Rainer Jung [Tue, 22 Jan 2019 09:27:15 +0000 (09:27 +0000)]
Copy the "Note about /" note from the Location
explanation to the LocationMatch explanation.
Probably more people use LocationMatch than
Location with "~".
Update css to have permalink more in line with httpd.a.o:
- default to white (blue on dark-blue is not really visible)
- visible only when the mouse is over the corresponding heading
When a :port is included in the CacheKeyBaseURL the ":" is lost from the actual cache key value. This doesn't harm apache by itself, the real problem arise if some external program which "knows" about the cache keys structure is used to modify the cache.
When CacheKeyBaseURL is not use, the ":" is kept.
So, be consistent when building the key and keep the ":" in all cases.
PR 53915 [Rein Tollevik <rein basefarm.no>]
+ merge 2 lines of a comment to have it more compact
Currently 'ap_proxy_get_worker()' can't get matched pre-defined worker because
of different uri formatting in 'proxy_wstunnel_canon()' and ap_proxy_define_worker()'
Joe Orton [Wed, 9 Jan 2019 09:34:34 +0000 (09:34 +0000)]
* modules/aaa/mod_authn_dbm.c (fetch_dbm_value): No functional change:
return APR_SUCCESS rather than rv, which is guaranteed to be
APR_SUCCESS in current code.
Jim Jagielski [Tue, 8 Jan 2019 13:12:34 +0000 (13:12 +0000)]
This just got me. I upgraded macOS to Mojave (w/ latest Xcode) and I always build w/ maintainer-mode. The problem is that libxml2 will include various unicode/*.h files that have C++ type comments, which causes building to fail (due to Werror). Work around this.
Stefan Sperling [Sun, 23 Dec 2018 09:26:56 +0000 (09:26 +0000)]
Avoid hard-coded "%ld" format strings in mod_deflate's logging statements.
On some platforms (e.g. OpenBSD) zlib's input/output counters are off_t
instead of ulong, which resuls in format-string warnings from some
compilers (e.g. clang). Work around this by upcasting to uint64_t.
Discussed on dev@ with ylavic and wrowe
Graham Leggett [Sun, 25 Nov 2018 21:15:21 +0000 (21:15 +0000)]
core: Split out the ability to parse wildcard files and directories
from the Include/IncludeOptional directives into a generic set of
functions ap_dir_nofnmatch() and ap_dir_fnmatch().
I have choosen "unlikely" because this bug has been around for ever ([1]) and the pool is only "cleared"; that is to say, the data is still valid, but the memory *could* be re-used.
Stefan Eissing [Mon, 5 Nov 2018 10:37:32 +0000 (10:37 +0000)]
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
Yann Ylavic [Sun, 28 Oct 2018 20:55:43 +0000 (20:55 +0000)]
Revert r1844928 and follow up r1844942.
Actually *len can be > 0 here, at least without a change I'm working on but now
think should be discussed first probably. Anyway r1844928 alone is broken, just
rollback for now.
Luca Toscano [Sat, 20 Oct 2018 09:21:47 +0000 (09:21 +0000)]
mod_headers.xml: clarify the difference between
onsuccess vs always
In PR 62380 a user was confused why Header set always
was not overriding a header set by a HTTP backend managed
via mod_proxy_http. The difference between 'onsuccess'
and 'always' is really subtle, even if somebody is familiar
with r->headers_out and r->err_headers_out and the httpd's
internals.
As Stefan mentioned over email, the absence of a "normalized"
headers list in the response should be explained, so I tried to
do so in this commit.
Ruediger Pluem [Tue, 16 Oct 2018 12:55:01 +0000 (12:55 +0000)]
* Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}.
The certificates and keys loaded during configuration time got lost during
runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
level and there was an SSL directive at directory level, e.g. SSLRequire.
This fixes a regression likely introduced in r1740928.
Rainer Jung [Mon, 15 Oct 2018 21:14:21 +0000 (21:14 +0000)]
SSL_read() doesn't distinguish between return value 0 and <0,
at least not for OpenSSL 1.1.1. This is documented in the man
page for SSL_read and let to h2 failures when using OpenSSL 1.1.1.
When no data could be read, our code returned EAGAIN up until
OpenSSL 1.1.0, but APR_EOF for OpenSSL 1.1.1.
Now instead check SSL_get_error() also when SSL_read() returns 0.
To keep changes small, this change should not influence behavior,
when (rc=SSL_read()):
- rc < 0
- rc == 0 && *len > 0
- rc == 0 &&
(APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc) &&
inctx->block == APR_NONBLOCK_READ
Behavior changes if
- rc == 0 &&
!(APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc) &&
!*len > 0
Instead of APR_EOF:
- same behavior as rc < 0 for SSL_ERROR_WANT_READ
- same behavior as rc < 0 for SSL_ERROR_SYSCALL && APR_STATUS_IS_EAGAIN(inctx->rc)
Another change is that rc == 0 && ssl_err == SSL_ERROR_ZERO_RETURN
also results in APR_EOF.
Ruediger Pluem [Mon, 15 Oct 2018 19:25:20 +0000 (19:25 +0000)]
* Ensure that aborted connections are logged as such.
Set c->aborted before apr_brigade_cleanup to have the correct status
when logging the request as apr_brigade_cleanup triggers the logging
of the request if it contains an EOR bucket.
Luca Toscano [Sat, 13 Oct 2018 12:10:49 +0000 (12:10 +0000)]
md_acme_drive.c: remove unused variable
Compiling in maintainer mode leads to a failure
due to challenges_configured initialized but
not used. Removing it seems harmless, Stefan
please let me know if this is not the case.
Stefan Eissing [Thu, 11 Oct 2018 11:22:55 +0000 (11:22 +0000)]
On the trunk:
mod_md: eliminating compiler warnings re signedness and unused. Adding a APLOG_WARNING
when the only available ACME challenge is "tls-sni-01" since Let's Encrypt will
disable that completely beginning of 2019.
Eric Covener [Wed, 10 Oct 2018 21:47:53 +0000 (21:47 +0000)]
mpm_event: avoid AH00484 with idle threads
mpm_event: Stop issuing AH00484 "server reached MaxRequestWorkers..." when
there are still idle threads available. When there are less idle threads than
MinSpareThreads, issue new one-time message AH10159. Matches worker MPM.
Stefan Eissing [Wed, 10 Oct 2018 11:35:48 +0000 (11:35 +0000)]
mod_http2: adding defensive code for stream EOS handling, in case the request handler
missed to signal it the normal way (eos buckets). Addresses github issues
https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167
and https://github.com/icing/mod_h2/issues/170.
Luca Toscano [Tue, 9 Oct 2018 12:29:08 +0000 (12:29 +0000)]
mod_session_cookie: avoid adding the Set-Cookie header
in both r->headers_out and r->err_headers_out
to avoid duplication.
In session_cookie_save it seems that ap_cookie_write is called
with r->headers_out and r->err_headers_out, ending up in the same
Set-Cookie header on both tables and eventually duplicated in the
HTTP response. I took Emmanuel's patch and trimmed out the bits
that remove the header only from r->err_headers_out (leaving it
to do the work on both tables) as attempt to change this bit of code
in the most conservative way as possible. Sending a commit for
a broader review.
Evgeny Kotkov [Tue, 9 Oct 2018 12:16:08 +0000 (12:16 +0000)]
mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
responses allowing these modules to properly set or fix-up the response
headers such as Vary or ETag.
This change follows up on r1837056 that disabled that special handling and
thus resulted in a potential violation of RFC7232, 4.1:
The server generating a 304 response MUST generate any of the following
header fields that would have been sent in a 200 (OK) response to the
same request: Cache-Control, Content-Location, Date, ETag, Expires,
and Vary.)
projects / apache / log