The style police have arrested mod_alias on charges of violating law and
order. It has been released after submitting to rehabilitation.
(No functional changes.)
The only remaining question ... are nested or strictly unnested locks
expected by OpenSSL? Right now I've left it as _DEFAULT for the platform
preference. Very simple code really - the server_rec was superfluous.
Jeff Trawick [Mon, 3 Jun 2002 18:14:44 +0000 (18:14 +0000)]
make a note about an issue listed as a showstopper
even with no change, user can --disable-threads so I wonder if
this should really be a showstopper; it would be nice to get
feedback from the user on my patch
Jeff Trawick [Mon, 3 Jun 2002 15:25:11 +0000 (15:25 +0000)]
On OS/390, the compiler/linker front-end doesn't handle
"-L/path/to/lib after "-o target". After looking into build failures,
it turned out that we specify EXTRA_LDFLAGS twice (once before "-o
target" and once after "-o target") for httpd and for the support
utilities.
Ian Holsman [Fri, 31 May 2002 21:21:10 +0000 (21:21 +0000)]
add 2 new enviornment variables to deal with misbehaving backends
"proxy-nokeepalive" which removes the Connection: line completely
"force-proxy-request-1.0" which forces the request to be HTTP/1.0
this allows apache to reverse proxy misbehaving appservers
Enable SSL negotation in ab.c. It is that, or remove all the entirely
BOGUS ssl config options from ab.c. If it works, nifty, if not, we now
have directives that have some effect, rather than no effect, for SSL.
Bradley Nicholes [Fri, 31 May 2002 17:52:51 +0000 (17:52 +0000)]
Fixed the @exp_cgidir@ replacement value so that it resolves to the correct
location when the AWK file generates the default httpd.conf file for NetWare.
Fix the case where we generate both a 401 and 413 and we go bonkers.
- If an error would drop the connection, we do not return the top-level
error anymore as we will assume this new one takes precedence over the
original error. This also ensures that we will not read the input
body (which is the point of returning these special error messages in
the first place).
- The ap_discard_request_body return value in ap_die() must be checked
to make sure we don't encounter this recursive case and print two errors.
Kudos to Jeff Trawick for his sample input which pointed this out.
Fix the case where if there is no ErrorDocument specified for an error,
the error would be sent to the client *twice* because both the filter
and the core would trigger error responses.
The problem is that the filters have already handled some errors (say 413)
and due to the ap_get_client_block API, the error was morphed into 400.
Therefore, ap_discard_request_body must use brigades directly rather than
the ap_get_client_block API so that any potential errors are not dropped.
The special value AP_FILTER_ERROR indicates that the lower level has
already dealt with this problem (ap_die() will realize this). Otherwise,
we'll error with HTTP_BAD_REQUEST and ap_die() will take it from there.
This also prevents needless memory copies when we are just going to
discard it anyway.
Thanks to Cliff Woolley who found this wacky problem.
Cliff Woolley [Fri, 31 May 2002 05:03:09 +0000 (05:03 +0000)]
fix some major badness: error buckets *cannot* use simple_copy because
they're not simple buckets. they have a private data structure which
gets freed. if you're going to copy them and share whatever ->data points
to (which is what simple_copy does), you have to refcount the structure,
which is the whole point of apr_bucket_refcount and apr_bucket_shared_copy.
Removing mod_bucketeer from the output filters seems to be the cure. Why?
So, this isn't a showstopper since no one will enable bucketeer in
production.
Aaron Bannert [Fri, 31 May 2002 00:23:34 +0000 (00:23 +0000)]
This fixes a failed assert when r->remaining is left in a negative
state and we hit some other error (like permission failure) causing
an internal redirect causing us to reevaluate the input buffers
(for discarding the request body).
- Fix case where the initial chunk length was 0 was not handled correctly.
- Fix bucket lifetimes so that they don't live longer than their brigades.
That's not nice.
- Simplify some usage of f->r->connection to f->c in the bucket creation
calls.
Cliff Woolley [Thu, 30 May 2002 22:39:08 +0000 (22:39 +0000)]
This definitely gets the award for least useful error message of the month.
Not only should it just say "can't do that on win32," which is after all
the bottom line, it was spitting out openssl error messages which were
totally useless. Eg:
[30/May/2002 17:31:17 05760] [error] Init: PassPhraseDialog BuiltIn not
supported in server private key from file
F:/Apache/Apache2/conf/ssl/secure.key (OpenSSL library error follows)
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D084069:asn1
encoding routines:d2i_ASN1_SET:bad tag
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D09D082:asn1
encoding routines:d2i_RSAPrivateKey:parsing
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D09B00D:asn1
encoding routines:d2i_PrivateKey:ASN1 lib
Which is essentially saying "OpenSSL couldn't read your private key because
it was encrypted, and we can't get the passphrase the way you asked us to
on this platform."
Brought to my attention by the inquiry of: Chris Hsiang <chsiang@ivivos.com>
Thanks for verifying these are valid, Doug. Now this [much shorter]
list should be living in our STATUS file. Question of module maps
and file layout is already off to the list.
Add a PROXYREQ_RESPONSE value for request_rec->proxyreq because it is
possible that there can be different behavior at the protocol level if
request_rec isn't really a request but a response.
This stems from the fact that request bodies must be indicated by
Content-Length or Transfer-Encoding, but response bodies do not. The
recent change to ap_http_filter to return EOS if there isn't a body broke
proxy. Therefore, there must be some way for the proxy to indicate that
this is a response. Accordingly, ap_http_filter can allow the BODY_NONE
iff this is a response.
Since r->proxyreq is set to PROXYREQ_PROXY even for the original request
from the client, that value isn't sufficient. Hence, the introduction of
PROXYREQ_RESPONSE.
Cliff Woolley [Thu, 30 May 2002 05:57:33 +0000 (05:57 +0000)]
Imagine the horror. I go to try compiling PHP4, and it bombs out on
r->boundary. BUT WAIT, I say, we have a test in there for that:
#if !MODULE_MAGIC_AT_LEAST(20020506,0). The test doesn't seem to be
working. That's odd, I think. So I go look at the ap_mmn.h. Egad,
the tests are totally backwards. How on earth are we going to handle this?
Surely it's wrong in 1.3.x as well. So I go look. Nope, turns out it
got fixed TWO YEARS AGO in that repository. Sigh. Anyway, thanks Greg.
:)
Apply same patch to mod_cgid that was applied to mod_cgi so that it
bypasses the *_client_block calls in favor of using the input filters
and brigades directly.
Cliff Woolley [Thu, 30 May 2002 05:04:32 +0000 (05:04 +0000)]
Yet another reason the MMN needs to get bumped. If there are changes
that anyone's been holding off on because they would affect the MMN, might
as well get them in now so we minimize the number of releases with MMN
changes. I believe there are more renames pending in APR that should be
done sooner rather than later, for example.
Cliff Woolley [Thu, 30 May 2002 00:35:25 +0000 (00:35 +0000)]
Thanks Ryan for cleaning up after my laziness. :) Here are just a few
last little changes. ->datafile should be initialized... but doing so
brings up the fact that the check in run_rewritemap_programs() was
expecting ->datafile to have a string attached to it. For clarity,
let's just use argv[0] there. And since we've reinstated the use of
->checkfile, we no longer need that extra apr_stat() I hacked in,
so let's get rid of it.