Greg Stein [Tue, 3 Jun 2003 22:09:24 +0000 (22:09 +0000)]
mod_dav improvement: make dav_method_propfind stream its response,
rather than cache every <response> object and send the whole 207 at once.
Note: this patch doesn't affect the mod_dav provider API at all.
Providers still return property results in text-buffers, but mod_dav
then streams them out immediately.
Submitted by: Ben Collins-Sussman <sussman@collab.net>
Reviewed by: gstein, jerenkrantz, sander
* mod_dav.h (dav_walker_ctx): add a brigade field and a scratchpool field.
* mod_dav.c (dav_send_one_response): new helper function to write a
<DAV:response> into a brigade/filter. this code has been factorized
out of dav_send_multistatus.
(dav_begin_multistatus): new factorized helper func; creates brigade
and sends initial <multistatus> tag.
(dav_send_multistatus): create brigade, call dav_begin_multistatus,
and switch all ap_rputs calls to ap_fputs instead. call
dav_send_one_response when looping over response list. use a
subpool when iterating.
(dav_method_propfind): initialize walker ctx's brigade. initialize
ctx's scratchpool as a subpool of r->pool. Send a <multistatus> tag
before calling the provider's walk() function, and a </multistatus>
tag afterwards.
(dav_stream_response): new function, originally based on
dav_add_repsonse. don't build linked list of responses in memory;
just spew each response object into the brigade via
dav_send_one_response(). take an incoming pool argument to do the
temporary allocation and streaming.
(dav_propfind_walker): pass ctx->scratchpool to dav_stream_response,
and clear the pool when finished.
Mark J. Cox [Tue, 3 Jun 2003 10:51:47 +0000 (10:51 +0000)]
Be more consistant in how we label security issues
Promote the issues that have been allocated a full CVE name (to replace CAN)
PR:
Obtained from:
Submitted by:
Reviewed by:
The right patch (thanks to Eric for identifying the wrong patch) to move
SSL_library_init() into the register hooks phase. OpenSSL_add_ssl_algorithms
devolves to SSL_library_init, which is the same for most toolkits (and would
be accomodated in ssl_toolkit_config.h if not.)
Erik Abele [Sun, 1 Jun 2003 21:11:06 +0000 (21:11 +0000)]
"Comment out .gz etc. AddEncoding lines in our default configuration.
Current browsers have a tendency to decompress the data when no one really
wants it to do that. If you want the old behavior that leads to transparent
decompression by modern browsers, uncomment these lines. But, this
shouldn't be our default." (see httpd-std.conf.in r1.32, jerenkrantz)
Erik Abele [Sun, 1 Jun 2003 20:48:54 +0000 (20:48 +0000)]
Added a note, a vote and a section about some necessary doco
improvements.
Removed a section about building the man pages from XML source.
Also removed a section about possible cross references between the
different languages. Both was fixed by Andre recently.
Ken Coar [Sun, 1 Jun 2003 15:10:30 +0000 (15:10 +0000)]
Allow ExpiresByType to accept and understand minor-type wildcards
(e.g., text/*). They'll be used if an exact type match isn't
found; if there's no wildcard match, the expiry falls back to any
ExpiresDefault setting as usual.
Rich Bowen [Sat, 31 May 2003 22:00:27 +0000 (22:00 +0000)]
As per repeated discussion on this point, I don't think that anybody
wants to do the maintenance work necessary to keep the FAQ correct if a
million monkeys are submitting content. So, to keep it from coming up
Yet Again, removing the remark.
OpenSSL_add_all_algorithms is simply an alias for SSL_load_library.
Note that the entire schema of what-we-load-how follows from
OpenSSL 0.9.7's own apps/ example applications. More review
is greatly desired, but that's where I believed I should
start looking for the 'correct' order of operations.
Provide a far more useful explanation when SSLCryptoDevice fails to
find a device. Still would be nice to implement dynamic:{options}
but this gets us to display the usual, builtin devices.
We now load builtin engines up front, in the pre_config phase, because
this and any other config cmd processor must have an already valid
library config. So loading builtin engines becomes redundant in this
cmd handler.
Solve a pretty horrific bug in SSLCryptoDevice and other places where
the config cmd processors should be examining the SSL context. We must
initialize the SSL library before we can actually obtain any useful
information from the SSL library.
Based on list discussion between myself and Geoff, it seems prudent
to check for both the existence of the openssl/engine.h header file
and some 'expected function' such as ENGINE_init() (better suggestions
are welcome.) Also clear up some confusion; so long as we have
ENGINE_load_builtin_engines() we should attempt to preload those.
This patch protects all ENGINE-based code within the tests for the
engine header and function, and changes a version test into a
function test.
André Malo [Thu, 29 May 2003 15:49:49 +0000 (15:49 +0000)]
- add rel="alternate" attribute
- use rel and hreflang attribute only if the link points to another language
- add newlines for better diffs (the next will be a huge one ...)
As Geoff Thorpe <geoff@geoffthorpe.net> points out, we must perform our
compilation tests for the SSL_has_foo functions while we have completely
populated the config with 'standard' libraries from our apr configuration.
This allows us to compile more complex dependencies such as the test for
ENGINE_init(), which also requires -lsockets etc on Solaris for any
static build of OpenSSL. If this fails, we will have to research using
the pkgconfig/openssl.pc configuration to perform these precompile tests.
This restores the various HAVE_SSL_{FOO} macros for SSL-C and introduced
the proper test for HAVE_ENGINE_INIT.
The patch below reverts the prior commit to eliminate SSL_set_state().
Some additional work or research is required in order to pass the
perl-framework regressions, but I don't have the cycles and don't
care to leave the broken code in cvs HEAD.
REVERTING: wrowe 2003/05/19 08:13:19
Modified: modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c
ssl_toolkit_compat.h
Log:
Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin
rehandshaking the SSL connection, vis-a-vis ApacheSSL.
André Malo [Wed, 21 May 2003 23:01:59 +0000 (23:01 +0000)]
ad-hoc translation of AllowEncodedSlashes to German to get something into
the release. (no reference in the german docs otherwise)
Further review is desired!
Perform run-time query in apxs for apr and apr-util's includes.
This is required when they are in disjoint directories from httpd. Otherwise,
apxs won't pass their include information into the compiler and the
compilation will fail.
Sander Striker [Tue, 20 May 2003 23:09:00 +0000 (23:09 +0000)]
mod_dav providers define a 'can_be_activity' callback. Unfortunately,
mod_dav isn't calling it before creating an activity. This is a
required precondition (along with the resource not existing), as
defined in the deltaV RFC (3253), section 13.5.
* mod_dav.c (dav_method_make_activity): if available, call provider's
'can_be_activity' callback as a precondition to making an activity.
Submitted by: Ben Collins-Sussman <sussman@apache.org>
Reviewed by: Sander Striker
Bradley Nicholes [Tue, 20 May 2003 15:15:23 +0000 (15:15 +0000)]
Make sure that bucket allocator for each worker thread is created from a thread
specific pool. This prevents multiple threads from trying to clean up the same
pool at the same time.
André Malo [Mon, 19 May 2003 01:19:55 +0000 (01:19 +0000)]
Prevent the server from crashing when entering infinite loops. The
new LimitInternalRecursion directive configures limits of subsequent
internal redirects and nested subrequests, after which the request
will be aborted.
[William Rowe, Jeff Trawick, Andr� Malo]