Checkout Tools
  • last updated 2 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Fix a typo
-l and -L are not exclusive.

Document the 'G' suffix.

Fix some minor style issues.

* support/htpasswd.c (usage): More usage fixes for SHA-2; describe

as "secure", leave bcrypt only algorithm described as "very secure".

* support/htpasswd.c (usage): Document SHA-256/512 support.

Add support for SHA-2 crypt() algorithm in htpasswd.

* Detect SHA-2 support in crypt().

* support/passwd_common.h: Define ALG_CRYPT_SHA256, ALG_CRYPT_SHA512,

include ap_config_auto.h.

* support/htpasswd.c (check_args): Allow -2, -5, -r arguments for

SHA-256, SHA-256 and rounds options respectively.

* support/passwd_common.c

(parse_common_options): Parse -2, -5, -r args.

(mkhash): Generate crypt hash for SHA256/SHA512 algorithms.

  1. … 1 more file in changeset.
* support/htpasswd.c (usage): Fix bcrypt round maximum.

* docs/manual/programs/htpasswd.xml: Document that bcrypt rounds are

capped at 17.

PR: 62078

  1. … 1 more file in changeset.
* support/suexec.c (clean_env): Avoid use of sprintf; no functional change.

PR: 33207

ab: Add client certificate support.

  1. … 2 more files in changeset.
Success of 'SHGetMalloc()' should be tested with the SUCCEEDED macro.

/!\ This commit is _NOT COMPILE TESTED_. (I don't have a windows build environment available)

See PR 60086.

ab: Disable printing temp key for OpenSSL before

version 1.0.2. SSL_get_server_tmp_key is not available


ab: follow up to r1738415: handle any tmp key id.

Otherwise, we print garbage (e.g. for X25519).

LibreSSL doesn't have or require applink.c

copy applink.c in OpenSSL 1.1.0 to from /ms to /include to match location in 1.0.2

* support/, acinclude.m4: Add OpenSSL libraries at the end of the

ab link line, not the start.

  1. … 1 more file in changeset.
ab: follow up to r1811664.

apr_socket_send() can return both an error and data, account for data in

the latter case (i.e. let next call fail, if any).

* support/htpasswd.c (main): Only check for readability if running in

verify (-v) mode.

PR: 61631

  1. … 1 more file in changeset.
ab: Make the TLS layer aware that the underlying socket is nonblocking,

and use/handle POLLOUT where needed to avoid busy IOs and recover write

errors when appropriate.

  1. … 1 more file in changeset.
ab: Keep reading nonblocking to exhaust TCP or SSL buffers when previous

read was incomplete (the SSL case can cause the next poll() to timeout

since data are buffered already). PR 61301

  1. … 1 more file in changeset.
htdigest: prevent buffer overflow when strings in lines are too long.

Reported by: Hanno Böck

PR: 61511

mod_ssl, ab: compatibility with LibreSSL. PR 61184.

LibreSSL defines OPENSSL_VERSION_NUMBER = 2.0, but is not compatible with

all of the latest OpenSSL 1.1 API.

Address this by defining MODSSL_USE_OPENSSL_PRE_1_1_API which is true for

anything but OpenSSL >= 1.1 (for now).

Proposed by: Bernard Spil <brnrd>

Reviewed by: ylavic

  1. … 9 more files in changeset.
* Do not apply the strict permissions of the temporary file to a possibly

existing passwd file.

This long standing bug was triggered by fixing a bug in APR in r1791029.

PR: 61240

  1. … 1 more file in changeset.
ab: move option processing for setting a custom

HTTP method outside of the HTTPS only handling.

ab: don't call malloc_init for OpenSSL 1.1.0

Patch by rjung.

The 1.1.0 compatibility macro for OpenSSL_malloc_init() causes problems

when mixed with procedure linkage stubs with some toolchains (e.g. GCC).

OpenSSL's malloc implementation doesn't recognize that the PLT stub

points back to it, which leads to infinite recursion.

Since the 1.1.0 documentation states that calling this function

explicitly is no longer necessary except "in certain shared-library

situations"(?), get rid of it.

htpasswd: report the right limit when get_password() overflows.

htpasswd: don't point to (unused) stack memory on output

to make static analysers happy. PR 60634.

Reported by shqking and Zhenwei Zou.

rotatelogs: fix -n help text

this closes #24

Submitted By: Isaac Boukris <iboukris>

Fix spelling in comments and text files.

No functional change.

PR 59990

  1. … 66 more files in changeset.
ab: follow up to r1750854: still better naming, and a C89 fix.
ab: follow up to r1750854: some comments and better naming.
ab: follow up to r1750854.

Use SNI when available by default, and invert -I logic to now disable it.