httpd

Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1862418 is being indexed.

*) mod_proxy_http2: fixing a potential NULL pointer use in logging.

[Christophe Jaillet <christophe.jaillet wanadoo.fr>, Dr Silvio Cesare InfoSect]

* All backported
* Backported in r1862410
* Only availabe since 2.4.40
* Fix flow
Merge r1842010, r1841225, r1862039, r1862040, r1862042 from trunk:

* dav_stream_response processes data that has been allocated from the propdb

pool. Hence close the propdb *after* dav_stream_response which clears thei

probdb pool.

* Doing a PROPFIND on a large collection e.g. 50.000 elements can easily

consume 1 GB of memory as the subrequests and propdb pools are not

destroyed and cleared after each element was handled.

Do this now. There is one case in dav_get_props where elem->priv

lives longer then the propdb pool. In this case allocate from r->pool.

Furthermore also recycle propdb's which allows to clear the propdb's

pools instead of destroying them and creating them again.

Simplify handling of short-lived pool for dav_propdb in mod_dav. No

functional change.

* modules/dav/main/props.c (dav_popen_propdb): Rename from

dav_open_propdb, take a pool argument.

(dav_open_propdb): Reimplement in terms of above, using

r->pool.

(dav_propfind_walker): Switch to using dav_open_propdb

with scratchpool.

* modules/dav/main/props.c (dav_do_prop_subreq): Allocate escaped URI

out of propdb pool, fixing small per-resource leak during a PROPFIND

walk.

Submitted by: jorton, rpluem

* modules/dav/main/mod_dav.c (dav_send_multistatus): Tag the pool.

Reviewed by: rpluem, jorton, jim

Couple more small fixes.
And promote backport w/ at least 3 +1 votes

cast votes on tested patches

*) mod_ssl/mod_md:

Adding 2 new hooks for init/get of OCSP stapling status information when

other modules want to provide those. Falls back to own implementation with

same behaviour as before.

* Replace apr_psprintf with apr_pstrcat where the format strings only

contain %s to improve efficiency. Leave out error messages as they

are not on a crtical code path and error message become less readable

when taking out the format specifiers.

Vote.

Memory corruption fixed speculatively in r1491700 has been seen in the wild.

Also fix WAV file matching.

* modules/metadata/mod_mime_magic.c: Constify some constant

data, remove unused "suf_recursion" field. No functional

change.

* docs/conf/magic: Allow mod_mime_magic to return "audio/x-wav" for

WAV files, and omit returning "audio/unknown" for other RIFF

format files. Having a MIME type defined on a continuation line

*and* the preceding top-level match breaks mod_mime_magic, which

treats the second result "printed" as the MIME encoding. Neither

audio/x-wav nor audio/unknown are IANA registered, though Firefox

and Chrome both appear to recognize the former. Since the RIFF

format can contain non-audio media, returning audio/unknown as

a fallback for all RIFF files appears to be bogus anyway.

Submitted by: Àngel Ollé Blázquez <aollebla redhat.com>

* Update proposal to incorporate the recent memory improvement patches from Joe
Use <pre> instead of ` as done elsewhere in this page to imporve layout.

Add a missing 'CoreDumpDirectory' in a sentense.

mod_md: silencing unsed warnings when no mod_ssl hooks are not available

*) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks for

adding certificates and keys to a virtual host. An additional hook allows

answering special TLS connections as used in ACME challenges.

* server/main.c (main): Don't create a separate subpool for pcommands

(it had an identical lifetime to the global pool).

mod_md: updated documenation with new directives and chapters about wildcards and monitoring.

* modules/proxy/mod_proxy.c (create_proxy_config): Tag the pool.

* modules/lua/mod_lua.c (lua_post_config, create_vm_spec): Tag pools.

* modules/dav/main/mod_dav.c (dav_send_multistatus): Tag the pool.

mod_md: copy recent fixes, adding new sources to mod_md.dsp

Adding module to CMakeLists, needs testing.

* modules/dav/main/props.c (dav_do_prop_subreq): Allocate escaped URI

out of propdb pool, fixing small per-resource leak during a PROPFIND

walk.

Submitted by: jorton, rpluem

Simplify handling of short-lived pool for dav_propdb in mod_dav. No

functional change.

* modules/dav/main/props.c (dav_popen_propdb): Rename from

dav_open_propdb, take a pool argument.

(dav_open_propdb): Reimplement in terms of above, using

r->pool.

(dav_propfind_walker): Switch to using dav_open_propdb

with scratchpool.

* Leave a breadcrumb note for another backport proposal that needs to be done.
Set connectiontimeout for mod_proxy_hcheck.

Fix for https://issues.jboss.org/browse/JBCS-448

*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol

- supports the new challenge method 'tls-alpn-01'

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

    • ?
    /httpd/trunk/modules/md/mod_md_status.c
    • ?
    /httpd/trunk/modules/md/md_acme_drive.h
    • ?
    /httpd/trunk/modules/md/md_acme_order.h
    • ?
    /httpd/trunk/modules/md/md_acmev1_drive.c
    • ?
    /httpd/trunk/modules/md/mod_md_drive.h
    • ?
    /httpd/trunk/modules/md/mod_md_drive.c
  1. … 34 more files in changeset.
mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.

Reference: http://openssl.6102.n7.nabble.com/Shutting-down-openssl-is-the-correct-thing-to-do-nothing-td76857.html#a76862