Joe Orton [Wed, 28 May 2014 19:14:28 +0000 (19:14 +0000)]
Create DH parameters from OpenSSL at module init, avoiding (very
minor) race and leaks:
* modules/ssl/ssl_engine_init.c (make_dh_params): Moved/rejigged
variant of make_get_dh() macro.
(init_dh_params, free_dh_params): New functions.
(modssl_get_dh_params): Split out from ssl_callback_TmpDH.
(ssl_init_Module, ssl_init_ModuleKill): Use new init_/free_.
* modules/ssl/ssl_engine_kernel.c: Moved out DH parameter handling.
(ssl_callback_TmpDH): Use modssl_get_dh_params.
Ruediger Pluem [Sat, 24 May 2014 20:55:52 +0000 (20:55 +0000)]
* Give ap_proxy_post_request as chance to act correctly on the status code
by setting r->status temporarily to access_status. r->status might be
different than access_status e.g. r->status could be HTTP_OK if e.g. we
override the error page on the proxy or if the error was not generated
by the backend itself but by the proxy e.g. a bad gateway.
Ruediger Pluem [Sat, 24 May 2014 20:28:56 +0000 (20:28 +0000)]
* Hand out the same DH structure in ssl_callback_TmpDH set by
SSL_CTX_set_tmp_dh_callback though once generated as we leak
memory otherwise and freeing the structure up after use would be
hard to track and in fact is not needed at all as it is safe to
use the same parameters over and over again security wise (in
contrast to the keys itself) and code safe as the returned structure
is duplicated by OpenSSL anyway. Hence no modification happens
to our copy.
Jeff Trawick [Thu, 22 May 2014 20:29:29 +0000 (20:29 +0000)]
the fixup hook should log (what is expected to be) local
path just like the translate name hook, for a small hint
when debugging 400 errors set just below
Jeff Trawick [Thu, 15 May 2014 20:19:10 +0000 (20:19 +0000)]
Ensure that min/max valid timestamps (milliseconds since the epoch)
make sense: no negative numbers, and require an input of "-" instead
of "0" to indicate that the timestamp isn't being provided.
Yann Ylavic [Wed, 14 May 2014 17:11:49 +0000 (17:11 +0000)]
mod_cache: follow up to r1591328.
Define the cache_merge_headers_out() function to merge r->err_headers_out into
r->headers_out and add the ones from r->content_type/encoding if available.
Use it in ap_cache_cacheable_headers_out() where the same is done and in
cache_save_filter() where this has to be done before updating the entry.
Add missing Server-Variables useable in RewriteCond directive.
Introduced in r1132494
CONTEXT_PREFIX
CONTEXT_DOCUMENT_ROOT
Introduced in r737973
IPV6
Missing for ages!
SCRIPT_GROUP
SCRIPT_USER
I have added where I found it logical, feel free to adjust.
I have also reordered this table to ease reading.
Finally, I have beautified some tables at the end.
Eric Covener [Sun, 11 May 2014 20:41:45 +0000 (20:41 +0000)]
Extend the socket callbacks in event to allow a timeout on the I/O callback.
When a socket callback has a timeout, an associated timer event is used to
remove the sockets from the pollset and call a timeout function.
* This includes a noteworthy change to the main event loop. Previously,
we would call epoll, then process the timer events, then iterate through the
poll results. After this patch, the timer events are processed before the poll()
a _non-queued_ action can change the pollset conents (a users timed callback
function conversely could easily sit in a queue while the main thread continues
down into epoll)
* timer events can now have sockets associated with them, those sockets are
removed from the pollset when the timer event fires w/o a queue to the worker.
* timer events now have a canceled flag that can be toggled without locking
the timer list.
* Drop the severity of some wstunnel messages from DEBUG to TRACE1
* Lift the restriction on using asynchronous websockets connections but having
an idle timeout
- Add missing links
- Fix extra ] spotted in online doc by emigas.
- Remove another ] introduced in Hearder syntax in r1588244
- s/variable/varname/ to match the text below it.
- Turn the syntax of both Header and RequestHeader to be:
header [value [replacement [early|env=[!]variable|expr=expression]]]
in order to match the code.
This removes the ambiguity of expr=<something> which can now be used in 2 different places in the syntax.
- Also remove the space in 'expr= value' in compatibility note, to help distinguish between the two
Ben Reser [Tue, 6 May 2014 05:00:21 +0000 (05:00 +0000)]
mod_dav: Fix invalid Location header when a resource is created by passing an
absolute URI on the request line.
Using r->unparsed_uri is wrong since it might contain a scheme, hostname and
port. See section 5.1.2 of RFC 2616, an absolute URI is allowed. The
unparsed_uri field is absolutely unparsed. The current code causes the
Location header to end up having the scheme, host and port included twice.
* modules/dav/main/mod_dav.c
(dav_created): Call ap_escape_uri() on r->uri when caller doesn't provide a
location.
Jeff Trawick [Wed, 30 Apr 2014 20:21:03 +0000 (20:21 +0000)]
Axe unnecessary memset() calls and allocating an extra
byte in an I/O buffer for '\0', which hasn't been needed
since a strstr("\r\n\r\n") was removed in r371428.
mod_cache: Preserve non-cacheable headers forwarded from an origin 304
response. PR 55547.
When mod_cache asks for a revalidation of a stale entry and the origin responds
with a 304 (not that stale), the module strips the non-cacheable headers from
the origin response and merges the stale headers to update the cache.
The problem is that mod_cache won't forward the non-cacheable headers to the
client, for example if the 304 response contains both Set-Cookie and
'Cache-Control: no-cache="Set-Cookie"' headers, or CacheIgnoreHeaders is used.
mod_cache: Don't add cached/revalidated entity headers to a 304 response.
PR 55547.
When the conditional request meets the conditions of the stale then revalidated
entry, the forwarded 304 response includes the entity headers merged from the
cached headers (before updating the entry).
Strip them before returning a 304.
Since the entity headers are stripped elsewhere, factorize the code using a
new table (MOD_CACHE_ENTITY_HEADERS[]) containing these headers's names.
mod_cache: Don't add cached/revalidated entity headers to a 304 response.
PR 55547.
When the conditional request meets the conditions of the stale then revalidated
entry, the forwarded 304 response includes the entity headers merged from the
cached headers (before updating the entry).
Strip them before returning a 304.
Since the entity headers are stripped elsewhere, factorize the code using a
new table (MOD_CACHE_ENTITY_HEADERS[]) containing these headers's names.
mod_cache: Don't add cached/revalidated entity headers to a 304 response.
PR 55547.
When the conditional request meets the conditions of the stale then revalidated
entry, the forwarded 304 response includes the entity headers merged from the
cached headers (before updating the entry).
Strip them before returning a 304.
Since the entity headers are stripped elsewhere, factorize the code using a
new table (MOD_CACHE_ENTITY_HEADERS[]) containing these headers's names.
projects / apache / log