Ruediger Pluem [Thu, 29 Nov 2007 21:48:18 +0000 (21:48 +0000)]
* Detabify and make spacing in HTML code the same as before r593816. This
avoids that the autoindex test (t/modules/autoindex) fails. Adjusting
the autoindex test would cause it to fail with older versions and would
make it harder to recognize regressions.
* modules/ssl/ssl_private.h: Add prototypes, config options to
modssl_ctx_t.
* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
dispatching OCSP requests.
* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
OCSP validation.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
OCSP validation if configured, and the cert is so-far verified to be
trusted. Fail if OCSP validation is configured an the optional-no-ca
check tripped.
* modules/ssl/config.m4: Check for OCSP support, build new files.
* modules/ssl/mod_ssl.dsp: Build new files.
* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
interfaces.
PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>
Eric Covener [Wed, 28 Nov 2007 22:19:00 +0000 (22:19 +0000)]
Perform all per-LDAP-backend related memory allocations in a standalone pool,
provide a local method to completely remove an LDAP backend connection so
we can someday manage/dispose of extra connections in a reasonable way.
Clarify some commentary around the existing murky close/cleanup API
methods.
Minor bump for new members appended to util_ldap_connection_t, which is not
allocated by consumers of the API.
Paul J. Reder [Wed, 28 Nov 2007 01:43:57 +0000 (01:43 +0000)]
Stage 3 of refactoring. This reverses a couple of if checks so that the code is
easier to follow. The default svn diff looks ugle due to the spacing change. A
cleaner diff ignoring spacing changes can be found at:
http://people.apache.org/~rederpj/util_ldap_ignoring_spacing.diff
Paul J. Reder [Tue, 27 Nov 2007 23:06:44 +0000 (23:06 +0000)]
Refactoring stage 2. This commit moves a large chunk of utility code out to its own function
to make reading and maintaining the actual subgroup function easier. This should just be
shuffling code around and shouldn't result in any semantic changes.
Paul J. Reder [Tue, 27 Nov 2007 03:01:25 +0000 (03:01 +0000)]
Altered some comments and minor formatting of log calls in prep for a refactoring of this routine.
I wanted the diffs to be human readable and understandable. This should just be formatting and
shouldn't alter any semantics.
Joe Orton [Wed, 21 Nov 2007 13:35:59 +0000 (13:35 +0000)]
* modules/ssl/ssl_engine_log.c (ssl_log_ssl_error): Improve SSL error
log messages: retrieve and log the "data" string where available,
drop the redundant error number (always included in the error string
anyway), and clearly delineate both the "data" and "annotation" from
the error string itself.
PR: 43889
Submitted by: Dr Stephen Henson <steve openssl.org>, jorton
Jeff Trawick [Tue, 20 Nov 2007 14:46:52 +0000 (14:46 +0000)]
improve command-line parsing
example invocations now flagged as invalid:
specifying UTC offset with size-based rotation
specifying -l with size-based rotation
specifying both -l and UTC offset
range checking of integer parameters not attempted; basic data type issues may need
to be addressed first such as the use of unsigned int for max file size
Sander Temme [Sun, 18 Nov 2007 15:41:03 +0000 (15:41 +0000)]
* Move the Example modules to the newly created examples subdirectory
* Hopefully correctly fudge the NWGNU make files
* Add mod_example_ipc (without NWGNU stuff or dsp)
Jeff Trawick [Fri, 16 Nov 2007 12:36:25 +0000 (12:36 +0000)]
Finish up
http://svn.apache.org/viewvc?view=rev&revision=102066
http://svn.apache.org/viewvc?view=rev&revision=102205
from almost 4 years ago by removing abandoned logic from
the fixup hook.
Jim Jagielski [Wed, 14 Nov 2007 16:25:00 +0000 (16:25 +0000)]
Some fixes before we move this to an example's dir, but
remove the unneeded CORE_PRIVATE and bypass inf loop,
but *still* this is not intended to be a module to
*use* but rather as an example that yes, you can add
lbmethods via sub-module prvider.
Jeff Trawick [Wed, 14 Nov 2007 11:53:30 +0000 (11:53 +0000)]
core: Avoid some unexpected connection closes by telling the client
that the connection is not persistent if the MPM process handling
the request is already exiting when the response header is built.
Jim Jagielski [Tue, 13 Nov 2007 17:16:40 +0000 (17:16 +0000)]
Make life happy for people who don't have serf but
still use most... yeah, this means you need to explicitly
add mod_serf... no, this isn't a comment on how cool
mod_serf is :)
Paul Querna [Tue, 13 Nov 2007 04:20:50 +0000 (04:20 +0000)]
Add mod_serf, a reverse proxy module, which uses serf[1] as its http client library.
To enable, pass something like this to configure:
--enable-serf --with-serf=/usr/local/serf/0.1.2
To try it out, put something like this in your httpd.conf:
<Location />
SerfPass http://httpd.apache.org/
</Location>
LocationMatch and all related directives can also be used, magical eh?
Eric Covener [Thu, 8 Nov 2007 20:01:04 +0000 (20:01 +0000)]
while technically uldap_connection_cleanup() does leave an entry in the
connection list, it is fully disconnected before it's put back. My previous
commentary did more harm then good.
Graham Leggett [Wed, 7 Nov 2007 23:31:03 +0000 (23:31 +0000)]
core: Add the option to keep aside a request body up to a certain
size that would otherwise be discarded, to be consumed by filters
such as mod_include. When enabled for a directory, POST requests
to shtml files can be passed through to embedded scripts as POST
requests, rather being downgraded to GET requests.
Eric Covener [Wed, 7 Nov 2007 14:43:26 +0000 (14:43 +0000)]
Stop registering a cleanup on each LDAP connection created, this cleanup was
never called because it's registered against pconf in the child. LDAP
connections are created in the child and not shared between children, so no
action should be required at child exit
Additionally, clarify comments around uldap_connection_cleanup()
Joe Orton [Tue, 6 Nov 2007 20:49:09 +0000 (20:49 +0000)]
* modules/ssl/ssl_engine_io.c (ssl_io_filter_handshake): Renamed from
ssl_io_filter_connect since the function performs a handshake in
either client or server mode, not a "connect". No functional change.
(both callers updated)
Joe Orton [Tue, 6 Nov 2007 15:34:35 +0000 (15:34 +0000)]
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Don't send Upgrade
for a subrequest. When it *is* sent, list it in a Connection: header
as required by 2616.
Joe Orton [Tue, 6 Nov 2007 15:02:32 +0000 (15:02 +0000)]
mod_ssl: Fix forever-broken TLS upgrade support; perform the upgrade
in the post_read_request hook rather than in a filter, and fix the
filter insertion issue:
* modules/ssl/ssl_engine_kernel.c (upgrade_connection): New function,
mostly moved from ssl_io_filter_Upgrade.
(ssl_hook_ReadReq): Call upgrade_connection to upgrade to TLS if
required.
* modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove
function.
(ssl_io_input_add_filter, ssl_io_filter_init): Take a request_rec
pointer and pass to ap_add_*_filter to ensure the filter chain
is modified correctly; remove it from the filter afterwards.
(ssl_io_filter_register): Drop UPGRADE_FILTER registration.
* modules/ssl/mod_ssl.c (ssl_init_ssl_connection): Take a request_rec
pointer, pass to ssl_io_filter_init.
(ssl_hook_pre_connection): Pass NULL request_rec pointer to above.
(ssl_hook_Insert_Filter): Remove function.
(ssl_register_hooks): Drop insert_filter hook.
Joe Orton [Mon, 5 Nov 2007 10:51:45 +0000 (10:51 +0000)]
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Use ap_log_rerror
in place of ap_log_error throughout.
(ssl_callback_SSLVerify): Use ap_log_cerror in place of ap_log_error
throughout.
Joe Orton [Fri, 2 Nov 2007 16:45:46 +0000 (16:45 +0000)]
Fix handling of buffered request body for per-location SSL
renegotiation when an internal redirect occurs:
* modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill): Remove
protocol-level filters before inserting the buffering filter.
(ssl_io_filter_buffer): Return an EOS if invoked with an empty
brigade; do not remove the filter after exhausting the buffer.
(ssl_io_filter_buffer): Increase the type of the buffer filter to be
AP_FTYPE_PROTOCOL.
Joe Orton [Fri, 2 Nov 2007 16:12:42 +0000 (16:12 +0000)]
* modules/ssl/ssl_engine_vars.c (ssl_var_register): Take a pool
argument; determine library version strings once at startup.
(ssl_var_lookup_ssl_version): Drop 'pp' argument; use new global
variables rather than modifying process-global state in a function
which must be thread-safe. (all callers changed)
* modules/ssl/mod_ssl.c (ssl_register_hooks): Pass pool to
ssl_var_register.
projects / apache / log