Doug MacEachern [Tue, 26 Mar 2002 16:57:49 +0000 (16:57 +0000)]
per-dir SSLCACertificate{File,Path} cannot use SSL_CTX_set_cert_store
as the 1.x based module does, since the function is not thread-safe.
a patch has been submitted to OpenSSL to support SSL_set_cert_store
which is thread safe. this feature is enabled by default in the
current 1.x based module, we only enable it if the SSL_set_cert_store
function is available.
Doug MacEachern [Tue, 26 Mar 2002 15:42:21 +0000 (15:42 +0000)]
performance enhancement: mod_ssl config directives that can have both
a per-server and per-dir context were configuring the per-dir context
for per-server commands. this triggered ssl_hook_Access to always
compare the per-server context against per-dir configs that were
exactly the same.
Doug MacEachern [Tue, 26 Mar 2002 00:30:47 +0000 (00:30 +0000)]
PR:
Obtained from:
Submitted by:
Reviewed by:
fix bug seen on win32 with netscape client where output filter is run
triggered by lingering_close after ssl_hook_CloseConnection has been called
-i and -u were deprecated some time ago, they still work in 1.3, but
shouldn't be expected to work in 2.0. Replacement command line options
are -k install|uninstall
Brian Pane [Sun, 24 Mar 2002 06:42:14 +0000 (06:42 +0000)]
Small performance optimization for find_end_sequence(): when we find
the start of a directive, scan through the rest of it in a minimal
loop before popping back out to the main char-at-a-time parser loop
Richard Bowen [Sat, 23 Mar 2002 03:23:15 +0000 (03:23 +0000)]
Completed going through mod/code.xml ensuring that every directive
contains at least one example. A little additional clarification a few
places. Updates STATUS to reflect the status of this task.
Ryan Bloom [Fri, 22 Mar 2002 21:45:44 +0000 (21:45 +0000)]
We have to return valid HTTP status codes from filters. This fixes two
cases in the core_output_filters where there was a problem, and the core
returned an error code instead of an HTTP status code. This keeps us from
putting status codes like 32 and 104 in the access log.
Graham Leggett [Fri, 22 Mar 2002 18:34:46 +0000 (18:34 +0000)]
When a proxied site was being served, Apache was replacing
the original site Server header with it's own, which is not
allowed by RFC2616. Fixed.
PR:
Obtained from:
Submitted by:
Reviewed by:
Jeff Trawick [Fri, 22 Mar 2002 02:56:56 +0000 (02:56 +0000)]
Fix a mod_cgid problem that left daemon processes stranded
in some server restart scenarios.
It relied on getting SIGHUP to die, but it wasn't careful
about establishing the SIGHUP handling it needed so after
apachectl restart, SIGHUP was ignored since the new cgid
daemon process inherited a signal(SIGHUP,SIG_IGN) done by
the MPM during its restart logic.
Aaron Bannert [Thu, 21 Mar 2002 19:40:06 +0000 (19:40 +0000)]
Added exp_foo and rel_foo variables to config_vars.mk for all Apache and
Autoconf path variables (like --sysconfdir, --sbindir, etc). exp_foo is
the "expanded" version, which means that all internal variable references
have been interpolated. rel_foo is the same as $exp_foo, only relative
to $prefix if they share a common path.
This will be used in apxs.in and apachectl.in to allow Apache installs
to be relocated as long as the same relative directory structure remains.
Currently this is only possible if you use the Apache layout, but not
with other layouts or any overridden --foodir paths.
Jeff Trawick [Thu, 21 Mar 2002 19:12:54 +0000 (19:12 +0000)]
Don't drop connections during graceful restart. Previously, worker
threads could exit even though there were connections waiting in the
queue.
Now, for a graceful restart the worker threads won't exit until they
are told that the queue has been drained and no more connections will
ever be added.
Jeff Trawick [Thu, 21 Mar 2002 16:31:39 +0000 (16:31 +0000)]
graceful shutdown (no dropped connections) requires that the listener
go away before the workers... introduce separate XXX_may_exit flags
for our different categories of threads so that a future fix for
graceful shutdown can terminate them in the right order
rename signal_workers() to signal_threads() and give it a parameter
so it knows whether or not termination should be graceful
this commit doesn't change the behavior in any noticeable way; the
flags used to tell threads to go away are still set at about the same
time
Graham Leggett [Thu, 21 Mar 2002 12:05:45 +0000 (12:05 +0000)]
Change the header merging behaviour in proxy, as some headers
(like Set-Cookie) cannot be unmerged due to stray commas in
dates.
PR:
Obtained from:
Submitted by:
Reviewed by:
Correct our list of escape characters to include percent and the
carriage return on Win32/OS2, and modify the \r \n escaping to account
for the fact that Win32/OS2 don't pass these characters through a true
argv[] mechansim; replace them with a whitespace since they effectively
are for most applications.
Brian Pane [Thu, 21 Mar 2002 04:17:11 +0000 (04:17 +0000)]
Performance optimization: use a temp buffer on the stack instead
of a malloc'ed buffer in regexec() in cases where the required
buffer size is small.
This will help us avoid a malloc/free pair when executing mod_rewrite
rules that use $1/$2/etc to reference sequences in the matched pattern.
Note: I've also submitted this change as a patch for PCRE, but because
the next PCRE release isn't planned until later this year I'm
committing it to the httpd-2.0 copy of PCRE in the meantime.
Jeff Trawick [Wed, 20 Mar 2002 23:29:13 +0000 (23:29 +0000)]
in a worker thread, don't dare try to process a connection if
ap_queue_pop() failed... csd is not cleared by ap_queue_pop()
so checking csd is not helpful
Jim Jagielski [Wed, 20 Mar 2002 22:19:11 +0000 (22:19 +0000)]
Fold the compiled-in knowledge of the allowable AcceptMutex settings into
its help entry. Requires the use of a extern string rather than a function
call for the initialization to be valid in the macro (Thx to Jeff!).
In the meantime, bump down the error logging until we deal with true
default and configured setting information ala 1.3.
Jeff Trawick [Wed, 20 Mar 2002 19:53:18 +0000 (19:53 +0000)]
write a debug message to the log when we're stuck in the sicko state
of trying to take over scoreboard slots that aren't going to be released
(we could also be stalled while taking over slots if a thread in child
gracefully terminating is serving a long-running request)
update a comment describing the sicko state to remove any information
I'm not absolutely sure of
Jim Jagielski [Wed, 20 Mar 2002 16:44:13 +0000 (16:44 +0000)]
Bring 2.0 up to parity, a bit, with how much info we provide to
the admin regarding valid values for AcceptMutex. Should also
tell 'em what "default" actually maps to, but that can wait.
Greg Ames [Wed, 20 Mar 2002 16:05:33 +0000 (16:05 +0000)]
OS/390: install apachecore.[dll|x] in lib/ rather than bin/ .
The LIBPATH env var already must contain the path to lib/ in order to pick up
apr and apr-util. If we install the core dll there as well, LIBPATH becomes
simpler.
Jeff Trawick [Wed, 20 Mar 2002 12:03:49 +0000 (12:03 +0000)]
ap_rset_content_type() should take const char * instead of char *
this is friendlier to callers and r->content_type is const char *
too so it isn't harmful
Here's the patch that really sucks. old_listeners points to an array
of apr_socket objects already destroyed by their cleanups, and in any
case they now live in invalid memory. Extend their lifetimes.
This implies that the process pool grows on every restart for no good
reason. One possible solution is to let the old pconf survive until
the new pconf is alive. Another is to create the listeners in a subpool
of process->pool, destroyed after the old_listeners are closed.
Either which way, a better solution exists, but this closes the immediate
bug. [How haven't we been segfaulting in unix on restarts before this
patch, gurus?]
The source of some ills ... there is no reason to keep going if the
scoreboard exists. I suspect this should be a general cleanup as well
[at the end of ap_create_scoreboard.] But calling ap_run_pre_mpm with
the process->pool should take care of a clobbered scoreboard shm on
graceful restart.
Jeff Trawick [Wed, 20 Mar 2002 03:54:25 +0000 (03:54 +0000)]
Make the listener thread stop accepting new connections and exit
cleanly at graceful restart time. This is a basic requirement of
reliable graceful restarts (the kind that won't drop connections).
This allows a future fix to make worker threads hang around until
they service all connections previously accepted by the listener
thread.
The old mechanism of doing a dummy connection to wake up the
listener thread in each old child process didn't work. It didn't
guarantee that (in the main thread) the byte was read from the pod
and global variables were set before the listener thread grabbed
the connection. It didn't guarantee that a child process in the
new generation didn't get some of the dummy connections.
Rather than burn extra syscalls adding a unique socket or pipe
to the poll set (and breaking single listen unserialized accept
in the same change), this uses a signal sent from the main thread
to the listener thread to break it out of the poll or accept.
(We don't worry about breaking it out of the optional mutex because
the child process holding the mutex will break out of poll/accept
and release the mutex, allowing a child blocked in the mutex to
get it. Eventually all children blocked in the mutex will come
out.)
Since the listener thread now exits reliably, the main thread
joins it.
Jeff Trawick [Wed, 20 Mar 2002 03:38:07 +0000 (03:38 +0000)]
get the start thread to exit when we have reached termination but
it is still trying to create worker threads
previously, after a non-graceful restart followed by a terminate
you could see a bunch of log messages showing the parent repeatedly
sending SIGTERM and finally SIGKILL to one or more children...
with this change, the sequence of messages should stop very soon
add a comment to start_threads() describing a current problem
Jeff Trawick [Tue, 19 Mar 2002 21:31:04 +0000 (21:31 +0000)]
"apachectl stop" shouldn't send the gracefully-terminate char down
the pod... the child processes need to know that it isn't a graceful
termination and they shouldn't wait for old connections to finish
Greg Stein [Tue, 19 Mar 2002 10:11:33 +0000 (10:11 +0000)]
The underlying change here was to add the new WebDAV/DeltaV methods
now that it has an RFC. At the same time, I revamped a good chunk of
the name <-> number mapping code in http_protocol.c
* add M_FOO constants for the new RFC 3253 (DeltaV) methods. label
where each of the builtin methods comes from.
* moved METHOD_NUMBER_FIRST/LAST from http_protocol.h into
http_protocol.c since they weren't used anywhere else and they
weren't namespace-protected.
* create register_one_method() and use it to insert all builtin
methods (at _init() time) and extended methods into the registry.
* add a lookup_builtin_method() to quickly map a method name to a
builtin method number.
* rebuild ap_method_number_of() to use the new lookup function.
* revamp ap_method_name_of() to use the registry to locate the name
for any method number. add a pool argument (no callers in the core
code needed to be updated)
* revamp make_allow() to deal with the new method numbers and all
extended methods.
* in mod_dav, use the new method numbers rather than registering the
DeltaV methods.
projects / apache / log