Checkout Tools
  • last updated 2 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1862959 is being indexed.

Merge r1857859 from trunk:

Fix a compilation error when GPROF is defined.

Submitted by: jailletc36

Reviewed by: jfclere, icing, jim

1 done, 1 paused, 1 vote.

Merge r1858565 from trunk:

* modules/cache/mod_socache_shmcb.c (socache_shmcb_init): Describe

error better for anon shm failure case, fixing gcc 9 warning on

passing NULL for '%s'.

Reviewed by: jorton, icing, jim


backport votes

mod_md v2.0.8: synching wiht github release.

updated http2 backport proposal
v2, added a revision

cumlative patch for http2 backport

*) mod_http2: fixed a bug that prevented proper stream cleanup when connection

throttling was in place. Stream resets by clients on streams initiated by them

are counted as possible trigger for throttling.

* update of backport patch with new mod_ssl certificate hook changes

mod_md: adapting to the latest mod_ssk hook changes.

* moving the openssl related new hooks into mod_ssl_openssl.h

* chaning type parameter to openssl types

* adding explanation of return value in get_stapling_status()

* adding array element description for add_cert_files and add_fallback_cert_files hooks

* using mod_ssl_openssl.h to see hooks in new place

* include/ssl/mod_ssl.h: Include apr_tables.h and use apr_array_header_t


fixing a signedness conversion warning
propose backport of new mod_ssl hooks
* backport patch for new mod_ssl hooks that can override server certificate handling

* remove of optional mod_md function usage

    • ?
update after mod_md backport
Merged /httpd/httpd/trunk:r1861448,1862013,1862041,1862052,1862785

*) mod_md: new features

- supports the ACMEv2 protocol

- new challenge method 'tls-alpn-01' implemented, needs mod_ssl patch to become available

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

    • ?
    • ?
    • ?
    • ?
    • ?
    • ?
  1. … 39 more files in changeset.
mod_md: adding log tag numbers

* support/htpasswd.c (usage): More usage fixes for SHA-2; describe

as "secure", leave bcrypt only algorithm described as "very secure".

Minimal mod_ssl warning fix?

acked by jfc in <>

Update transform.

* support/htpasswd.c (usage): Document SHA-256/512 support.


  1. … 3 more files in changeset.
Document SHA-2 support.

Two done.
Merge r1491700, r1862200 from trunk:

According to comment in 'magic_rsl_add' and to the way 'magic_rsl_printf' manages its buffer, I think that this memory should be apr_pstrdup'ed.

This has been like that forever, but seems broken to me.


* docs/conf/magic: Allow mod_mime_magic to return "audio/x-wav" for

WAV files, and omit returning "audio/unknown" for other RIFF

format files. Having a MIME type defined on a continuation line

*and* the preceding top-level match breaks mod_mime_magic, which

treats the second result "printed" as the MIME encoding. Neither

audio/x-wav nor audio/unknown are IANA registered, though Firefox

and Chrome both appear to recognize the former. Since the RIFF

format can contain non-audio media, returning audio/unknown as

a fallback for all RIFF files appears to be bogus anyway.

Submitted by: Àngel Ollé Blázquez <aollebla>

Submitted by: jailletc36

Reviewed by: jorton, jim, icing

    • ?