| Commit message (Collapse) | Author | Files | Lines |
|
* server/mpm/event/event.c(setup_threads_runtime):
Simplify pollset creation code.
All pollset "good methods" implement APR_POLLSET_WAKEABLE and wake-ability
is quite important for MPM event's correctness anyway so simplify code around
pollset creation so as not to suggest that APR_POLLSET_NODEFAULT if favored
against APR_POLLSET_WAKEABLE.
While at it account for the wakeup pipe in the pollset_size since not all
pollset methods seem to do it internally in APR.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916925 13f79535-47bb-0310-9956-ffa450edef68
|
|
* modules/ssl/mod_ssl_ct.c(client_extension_add_callback,
server_extension_add_callback):
Variable ext_type is unsigned, so use %u instead of %hu.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916924 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916907 13f79535-47bb-0310-9956-ffa450edef68
|
|
Replace else with an if as the if branch no longer ensures that
custome DH parameters have been loaded.
This fixes a regression that causes the default DH parameters for a key
no longer set and thus effectively disabling DH ciphers when no explicit
DH parameters are set.
PR: 68863
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916863 13f79535-47bb-0310-9956-ffa450edef68
|
|
- Using OCSP stapling information to trigger certificate renewals. Proposed
by @frasertweedale.
- Added directive `MDCheckInterval` to control how often the server checks
for detected revocations. Added proposals for configurations in the
README.md chapter "Revocations".
- OCSP stapling: accept OCSP responses without a `nextUpdate` entry which is
allowed in RFC 6960. Treat those as having an update interval of 12 hours.
Added by @frasertweedale.
- Adapt OpenSSL usage to changes in their API. By Yann Ylavic.
Test Updates
- workarounds for using Pebble v2.5
- disable EAB tests for Pebble since v2.5 no longer
supports HS256 FWT for EAB keys
- some stability improvemnets in error/warning checks
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916861 13f79535-47bb-0310-9956-ffa450edef68
|
|
in modules/http2/test_800_websockets.py
(test_h2_800_03_not_found and
test_h2_800_05_non_ws_delay_resource) due to
additional RST messages.
Maybe we should allow RST after EOF in all websocket tests?
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916830 13f79535-47bb-0310-9956-ffa450edef68
|
|
in modules/http2/test_800_websockets.py
(test_h2_800_04_non_ws_resource and
test_h2_800_09b_unsupported) due to
additional RST messages.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916808 13f79535-47bb-0310-9956-ffa450edef68
|
|
Do not count lines like "00:12:26.578220 <= Recv data, 0 bytes (0x0)"
(which happen before the final close) as receiving a real chunk.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916806 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916804 13f79535-47bb-0310-9956-ffa450edef68
|
|
Submitted By: icing
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916771 13f79535-47bb-0310-9956-ffa450edef68
|
|
Submitted By: ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916770 13f79535-47bb-0310-9956-ffa450edef68
|
|
Submitted By: ylavic, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916769 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916708 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916704 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916669 13f79535-47bb-0310-9956-ffa450edef68
|
|
Latest OpenSSL versions have OPENSSL_NO_COMP by default, avoid breaking
existing "SSLCompression off" in configurations since it's a noop.
* modules/ssl/ssl_engine_config.c(ssl_cmd_SSLCompression):
Don't fail for OPENSSL_NO_COMP if the flag is "off".
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916561 13f79535-47bb-0310-9956-ffa450edef68
|
|
Github: closes #424
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916559 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916397 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916396 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916388 13f79535-47bb-0310-9956-ffa450edef68
|
|
PR: 66148
Submitted by: Romain Tartière <romain blogreen.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916381 13f79535-47bb-0310-9956-ffa450edef68
|
|
context at startup, since this may vary when httpd is started via
systemd vs being started directly.
* modules/arch/unix/mod_systemd.c (systemd_post_config):
Do nothing for the pre-config iteration.
Log the SELinux context if available.
* modules/arch/unix/config5.m4: Detect libselinux.
Have at least one CI job build mod_systemd.
Github: closes #422
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916344 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916343 13f79535-47bb-0310-9956-ffa450edef68
|
|
ap_find_systemd_socket() and ap_systemd_listen_fds() are already declared in
"ap_listen.h", so just include them.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916312 13f79535-47bb-0310-9956-ffa450edef68
|
|
Or their non-zero value should be considered -1 rather than 1.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916300 13f79535-47bb-0310-9956-ffa450edef68
|
|
The non-zero value for one bit field is -1:
mod_crypto.c|565 col 18| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->encrypt = 1;
|| ^ ~
mod_crypto.c|746 col 22| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->clength = 1;
|| ^ ~
mod_crypto.c|903 col 35| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->seen_eos = 1;
|| ^ ~
mod_crypto.c|960 col 22| error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
|| ctx->clength = 1;
|| ^ ~
Use unsigned bit fields for struct crypto_ctx's members seen_eos, encrypt and clength.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916299 13f79535-47bb-0310-9956-ffa450edef68
|
|
gcc-13's -fsanitize=undefined finds:
mod_rewrite.c|1702 col 37| error: '%s' directive argument is null [-Werror=format-overflow=]
|| 1701 | value = select_random_value_part(r, value);
|| 1702 | rewritelog((r, 5, NULL, "randomly chosen the subvalue `%s'",value));
|| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
because it's not clear from select_random_value_part() whether it can return NULL or not.
Rewrite the function so that it's clearer/simpler.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916298 13f79535-47bb-0310-9956-ffa450edef68
|
|
Submitted By: ylavic, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916267 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916243 13f79535-47bb-0310-9956-ffa450edef68
|
|
If the pthread_create failure isn't on the first worker thread,
another one is likely to hold the queue mutex already. The cleanup
of pchild will try to cleanup the queue and block on destroying
the condition.
ST_UNGRACEFUL as we have no listener thread yet.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916241 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916148 13f79535-47bb-0310-9956-ffa450edef68
|
|
Submitted by: Sagar <42873729+SagarCodeCtrl users.noreply.github.com>
Github: closes #414
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916133 13f79535-47bb-0310-9956-ffa450edef68
|
|
trunk to pick up r1916067.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916068 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916059 13f79535-47bb-0310-9956-ffa450edef68
|
|
(attempt to use 3.2 failed, unsure why)
- add OpenSSL build binaries to $PATH
Github: closes #415
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916058 13f79535-47bb-0310-9956-ffa450edef68
|
|
Update to avoid GCC warning for no-engine builds where the
SSLModConfigRec is not used. Also log an error for the ENOTIMPL
path.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916057 13f79535-47bb-0310-9956-ffa450edef68
|
|
from _before_linux.sh in whether the perl-framework is used/needed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916056 13f79535-47bb-0310-9956-ffa450edef68
|
|
- don't install CPAN modules if NO_TEST_FRAMEWORK is set
- remove the workaround for mod_h2 APR build caching which
should no longer be necessary now caching is fixed
- fix capturing specific perl-framework failures with "TEST -v" mode
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916055 13f79535-47bb-0310-9956-ffa450edef68
|
|
SSL_CTX_new() will return NULL if there was an error creating a new SSL context.
Submitted by: StephenWall
Github: closes #402
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916054 13f79535-47bb-0310-9956-ffa450edef68
|
|
should now work correctly (since the version is in the cache key).
For 1.x branches, CLEAR_CACHE must still be used. [skip ci]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916053 13f79535-47bb-0310-9956-ffa450edef68
|
|
Github: closes #416
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916052 13f79535-47bb-0310-9956-ffa450edef68
|
|
as a unique key for each job in the matrix, using that as the
cache key and in each artefact upload (otherwise multiple failures
uploading "error_log" overwrite each other).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916051 13f79535-47bb-0310-9956-ffa450edef68
|
|
and don't change shared memory the load balancer is not using.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916004 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1915995 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1915994 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1915991 13f79535-47bb-0310-9956-ffa450edef68
|
|
!MODSSL_HAVE_ENGINE_API
Latest OpenSSL versions removed the ENGINE API completely, still provide NULL
SSLModConfigRec::szCryptoDevice since it's used outside MODSSL_HAVE_ENGINE_API.
SSLModConfigRec is a private struct, so no MMN change.
* modules/ssl/ssl_private(SSLModConfigRec):
Provide szCryptoDevice (NULL) even if !MODSSL_HAVE_ENGINE_API.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1915889 13f79535-47bb-0310-9956-ffa450edef68
|
|
pointers as const. (no functional change)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1915874 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1915843 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1915841 13f79535-47bb-0310-9956-ffa450edef68
|