Checkout Tools
  • last updated 8 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1651080 is being indexed.

Merge r1601291, r1601630 from trunk:

mod_proxy: Shutdown (eg. SSL close notify) the backend connection

before closing.

mod_proxy: follow up to r1601291.

Since deferred_write_pool is needed by the core_output_filter and is a subpool

of the connection, shutdown in a pre_cleanup of the connection's pool to avoid

a freed memory access (SEGV).

Reported By: takashi

Submitted by: ylavic

Reviewed/backported by: jim

Merge r1601919, r1650061 from trunk:

mod_ssl: dump SSL IO/state for the write side of the connection(s), like reads.

mod_ssl: follow up to r1601919.

Likewise when set from SNI callback.

Submitted by: ylavic

Reviewed/backported by: jim

Merge r1601184, r1601274, r1601185 from trunk:

mod_ssl: Ensure that the SSL close notify alert is flushed to the client.


Submitted By: Tim Kosse <tim.kosse>, ylavic

Committed By: ylavic

mod_ssl: SSL_smart_shutdown(): follow up to r1601184.

Use SSL_get_wbio() to comply with OPENSSL_NO_SSL_INTERN.

Stop SSL shutdown loop when flush fails.

mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout

expires. PR54998.

Submitted by: ylavic

Reviewed/backported by: jim


vote, promote


XML update.

Merge r1640495, r1644031 from trunk

* mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198.

Submitted by: jkaluza

Reviewed by: jkaluza, ylavic, covener

Backported by: jailletc36

Merge r1630947, r1645670 from trunk

* mod_ssl: Check if we are having an SSL connection before looking up SSL

related variables during expression evaluation to avoid a crash.

If not return NULL as ssl_var_lookup_ssl does by default. PR 57070

Submitted by: rpluem

Reviewed by: jailletc36, ylavic, covener

Backported by: jailletc36

Merge r1644503 from trunk

* mod_proxy_ajp: Fix handling of the default port (8009) in the

ProxyPass and <Proxy> configurations. PR 57259.

Submitted by: ylavic

Reviewed by: ylavic, jim, covener

Backported by: jailletc36

* modules/dav/main/config.m4: Remove long-redundant expat reference.

Add copy and paste typo fix to proposal.


Fix copy and paste error in docs of new feature.


Add some easy votes.



  1. … 6 more files in changeset.
Add SSLSessionTickets (on|off).

It controls the use of TLS session tickets

(RFC 5077). Default is unchanged (on).

Using session tickets without restarting

the web server with an appropriate frequency

(e.g. daily) compromises perfect forward


As long as we do not have a nice key management

there should be a way to deactivate session


save some bytes per Christophe's review.

Update mod_ssl's IO/state dump proposal.
mod_ssl: follow up to r1601919.

Likewise when set from SNI callback.

update mod_ssl.html.en transformation
Add support for extracting subjectAltName entries of type

rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n


* docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the

environment variables table

* modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction

of subjectAltName entries for the "StdEnvVars" case

* modules/ssl/ssl_engine_vars.c: add support for retrieving the

SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with

individual on-demand lookup (ssl_var_lookup_ssl_cert_san),

or with full-list extraction to the environment ("StdEnvVars")

* modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype

* modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and

SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common

code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where

suitable. Limit SSL_X509_getSAN to the two most common subjectAltName

entry types appearing in user or server certificates (i.e., rfc822Name

and dNSName), for the time being.

* modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8

and SSL_X509_getSAN prototypes

mod_proxy: Don't put non balancer-member workers in error state by

default for connection or 500/503 errors, and honor status=+I for

any error. PR 48388.

Add CHANGE for r1649632
Add PR
Add missing 'filemod' in functions list + minor formatting issue + long line split
Be consistant with the code below which accepts lower or upper case.