG_MATCH];
-
-    for (i = 0; i < cfg->mapped_handlers->nelts; i++) {
-        const ap_lua_mapped_handler_spec *cnd =
-            ((const ap_lua_mapped_handler_spec **) cfg->mapped_handlers->elts)[i];
-
-        if (OK == ap_regexec(cnd->uri_pattern, r->uri, AP_MAX_REG_MATCH,
-                             matches, 0)) {
-            mapped_request_details *d;
-            r->handler = "lua-script";
-
-            spec = apr_pcalloc(r->pool, sizeof(ap_lua_vm_spec));
-            spec->file = ap_pregsub(r->pool, cnd->file_name, r->uri,
-                                    AP_MAX_REG_MATCH, matches);
-            spec->scope = cnd->scope;
-            spec->code_cache_style = cnd->code_cache_style;
-            spec->bytecode = cnd->bytecode;
-            spec->bytecode_len = cnd->bytecode_len;
-            if (spec->scope == APL_SCOPE_ONCE) {
-                spec->pool = r->pool;
-            }
-
-            spec->cb = &lua_open_callback;
-            spec->cb_arg = NULL;
-
-            d = apr_palloc(r->pool, sizeof(mapped_request_details));
-
-            d->function_name = ap_pregsub(r->pool, cnd->function_name, r->uri,
-                                          AP_MAX_REG_MATCH, matches);
-            d->spec = spec;
-
-            /* now do replacement on method name where? */
-            r->filename = apr_pstrdup(r->pool, spec->file);
-            rcfg->mapped_request_details = d;
-            return OK;
-        }
-    }
-    return DECLINED;
-}
 
 /* ---------------- Configury stuff --------------- */
 
@@ -253,13 +192,10 @@ static int lua_request_rec_hook_harness(request_rec *r, const char *name, int ap
             spec = apr_pcalloc(r->pool, sizeof(ap_lua_vm_spec));
 
             spec->file = hook_spec->file_name;
-            spec->code_cache_style = hook_spec->code_cache_style;
             spec->scope = hook_spec->scope;
-            spec->vm_server_pool_min = cfg->vm_server_pool_min;
-            spec->vm_server_pool_max = cfg->vm_server_pool_max;
             spec->bytecode = hook_spec->bytecode;
             spec->bytecode_len = hook_spec->bytecode_len;
-            spec->pool = spec->scope==APL_SCOPE_SERVER ? cfg->pool : r->pool;
+            spec->pool = r->pool;
             spec->package_paths = cfg->package_paths;
             spec->package_cpaths = cfg->package_cpaths;
             spec->cb = &lua_open_callback;
@@ -502,7 +438,6 @@ static const char *register_named_block_function_hook(const char *name,
         else {
             function = NULL;
         }
-        spec->code_cache_style = APL_CODE_CACHE_FOREVER;
 
         ctx.cmd = cmd;
         tmp = apr_pstrdup(cmd->pool, cmd->err_directive->directive + 1);
@@ -580,20 +515,13 @@ static const char *register_named_file_function_hook(const char *name,
     spec->file_name = apr_pstrdup(cmd->pool, file);
     spec->function_name = apr_pstrdup(cmd->pool, function);
     spec->scope = cfg->vm_scope;
-    spec->code_cache_style = APL_CODE_CACHE_STAT;
-    /*
-       int code_cache_style;
-       char *function_name;
-       char *file_name;
-       int scope;
-     */
+
     *(ap_lua_mapped_handler_spec **) apr_array_push(hook_specs) = spec;
     return NULL;
 }
 
 static int lua_check_user_id_harness_first(request_rec *r)
 {
-
     return lua_request_rec_hook_harness(r, "check_user_id", AP_LUA_HOOK_FIRST);
 }
 static int lua_check_user_id_harness(request_rec *r)
@@ -863,16 +791,22 @@ static const char *register_quick_block(cmd_parms *cmd, void *_cfg,
 
 
 
-static const char *register_package_helper(cmd_parms *cmd, const char *arg,
+static const char *register_package_helper(cmd_parms *cmd, 
+                                           const char *arg,
                                            apr_array_header_t *dir_array)
 {
     apr_status_t rv;
 
     ap_lua_server_cfg *server_cfg =
         ap_get_module_config(cmd->server->module_config, &lua_module);
+
     char *fixed_filename;
-    rv = apr_filepath_merge(&fixed_filename, server_cfg->root_path, arg,
-                            APR_FILEPATH_NOTRELATIVE, cmd->pool);
+    rv = apr_filepath_merge(&fixed_filename, 
+                            server_cfg->root_path, 
+                            arg,
+                            APR_FILEPATH_NOTRELATIVE, 
+                            cmd->pool);
+
     if (rv != APR_SUCCESS) {
         return apr_psprintf(cmd->pool,
                             "Unable to build full path to file, %s", arg);
@@ -899,7 +833,8 @@ static const char *register_package_dir(cmd_parms *cmd, void *_cfg,
  * Called for config directive which looks like
  * LuaPackageCPath /lua/package/path/mapped/thing/like/this/?.so
  */
-static const char *register_package_cdir(cmd_parms *cmd, void *_cfg,
+static const char *register_package_cdir(cmd_parms *cmd, 
+                                         void *_cfg,
                                          const char *arg)
 {
     ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg;
@@ -907,53 +842,25 @@ static const char *register_package_cdir(cmd_parms *cmd, void *_cfg,
     return register_package_helper(cmd, arg, cfg->package_cpaths);
 }
 
-/**
- * Called for config directive which looks like
- * LuaCodeCache
- */
-static const char *register_code_cache(cmd_parms *cmd, void *_cfg,
-                                       const char *arg)
-{
-    ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg;
-    if (strcmp("stat", arg) == 0) {
-        cfg->code_cache_style = APL_CODE_CACHE_STAT;
-    }
-    else if (strcmp("forever", arg) == 0) {
-        cfg->code_cache_style = APL_CODE_CACHE_FOREVER;
-    }
-    else if (strcmp("never", arg) == 0) {
-        cfg->code_cache_style = APL_CODE_CACHE_NEVER;
-    }
-    else {
-        return apr_psprintf(cmd->pool,
-                            "Invalid value for LuaCodeCache, '%s', "
-                            "acceptable values are 'stat', 'forever', and "
-                            "'never'",
-                            arg);
-    }
-    return NULL;
-}
 
-static const char *register_lua_scope(cmd_parms *cmd, void *_cfg,
-                                      const char *scope, const char *min,
+static const char *register_lua_scope(cmd_parms *cmd, 
+                                      void *_cfg,
+                                      const char *scope, 
+                                      const char *min,
                                       const char *max)
 {
     ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg;
     if (strcmp("once", scope) == 0) {
-        cfg->vm_scope = APL_SCOPE_ONCE;
+        cfg->vm_scope = AP_LUA_SCOPE_ONCE;
     }
     else if (strcmp("request", scope) == 0) {
-        cfg->vm_scope = APL_SCOPE_REQUEST;
+        cfg->vm_scope = AP_LUA_SCOPE_REQUEST;
     }
     else if (strcmp("conn", scope) == 0) {
-        cfg->vm_scope = APL_SCOPE_CONN;
+        cfg->vm_scope = AP_LUA_SCOPE_CONN;
     }
-    else if (strcmp("server", scope) == 0) {
-        cfg->vm_scope = APL_SCOPE_SERVER;
-        if (min)
-            cfg->vm_server_pool_min = atoi(min);
-        if (max)
-            cfg->vm_server_pool_max = atoi(max);
+    else if (strcmp("thread", scope) == 0) {
+        cfg->vm_scope = AP_LUA_SCOPE_THREAD;
     }
     else {
         return apr_psprintf(cmd->pool,
@@ -966,27 +873,6 @@ static const char *register_lua_scope(cmd_parms *cmd, void *_cfg,
 }
 
 
-/**
- * Called for config directive which looks like
- * AddLuaHandler /alias /path/to/lua/file.lua [handler_function_name]
- */
-static const char *lua_map_handler(cmd_parms *cmd, void *_cfg,
-                                   const char *path, const char *file,
-                                   const char *function)
-{
-    ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg;
-    apr_status_t rv;
-    const char *function_name;
-    function_name = function ? function : "handle";
-    rv = ap_lua_map_handler(cfg, file, function_name, path, "once");
-    if (rv != APR_SUCCESS) {
-        return apr_psprintf(cmd->pool,
-                            "Unable to configure a lua handler for path "
-                            "'%s', handler %s#%s",
-                            path, file, function_name);
-    }
-    return NULL;
-}
 
 static const char *register_lua_root(cmd_parms *cmd, void *_cfg,
                                      const char *root)
@@ -1006,6 +892,11 @@ AP_LUA_DECLARE(const char *) ap_lua_ssl_val(apr_pool_t *p, server_rec *s, conn_r
     return NULL;
 }
 
+AP_LUA_DECLARE(int) ap_lua_ssl_is_https(conn_rec *c)
+{
+    return lua_ssl_is_https ? lua_ssl_is_https(c) : 0;
+}
+
 /*******************************/
 
 command_rec lua_commands[] = {
@@ -1019,12 +910,11 @@ command_rec lua_commands[] = {
     AP_INIT_TAKE1("LuaPackageCPath", register_package_cdir, NULL, OR_ALL,
                   "Add a directory to lua's package.cpath"),
 
-    AP_INIT_TAKE23("LuaMapHandler", lua_map_handler, NULL, OR_ALL,
-                   "Map a path to a lua handler"),
 
     AP_INIT_TAKE23("LuaHookTranslateName", register_translate_name_hook, NULL,
                   OR_ALL,
                   "Provide a hook for the translate name phase of request processing"),
+
     AP_INIT_RAW_ARGS("<LuaHookTranslateName", register_translate_name_block,
                      NULL,
                      EXEC_ON_READ | OR_ALL,
@@ -1084,10 +974,6 @@ command_rec lua_commands[] = {
                   OR_ALL,
                   "Provide a hook for the insert_filter phase of request processing"),
 
-    AP_INIT_TAKE1("LuaCodeCache", register_code_cache, NULL, OR_ALL,
-                  "Configure the compiled code cache. \
-                   Default is to stat the file each time, options are stat|forever|never"),
-
     AP_INIT_TAKE123("LuaScope", register_lua_scope, NULL, OR_ALL,
                     "One of once, request, conn, server -- default is once"),
 
@@ -1110,11 +996,10 @@ static void *create_dir_config(apr_pool_t *p, char *dir)
     cfg->package_cpaths = apr_array_make(p, 2, sizeof(char *));
     cfg->mapped_handlers =
         apr_array_make(p, 1, sizeof(ap_lua_mapped_handler_spec *));
-    cfg->code_cache_style = APL_CODE_CACHE_STAT;
     cfg->pool = p;
     cfg->hooks = apr_hash_make(p);
     cfg->dir = apr_pstrdup(p, dir);
-    cfg->vm_scope = APL_SCOPE_ONCE;
+    cfg->vm_scope = AP_LUA_SCOPE_ONCE;
     return cfg;
 }
 
@@ -1131,12 +1016,8 @@ static void *create_server_config(apr_pool_t *p, server_rec *s)
 {
 
     ap_lua_server_cfg *cfg = apr_pcalloc(p, sizeof(ap_lua_server_cfg));
-    cfg->code_cache = apr_pcalloc(p, sizeof(ap_lua_code_cache));
-    apr_thread_rwlock_create(&cfg->code_cache->compiled_files_lock, p);
-    cfg->code_cache->compiled_files = apr_hash_make(p);
     cfg->vm_reslists = apr_hash_make(p);
     apr_thread_rwlock_create(&cfg->vm_reslists_lock, p);
-    cfg->code_cache->pool = p;
     cfg->root_path = NULL;
 
     return cfg;
@@ -1152,6 +1033,7 @@ static int lua_post_config(apr_pool_t *pconf, apr_pool_t *plog,
                              apr_pool_t *ptemp, server_rec *s)
 {
     lua_ssl_val = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
+    lua_ssl_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
     return OK;
 }
 
@@ -1201,7 +1083,6 @@ static void lua_register_hooks(apr_pool_t *p)
                           APR_HOOK_MIDDLE);
     ap_hook_quick_handler(lua_quick_harness, NULL, NULL, APR_HOOK_FIRST);
 
-    ap_hook_translate_name(lua_alias_munger, NULL, NULL, APR_HOOK_MIDDLE);
     ap_hook_post_config(lua_post_config, NULL, NULL, APR_HOOK_MIDDLE);
 
     APR_OPTIONAL_HOOK(ap_lua, lua_open, lua_open_hook, NULL, NULL,
diff --git a/modules/lua/mod_lua.h b/modules/lua/mod_lua.h
index a152e00ee7..82a0e4ffcb 100644
--- a/modules/lua/mod_lua.h
+++ b/modules/lua/mod_lua.h
@@ -94,16 +94,9 @@ typedef struct
     apr_pool_t *pool;
 
     /**
-     * CODE_CACHE_STAT | CODE_CACHE_FOREVER | CODE_CACHE_NEVER
-     */
-    unsigned int code_cache_style;
-
-    /**
-     * APL_SCOPE_ONCE | APL_SCOPE_REQUEST | APL_SCOPE_CONN | APL_SCOPE_SERVER
+     * AP_LUA_SCOPE_ONCE | AP_LUA_SCOPE_REQUEST | AP_LUA_SCOPE_CONN | AP_LUA_SCOPE_SERVER
      */
     unsigned int vm_scope;
-    unsigned int vm_server_pool_min;
-    unsigned int vm_server_pool_max;
 
     /* info for the hook harnesses */
     apr_hash_t *hooks;          /* <wombat_hook_info> */
@@ -114,7 +107,6 @@ typedef struct
 
 typedef struct
 {
-    ap_lua_code_cache *code_cache;
     apr_hash_t *vm_reslists;
     apr_thread_rwlock_t *vm_reslists_lock;
 
@@ -150,4 +142,6 @@ APR_DECLARE_EXTERNAL_HOOK(ap_lua, AP_LUA, int, lua_request,
 
 AP_LUA_DECLARE(const char *) ap_lua_ssl_val(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *var);
 
+AP_LUA_DECLARE(int) ap_lua_ssl_is_https(conn_rec *c);
+
 #endif /* !_MOD_LUA_H_ */
diff --git a/modules/lua/test/test.lua b/modules/lua/test/test.lua
index 59ef00aec8..25da4d9dad 100755
--- a/modules/lua/test/test.lua
+++ b/modules/lua/test/test.lua
@@ -18,7 +18,7 @@
 local mu = require "moonunit" 
 local http = require "helpers"
 
-http.base_url = "http://localhost:8000"
+http.base_url = "http://localhost:8008"
 
 local test = mu.TestCase:new{}
 
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index c75478009b..0ba483125f 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2079,8 +2079,8 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
 #endif
 
 int ssl_callback_tlsext_tickets(SSL *ssl,
-                                char *keyname,
-                                char *iv,
+                                unsigned char *keyname,
+                                unsigned char *iv,
                                 EVP_CIPHER_CTX *cipher_ctx,
                                 HMAC_CTX *hctx,
                                 int mode)
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 43949eee32..7b25012693 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -573,8 +573,8 @@ typedef struct {
     /* Human readable name, used in the configuration */
     const char *conf_name;
     char key_name[16];
-    char hmac_secret[16];
-    char aes_key[16];
+    unsigned char hmac_secret[16];
+    unsigned char aes_key[16];
 } modssl_ticket_t;
 #endif
 
@@ -787,8 +787,8 @@ int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
 
 #ifdef HAVE_TLSEXT_TICKETS
 int         ssl_callback_tlsext_tickets(SSL *ssl,
-                                        char *keyname,
-                                        char *iv,
+                                        unsigned char *keyname,
+                                        unsigned char *iv,
                                         EVP_CIPHER_CTX *cipher_ctx,
                                         HMAC_CTX *hctx,
                                         int mode);