Roy T. Fielding [Thu, 10 May 2001 01:47:47 +0000 (01:47 +0000)]
Eventually we will want to only find openssl once regardless of how
many modules depend on it, so make the check an autoconf macro.
Note that this still isn't being checked "the autoconf way", but it
is better than what we have now.
I'm not sure about the -R stuff, but I am told that Solaris won't
build without it. This is something that should be tested using
AC_TRY_LINK rather than assuming openssl isn't already on the ld path.
Martin Kraemer [Tue, 8 May 2001 08:54:24 +0000 (08:54 +0000)]
Try to auto-detect the location of the OpenSSL stuff. The old logic was
incorrect anyway (it tested for .../ssl/ssl.h and then used .../include/ssl.h).
Now we have a configurable list of candidates, each with:
a name, an include path, a lib path, and a list of libs.
Roy T. Fielding [Tue, 8 May 2001 04:42:26 +0000 (04:42 +0000)]
When no specific location of openssl is given, we need to check the
places where people install upgraded software first, since otherwise
we will get the older versions installed by the OS distribution. That's
very bad for us because we are requiring a version of openssl that is
more recent than most of the Linux distros.
When finding the openssl helper program, check both the PATH and the default
install dirs, since openssl isn't normally included on a user's path.
Use APR_ADDTO to add to the make macros in order to avoid duplicates.
Jeff Trawick [Mon, 7 May 2001 16:24:14 +0000 (16:24 +0000)]
minor scoreboard/status improvements:
. get the SS field in extended status output formatted correctly
(seconds since beginning of request shouldn't be a huge
negative number :) )
. use APR_OS_PID_T_FMT and pid_t where appropriate in mod_status
to avoid casting, some of which may have been broken on some
architectures
Bill Stoddard [Mon, 7 May 2001 14:03:59 +0000 (14:03 +0000)]
Get mod_cern_meta to work on Windows. The problem was in the
"skip leading slash" logic, which is inheriently broken on Windows
because full Windows filenames begin with a drive letter or UNC
path.
Ryan Bloom [Sun, 6 May 2001 23:27:14 +0000 (23:27 +0000)]
Back out the recent change to ap_get_brigade, to make it use indirection
again. The problem is that the amount of data read from the network,
is not necessarily the amount of data returned from the filters. It is
possible for input filters to add bytes to the data read from the network.
To fix the original bug, I just removed the line from ap_get_client_block
that decremented r->remaining, we allow the http_filter to do that for
us.
Port ssl_util_table.[ch] to Apache 2.0 by just removing all platform
depended code (table_read, table_write). This is possible because this
table library is local to mod_ssl and inside mod_ssl this library is
used for manipulating hash tables inside shared memory segments only. So
we can just get rid of the unportable parts at all.
Change mostly all old module structure hooks and EAPI hooks to
ap_hook_xxx equivalents. More work has to be done here to clean all this
up and reduce to a minimum...
Axe writev(2) support from the SSL I/O layer because in Apache 2.0 we no
longer handle the bottom line of I/O ourself. Additionally this again
simplifies mod_ssl's I/O part for later transition to mod_tls's approach
with buckets.
Axe most WIN32 stuff from Apache 1.3. In Apache 2.0 we either use APR
later for this or we don't do it at all. But we certainly no longer want
to see any platform specific things inside a module.
Axe out SSL_CONSERVATIVE stuff which for Apache 1.3 did I/O data
pre-sucking on POST requests and I/O re-injection in case of SSL
renegotiations. This all either cannot be solved any longer or at least
has to be implemented totally different through I/O layering/filtering.
Axe out SSL_USE_SDBM stuff, i.e., get rid of the local SDBM copy and use
APR's DBM API instead. The remaining question just is whether APR's DBM
allows "larger" things like SSL sessions to be stored...
Axe out the complete SSL_COMPAT stuff. Because Apache 2.0 is already
incompatible at many places to Apache 1.3 we also don't want this stuff
anymore. Apache 2.0's mod_ssl will be mostly compatibile with Apache
1.3's mod_ssl, of course. But we really no longer want to be compatible
to Sioux and other obsolete SSL things...
Start writing down incompatibilities to mod_ssl 2.x from Apache 1.3.
Our general goal is to axe down mod_ssl to a minimum, because what we
don't have anymore we don't have to port and as simpler mod_ssl becomes.
Nevertheless we will try to minimize incompatibilities if possible.
Axe out EAPI-based SSL_VENDOR stuff.
If we want this later again, we have to do it differently anyway. So,
for now we try to strip down mod_ssl as heavy as possible and hence we
kick out this stuff at all.
Finalize the build environment by integrating the last thing (the
lex/yacc stuff) into Makefile.in and getting rid of the old Apache 1.3
Makefile.tmpl file.
Greg Stein [Sat, 5 May 2001 11:18:01 +0000 (11:18 +0000)]
Fix a bug in the input handling. ap_http_filter() was modifying *readbytes
which corresponded to r->remaining (in ap_get_client_block). However,
ap_get_client_block was *also* adjusting r->remaining. Net result was that
PUT (and probably POST) was broken. (at least on large inputs)
To fix it, I simply removed the indirection on "readbytes" for input
filters. There is no reason for them to return data (the brigade length is
the return length). This also simplifies a number of calls where people
needed to do &zero just to pass zero.
I also added a number of comments about operations and where things could be
improved, or are (semi) broken.
Get rid of libssl.modules and libssl.version. libssl.version we
no longer need, because mod_ssl no longer has its own version.
libssl.modules is now more or less (except for the old custom Apache 1.3
configuration rules) replaced by the Autoconf based config.m4.
Allow mod_tls and mod_ssl coexists without interfering each other by
renaming the --with-ssl option of mod_tls to --with-tls. This way we can
use --enable-ssl/--with-ssl for mod_ssl and --enable-tls/--with-tls for
mod_tls.
Joshua Slive [Thu, 3 May 2001 22:33:41 +0000 (22:33 +0000)]
Conversion to XHTML.
The plan is to continue converting the rest of the docs to XHTML, so if you
have any objections, please voice them now on apache-docs.
Submitted by: James Sutherland <jas88@cam.ac.uk>
Reviewed by: Joshua Slive, William A. Rowe, Jr.
Ryan Bloom [Tue, 1 May 2001 21:59:26 +0000 (21:59 +0000)]
Fix the logic for saving data onto the heap before sending it. Basically,
we have to use nbytes+flen when figuring out how much data we have,
and when looking at the fact that we have a buffer to save aside before
sending it, we also need to look at the length, to ensure that we aren't
saving too much.
Submitted by: Bill Stoddard and Ryan Bloom
Greg Stein [Tue, 1 May 2001 18:43:09 +0000 (18:43 +0000)]
Add a comment about an assumption we make in our keepalive buffering.
Delay the check for "too many items in an iovec" until we actually try to
put something in there. This allows that N+1 bucket to be an EOS, FLUSH,
FILE, or zero-length bucket without triggering a split. Only if that next
bucket has iovec data will a split be made.
Jeff Trawick [Tue, 1 May 2001 11:17:07 +0000 (11:17 +0000)]
Initialize a local variable to prevent a gcc warning about
possible use before set. The code was fine but it is best
to keep gcc quiet lest we stop paying attention.
Ryan Bloom [Sun, 29 Apr 2001 17:05:49 +0000 (17:05 +0000)]
Create Files, and thus MMAPs, out of the request pool, not the
connection pool. This solves a small resource leak that had us
not closing files until a connection was closed. In order to do
this, at the end of the core_output_filter, we loop through the
brigade and convert any data we have into a single HEAP bucket
that we know will survive clearing the request_rec.
Submitted by: Ryan Bloom, Justin Erenkrantz <jerenkrantz@ebuilt.com>,
Cliff Woolley
Roy T. Fielding [Sun, 29 Apr 2001 05:24:11 +0000 (05:24 +0000)]
Completely revamp configure so that it preserves the standard make
variables CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS and LIBS by moving
the configure additions to EXTRA_* variables. Also, allow the user
to specify NOTEST_* values for all of the above, which eliminates the
need for THREAD_CPPFLAGS, THREAD_CFLAGS, and OPTIM. Fix the setting
of INCLUDES and EXTRA_INCLUDES. Check flags as they are added to
avoid pointless duplications. Fix the order in which flags are given
on the compile and link lines.
backing out this part of the recent apxs change
otherwise `apxs -q INCLUDEDIR' is broken using the default layout
PR:
Obtained from:
Submitted by:
Reviewed by:
Jeff Trawick [Fri, 27 Apr 2001 18:29:11 +0000 (18:29 +0000)]
Allow module names to be hyphenated in the --enable-mods-shared
argument. Previously, we passed through a user-specified hyphen into
the name of the shell variable, yielding an invalid variable name.
Martin Kraemer [Fri, 27 Apr 2001 15:16:41 +0000 (15:16 +0000)]
Prevent a core dump (openssl_state_machine.c is completely infected with
assert()s in place of sensible error handling) when a server-root-relative
certificate path is given (which is what most users are going to try first).
assertion "n > 0" failed: file "openssl_state_machine.c", line 142
That does NOT fix the openssl_state_machine.c though., So, never try to
use invalid certs, missing keys or other fancy "1st time user" stuff.