Joe Orton [Mon, 3 Dec 2007 11:06:35 +0000 (11:06 +0000)]
* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): For performing
TLS upgrade, require only the presence of a "TLS/1.0" token
somewhere in the Upgrade request-header, rather than as the exact
header value.
Joe Orton [Mon, 3 Dec 2007 11:01:51 +0000 (11:01 +0000)]
* modules/ssl/ssl_engine_io.c (ssl_io_input_add_filter,
ssl_io_filter_init): Don't clear f->r here after adding connection
filters since ap_add_*_filter now guarantee to do it internally.
Vincent Bray [Sun, 2 Dec 2007 05:33:12 +0000 (05:33 +0000)]
PR#44001 AuthDigestEnableQueryStringHack unnecessary for MSIE7.
Reported by: Takashi Sato <serai lans-tv.com>
Confirmed by: Vincent Jong <megaspaz tron.megaspaz.net> & noodl
Ruediger Pluem [Sat, 1 Dec 2007 16:14:21 +0000 (16:14 +0000)]
- when using "-l" reduce two consecutive calls to apr_time_now() to one.
This will not change the logic if no "-l" gets used, and it will spare
one call to apr_time_now() in case "-l" gets used and more important
it gives the code better atomicity, because in fact between the two calls
there is a slight change of jumping oder the DST boundary
- for historic reasons the same code block is used two times with a
slightly different way of transforming apr_time_t to int
(once division by APR_USEC_PER_SEC, once call to apr_time_sec()),
so let's unify it.
- finally move the block into a function, because it gets used already
two times.
Paul J. Reder [Fri, 30 Nov 2007 23:51:48 +0000 (23:51 +0000)]
Ooops. Not sure why this didn't get deleted in the last commit to this file. This
is no longer required due to the more optimal way the list of subgroup attributes
is now handled.
Paul J. Reder [Fri, 30 Nov 2007 23:39:43 +0000 (23:39 +0000)]
Final stage in this ldap commitathon. This fixes some problems
associated with processing of subgroup lists. There were some
problems that arose when the cache was referenced across possible
expirations. As of this fix the nested group code (and the caching
of queries related to nested groups) should be working correctly.
Ruediger Pluem [Thu, 29 Nov 2007 21:48:18 +0000 (21:48 +0000)]
* Detabify and make spacing in HTML code the same as before r593816. This
avoids that the autoindex test (t/modules/autoindex) fails. Adjusting
the autoindex test would cause it to fail with older versions and would
make it harder to recognize regressions.
* modules/ssl/ssl_private.h: Add prototypes, config options to
modssl_ctx_t.
* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
dispatching OCSP requests.
* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
OCSP validation.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
OCSP validation if configured, and the cert is so-far verified to be
trusted. Fail if OCSP validation is configured an the optional-no-ca
check tripped.
* modules/ssl/config.m4: Check for OCSP support, build new files.
* modules/ssl/mod_ssl.dsp: Build new files.
* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
interfaces.
PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>
Eric Covener [Wed, 28 Nov 2007 22:19:00 +0000 (22:19 +0000)]
Perform all per-LDAP-backend related memory allocations in a standalone pool,
provide a local method to completely remove an LDAP backend connection so
we can someday manage/dispose of extra connections in a reasonable way.
Clarify some commentary around the existing murky close/cleanup API
methods.
Minor bump for new members appended to util_ldap_connection_t, which is not
allocated by consumers of the API.
Paul J. Reder [Wed, 28 Nov 2007 01:43:57 +0000 (01:43 +0000)]
Stage 3 of refactoring. This reverses a couple of if checks so that the code is
easier to follow. The default svn diff looks ugle due to the spacing change. A
cleaner diff ignoring spacing changes can be found at:
http://people.apache.org/~rederpj/util_ldap_ignoring_spacing.diff
Paul J. Reder [Tue, 27 Nov 2007 23:06:44 +0000 (23:06 +0000)]
Refactoring stage 2. This commit moves a large chunk of utility code out to its own function
to make reading and maintaining the actual subgroup function easier. This should just be
shuffling code around and shouldn't result in any semantic changes.
Paul J. Reder [Tue, 27 Nov 2007 03:01:25 +0000 (03:01 +0000)]
Altered some comments and minor formatting of log calls in prep for a refactoring of this routine.
I wanted the diffs to be human readable and understandable. This should just be formatting and
shouldn't alter any semantics.
Joe Orton [Wed, 21 Nov 2007 13:35:59 +0000 (13:35 +0000)]
* modules/ssl/ssl_engine_log.c (ssl_log_ssl_error): Improve SSL error
log messages: retrieve and log the "data" string where available,
drop the redundant error number (always included in the error string
anyway), and clearly delineate both the "data" and "annotation" from
the error string itself.
PR: 43889
Submitted by: Dr Stephen Henson <steve openssl.org>, jorton
Jeff Trawick [Tue, 20 Nov 2007 14:46:52 +0000 (14:46 +0000)]
improve command-line parsing
example invocations now flagged as invalid:
specifying UTC offset with size-based rotation
specifying -l with size-based rotation
specifying both -l and UTC offset
range checking of integer parameters not attempted; basic data type issues may need
to be addressed first such as the use of unsigned int for max file size
Sander Temme [Sun, 18 Nov 2007 15:41:03 +0000 (15:41 +0000)]
* Move the Example modules to the newly created examples subdirectory
* Hopefully correctly fudge the NWGNU make files
* Add mod_example_ipc (without NWGNU stuff or dsp)
Jeff Trawick [Fri, 16 Nov 2007 12:36:25 +0000 (12:36 +0000)]
Finish up
http://svn.apache.org/viewvc?view=rev&revision=102066
http://svn.apache.org/viewvc?view=rev&revision=102205
from almost 4 years ago by removing abandoned logic from
the fixup hook.
Jim Jagielski [Wed, 14 Nov 2007 16:25:00 +0000 (16:25 +0000)]
Some fixes before we move this to an example's dir, but
remove the unneeded CORE_PRIVATE and bypass inf loop,
but *still* this is not intended to be a module to
*use* but rather as an example that yes, you can add
lbmethods via sub-module prvider.
Jeff Trawick [Wed, 14 Nov 2007 11:53:30 +0000 (11:53 +0000)]
core: Avoid some unexpected connection closes by telling the client
that the connection is not persistent if the MPM process handling
the request is already exiting when the response header is built.
Jim Jagielski [Tue, 13 Nov 2007 17:16:40 +0000 (17:16 +0000)]
Make life happy for people who don't have serf but
still use most... yeah, this means you need to explicitly
add mod_serf... no, this isn't a comment on how cool
mod_serf is :)
Paul Querna [Tue, 13 Nov 2007 04:20:50 +0000 (04:20 +0000)]
Add mod_serf, a reverse proxy module, which uses serf[1] as its http client library.
To enable, pass something like this to configure:
--enable-serf --with-serf=/usr/local/serf/0.1.2
To try it out, put something like this in your httpd.conf:
<Location />
SerfPass http://httpd.apache.org/
</Location>
LocationMatch and all related directives can also be used, magical eh?
Eric Covener [Thu, 8 Nov 2007 20:01:04 +0000 (20:01 +0000)]
while technically uldap_connection_cleanup() does leave an entry in the
connection list, it is fully disconnected before it's put back. My previous
commentary did more harm then good.
projects / apache / log