Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1862014 is being indexed.

Set connectiontimeout for mod_proxy_hcheck.

Fix for

*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol

- supports the new challenge method 'tls-alpn-01'

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

    • ?
    • ?
    • ?
    • ?
    • ?
    • ?
  1. … 34 more files in changeset.
mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.


After reinstatement of DSO support in APR/APR-util, revert r1837437,

r1837435, r1834553, r1833598, r1833452, r1833383, r1833368.

Undoes the following:

mod_ssl: OpenSSL now initializes fully through APR, use that.

mod_ssl: build with LibreSSL.

LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).

So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7

compatibility-exceptions are handled explicitely but overall it's simpler.

Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the

former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,

while the latter has never been (and will never be) defined. So don't call any

with LibreSSL.

Follow up to r1833368: share openssl between modules.

Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto

can use the same crypto library (e.g. openssl), use the new APR crypto loading

API so that they can work together and initialize/terminate the lib either once

for all or on demand and reusable by the others.

Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.

Make use of the new apr_crypto_rng API if available.

French doc rebuild.

French doc rebuild.

xml fr doc update.

french doc rebuild.

Version num update.

Version num mismatch.

Misplaced contextlist tag.

xml fr doc update.

Add support for SHA-2 crypt() algorithm in htpasswd.

* Detect SHA-2 support in crypt().

* support/passwd_common.h: Define ALG_CRYPT_SHA256, ALG_CRYPT_SHA512,

include ap_config_auto.h.

* support/htpasswd.c (check_args): Allow -2, -5, -r arguments for

SHA-256, SHA-256 and rounds options respectively.

* support/passwd_common.c

(parse_common_options): Parse -2, -5, -r args.

(mkhash): Generate crypt hash for SHA256/SHA512 algorithms.


and run during the "normal" phase of ./config.status rather than as init-cmds.

* Move modules.c creation to config.status.

* Fix enabling httpdunit w/o --enable-reduced-exports.

* build/ Remove test-suite (builddir-specific) vars

from installed

* server/scoreboard.c (open_scoreboard): Create the scoreboard in the

parent of pconf rather than creating another global pool.

PR: 43471

Note that rotatelogs -D was added in 2.4.34.

PR: 46669

* server/util.c: Make "nul" symbol private.

Add an --enable-reduced-exports configure option to link libmain.a

using ld's --whole-archive mode and avoid building exports.c entirely.

This reduces the size of a minimal httpd binary by 18% on Linux/x86_64

(687K to 560K) with no difference to the set of symbols available to


This option is only appropriate to use if using a shared libapr*

build, hence is non-default.

* Add --enable-reduced-exports; disable httpdunit build

if used. Define AP_FORCE_EXPORTS if not enabled (default) in place


* server/main.c (ap_suck_in_APR): Only build if AP_FORCE_EXPORTS is


* Link using LIBMAIN_LIB.

* server/ Conditionally build exports.c into libmain.

Clarify pool lifetime constraints when modifying ap_server_config_defines.

PR: 63516

test RedirectRelative in trunk

followup to r1861542: return early from error path

avoid setting a location: header of a non-URL 500 error path

add RedirectRelative directive to allow relative Redirect targets

2616 forbade relative redirect URLs, but 7231 allows them

Early 2.2 maintenance levels did not fix them up, but later 2.2 and all 2.4

fixed them up with ap_construct_url().

Allow opt-in to not fixing up relative URLs with RedirectRelative

style: cmd_rec at the bottom

no functional change

Add missing space in default string of MimeOptions

- some missing syntax highlight

- a default value not refelcted in quickreference

- a missing link between

(r1861455 in trunk )


- some missing syntax highlight

- a default value not refelcted in quickreference

- a missing link between

Fix an example in doc

(1861448 in trunk)