Checkout Tools
  • last updated 29 mins ago
Constraints: committers
Constraints: files
Constraints: dates
fr doc rebuild.

fr doc XML file update.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_coalesce): Further tweaks

to logic, comments and debugging:

- allow buffering up to exactly COALESCE_BYTES rather than COALESCE_BYTES-1.

- put bucket type name in logging output

- do not coalesce a single-bucket prefix of length equal to the

buffer size (which would be a pointless memory copy).

core: add r->flushed flag and set it when the response is sent.

By setting EOR->r->flushed in the core output filter, allow one to determine at

log_transaction hook time whether the request has been fully flushed through

the network, or not (network issue, filter error, n-th pipelined resposne...).

Introduce the ap_bucket_eor_request() helper to get the request bound to an EOR

bucket, and uses it in ap_core_output_filter() to mark the EOR's request just

before destroying it, after all the previous buckets have been sent.

While at it, rename the request_rec* member of struct ap_bucket_eor from "data"

to "r", which makes the code clearer (not to be confused with b->data).

Finally, add CustomLog format %F, showing "F" or "-" depending on r->flushed,

for admins to figure out for each request.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_coalesce): Handle the case

where apr_bucket_read fails with an error and hence our current bucket

remains the morphing bucket and is not replaced with a 'data' bucket.

If the error is not EAGAINi, error out with an AP_FILTER_ERROR,

otherwise just do not consider the morphing bucket that has no data for


ap_core_output_filter: follow up to r1875947: don't swallow bucket read EOF.

Morphing buckets don't return APR_EOF on read when exhausted, ignoring EOF

here could mask real errors (e.g. FILE bucket truncated under us).

Thanks rpluem/jorton!

MMN major bump for r1875947.
* modules/ssl/ssl_engine_io.c (ssl_io_filter_coalesce): Treat zero-length

buckets consistently (ignore them) after a morphing bucket morphs.

core: handle morphing buckets setaside/reinstate and kill request core filter.

The purpose of ap_request_core_filter() is not clear, it seems to prevent

potential morphing buckets to go through AP_FTYPE_CONNECTION filters which

would fail to set them aside (ENOTIMPL), and read them (unbounded) in memory.

This patch allows ap_filter_setaside_brigade() to set morphing buckets aside

by simply moving them, assuming they have the correct lifetime (either until

some further EOR, or the connection lifetime, or whatever). IOW, the module is

responsible for sending morphing buckets whose lifetime needs not be changed

by the connection filters.

Now since morphing buckets consume no memory until (apr_bucket_)read, like FILE

buckets, we don't account for them in flush_max_threshold either. This changes

ap_filter_reinstate_brigade() to only account for in-memory and EOR buckets to


Also, since the EOR bucket is sent only to c->output_filters once the request

is processed, when all the filters < AP_FTYPE_CONNECTION have done their job

and stopped retaining data (after the EOS bucket, if ever), we prevent misuse

of ap_filter_{setaside,reinstate}_brigade() outside connection filters by

returning ENOTIMPL. This is not the right API for request filters as of now.

Finally, ap_request_core_filter() and co can be removed.

Adds additional clarification, as requested in bz64167

For future debugging ease, output the Travis tag & branch. [skip ci]

* modules/ssl/ssl_engine_io.c: Update comment, no function change, [skip ci]

* modules/ssl/ssl_engine_io.c: (ssl_io_filter_coalesce): Handle the

case of a bucket which morphs to a bucket short enough to fit within

the buffer without needing to split.

Add lognos. [skip ci].

mod_ssl: Extend the coalescing filter to avoid sending HTTP response

headers in a separate TLS record to the response body in some cases.

* modules/ssl/ssl_engine_io.c:

Increase size of coalesce buffer to AP_IOBUFSIZE (8Kb).

(ssl_io_filter_coalesce): Try harder to fill the prefix which

gets coalesced, including a read&split of a morphing bucket type

Github: closes #106

Fix a copy/paste at the wrong place

[skip ci]


[skip ci]


[skip ci]

Add some compatibility notes for new directives in 2.4.42.

Add some missing <module> and <directive> to improve navigation and style.

Fix the format of some <default>

Add some placeholders for the MDCertificateCheck and MDActivationDelay directives. (new in 2.4.42)

Fix a typo
fr doc rebuild.

fr doc XML file update.

add userdir same-origin warnings to mod_userdir

Submitted By: Hanno Böck <hanno>

Parentheses around AP_BUCKET_IS_EOR argument.

* modules/ssl/ssl_private.h: Define X509_up_ref and EVP_PKEY_up_ref

for OpenSSL < 1.1.

* modules/ssl/ssl_engine_kernel.c (modssl_set_cert_info):

* modules/ssl/ssl_util_stapling.c (stapling_get_issuer):

Use the above macros for all OpenSSL versions.

Github: closes #104

Drop -v from arm64 test runs and add to allowed failures, it is still

not as reliable as x86 builds. [skip ci]

* modules/ssl/ssl_engine_vars.c (ssl_get_tls_cb): Fix leak of X509

struct when accessing SERVER_TLS_SERVER_END_POINT.

PR: 64264

Trivial change to trigger a Travis build.

revert for now, surprising the scheme is present.