Follow up to r1847232.
There is no point to use "old" numbers in recent commit.
Also avoid number duplication. The messages are the same but in different code path, so having different numbers makes sense.
This also avoids a warning when running:
make update-log-msg-tags
Joe Orton [Thu, 13 Jun 2019 15:34:28 +0000 (15:34 +0000)]
* modules/ssl/ssl_engine_config.c (ssl_cmd_check_file):
If dumping the config, don't validate the paths. Allows
e.g. "httpd -L" to work w/ certs configured but not present,
doesn't affect "httpd -t".
Stefan Eissing [Wed, 22 May 2019 13:41:36 +0000 (13:41 +0000)]
*) mod_http2: internal code cleanups and simplifications. Common output code for
h2 and h2c protocols, using nested mutex locks for simplified calls. [Stefan Eissing]
Ruediger Pluem [Wed, 22 May 2019 09:54:05 +0000 (09:54 +0000)]
* Fix the logic to follow the comment. So far we only forwarded the header if
we have NOT used it AND the env variable was set. But if we have not
used it we should forward it in any case independent of the env variable
setting.
This aligns also with the behaviour in ap_proxy_create_hdrbrgd.
Yann Ylavic [Fri, 17 May 2019 08:42:17 +0000 (08:42 +0000)]
Follow up to r1859371: extend to other ap_proxy_connection_create[_ex]() users.
This function now now handles SSL reuse as well as the "proxy-request-hostname"
note (SNI), so let's also call it unconditionnaly in all proxy modules.
On the mod_ssl side, since this note has the lifetime of the connection, don't
reset/unset it during handshake (ssl_io_filter_handshake).
Arrange balancer_handler() to be able to call
balancer_process_balancer_worker() to create/enable/disable
workers from another modules via a provider.
No functional changes in this first commit.
Joe Orton [Thu, 18 Apr 2019 10:25:33 +0000 (10:25 +0000)]
Fix use of StateDir directive after r1852982:
* server/core.c (reset_config): Rename from reset_config_defines;
tie core_state_dir to pconf lifetime in this cleanup.
(core_pre_config): Adjust accordingly.
* modules/md/mod_md_config.c (md_config_post_config): Pick up base_dir
from statedir in post-config phase so StateDir can influence it.
* modules/dav/fs/mod_dav_fs.c (dav_fs_create_server_config): Don't
init lockdb_path here. (dav_fs_post_config): New function; set
lockdb_path based on configured statedir.
r1853901 lowercased the [stage] for MRT_DEFAULT_[stage]_* macros but missed
to change the ones used in reqtimeout_hooks() to initialize the default rate
factors, leading to no default rate in 2.4.39. Fix that now. PR 63325.
Stefan Eissing [Tue, 26 Mar 2019 10:57:51 +0000 (10:57 +0000)]
*) mod_md: Store permissions are enforced on file creation, enforcing restrictions in
spite of umask. Fixes <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
Stefan Eissing [Mon, 18 Mar 2019 16:05:04 +0000 (16:05 +0000)]
*) mod_md: Explicitly setting file permissions to break out of umasks. We want our
non-privilegded apache user to be able to read them. See github issue
<https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
Ruediger Pluem [Mon, 18 Mar 2019 10:18:55 +0000 (10:18 +0000)]
* Solve a chicken and egg problem here:
We need to have sslconn->dc set correctly when we want to
init sslconn, but we need to allocate memory for it first.
Yann Ylavic [Sat, 16 Mar 2019 13:45:17 +0000 (13:45 +0000)]
mod_proxy/ssl: cleanup per-request SSL configuration for recycled proxy conns.
The SSL dir config of proxy/backend connections is stored in r->per_dir_config
but those connections have a lifetime independent of the requests they handle.
So we need to allow the external ssl_engine_set() function to reset mod_ssl's
dir config in between proxy requests, or the first sslconn->dc could be used
after free for the next requests.
mod_proxy can then reset/reinit the request config when recycling its backend
connections.
Jim Jagielski [Wed, 13 Mar 2019 17:56:36 +0000 (17:56 +0000)]
Make the work-around for C++ style comments causing fatal errors in
maintainer-mode for later versions of clang module compile specific
(we will still SEE the errors though when buidlin)
Yann Ylavic [Tue, 12 Mar 2019 10:45:02 +0000 (10:45 +0000)]
MPMs unix: bind the bucket number of each child to its slot number
We need not remember each child's bucket number in SHM for restarts, for the
lifetime of the httpd main process the bucket number can be bound to the slot
number such that: bucket = slot % num_buckets.
This both simplifies the logic and helps children maintenance per bucket in
threaded MPMs, where previously perform_idle_server_maintenance() could create
or kill children processes for the buckets it was not in charge of.
Stefan Eissing [Tue, 12 Mar 2019 09:21:17 +0000 (09:21 +0000)]
*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
Fixed. [Michael Kaufmann]
Stefan Eissing [Thu, 7 Mar 2019 09:41:15 +0000 (09:41 +0000)]
*) mod_http2: new configuration directive: ```H2Padding numbits``` to control
padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
controlling the range of padding bytes added to a frame. The actual number
added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE
frames equally. The default continues to be 0, e.g. no padding. [Stefan Eissing]
*) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2
has no more need for it. Optional functions are still declared but no longer implemented.
While previous mod_proxy_http2 will work with this, it is recommeneded to run the matching
versions of both modules. [Stefan Eissing]
*) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which
resolve PR63170. The proxy module does now a single h2 request on the (reused)
connection and returns. [Stefan Eissing]
Fix a parsing error when using Ant 1.9.13 without the external Xerces (2.9.0) and Xalan (2.7.1).
The error is: "filter-expr(funcall(current, []), [pred(=(step("attribute", 39), literal-expr(section)))])'. Cause: Erreur lors de la vérification du type de l'expression 'filter-expr(funcall(current, []), [pred(=(step("attribute", 39), literal-expr(section)))])"
This takes us 1 step closer to use Ant 1.9+ and remove Xerces and Xalan from the build chain.
Patch tested with the current doc build chain (Ant 1.6.5 + Xerces + Xalan) on the 2.4.x branch.
Even if actually we don't have any "<Foo>" and "Foo" directives, I've checked that the doc is built correctly in such a case.
Stefan Eissing [Tue, 26 Feb 2019 09:55:44 +0000 (09:55 +0000)]
*) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status
to trigger immediate shutdown of backend connections. This is now always signalled
by mod_http2 when the the session is being released.
proxy_http2 now only sends a PING frame to the backend when there is not already one
in flight. [Stefan Eissing]
*) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
loop when encountering certain errors on the backend connection.
See <https://bz.apache.org/bugzilla/show_bug.cgi?id=63170>. [Stefan Eissing]
Yann Ylavic [Wed, 20 Feb 2019 23:08:15 +0000 (23:08 +0000)]
http: Fix possible empty response with mod_ratelimit for HEAD requests.
Don't eat the EOS in ap_http_header_filter() if it comes in single brigade
with a full response to a HEAD request, otherwise mod_ratelimit will never
flush its pending data.
projects / apache / log