Checkout
 

minfrin in httpd

mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.

Reference: http://openssl.6102.n7.nabble.com/Shutting-down-openssl-is-the-correct-thing-to-do-nothing-td76857.html#a76862

After reinstatement of DSO support in APR/APR-util, revert r1837437,

r1837435, r1834553, r1833598, r1833452, r1833383, r1833368.

Undoes the following:

mod_ssl: OpenSSL now initializes fully through APR, use that.

mod_ssl: build with LibreSSL.

LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).

So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7

compatibility-exceptions are handled explicitely but overall it's simpler.

Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the

former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,

while the latter has never been (and will never be) defined. So don't call any

with LibreSSL.

Follow up to r1833368: share openssl between modules.

Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto

can use the same crypto library (e.g. openssl), use the new APR crypto loading

API so that they can work together and initialize/terminate the lib either once

for all or on demand and reusable by the others.

Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.

Make use of the new apr_crypto_rng API if available.

mod_proxy_http: forward 100-continue, and minimize race conditions when

reusing backend connections. PR 60330.

+1: ylavic, icing, jim

ylavic: plus http://svn.apache.org/r1856036 (opt-out)

2.4.x patch: http://people.apache.org/~ylavic/patches/httpd-2.4.x-forward_100_continue-v6.patch

+1: ylavic, jim, minfrin

Vote and promote
Add comment on failing patch.

Easy patches: synch 2.4.x and trunk

- core: 80 chars

- http_core: Clean-uo and style. No functional change overall

- http_core: One more style fix in ap_process_http_async_connection()

- mod_mime: Fix a cppcheck warning

- mod_proxy_ajp: Fix a harmless clang warning

- suexec: avoid a potential sprintf overflow

- mod_headers: This is harmless, but this really should be an 'echo_do *'

- core: Fix typo

- core: Update a comment about the 'PATCH' HTTP command

- mod_proxy_balancer: Fix some HTML syntax issues

trunk patch:

- http://svn.apache.org/r1780282

- http://svn.apache.org/r1814659

- http://svn.apache.org/r1814660

- http://svn.apache.org/r1838285

- http://svn.apache.org/r1842881

- http://svn.apache.org/r1846253

- http://svn.apache.org/r1853757

- http://svn.apache.org/r1851702

- http://svn.apache.org/r1853980

- http://svn.apache.org/r1855614

2.4.x patch: svn merge -c 1780282,1814659,1814660,1838285,1842881,1846253,1853757,1851702,1853980,1855614 ^/httpd/httpd/trunk .

+1: jailletc36, jim, rjung

mod_status: PR60647: ACC per connection not available w/ event MPM

trunk patch: http://svn.apache.org/r1780280

2.4.x patch: svn merge -c 1780280 ^/httpd/httpd/trunk .

(minus CHANGES and ap_mmn.h)

+1: jailletc36, jim, rjung

mod_http2: remove the no longer existing h2_ngn_shed.c from Cmake.

trunk patch: http://svn.apache.org/r1856910

2.4.x patch: svn merge -c 1856910 ^/httpd/httpd/trunk .

+1: icing, covener, ylavic

Update a comment.

Update proposal.

Add updated patch.

    • ?
    /httpd/patches/2.4.x/httpd-ap_dir_fnmatch-2.patch
Propose.

Add httpd v2.4 backport of r1847430.

    • ?
    /httpd/patches/2.4.x/httpd-ap_dir_fnmatch.patch
core: Split out the ability to parse wildcard files and directories

from the Include/IncludeOptional directives into a generic set of

functions ap_dir_nofnmatch() and ap_dir_fnmatch().

*) mod_setenvif: We can have expressions that become true if a regex pattern

in the expression does NOT match. In this case val is NULL

and we should just set the value for the environment variable

like in the pattern case.

+1: jailletc36, jim, minfrin

Vote and promote.

*) mod_dav: Fix invalid Location header when a resource is created by passing

an absolute URI on the request line

+1: jailletc36, jim, minfrin

Vote and promote.

*) mod_session_cookie: avoid duplicate Set-Cookie headers in the response.

trunk patch: http://svn.apache.org/r1843244

+1: elukey, jim, minfrin

Vote and promote.

*) event MPM: Don't log "at MaxRequestWorkers" when there are still idle threads,

just like worker.

+1: covener, jim, minfrin

Vote and promote.

*) mod_ssl: Fixes PR 62654 where "require ssl" did not work on HTTP/2

connections, and PR 61519 where $HTTPS was incorrect for the

"SSLEngine optional" case.

+1: jorton, jim, minfrin

Vote and promote.

mod_ssl: Fixes PR 62880 where certificate loading fails bc SSL ERRs are

not cleared beforehand.

+1: icing, jim, minfrin

Vote and promote.

mod_ssl: Fix the error code returned in an error path of 'ssl_io_filter_handshake()'

This messes-up error handling performed in 'ssl_io_filter_error()'

+1: ylavic, jim, minfrin

Vote and promote.

ab: Add client certificate support.

trunk: http://svn.apache.org/r1841784

2.4.x: svn merge -c r1841784 ^/httpd/httpd/trunk .

+1: minfrin, jim, ylavic