Checkout Tools
  • last updated 8 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1706367 is being indexed.

update for sync with English docs.

Translated by: Nilgün Belma Bugüner <nilgun>

Reviewed by: Orhan Berent <berent>

We still need to flush on read during SSL/TLS (re)negotiation (removes jorton's vote).
Adds a hint to look at the 'Protocols' doc to enable this stuff.


Add link to the mod_http2 docs to the trunk version of the new_features

document, because this is exciting stuff.

Rebuild Eric's change from a few days ago.

mod_ssl: follow up to r1705823.

We still need to flush in the middle of a SSL/TLS handshake.

Add r1688341 to mod_substitute proposal, as noticed by wrowe.
changed h2_ to http2_ in configs
Do only on 2nd pass

Some motorz improvements


Merge r1703902 from trunk:

mod_proxy: Fix ProxySourceAddress binding failure with AH00938. PR 56687.

Proposed by: Arne de Bruijn <apache>

Reviewed by: ylavic

Submitted by: ylavic

Reviewed/backported by: jim



remove backported items
msUPN and dnsSRV now backported to 2.4.x
mod_ssl backports merged
update transformations
remove svn:mergeinfo property from docs/manual/rewrite/advanced.xml
merge r1703952 from trunk

Support compilation against libssl built with OPENSSL_NO_SSL3,

and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",

in accordance with RFC 7568. PR 58349, PR 57120.

Proposed by: kbrand

Reviewed by: ylavic, jorton

merge r1702643 from trunk

Append :!aNULL:!eNULL:!EXP to the cipher string settings,

instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7

and later). Enables support for configuring the SUITEB* cipher

strings introduced in OpenSSL 1.0.2. PR 58213.

Apply the same treatment to the "SSLOpenSSLConfCmd CipherString ..." directive.

Proposed by: kbrand

Reviewed by: ylavic, jorton

merge r1693792 from trunk

Add support for extracting the msUPN and dnsSRV forms

of subjectAltName entries of type "otherName" into

SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment

variables. Addresses PR 58020.

* docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_OTHER_*_n entries to the

environment variables table

* modules/ssl/ssl_engine_vars.c: add support for retrieving the


* modules/ssl/ssl_util_ssl.c: add parse_otherName_value, which

currently recognizes the "msUPN" ( and

"id-on-dnsSRV" ( otherName forms, and

adapt modssl_X509_getSAN to take an optional otherName form

argument for the GEN_OTHERNAME case

* modules/ssl/ssl_util_ssl.h: adapt modssl_X509_getSAN prototype

* modules/ssl/mod_ssl.c: register the id-on-dnsSRV otherName form

OID ( in OpenSSL's objects table

Proposed by: kbrand

Reviewed by: ylavic, jorton

merge r1674538, r1677143, r1677144, r1677145, r1677146, r1677149, r1677151,

r1677153, r1677154, r1677155, r1677156, r1677159, r1677830, r1677832,

r1677834, r1677835 from trunk

mod_ssl namespacing

Proposed by: kbrand

Reviewed by: ylavic, jorton

mod_ssl namespacing: Rename ssl_util_ssl.h macros from SSL_foo to MODSSL_foo.

For related discussion, see the dev@ thread starting at:

mod_ssl namespacing: Rename SSL_init_app_data2_idx, SSL_get_app_data2,

and SSL_set_app_data2 from SSL_* to modssl_*. Update references in

README.dsov.* files. Rename static variable SSL_app_data2_idx to just

app_data2_idx since the symbol is internal to ssl_util_ssl.c.

mod_ssl namespacing: SSL_read_PrivateKey -> modssl_read_privatekey

mod_ssl namespacing: SSL_smart_shutdown -> modssl_smart_shutdown

mod_ssl namespacing: SSL_X509_getBC -> modssl_X509_getBC

mod_ssl namespacing: Make SSL_ASN1_STRING_to_utf8 a static function inside

ssl_util_ssl.c (no callers outside this file). The new static function name

chosen is convert_asn1_to_utf8, based on the assumption that neither SSL_

nor ASN1_ are safe prefixes to use without potential future overlap.

mod_ssl namespacing: Rename SSL_X509_NAME_ENTRY_to_string to


mod_ssl namespacing: SSL_X509_NAME_to_string -> modssl_X509_NAME_to_string

mod_ssl namespacing: SSL_X509_getSAN -> modssl_X509_getSAN

mod_ssl namespacing: Make SSL_X509_getIDs a static function inside the

file ssl_util_ssl.c (no outside callers). Rename to just getIDs().

mod_ssl namespacing: SSL_X509_match_name -> modssl_X509_match_name

mod_ssl namespacing: SSL_X509_INFO_load_file -> modssl_X509_INFO_load_file

mod_ssl namespacing: Merge SSL_X509_INFO_load_path() into its only caller

ssl_init_proxy_certs() in ssl_engine_init.c. No functional change.

Review by: kbrand

mod_ssl namespacing: Move modssl_X509_INFO_load_file() into ssl_engine_init.c

and make it a static function called load_x509_info().

mod_ssl namespacing: Move SSL_CTX_use_certificate_chain() into ssl_engine_init.c

and make it a static function called use_certificate_chain().

mod_ssl namespacing: Rename SSL_SESSION_id2sz() to modssl_SSL_SESSION_id2sz().

    • ?
    • ?
Vote, promote.

Fix some style issues on files that can easily be synch'ed with 2.4.x
Synch 2.4.x and trunk.

Remove part of a comment that is not really useful. The type of the variables in the code (i.e. "worker_score *dest" and "worker_score *ws") is already explicit.

This part of the comment was not backported in r1610499.

mod_mpm_eventopt is no more, so remove reference to it
When shutting down a process, free resources early

Due to lingering connections, shutting down a process may take a very

long time. Free all recycled pools early in the hope that we can already

give some memory back to the OS.