httpd

Checkout Tools
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1862410 is being indexed.

Merge r1842010, r1841225, r1862039, r1862040, r1862042 from trunk:

* dav_stream_response processes data that has been allocated from the propdb

pool. Hence close the propdb *after* dav_stream_response which clears thei

probdb pool.

* Doing a PROPFIND on a large collection e.g. 50.000 elements can easily

consume 1 GB of memory as the subrequests and propdb pools are not

destroyed and cleared after each element was handled.

Do this now. There is one case in dav_get_props where elem->priv

lives longer then the propdb pool. In this case allocate from r->pool.

Furthermore also recycle propdb's which allows to clear the propdb's

pools instead of destroying them and creating them again.

Simplify handling of short-lived pool for dav_propdb in mod_dav. No

functional change.

* modules/dav/main/props.c (dav_popen_propdb): Rename from

dav_open_propdb, take a pool argument.

(dav_open_propdb): Reimplement in terms of above, using

r->pool.

(dav_propfind_walker): Switch to using dav_open_propdb

with scratchpool.

* modules/dav/main/props.c (dav_do_prop_subreq): Allocate escaped URI

out of propdb pool, fixing small per-resource leak during a PROPFIND

walk.

Submitted by: jorton, rpluem

* modules/dav/main/mod_dav.c (dav_send_multistatus): Tag the pool.

Reviewed by: rpluem, jorton, jim

Couple more small fixes.
And promote backport w/ at least 3 +1 votes

cast votes on tested patches

*) mod_ssl/mod_md:

Adding 2 new hooks for init/get of OCSP stapling status information when

other modules want to provide those. Falls back to own implementation with

same behaviour as before.

* Replace apr_psprintf with apr_pstrcat where the format strings only

contain %s to improve efficiency. Leave out error messages as they

are not on a crtical code path and error message become less readable

when taking out the format specifiers.

Vote.

Memory corruption fixed speculatively in r1491700 has been seen in the wild.

Also fix WAV file matching.

* modules/metadata/mod_mime_magic.c: Constify some constant

data, remove unused "suf_recursion" field. No functional

change.

* docs/conf/magic: Allow mod_mime_magic to return "audio/x-wav" for

WAV files, and omit returning "audio/unknown" for other RIFF

format files. Having a MIME type defined on a continuation line

*and* the preceding top-level match breaks mod_mime_magic, which

treats the second result "printed" as the MIME encoding. Neither

audio/x-wav nor audio/unknown are IANA registered, though Firefox

and Chrome both appear to recognize the former. Since the RIFF

format can contain non-audio media, returning audio/unknown as

a fallback for all RIFF files appears to be bogus anyway.

Submitted by: Àngel Ollé Blázquez <aollebla redhat.com>

* Update proposal to incorporate the recent memory improvement patches from Joe
Use <pre> instead of ` as done elsewhere in this page to imporve layout.

Add a missing 'CoreDumpDirectory' in a sentense.

mod_md: silencing unsed warnings when no mod_ssl hooks are not available

*) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks for

adding certificates and keys to a virtual host. An additional hook allows

answering special TLS connections as used in ACME challenges.

* server/main.c (main): Don't create a separate subpool for pcommands

(it had an identical lifetime to the global pool).

mod_md: updated documenation with new directives and chapters about wildcards and monitoring.

* modules/proxy/mod_proxy.c (create_proxy_config): Tag the pool.

* modules/lua/mod_lua.c (lua_post_config, create_vm_spec): Tag pools.

* modules/dav/main/mod_dav.c (dav_send_multistatus): Tag the pool.

mod_md: copy recent fixes, adding new sources to mod_md.dsp

Adding module to CMakeLists, needs testing.

* modules/dav/main/props.c (dav_do_prop_subreq): Allocate escaped URI

out of propdb pool, fixing small per-resource leak during a PROPFIND

walk.

Submitted by: jorton, rpluem

Simplify handling of short-lived pool for dav_propdb in mod_dav. No

functional change.

* modules/dav/main/props.c (dav_popen_propdb): Rename from

dav_open_propdb, take a pool argument.

(dav_open_propdb): Reimplement in terms of above, using

r->pool.

(dav_propfind_walker): Switch to using dav_open_propdb

with scratchpool.

* Leave a breadcrumb note for another backport proposal that needs to be done.
Set connectiontimeout for mod_proxy_hcheck.

Fix for https://issues.jboss.org/browse/JBCS-448

*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol

- supports the new challenge method 'tls-alpn-01'

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

    • ?
    /httpd/trunk/modules/md/mod_md_status.c
    • ?
    /httpd/trunk/modules/md/md_acme_drive.h
    • ?
    /httpd/trunk/modules/md/md_acme_order.h
    • ?
    /httpd/trunk/modules/md/md_acmev1_drive.c
    • ?
    /httpd/trunk/modules/md/mod_md_drive.h
    • ?
    /httpd/trunk/modules/md/mod_md_drive.c
  1. … 34 more files in changeset.
mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.

Reference: http://openssl.6102.n7.nabble.com/Shutting-down-openssl-is-the-correct-thing-to-do-nothing-td76857.html#a76862

After reinstatement of DSO support in APR/APR-util, revert r1837437,

r1837435, r1834553, r1833598, r1833452, r1833383, r1833368.

Undoes the following:

mod_ssl: OpenSSL now initializes fully through APR, use that.

mod_ssl: build with LibreSSL.

LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).

So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7

compatibility-exceptions are handled explicitely but overall it's simpler.

Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the

former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,

while the latter has never been (and will never be) defined. So don't call any

with LibreSSL.

Follow up to r1833368: share openssl between modules.

Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto

can use the same crypto library (e.g. openssl), use the new APR crypto loading

API so that they can work together and initialize/terminate the lib either once

for all or on demand and reusable by the others.

Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.

Make use of the new apr_crypto_rng API if available.

French doc rebuild.

French doc rebuild.

xml fr doc update.

french doc rebuild.