Yann Ylavic [Sat, 19 Oct 2019 13:58:16 +0000 (13:58 +0000)]
mod_proxy_http: follow up to r1868576.
As suggested by Ruediger, let the HTTP_IN filter handle the 100 continue from
spool_reqbody_cl().
Also, according to rfc7231#section-5.1.1, we don't need the interim response
if we "already received some or all of the message body", which is now also
taken into account.
Yann Ylavic [Fri, 18 Oct 2019 07:50:59 +0000 (07:50 +0000)]
mod_proxy_http: Fix 100-continue deadlock for spooled request bodies. PR 63855.
Send "100 Continue", if needed, before fetching/blocking on the request body in
spool_reqbody_cl(), otherwise mod_proxy and the client can wait for each other,
leading to a request timeout (408).
While at it, make so that ap_send_interim_response() uses the default status
line if none is set in r->status_line.
Stefan Eissing [Wed, 16 Oct 2019 12:31:43 +0000 (12:31 +0000)]
*) mod_md: Adding the several new features.
The module offers an implementation of OCSP Stapling that can replace fully or
for a limited set of domains the existing one from mod_ssl. OCSP handling
is part of mod_md's monitoring and message notifications. If can be used
for sites that do not have ACME certificates.
The url for a CTLog Monitor can be configured. It is used in the server-status
to link to the external status page of a certicate.
The MDMessageCmd is called with argument "installed" when a new certificate
has been activated on server restart/reload. This allows for processing of
the new certificate, for example to applications that require it in different
locations or formats.
Ruediger Pluem [Fri, 11 Oct 2019 15:11:40 +0000 (15:11 +0000)]
Fix pool concurrency problems
Create a subpool of the connection pool for worker scoped DNS resolutions.
This is needed to avoid race conditions in using the connection pool by multiple
threads during ramp up.
Recheck after obtaining the lock if we still need to do things or if they
were already done by another thread while we were waiting on the lock.
* modules/proxy/proxy_util.c: Create a subpool of the connection pool for worker
scoped DNS resolutions and use it.
* modules/proxy/mod_proxy.h: Define AP_VOLATILIZE_T and add dns_pool to
struct proxy_conn_pool.
* modules/proxy/mod_proxy_ftp.c: Use dns_pool and consider that
worker->cp->addr is volatile in this location of the code.
Joe Orton [Fri, 4 Oct 2019 09:24:07 +0000 (09:24 +0000)]
* modules/generators/cgi_common.h (discard_script_output): Simplify
slightly and ensure constant rather than unlimited memory
consumption when discarding CGI script output (for e.g. a redirect
response).
Change from previous: mod_cgi will now explicitly discard output when
returning HTTP_MOVED_TEMPORARILY for relative redirects (should not be
functionally different), TRACE1 logging of ap_pass_brigade failures
for mod_cgid is dropped.
* modules/generators/cgi_common.h (cgi_handle_response): New function,
factored out from mod_cgid.
(discard_script_output): Copied function from mod_cgi/d unchanged.
* modules/generator/mod_cgid.c (cgid_handler),
modules/generator/mod_cgi.c (cgi_handler): Use cgi_handle_response.
ap_http_header_filter: avoid double encoding of output headers in traces.
When output headers are logged (TRACE4) in send_all_header_fields(), we don't
need to explicitely ap_escape_logitem() them since ap_log_rerror() takes care
of log files escaping already.
Otherwise, characters like '"' are unncesseralily encoded, and '\\' is doubly
encoded (including for controls).
Joe Orton [Fri, 13 Sep 2019 10:43:16 +0000 (10:43 +0000)]
* modules/mappers/mod_rewrite.c: Enhance trace-level logging to log
line numbers accurately for C99 compilers, and remove odd/awkward
double-parentheses using the rewritelog() macro. For non-C99
compilers do_rewritelog() will now be defined - but as a noop - if
REWRITELOG_DISABLED is defined at compile time.
No functional change at runtime apart from the line numbers being
fixed.
Eric Covener [Fri, 30 Aug 2019 11:58:41 +0000 (11:58 +0000)]
restore use of global mutex under !APR_HAS_THREADS
followup to r1852442 which appears to have been too agressive in wrapping
blocks with #if APR_HAS_THREADS. With !APR_HAS_THREADS a global mutex
is a proc mutex.
Ruediger Pluem [Thu, 29 Aug 2019 14:53:04 +0000 (14:53 +0000)]
* Make it obsolete to supply a starting pool
Improve dump_all_pools by making it obsolete to supply a starting pool.
If the parameter is not supplied ap_pglobal which is a global symbol is
used as starting pool.
The pool parameter is still accepted and considered for backwards
compatibility or if ap_pglobal cannot be resolved.
Yann Ylavic [Fri, 23 Aug 2019 10:31:01 +0000 (10:31 +0000)]
mod_ssl: OCSP does not apply to proxy mode, fix verify context.
Since ssl_callback_SSLVerify() is called for both server and proxy modes,
use myCtxConfig()->ocsp_mask to check the right mode/configuration (i.e.
none for proxy in any case).
Add some missing <module> tags.
Add some missing <directive> tags.
Add some missing <directive module=...> links
Add the name of the directive in <default>, so that 'quickreference.html' is generated correctly.
In the AuthnCacheContext directive, fix the way 'directory' and 'server' are displayed. They are key-words and should not be in italic.
Fix a signed/unsigned comparison that can never match.
-1 is a valid length value (for socket, pipe and cgi buckets for example)
All path I've checked cast the -1 to (apr_size_t) in order for the comparison to work. So do it as well here.
This has been like that in trunk since r708144, about 11 years ago, so I assume that it is not really an issue.
Fix a corner case where automatic APLOGNO number generation generates invalid code. (see r1864733 fixed in r1864736, thx Eric)
Not sure why this ,? is there, but it looks uneeded to me.
There is maybe a link with the patterns used in 'find-messages.cocci'. They seem to add some extra , after the empty APLOGNO() it generates.
I will investigate further and fix 'find-messages.cocci' accordingly if needed.
Joe Orton [Thu, 8 Aug 2019 12:11:36 +0000 (12:11 +0000)]
* modules/proxy/mod_proxy_balancer.c (balancer_handler): Check Referer
to improve on protection against balancer-manager XSRF attacks
provided by the nonce.
Joe Orton [Tue, 6 Aug 2019 07:54:24 +0000 (07:54 +0000)]
* modules/filters/mod_proxy_html.c, modules/filters/mod_xml2enc.c:
Fix gcc 9 warnings in code attempting to reduce gcc warnings.
(should have used expat...)
mod_xml2enc.c:26:28: warning: "/*" within comment [-Wcomment]
26 | /* libxml2 includes unicode/*.h files which uses C++ comments */
|
mod_proxy_html.c:32:28: warning: "/*" within comment [-Wcomment]
32 | /* libxml2 includes unicode/*.h files which uses C++ comments */
|
Rainer Jung [Mon, 5 Aug 2019 14:18:22 +0000 (14:18 +0000)]
The GCC flag "-Wno-error=comment" introduced by r1855446
and r1850745 are only known since GCC 4.2. Since it gets
set unconditionally, this breaks compilation with old GCC
even when not using maintainer mode.
Make the fix for maintainer mode more specific by using
a version dependent pragma in the relevant two C files
only switching off error status for comment warnings.
Stefan Eissing [Mon, 5 Aug 2019 11:29:58 +0000 (11:29 +0000)]
*) mod_ssl: reverting a 2.4.40 change where a superfluous SSLCertificateChainFile configuration
for a domain managed by mod_md caused a startup error. This happened when mod_md installed
its fallback certificate, before it got the first real certificate from Lets Encrypt.
Eric Covener [Thu, 1 Aug 2019 13:58:45 +0000 (13:58 +0000)]
don't mess with AP_ENABLE_EXCEPTION_HOOK on trunk
mpm_common defines it later anyway:
In file included from mod_md.c:25:
In file included from /Users/covener/SRC/httpd-trunk/include/mpm_common.h:40:
In file included from /Users/covener/SRC/httpd-trunk/include/ap_config.h:184:
/Users/covener/SRC/httpd-trunk/include/ap_config_auto.h:11:9: error: 'AP_ENABLE_EXCEPTION_HOOK' macro redefined [-Werror,-Wmacro-redefined]
projects / apache / log