Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates
Bump log numbers.

  1. … 1 more file in changeset.
Add log numbers to util_etag.c.

  1. … 1 more file in changeset.
mod_proxy: unfail mixed ProxyPass/<Proxy> and ProxyPassMatch/<ProxyMatch>.

It is not a failure in current 2.4.x, so to ease backport and to avoid compat

breakage simply warn about the second directive being ignored.

This commit can be reverted in trunk if we want next versions to fail in this


[Reverted by r1879363]

  1. … 1 more file in changeset.
Follow up to r1879235: fill APLOGNO().

  1. … 1 more file in changeset.
server/util_script.c: reserve one APLOGNO number after r1879253

  1. … 1 more file in changeset.
* modules/generators/mod_cgid.c (cgid_handler): Bail immediately with

a 503 response on errors when talking to the daemon. Check the pid

returned is not zero.

  1. … 1 more file in changeset.
Follow up to r1879079: merge/walk locations for pre_trans hooks.

So that their configurations work in directory context.

This requires potentially a third walk in ap_process_request_internal(),

though in most cases it should use ap_walk_location() cache.

  1. … 1 more file in changeset.
core,modules: provide/use ap_parse_strict_length() helper.

It helps simplifying a lot of duplicated code based on apr_strtoff(), while

also rejecting leading plus/minus signs which are dissalowed in Content-Length

and (Content-)Range headers.

  1. … 18 more files in changeset.

  1. … 1 more file in changeset.
mod_proxy_http: handle Upgrade requests and upgraded protocol forwarding.

If the request Upgrade header matches the worker upgrade= parameter and

the backend switches the protocol, do the tunneling in mod_proxy_http.

This allows to keep the protocol to HTTP until the backend really

switches the protocol, and apply usual output filters.

When configured to forward Upgrade mechanism, we want the backend to be

able to announce its Upgrade protocol to the client (e.g. with 426

Upgrade Required response) and thus forward back the Upgrade header that

matches the one(s) configured in the worker upgrade= parameter.



ap_proxy_worker_can_upgrade(): added helper to determine whether a

proxy worker is configured to forward an Upgrade protocol.


Bump MMN minor for ap_proxy_worker_can_upgrade().


set_worker_param(): handle worker parameter upgrade=ANY as upgrade=*

(should the "any" protocol scheme be something some day..).


proxy_wstunnel_handler(): use ap_proxy_worker_can_upgrade() to match

the Upgrade header. Axe handling of upgrade=NONE, it makes no sense to

Upgrade a connection if the client did not ask for it, nor to configure

mod_proxy_wstunnel to use a worker with upgrade=NONE by the way.


proxy_http_req_t: add fields force10 (force HTTP/1.0) and upgrade (value

of the Upgrade header sent by the client if it matches the configuration,

NULL otherwise).

proxy_http_handler(): use ap_proxy_worker_can_upgrade() to determine

whether the request is electable for end to end protocol upgrading and set

req->upgrade accordingly.

terminate_headers(): handle Connection and Upgrade headers to send to the

backend, according to req->force10 and req->upgrade set before.

ap_proxy_http_prefetch(): use req->force10 and terminate_headers().

send_continue_body(): added helper to send the body retained for end to

end 100-continue handling.

ap_proxy_http_process_response(): use ap_proxy_worker_can_upgrade() to

match the response Upgrade header and forward it back if it matches the

configured one(s). That is for 101 Switching Protocol obviously but also

any other status code which is not overidden, at the backend wish. If the

protocol is switching, create a proxy tunnel and run it, using the minimal

timeout from the client or backend connection.

Github: closes #125

  1. … 7 more files in changeset.
mod_md: update duplicated APLOGNOs.
  1. … 1 more file in changeset.
listen.c: follow up to r1876865: update APLOGNO.
  1. … 1 more file in changeset.
mod_ssl: Drop SSLRandomSeed implementation with OpenSSL 1.1.1.

Require that OpenSSL is configured with a suitable entropy source,

or fail startup otherwise.

* modules/ssl/ssl_private.h:

Define MODSSL_USE_SSLRAND for OpenSSL < 1.1.1.

(SSLModConfigRec): Only define pid, aRandSeed for <1.1.1.

(ssl_rand_seed): Define as noop if !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_init.c (ssl_init_Module):

Only initialize mc->pid for MODSSL_USE_SSLRAND.

Fail if RAND_status() returns zero.

(ssl_init_Child): Drop getpid and srand for !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_rand.c: ifdef-out for !MODSSL_USE_SSLRAND.

(ssl_rand_seed): Drop warning if PRNG not seeded (now a startup

error as above).

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Drop

aRandSeed initialization. (ssl_cmd_SSLRandomSeed): Log a warning if


Github: closes #123

  1. … 5 more files in changeset.
Issue a warning for non-existent directories when running configtest

Submitted By: Stéphane Blondon <stephane.blondon>

Committed By: covener

  1. … 2 more files in changeset.
Add lognos. [skip ci].

  1. … 1 more file in changeset.
* server/log.c (ap_log_pid): Use a temporary file, then rename once

successfully written; also add error checking. Avoids startup

failures if a previous httpd invocation crashed while writing the


Submitted by: Nicolas Carrier <carrier.nicolas0>, jorton

Github: closes #100, closes #69

PR: 63140

  1. … 2 more files in changeset.
Reserve a number

Add logno.
  1. … 1 more file in changeset.
mod_ssl: Log private key material to file set by $SSLKEYLOGFILE in the

environment, using the standard format which can be parsed by (e.g.)

wireshark for decoding SSL/TLS traffic; supported from OpenSSL 1.1.1.

* modules/ssl/ssl_private.h: Add keylog_file to SSLModConfigRec.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Open log file if

SSLKEYLOGFILE is set in the environment.

(ssl_init_ctx_protocol): Register the keylog callback with OpenSSL.

* modules/ssl/ssl_engine_kernel.c (modssl_callback_keylog):

New function.

PR: 63391

Github: closes #74

  1. … 5 more files in changeset.
mod_proxy: Improve tunneling loop.

Support half closed connections and pending data draining (for protocols like

rsync). PR 61616.

When reading on one side goes faster than writing on the other side, the output

filters chain may start buffering data and finally block, which will break

bidirectional tunneling for some protocols.

To avoid this, proxy_tunnel_run() now stops polling/reading until pending data

are drained, and recovers appropriately.

  1. … 5 more files in changeset.
mod_proxy: factorize mod_proxy_{connect,wstunnel} tunneling code in proxy_util.

This commit adds struct proxy_tunnel_rec that contains the fields needed for a

poll() loop through the filters chains, plus functions ap_proxy_tunnel_create()

and ap_proxy_tunnel_run() to respectively initialize a tunnel and (re)start it.

Proxy connect and wstunnel modules now make use of this new API to avoid

duplicating logic and code.

  1. … 6 more files in changeset.
mod_md: resolve duplicate tag.
  1. … 1 more file in changeset.
mod_proxy_http: follow up to r1868576.

Omit sending 100 continue if the body is (partly) prefetched, per

RFC 7231 (section 5.1.1).

  1. … 1 more file in changeset.
update mod_md tags


Bump next-number after r1864695.

Bump next-number after r1864526.
mod_http2: update log tags, log field len errors at INFO level (via mkaufmann)

mod_proxy_http2: udpate log tags

  1. … 4 more files in changeset.