Checkout Tools
  • last updated 3 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Undo my unintentionally overzelous name change, and fix the style of sizeof()

Port mod_tls.c from Eastern Europe to Apache-land

s/destroy/free/g; likeness to SSL naming

  1. … 2 more files in changeset.
give some more diagnostics if server cert or key file cannot be read

  1. … 1 more file in changeset.
add cleanup of SSLStateMachine to tls filter

  1. … 2 more files in changeset.

Just a mssing brace

Win32/OS2 require APR_STATUS_IS_EFOO() tests, not == EFOO, since our

socket error codes vary.

Back out the recent change to ap_get_brigade, to make it use indirection

again. The problem is that the amount of data read from the network,

is not necessarily the amount of data returned from the filters. It is

possible for input filters to add bytes to the data read from the network.

To fix the original bug, I just removed the line from ap_get_client_block

that decremented r->remaining, we allow the http_filter to do that for


I have also removed an incorrect comment.

  1. … 13 more files in changeset.
Fix a bug in the input handling. ap_http_filter() was modifying *readbytes

which corresponded to r->remaining (in ap_get_client_block). However,

ap_get_client_block was *also* adjusting r->remaining. Net result was that

PUT (and probably POST) was broken. (at least on large inputs)

To fix it, I simply removed the indirection on "readbytes" for input

filters. There is no reason for them to return data (the brigade length is

the return length). This also simplifies a number of calls where people

needed to do &zero just to pass zero.

I also added a number of comments about operations and where things could be

improved, or are (semi) broken.

  1. … 11 more files in changeset.
fix my APR_STATUS_IS_EAGAIN() usage

Submitted by: Bernhard Schrenk <>

Get mod_tls to compile/work better on Windows.

PR: 7612

Submitted by: Bernhard Schrenk <>

Reviewed by: Jeff Trawick

  1. … 2 more files in changeset.
Prevent a core dump (openssl_state_machine.c is completely infected with

assert()s in place of sensible error handling) when a server-root-relative

certificate path is given (which is what most users are going to try first).

assertion "n > 0" failed: file "openssl_state_machine.c", line 142

That does NOT fix the openssl_state_machine.c though., So, never try to

use invalid certs, missing keys or other fancy "1st time user" stuff.

Not that it matters, but the compiler complains (suggest parentheses around ...)

and we had a coding style once.

This is C, not C++ (yet ;-).

Submitted by: Jean-Frederic Clere <>

Make mod_tls compile. Fix supplied by Jean-Frederic Clere

Submitted by: Jean-Frederic Clere <>

At the hack-athon we decided to change the way that input filters

determine how much data is returned to the previous filter. Prior to this

change, we used a field in the conn_rec to determine how much to return.

After this change, we use an argument to ap_get_brigade. This makes it

much more obvious how things work at all levels, so that module authors

can easily determine how much data is supposed to be returned to them.

  1. … 11 more files in changeset.
Working SSL/TLS! Yay!

  1. … 3 more files in changeset.
*) rename apr_memdup() to apr_pmemdup()

*) optimize the allocation size in apr_pstrndup()

Work for more than one read. Catch read errors.

  1. … 1 more file in changeset.
First cut of TLS support.

  1. … 11 more files in changeset.