httpd

Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1862914 is being indexed.

mod_md v2.0.8: synching wiht github release.

updated http2 backport proposal
v2, added a revision

cumlative patch for http2 backport

*) mod_http2: fixed a bug that prevented proper stream cleanup when connection

throttling was in place. Stream resets by clients on streams initiated by them

are counted as possible trigger for throttling.

* update of backport patch with new mod_ssl certificate hook changes

mod_md: adapting to the latest mod_ssk hook changes.

* moving the openssl related new hooks into mod_ssl_openssl.h

* chaning type parameter to openssl types

* adding explanation of return value in get_stapling_status()

* adding array element description for add_cert_files and add_fallback_cert_files hooks

* using mod_ssl_openssl.h to see hooks in new place

* include/ssl/mod_ssl.h: Include apr_tables.h and use apr_array_header_t

directly.

fixing a signedness conversion warning
propose backport of new mod_ssl hooks
* backport patch for new mod_ssl hooks that can override server certificate handling

* remove of optional mod_md function usage

    • ?
    /httpd/patches/2.4.x/ssl-certicate-hooks.patch
update after mod_md backport
Merged /httpd/httpd/trunk:r1861448,1862013,1862041,1862052,1862785

*) mod_md: new features

- supports the ACMEv2 protocol

- new challenge method 'tls-alpn-01' implemented, needs mod_ssl patch to become available

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

    • ?
    /httpd/branches/2.4.x/modules/md/mod_md.dsp
    • ?
    /httpd/branches/2.4.x/modules/md/md_acmev1_drive.c
    • ?
    /httpd/branches/2.4.x/modules/md/md_acme_drive.h
    • ?
    /httpd/branches/2.4.x/modules/md/md_acmev2_drive.h
    • ?
    /httpd/branches/2.4.x/modules/md/md_time.h
    • ?
    /httpd/branches/2.4.x/modules/md/md_acme_order.c
  1. … 39 more files in changeset.
mod_md: adding log tag numbers

* support/htpasswd.c (usage): More usage fixes for SHA-2; describe

as "secure", leave bcrypt only algorithm described as "very secure".

Minimal mod_ssl warning fix?

acked by jfc in <b5c6265e-18cb-92e2-99df-91ef439d622e@gmail.com>

Update transform.

* support/htpasswd.c (usage): Document SHA-256/512 support.

Transforms.

  1. … 3 more files in changeset.
Document SHA-2 support.

Two done.
Merge r1491700, r1862200 from trunk:

According to comment in 'magic_rsl_add' and to the way 'magic_rsl_printf' manages its buffer, I think that this memory should be apr_pstrdup'ed.

This has been like that forever, but seems broken to me.

Untested.

* docs/conf/magic: Allow mod_mime_magic to return "audio/x-wav" for

WAV files, and omit returning "audio/unknown" for other RIFF

format files. Having a MIME type defined on a continuation line

*and* the preceding top-level match breaks mod_mime_magic, which

treats the second result "printed" as the MIME encoding. Neither

audio/x-wav nor audio/unknown are IANA registered, though Firefox

and Chrome both appear to recognize the former. Since the RIFF

format can contain non-audio media, returning audio/unknown as

a fallback for all RIFF files appears to be bogus anyway.

Submitted by: Àngel Ollé Blázquez <aollebla redhat.com>

Submitted by: jailletc36

Reviewed by: jorton, jim, icing

    • ?
    /httpd/branches/2.4.x/docs/conf/magic
Merge r1861690 from trunk:

* server/util.c: Make "nul" symbol private.

Reviewed by: jorton, jfclere, icing

vote
vote
vote
vote
vote