In verify_ocsp_status in ssl_engine_ocsp.c, the log message, "OCSP response not successful: %d" should print the value of r instead of rc.
The value of rc will always be 0.
Stefan Eissing [Thu, 7 Dec 2017 15:11:13 +0000 (15:11 +0000)]
On the trunk:
mod_ssl: renamed section <SSLPolicy to <SSLPolicyDefine. Fixed behaviour
for new server config merge flag. Denying global, only once used directives
inside a SSLPolicyDefine.
Be less tolerant when parsing the credencial for Basic authorization. Only spaces should be accepted after the authorization scheme. \t are also tolerated.
The current code accepts \v and \f as well.
The same behavior is already used in 'ap_get_basic_auth_pw()' which is mostly the same function as 'get_basic_auth()'.
Some small optimization:
- use 'ap_cstr_casecmpn' instead of 'strncasecmp'
- use 'apr_table_setn' when parameters are constant
- avoid some memory allocation if the module can not handle a request
Joe Orton [Wed, 29 Nov 2017 09:07:48 +0000 (09:07 +0000)]
Support IPv6 link-local scope IDs in Listen and VirtualHost, if built
with APR 1.7 or later:
* server/listen.c (match_address): New function, factored out from
find_listeners.
(find_listeners): Use it; add scope and temp pool arguments.
(alloc_listener): Take scope_id and pool arguments and pass through;
set zone for addresses if present.
(ap_set_listener): Pass through temp pool and scope id.
* server/vhost.c (get_addresses): Set zone for vhost address if
present.
Stefan Eissing [Tue, 28 Nov 2017 15:13:20 +0000 (15:13 +0000)]
On the trunk:
mod_md: v1.0.5, restricting post_config dry run to be more silent and performing
only necessary work for mod_ssl to be also happy with the configuration.
Stefan Eissing [Thu, 23 Nov 2017 13:55:25 +0000 (13:55 +0000)]
On the trunk:
mod_md: v1.0.4, removed the 'a2md' utility command from build. Only used in github
testing. Avoid problems with our build system that had problems after the latest
changes to make a clean initial build. Remove the windows a2md.dsp therefore also.
Joe Orton [Fri, 17 Nov 2017 17:14:32 +0000 (17:14 +0000)]
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Check username
does not contain a colon before constructing Authorization header
for FakeBasicAuth mode. (Also constify 'user' variable.)
Stefan Eissing [Thu, 16 Nov 2017 16:50:58 +0000 (16:50 +0000)]
On the trunk:
mod_md v1.0.3: fixes for getting stalled on new license agreemnet from CA. Job properties persisted now to preserve change when watchdog child changes.
Follow up to r1815264
Get items in dsw files, BuildBin.dsp that didn't make 1815264
Make sure abs builds before a2md so applink.c in OpenSSL 1.1.0 gets copied
into same location as it exists in 1.0.2.
Luca Toscano [Sat, 11 Nov 2017 19:20:01 +0000 (19:20 +0000)]
core: silently ignore a not existent file path when IncludeOptional
is used.
In https://bz.apache.org/bugzilla/show_bug.cgi?id=57585 some use cases
were reported in which IncludeOptional seems to be too strict in its
sanity checks.
This change is a proposal to relax IncludeOptional checks to silently
fail when a file path is not existent rather than returning SyntaxError.
Rainer Jung [Sat, 11 Nov 2017 10:36:17 +0000 (10:36 +0000)]
Look for serf-1 instead of serf-0 during configure.
Using a fixed major version might not be the best
choice but using a fixed outdated one is even worse.
Yann Ylavic [Thu, 2 Nov 2017 21:49:43 +0000 (21:49 +0000)]
mpm_unix(es): cleanup properly on exit in one_process mode.
We can't destroy ap_pglobal because clean_child_exit() runs in DSO which would
be unloaded under us, so use atexit() to defer the final apr_terminate().
Improve mod_proxy_html doc
- add some links and color highligh
- remove some <var> (i.e. italic) around parameters that should be written unmodified (On|Off...)
Stefan Eissing [Mon, 30 Oct 2017 14:27:18 +0000 (14:27 +0000)]
*) mod_http2: avoid unnecessary data retrieval for a trace log. Allow certain
information retrievals on null bucket beams where it makes sense. [Stefan Eissing]
unixd.c: In function ‘ap_unixd_mpm_set_signals’:
unixd.c:579:5: error: implicit declaration of function ‘apr_signal’; did you mean ‘strsignal’? [-Werror=implicit-function-declaration]
apr_signal(SIGPIPE, SIG_IGN);
^~~~~~~~~~
strsignal
Not sure where it comes from, maybe related to r1812301.
Stefan Eissing [Mon, 23 Oct 2017 11:55:33 +0000 (11:55 +0000)]
On the trunk:
*) mod_md: v1.0.1, ServerName/Alias names from pure-http: virtual hosts are no longer
auto-added to a Managed Domain. Error counts of jobs are presisted. When the server
restarts (gracefully) any errored staging areas are purged to reset the signup/renewal
process.
Rainer Jung [Mon, 16 Oct 2017 21:41:15 +0000 (21:41 +0000)]
Fix format pattern (%lu => %APR_SIZE_T_FMT).
Detected by maintainer mode compilation and GCC error:
.../modules/metadata/mod_remoteip.c:
In function 'remoteip_input_filter':
.../include/http_log.h:117:33:
error: format '%lu' expects argument of type
'long unsigned int', but argument 8 has type
'apr_size_t {aka unsigned int}' [-Werror=format=]
util_expr_eval.c: In function ‘ap_expr_eval_re_backref’:
util_expr_eval.c:265:63: error: comparison between pointer and zero character constant [-Werror=pointer-compare]
if (!ctx->re_pmatch || !ctx->re_source || *ctx->re_source == '\0' ||
Rainer Jung [Mon, 16 Oct 2017 09:22:38 +0000 (09:22 +0000)]
Fix maintainer mode with GCC/Clang.
Setting -Wstrict-prototypes in combination
with -Werror leads to compiler errors during
configure checks (autoconf generates incomplete
prototypes).
Adding -Wno-error=strict-prototypes lets the
compiler tolerate those.
Possible future enhancement: remember such
"configure time only" flags and remove them
from CFLAGS before generating our build time
files (Makefile, config_vars.mk etc.), so that
the full -Werror is in place during building.
Yann Ylavic [Sat, 14 Oct 2017 16:27:14 +0000 (16:27 +0000)]
Follow up to r1740928: including NOT_IN_PROXY in NOT_IN_DIR_LOC_FILE is both
incomplete and not backportable, fix it by introducing NOT_IN_DIR_CONTEXT and
restoring NOT_IN_DIR_LOC_FILE to its previous value.
Per ap_check_cmd_context(), NOT_IN_DIR_LOC_FILE actually/really means "not in
any directory context", while the definition itself does not include all the
existing directory contexts (e.g. <Limit>, or <Proxy> before r1740928).
This is a bit of a misnomer, at least, so instead of (ab)using it by adding the
missing contexts (in an incompatible way), let's define NOT_IN_DIR_CONTEXT to
really exclude all directory context (i.e. NOT_IN_DIR_LOC_FILE + NOT_IN_LIMIT +
NOT_IN_PROXY) and use it wherever NOT_IN_DIR_LOC_FILE was used.
This is by itself a major MMN bump (modules not compiled with this commit and
having directives checked against NOT_IN_DIR_LOC_FILE won't be caught the same
way by NOT_IN_DIR_CONTEXT in the new ap_check_cmd_context() code), but with the
below change, 2.4.x should work as before:
- if ((forbidden & NOT_IN_DIR_CONTEXT) == NOT_IN_DIR_CONTEXT) {
+ if ((forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE) {
if (cmd->path != NULL) {
return apr_pstrcat(cmd->pool, cmd->cmd->name, gt,
- " cannot occur within directory context", NULL);
+ " cannot occur within <Directory/Location/Files/Proxy> "
+ "section", NULL);
}
...
}
projects / apache / log