Checkout Tools
  • last updated 7 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1862051 is being indexed.

* modules/proxy/mod_proxy.c (create_proxy_config): Tag the pool.

* modules/lua/mod_lua.c (lua_post_config, create_vm_spec): Tag pools.

* modules/dav/main/mod_dav.c (dav_send_multistatus): Tag the pool.

mod_md: copy recent fixes, adding new sources to mod_md.dsp

Adding module to CMakeLists, needs testing.

* modules/dav/main/props.c (dav_do_prop_subreq): Allocate escaped URI

out of propdb pool, fixing small per-resource leak during a PROPFIND


Submitted by: jorton, rpluem

Simplify handling of short-lived pool for dav_propdb in mod_dav. No

functional change.

* modules/dav/main/props.c (dav_popen_propdb): Rename from

dav_open_propdb, take a pool argument.

(dav_open_propdb): Reimplement in terms of above, using


(dav_propfind_walker): Switch to using dav_open_propdb

with scratchpool.

* Leave a breadcrumb note for another backport proposal that needs to be done.
Set connectiontimeout for mod_proxy_hcheck.

Fix for

*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol

- supports the new challenge method 'tls-alpn-01'

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

    • ?
    • ?
    • ?
    • ?
    • ?
    • ?
  1. … 34 more files in changeset.
mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.


After reinstatement of DSO support in APR/APR-util, revert r1837437,

r1837435, r1834553, r1833598, r1833452, r1833383, r1833368.

Undoes the following:

mod_ssl: OpenSSL now initializes fully through APR, use that.

mod_ssl: build with LibreSSL.

LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).

So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7

compatibility-exceptions are handled explicitely but overall it's simpler.

Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the

former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,

while the latter has never been (and will never be) defined. So don't call any

with LibreSSL.

Follow up to r1833368: share openssl between modules.

Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto

can use the same crypto library (e.g. openssl), use the new APR crypto loading

API so that they can work together and initialize/terminate the lib either once

for all or on demand and reusable by the others.

Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.

Make use of the new apr_crypto_rng API if available.

French doc rebuild.

French doc rebuild.

xml fr doc update.

french doc rebuild.

Version num update.

Version num mismatch.

Misplaced contextlist tag.

xml fr doc update.

Add support for SHA-2 crypt() algorithm in htpasswd.

* Detect SHA-2 support in crypt().

* support/passwd_common.h: Define ALG_CRYPT_SHA256, ALG_CRYPT_SHA512,

include ap_config_auto.h.

* support/htpasswd.c (check_args): Allow -2, -5, -r arguments for

SHA-256, SHA-256 and rounds options respectively.

* support/passwd_common.c

(parse_common_options): Parse -2, -5, -r args.

(mkhash): Generate crypt hash for SHA256/SHA512 algorithms.


and run during the "normal" phase of ./config.status rather than as init-cmds.

* Move modules.c creation to config.status.

* Fix enabling httpdunit w/o --enable-reduced-exports.

* build/ Remove test-suite (builddir-specific) vars

from installed

* server/scoreboard.c (open_scoreboard): Create the scoreboard in the

parent of pconf rather than creating another global pool.

PR: 43471

Note that rotatelogs -D was added in 2.4.34.

PR: 46669

* server/util.c: Make "nul" symbol private.

Add an --enable-reduced-exports configure option to link libmain.a

using ld's --whole-archive mode and avoid building exports.c entirely.

This reduces the size of a minimal httpd binary by 18% on Linux/x86_64

(687K to 560K) with no difference to the set of symbols available to


This option is only appropriate to use if using a shared libapr*

build, hence is non-default.

* Add --enable-reduced-exports; disable httpdunit build

if used. Define AP_FORCE_EXPORTS if not enabled (default) in place


* server/main.c (ap_suck_in_APR): Only build if AP_FORCE_EXPORTS is


* Link using LIBMAIN_LIB.

* server/ Conditionally build exports.c into libmain.

Clarify pool lifetime constraints when modifying ap_server_config_defines.

PR: 63516

test RedirectRelative in trunk

followup to r1861542: return early from error path

avoid setting a location: header of a non-URL 500 error path