httpd

Checkout Tools
  • last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1877645 is being indexed.

ap_log_pid(): Windown does not implement apr_file_perms_set(), not a failure.
mod_md: update duplicated APLOGNOs.
listen.c: follow up to r1876865: update APLOGNO.
Add Win build mod_log_json.dsp

    • ?
    /httpd/trunk/modules/loggers/mod_log_json.dsp
add include to test_char.h now required

mod_proxy_http: follow up to r1877557.

Yet better, call proxy_run_detach_backend() at the caller.

mod_proxy_http: single point of failure in ap_proxy_http_process_response().

No functional change (intended).

mpm_event: reset listener_is_wakeable on reload.
util_md5: avoid temporary stack result in ap_md5_binary().
util_expr: allow to specify only one of ap_expr_eval_ctx_t's r/c/s.

Depending on where the expression is evaluated, a request_rec might not be

available, so allow to specify only a conn_rec or a server_rec (at least) in

the passed in ap_expr_eval_ctx_t.

mod_ssl: destroy temporary pool on stapling_renew_response() failure.
util_filter: export ap_filter_adopt_brigade() since mod_ssl uses it.
fr doc rebuild.

fr doc XML file update.

fr doc rebuild.

fr doc XML files updates.

mod_ssl: Update the ssl_var_lookup() API:

a) constify return value and variable name passed-in

b) require that pool argument is non-NULL

c) add gcc warning attributes for NULL arguments or ignored result.

This allows removal of inefficient internal duplication of constant

strings which was necessary only to allow non-const char *, and

removal of unsafe casts to/from const in various places.

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup): Assume pool is

non-NULL; return constant and remove apr_pstrdup of constant

result string. Also constify variable name.

(ssl_var_lookup_*): Update to return const char * and avoid

duplication where now possible.

* modules/ssl/mod_ssl.h: Update ssl_var_lookup() optional function

API description and add GCC warning attributes as per private API.

* modules/ssl/ssl_engine_init.c (ssl_add_version_components): Adjust

for const return value.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_handshake): Pass c->pool

to ssl_var_lookup.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Pass r->pool to

ssl_var_lookup, expect const return and dup the string since r->user

is char *.

(log_tracing_state): Pass c->pool to ssl_var_lookup.

* modules/http2/h2_h2.c (h2_is_acceptable_connection): Assume

return value of ssl_var_lookup is const.

Github: closes #120

* os/win32/win32_config_layout: Define DEFAULT_REL_STATEDIR for Win32.

mod_ssl: Drop SSLRandomSeed implementation with OpenSSL 1.1.1.

Require that OpenSSL is configured with a suitable entropy source,

or fail startup otherwise.

* modules/ssl/ssl_private.h:

Define MODSSL_USE_SSLRAND for OpenSSL < 1.1.1.

(SSLModConfigRec): Only define pid, aRandSeed for <1.1.1.

(ssl_rand_seed): Define as noop if !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_init.c (ssl_init_Module):

Only initialize mc->pid for MODSSL_USE_SSLRAND.

Fail if RAND_status() returns zero.

(ssl_init_Child): Drop getpid and srand for !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_rand.c: ifdef-out for !MODSSL_USE_SSLRAND.

(ssl_rand_seed): Drop warning if PRNG not seeded (now a startup

error as above).

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Drop

aRandSeed initialization. (ssl_cmd_SSLRandomSeed): Log a warning if

used w/!MODSSL_USE_SSLRAND.

Github: closes #123

ap_core_input_filter(): axe unnecessary AP_MODE_SPECULATIVE test.

mod_ssl: Minor cleanup to avoid defining init handling functions for

pre-1.1 builds where they are noops or unused. No functional change

(intended).

* modules/ssl/mod_ssl.c: Define NEED_MANUAL_OPENSSL_INIT for builds

where pre-1.1 OpenSSL needs "manual" initialization/cleanup. Only

define modssl_running_statically for this case (otherwise it is set

and never read).

(modssl_is_prelinked): Only define for NEED_MANUAL_OPENSSL_INIT.

(ssl_cleanup_pre_config): Only define for NEED_MANUAL_OPENSSL_INIT;

otherwise it is a noop returning APR_SUCCESS;

(ssl_hook_pre_config): Only install the cleanup and initialize

modssl_is_prelinked for NEED_MANUAL_OPENSSL_INIT build.

mod_ssl: Switch to using SSL_OP_NO_RENEGOTATION (where available) to

block client-initiated renegotiation with TLSv1.2 and earlier.

* modules/ssl/ssl_private.h: Define modssl_reneg_state enum,

modssl_set_reneg_state function.

* modules/ssl/ssl_engine_io.c (bio_filter_out_write,

bio_filter_in_read): #ifdef-out reneg protection if

SSL_OP_NO_RENEGOTATION is defined.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol):

Enable SSL_OP_NO_RENEGOTATION.

(ssl_init_ctx_callbacks): Only enable the "info" callback if

debug-level logging *or* OpenSSL doesn't support SSL_OP_NO_RENEGOTATION.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_classic): Use

modssl_set_reneg_state to set the reneg protection mode.

(ssl_hook_Access_modern): Drop manipulation of the reneg mode which

does nothing for TLSv1.3 already.

(ssl_callback_Info): Only enable reneg protection if

SSL_OP_NO_RENEGOTATION is *not* defined.

* modules/ssl/ssl_util_ssl.c (modssl_set_reneg_state): New function.

Merge r1877394 from trunk:

clarify, context is still CGI only.

clarify, context is still CGI only.

Constify pointers in ap_expr lookup tables, as well as the already

const pointed-to strings. ~1/2Kb moves to r/o text section, size(1)

diff:

text data bss dec hex filename

- 667519 18384 13952 699855 aadcf httpd

+ 668015 17864 13952 699831 aadb7 httpd

* server/util_expr_eval.c

[*_var_names, expr_provider_multi]: Mark pointers in name

lists as const.

(core_expr_lookup): Adjust accordingly.

mod_ssl: Calculate the MD5 digest used as the session context once per

vhost at startup, rather than building it for each new connection.

* modules/ssl/ssl_private.h (struct SSLSrvConfigRec):

Replace vhost_id_len field with vhost_md5.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Build the

sc->vhost_md5 hash here.

* modules/ssl/mod_ssl.c: Fail at compile time if the

SSL_set_session_id_context() API constraint on context length is

violated.

(ssl_init_ssl_connection): Use sc->vhost_md5.

* modules/ssl/ssl_engine_kernel.c (ssl_find_vhost): Use sc->vhost_md5

after renegotiation.

* modules/ssl/ssl_util.c (ssl_asn1_table_set): Remove unused function.

Prior to r1877345 mc->pPool was the process pool (s->process->pool).

Drop the field from SSLModConfigRec and use pconf instead (where

appropriate) to match the new SSLModConfigRec lifetime.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_DelSessionCacheEntry):

Explicitly (and probably unsafely) use the process pool.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLRandomSeed): Use

cmd->pool to allocate paths.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Use pconf

to allocate the keylog_file.

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup): Drop lookup

of SSLModConfigRec and use s->process->pool when no pool is

passed.

* modules/ssl/ssl_engine_config.c (ssl_config_global_create):

apr_pcalloc SSLModConfigRec, remove ifdef-maze setting fields to zero.