format (TOML) including MMN information.
* modules/core/mod_so.c (print_mod_data): New function.
(dump_loaded_modules): Use it if DUMP_MODULE_DATA is defined.
* docs/manual/programs/httpd.xml: Move -DDUMP_* docs to a new
section, cover the above new option.
Github: closes#537
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1926737 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_private.h (ssl_verify_error_is_optional): Add
X509_V_ERR_CERT_HAS_EXPIRED to the list of error exceptions
permitted for "optional_no_ca" mode.
Submitted by: Naveen Albert <apache2 phreaknet.org>
PR: 60028
Github: closes#509
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1926714 13f79535-47bb-0310-9956-ffa450edef68
In set_cookie_name() and set_cookie_name2(), now that the empty 'name' argument is explicitly handled, the error message in check_string() can be simplified because the cookie name can't be empty anymore when this function is called.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1926188 13f79535-47bb-0310-9956-ffa450edef68
- Fixed TLS-ALPN-01 challenges when multiple `MDPrivateKeys` are specified
with EC keys before RSA ones. Fixes#377. [Stefan Eissing]
- Fixed missing newlines in the status page output. [Andreas Groth]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1925979 13f79535-47bb-0310-9956-ffa450edef68
Fixes a regression from 2.4.59 (r1913907).
For a reverse proxy setup with a worker (enablereuse=on) and a
forward/CONNECT ProxyRemote to reach it, an open connection/tunnel
to/through the remote proxy for the same origin server (and using the
same proxy auth) should be reusable. Avoid closing them like r1913534
did.
* modules/proxy/proxy_util.c:
Rename the struct to remote_connect_info since it's only used for
connecting through remote CONNECT proxies. Axe the use_http_connect
field, always true.
* modules/proxy/proxy_util.c(ap_proxy_connection_reusable):
Remote CONNECT (forward) proxy connections can be reused if the auth
and origin server infos are the same, so conn->forward != NULL is not
a condition to prevent reusability.
* modules/proxy/proxy_util.c(ap_proxy_determine_connection):
Fix the checks around conn->forward reuse and connection cleanup if
that's not possible.
Submitted by: jfclere, ylavic
GH: closes#531
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1925743 13f79535-47bb-0310-9956-ffa450edef68
Previously, the SSLProtocol directive was checked at runtime. Apache quit if
the directive contained an invalid combination of protocols, and logged the
message "AH02231: No SSL protocols available [hint: SSLProtocol]".
With this change, most invalid SSLProtocol directives are detected when
checking the configuration, e.g. with \"httpd -t -f httpd.conf\".
Examples of invalid protocol combinations that are caught:
* SSLProtocol "-TLSv1"
* SSLProtocol "-all"
* SSLProtocol "TLSv1.2 -TLSv1.2"
Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
Github: closes#523
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1924955 13f79535-47bb-0310-9956-ffa450edef68
Change the log level from ERROR to DEBUG.
The message \"mod_asis: ap_pass_brigade failed for file ...\" was logged with
the level ERROR. This log level is inappropriate here, because a client can
trigger this log message by aborting the request.
Most other modules don't log at all or use the log level DEBUG when
ap_pass_brigade() fails.
Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
Github: closes#527
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1924954 13f79535-47bb-0310-9956-ffa450edef68
- Fixed bug in handling over long response headers. When the 64 KB limit
of nghttp2 was exceeded, the request was not reset and the client was
left hanging, waiting for it. Now the stream is reset.
- Added new directive `H2MaxHeaderBlockLen` to set the limit on response
header sizes.
- Fixed handling of Timeout vs. KeepAliveTimeout when first request on a
connection was reset.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1924145 13f79535-47bb-0310-9956-ffa450edef68
dav_fs_dir_file_name() will not set *fname_p to NULL on failure,
and all callers of dav_fs_dir_file_name() does not check the
return value of dav_fs_dir_file_name(), which could lead to an
undefined behavior against fname_p.
Fix this by adding return value check of dav_fs_dir_file_name()
Submitted by: Zhou Qingyang <zhou1615 umn.edu>
Github: closes#309
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1923813 13f79535-47bb-0310-9956-ffa450edef68
older and newer curl versions. Only a change in logging,
no function module change.
Newer curl send a GOAWAY on connection shutdown which
triggers another code path that the test did not expect.
Thanks to Rainer Jung for tracking this down.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1923187 13f79535-47bb-0310-9956-ffa450edef68
- Improved error reporting when waiting for ACME server to verify domains
or finalizing the order fails, e.g. times out.
- Increasing the timeouts to wait for ACME server to verify domain names
and issue the certificate from 30 seconds to 5 minutes.
- Change a log level from error to debug when Stapling is enabled but a
certificate carries no OCSP responder URL.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1923148 13f79535-47bb-0310-9956-ffa450edef68
- Fixed HTTP-01 challenges to not carry a final newline, as some ACME
server fail to ignore it. [Michael Kaufmann (@mkauf)]
- Fixed missing label+newline in server-status plain text output when
MDStapling is enabled.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1922279 13f79535-47bb-0310-9956-ffa450edef68
of sgAttributes, found by gcc -fanalyzer:
modules/aaa/mod_authnz_ldap.c: scope_hint: In function 'create_authnz_ldap_dir_config'
modules/aaa/mod_authnz_ldap.c:356:23: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921971 13f79535-47bb-0310-9956-ffa450edef68
Count failed requests that are RST'ed, so that the
connection enters keepalive timeout instead of the
regular timeout if the first request fails.
Add tests to verify.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921805 13f79535-47bb-0310-9956-ffa450edef68
