Checkout
 

ylavic in httpd

ap_http_header_filter: avoid double encoding of output headers in traces.

When output headers are logged (TRACE4) in send_all_header_fields(), we don't

need to explicitely ap_escape_logitem() them since ap_log_rerror() takes care

of log files escaping already.

Otherwise, characters like '"' are unncesseralily encoded, and '\\' is doubly

encoded (including for controls).

More about RegexDefaultOptions.
mod_ssl: OCSP does not apply to proxy mode, fix verify context.

Since ssl_callback_SSLVerify() is called for both server and proxy modes,

use myCtxConfig()->ocsp_mask to check the right mode/configuration (i.e.

none for proxy in any case).

PR 63679.

Submitted by: Lubos Uhliarik <luhliari redhat.com>

Follow up to r1860166: mergeinfo.
Update 100-continue patch after r1859845.
Backported (r1859845).
Backported (r1859844).
Merge r1859371, r1859422 from trunk:

mod_proxy/ssl: Proxy SSL client certificate

configuration and other proxy SSL configurations

broken inside <Proxy> context.

PR 63430

Triggered by r1855646+r1855748.

Patch from rpluem (proxy) and ylavic (ssl).

Follow up to r1859371: extend to other ap_proxy_connection_create[_ex]() users.

This function now now handles SSL reuse as well as the "proxy-request-hostname"

note (SNI), so let's also call it unconditionnaly in all proxy modules.

On the mod_ssl side, since this note has the lifetime of the connection, don't

reset/unset it during handshake (ssl_io_filter_handshake).

Submitted by: rjung, ylavic

Reviewed by: rjung, rpluem, ylavic

Merge r1818726 from trunk:

mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.

PR 61857.

Proposed by: Markus Gausling <markusgausling googlemail.com>

Reviewed by: ylavic, rjung, rpluem

Vote, promote.
Follow up to r1859371: extend to other ap_proxy_connection_create[_ex]() users.

This function now now handles SSL reuse as well as the "proxy-request-hostname"

note (SNI), so let's also call it unconditionnaly in all proxy modules.

On the mod_ssl side, since this note has the lifetime of the connection, don't

reset/unset it during handshake (ssl_io_filter_handshake).

Vote, promote and propose.
Follow up to r1857129: CHANGES entry.
mod_reqtimeout: fix default_[stage]_rate_factor initializations.

r1853901 lowercased the [stage] for MRT_DEFAULT_[stage]_* macros but missed

to change the ones used in reqtimeout_hooks() to initialize the default rate

factors, leading to no default rate in 2.4.39. Fix that now. PR 63325.

Merge r1825375 from trunk:

rpm: Add mod_socache_redis to the build.

Submitted by: minfrin

Well, our build with latest APR trunk seems to insist on updating apr_common.m4

So be it.

Revert r1856560: was not the latest apr_common.m4 version anyway...

How does that change came in my local workspace in the first place??

Update apr_common.m4 to latest (trunk).

Note: why is that file in the httpd repo??

mod_cache: follow up to r1856493: cache_strqtok() to reject quoted tokens.

Use a real state machine to track where quotes are allowed, and for

better clarity too...

mod_cache: follow up to r1856493: always terminate cache_strqtok() returns.

Vote, promote.
mod_cache: Fix parsing of quoted Cache-Control token arguments. PR 63288.

Make cache_strqtok() return both the token and its unquoted argument (if any),

or an error if the parsing fails.

Cache-Control integer values (max-age, max-stale, ...) can then be parsed w/o

taking care of the (optional) quoting.

Suggested by: fielding

Follow up to r1856490: missing one mod_log_forensic test_char_table case.

Provide TEST_CHAR marco in test_char.h

For (internal) usage outside server/util.c, mod_log_forensic for now

and mod_cache (T_HTTP_TOKEN_STOP) in a few...

Propose opt-out for proxy 100-continue.
mod_proxy: follow up to r1836588: configurable Proxy100Continue.

Add Proxy100Continue directive to allow for 100-continue forwarding opt-out.

Vote, promote & propose.
mod_proxy/ssl: cleanup per-request SSL configuration for recycled proxy conns.

The SSL dir config of proxy/backend connections is stored in r->per_dir_config

but those connections have a lifetime independent of the requests they handle.

So we need to allow the external ssl_engine_set() function to reset mod_ssl's

dir config in between proxy requests, or the first sslconn->dc could be used

after free for the next requests.

mod_proxy can then reset/reinit the request config when recycling its backend

connections.

PR 63256.

Record changes from r1855519.
Record merges from r1855431.