Doug MacEachern [Thu, 22 Nov 2001 00:42:35 +0000 (00:42 +0000)]
get rid of 'apctx' table that used to live in SSL_get_app_data2(ssl)
change app_data2 to be the request_rec itself.
if something needs per-request context in the future,
it can use r->request_config
Doug MacEachern [Thu, 22 Nov 2001 00:25:00 +0000 (00:25 +0000)]
move c->notes.ssl::verify::depth to SSLConnRec.verify_depth
note: may actually be removed unless somebody can figure out why it is in
there to begin with
PR:
Obtained from:
Submitted by:
Reviewed by:
Doug MacEachern [Wed, 21 Nov 2001 22:58:28 +0000 (22:58 +0000)]
get rid of SSL_get_app_data2_idx() which had a race condition when
writing to app_data2_idx, and another inside OpenSSL when calling
SSL_get_ex_new_index().
add SSL_init_app_data2_idx() to provide the same functionality but in
a safe place: called during ssl_init_Module
PR:
Obtained from:
Submitted by:
Reviewed by:
Ryan Bloom [Wed, 21 Nov 2001 18:25:40 +0000 (18:25 +0000)]
Fix a bug in our output filter buffering. If a lot of small brigades are
sent, the core will send the first 16 buckets, regardless of how much
data there is. In the pathological case, this can cause a lot of 16
byte packets. Now, if we see less than AP_MIN_BYTES, we combine
all of the buckets into a single bucket to be sent in a later packet.
This can cause a lot of memory copies, but it eases our network traffic.
Jeff Trawick [Wed, 21 Nov 2001 16:22:05 +0000 (16:22 +0000)]
when this module's resolver calls were apr-ized recently we removed
the include of specific system header files; this left the opportunity
for htons() to be undefined... do something explicit for htons() so
we don't have to worry about what apr_network_io.h brings with it
Doug MacEachern [Wed, 21 Nov 2001 03:19:13 +0000 (03:19 +0000)]
Prevent segv in ap_note_basic_auth_failure() when no AuthName is configured
PR:
Obtained from:
Submitted by: John Sterling <sterling@covalent.net>
Reviewed by: dougm
Bill Stoddard [Tue, 20 Nov 2001 21:34:18 +0000 (21:34 +0000)]
Win32: Move the call to fetch the network addresses into the accept loop
and out of the worker threads. This makes it a bit easier to implement
accept loop processing in modules outside the MPM.
Bill Stoddard [Tue, 20 Nov 2001 19:03:21 +0000 (19:03 +0000)]
Win32 bug fix:
Move call to setsockopt(SO_UPDATE_ACCEPT_CONTEXT) (to cause the accept socket
to inherit the listener attributes) to after a connection has been accepted.
This piece of code prior to this fix was just wrong; not sure why I never
saw warning messages on NT or 2000.
Jeff Trawick [Tue, 20 Nov 2001 18:27:07 +0000 (18:27 +0000)]
Get IPv6 vhosts working (again ?).
There were a couple of bogus IPv4-specific comparisons which prevented
the data structures from being built correctly in ap_fini_vhost_config().
One of these (INADDR_ANY) can be easily rewritten to work with IPv6. The
other (DEFAULT_VHOST_ADDR) isn't necessary for IPv6. Note that this is
because we don't support the various flavors of _default_ that
Apache-1.3+KAME-patch supports.
Bradley Nicholes [Mon, 19 Nov 2001 23:33:15 +0000 (23:33 +0000)]
Fixed the AWK script so that it will pick up functions that have been
declared on multiple lines such as create_connection in connection.h.
Otherwise multi-line declared functions are omitted from the export list.
Doug MacEachern [Mon, 19 Nov 2001 22:37:57 +0000 (22:37 +0000)]
add input filter AP_MODE_INIT support to handshake before reading
request data from the client.
PR:
Obtained from:
Submitted by: dougm
Reviewed by: wrowe
Doug MacEachern [Mon, 19 Nov 2001 22:36:20 +0000 (22:36 +0000)]
add new input filter mode AP_MODE_INIT:
allows filters such as mod_ssl to initialize a client connection
(ie handshake) before reading request data from the client.
PR:
Obtained from:
Submitted by: dougm
Reviewed by: wrowe
Bill Stoddard [Sat, 17 Nov 2001 07:54:34 +0000 (07:54 +0000)]
Externalize the functions to manage the mpm's queue of completion_contexts.
Now a module can produce to the queue of contexts that the worker threads
consume from.
Aaron Bannert [Fri, 16 Nov 2001 19:24:27 +0000 (19:24 +0000)]
My 2pfennig. I'd like to see more of a technical reason why we should
replace the tried and tested prefork MPM with the newfangled hybrid
threaded/process worker MPM (of which I am one of the more recent
contributors and evangelists).
Aaron Bannert [Fri, 16 Nov 2001 18:28:25 +0000 (18:28 +0000)]
Conversion from old apr_lock_t to new apr_thread_mutex_t
(only converting INTRAPROCESS locks at this time).
I don't see how this used to work, which also means I'm not entirely
sure if it works now. It really didn't look like it was allocating
the correct size before. It compiles and SSL still works in my limited
tests, but I'd appreciate a second opinion.
Ryan Bloom [Thu, 15 Nov 2001 20:55:13 +0000 (20:55 +0000)]
Fix the SSL filter logic. The SSL filter is not a network filter, because
it does not actually do the reading and writing to the network. By
moving that filter to in between CONNECTION and NETWORK filters, we ensure
that SSL is always called before the core.
Ryan Bloom [Thu, 15 Nov 2001 20:49:54 +0000 (20:49 +0000)]
Pull lingering close out of the pool cleanup phase. This was causing too
many bugs. Instead, it is called where it used to be called. I have
abstracted some of the logic out of the lingering close so that it gets
the socket from the connection using the core's conn_config vector. This
is in anticipation of a change to use a hook for the lingering close,
which I hope to do soon.
Ryan Bloom [Thu, 15 Nov 2001 05:05:20 +0000 (05:05 +0000)]
Fix a file descriptor leak in mod_include. When we include a
file, we use a sub-request, but we didn't destroy the sub-request
immediately, instead we waited until the original request was
done. This patch closes the sub-request as soon as the data is
done being generated.
This passes all tests in the test suite.
Submitted by: Brian Pane <bpane@pacbell.net>
Reviewed by: Ryan Bloom and Cliff Woolley
Ryan Bloom [Thu, 15 Nov 2001 04:39:55 +0000 (04:39 +0000)]
FTYPE_CONTENT - 1 isn't enough for OLD_WRITE. OLD_WRITE is a special
filter, and it MUST run absolutely first. To allow other filters a little
space to manuver, I am moving this to FTYPE_CONTENT - 10.
Submitted by: John Sterling <sterling@covalent.net>
Ryan Bloom [Wed, 14 Nov 2001 23:13:27 +0000 (23:13 +0000)]
Port the worker MPM to the new accept model. This has passed every
test in the test suite (except Limit tests). We waste a bit of space
with the listensocks array, which is the exact same as the ap_listeners
list, but we have done that for a while. I'll fix that soon.
Ryan Bloom [Wed, 14 Nov 2001 21:18:47 +0000 (21:18 +0000)]
Get the proxy module compiling again. This is a hack to get past the
current compiler errors. Basically, the core now puts the socket
in the conn_rec->conn_config vector. The proxy grabs that socket and
uses it where it used to use the client_socket field from the conn_rec.
Long-term, all of the direct socket communication needs to be removed,
and this should go through a filter stack. Short-term, this gets the
proxy working again.
I have tested http and connect, but I haven't looked at the FTP proxy,
although it does compile now.
Aaron Bannert [Wed, 14 Nov 2001 18:56:18 +0000 (18:56 +0000)]
Turns out this is causing problems on my linux box (libtool 1.3.5), so
I'm going to remove it until I or someone else can come up with a better
way to check for and link against libssl and libcrypto for mod_ssl.so.
Aaron Bannert [Wed, 14 Nov 2001 07:50:00 +0000 (07:50 +0000)]
Convert tabs to spaces, and a couple other style changes. No functional
changes. I checked with the rewrite.t perl-framework test to make sure
it still passes.
Ryan Bloom [Wed, 14 Nov 2001 00:38:16 +0000 (00:38 +0000)]
Move this to a HOOK_MIDDLE location. We need to add some logic to
make sure that we have a socket that the core controls if we do this,
but it is more correct.
Ryan Bloom [Tue, 13 Nov 2001 22:42:38 +0000 (22:42 +0000)]
Allow modules that add sockets to the ap_listeners list to
define the function that should be used to accept on that
socket. Each MPM can define their own function to use for
the accept function with the MPM_ACCEPT_FUNC macro. This
also abstracts out all of the Unix accept error handling
logic, which has become out of synch across Unix MPMs.
The code flow is much easier now for different transports:
1) During pre-config, post-config or while parsing the config
file, add a socket to the ap_listeners list, making sure to
define an accept function at the same time.
2) MPMs find the correct listener, and call the accept function
that was defined in step 1.
3) That accept function returns a void pointer, which is passed
to the create_connection hook.
4) create_connection adds the correct low-level filters.