httpd

Checkout Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1862791 is being indexed.

Merged /httpd/httpd/trunk:r1861448,1862013,1862041,1862052,1862785

*) mod_md: new features

- supports the ACMEv2 protocol

- new challenge method 'tls-alpn-01' implemented, needs mod_ssl patch to become available

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

    • ?
    /httpd/branches/2.4.x/modules/md/mod_md.dsp
    • ?
    /httpd/branches/2.4.x/modules/md/md_acmev1_drive.c
    • ?
    /httpd/branches/2.4.x/modules/md/md_acme_drive.h
    • ?
    /httpd/branches/2.4.x/modules/md/md_acmev2_drive.h
    • ?
    /httpd/branches/2.4.x/modules/md/md_time.h
    • ?
    /httpd/branches/2.4.x/modules/md/md_acme_order.c
  1. … 39 more files in changeset.
mod_md: adding log tag numbers

* support/htpasswd.c (usage): More usage fixes for SHA-2; describe

as "secure", leave bcrypt only algorithm described as "very secure".

Minimal mod_ssl warning fix?

acked by jfc in <b5c6265e-18cb-92e2-99df-91ef439d622e@gmail.com>

Update transform.

* support/htpasswd.c (usage): Document SHA-256/512 support.

Transforms.

  1. … 3 more files in changeset.
Document SHA-2 support.

Two done.
Merge r1491700, r1862200 from trunk:

According to comment in 'magic_rsl_add' and to the way 'magic_rsl_printf' manages its buffer, I think that this memory should be apr_pstrdup'ed.

This has been like that forever, but seems broken to me.

Untested.

* docs/conf/magic: Allow mod_mime_magic to return "audio/x-wav" for

WAV files, and omit returning "audio/unknown" for other RIFF

format files. Having a MIME type defined on a continuation line

*and* the preceding top-level match breaks mod_mime_magic, which

treats the second result "printed" as the MIME encoding. Neither

audio/x-wav nor audio/unknown are IANA registered, though Firefox

and Chrome both appear to recognize the former. Since the RIFF

format can contain non-audio media, returning audio/unknown as

a fallback for all RIFF files appears to be bogus anyway.

Submitted by: Àngel Ollé Blázquez <aollebla redhat.com>

Submitted by: jailletc36

Reviewed by: jorton, jim, icing

    • ?
    /httpd/branches/2.4.x/docs/conf/magic
Merge r1861690 from trunk:

* server/util.c: Make "nul" symbol private.

Reviewed by: jorton, jfclere, icing

vote
vote
vote
vote
vote
vote
vote
Proposing backport of h2 timeout/keepalive handling.

* applying v4 of the patch for PR 63534.

v4 of h2 keepalive patch, verified
    • ?
    /httpd/patches/2.4.x/h2-keepalive-yann-v4.patch
v3 of the h2 keepalive patch
    • ?
    /httpd/patches/2.4.x/h2-keepalive-yann-v3.patch
backport patch for 1862475
    • ?
    /httpd/patches/2.4.x/h2-keepalive-yann-v2.patch
*) mod_http2/mpm_event: Fixes the behaviour when a HTTP/2 connection has nothing

more to write with streams ongoing (flow control block). The timeout waiting

for the client to send WINODW_UPDATE was incorrectly KeepAliveTimeout and not

Timeout as it should be. Fixes PR 63534. [Yann Ylavic, Stefan Eissing]

*) mod_proxy_http2: fixing a potential NULL pointer use in logging.

[Christophe Jaillet <christophe.jaillet wanadoo.fr>, Dr Silvio Cesare InfoSect]

* All backported
* Backported in r1862410
* Only availabe since 2.4.40
* Fix flow