* modules/ssl/ssl_engine_kernel.c (has_buffered_data): New function.
(ssl_hook_Access): Forcibly disable keepalive for the connection if
there is any buffered data readable from the input filter stack.
* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Ensure that the
BIO uses blocking operations when invoked outside direct control of
the httpd filter stack.
Thanks to Hartmut Keil <Hartmut.Keil adnovum.ch> for proposing this
technique.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@891282 13f79535-47bb-0310-9956-ffa450edef68
This was due to an incomplete refactoring in
r771940 (switching balancer->workers to an
array of pointers).
It's likely that other balancer functionality
was broken too.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@891230 13f79535-47bb-0310-9956-ffa450edef68
request as they might be added to the header tables of the main request.
Otherwise these values might become invalid once the subrequest and its
pool gets destroyed.
PR: 48359
Submitted by: rpluem, niq
Reviewed by: niq
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@889408 13f79535-47bb-0310-9956-ffa450edef68
mod_auth_digest.c: In function ‘set_shmem_size’:
mod_auth_digest.c:681: warning: format ‘%ld’ expects type ‘long int’, but argument 7 has type ‘apr_size_t’
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@886213 13f79535-47bb-0310-9956-ffa450edef68
watchdog: use better mutex type name
ldap/digest: use same FOO_mutex_type variable name as other modules
for easier searching
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@883708 13f79535-47bb-0310-9956-ffa450edef68
and WatchdogMutexPath with a single Mutex directive. Add APIs to
simplify setup and user customization of APR proc and global mutexes.
(See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
respected; set DEFAULT_REL_RUNTIMEDIR instead.
Some existing modules, such as mod_ldap and mod_auth_digest gain
configurability for their mutexes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@883540 13f79535-47bb-0310-9956-ffa450edef68
to run when mod_authnz_ldap finds a user but can't verify their password.
Submitted By: Justin Erenkrantz, Joe Schaefer, Tony Stevenson
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@881808 13f79535-47bb-0310-9956-ffa450edef68
transfer has been completed successfully, move it over the old file.
Since this would break inode keyed locking, switch to filename keyed locking
exclusively.
PR: 39815
Submitted by: Paul Querna, Stefan Fritsch
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@834049 13f79535-47bb-0310-9956-ffa450edef68
fallback to copy.
From rename(2) on Linux: Linux permits a file system to be mounted at multiple
points, but rename() does not work across different mount points, even
if the same file system is mounted on both.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@834019 13f79535-47bb-0310-9956-ffa450edef68
Reject client-initiated renegotiations; this is sufficient to prevent
the attack for any configuration which does not require renegotiation
due to per-directory/per-location access control configuration.
Configuration with per-directory/per-location access control
requirements (such as "SSLVerifyClient require") are still vulnerable
to CVE-2009-3555 with this patch applied (if using OpenSSL <= 0.9.8k).
* modules/ssl/ssl_private.h (SSLConnRec): Add reneg_state field.
(ssl_callback_Info): Renamed from ssl_callback_LogTracingState.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Install
the (renamed) info callback unconditionally.
* modules/ssl/ssl_engine_io.c (ssl_filter_ctx_t): Add config pointer
to SSLConnRec.
(bio_filter_out_write, bio_filter_in_read): Fail with
APR_ECONNABORTED if the reneg state is set to RENEG_ABORT.
* modules/ssl/ssl_engine_kernel.c (log_tracing_state): Factored out
of ssl_callback_LogTracingState.
(ssl_callback_Info): New function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@833582 13f79535-47bb-0310-9956-ffa450edef68
. axe --with-mpm="shared" hack, replace with --enable-mpms-shared={all|list}
. replace singular MPM_NAME with access to the list of enabled MPMs
. replace singular MPM_SUBDIR with list MPM_SUBDIRS
. enable OS/2 MPM in same manner as others with configure support instead of
hard-coding in configure.in
Current state: MPMs are built as static archives (but not linked to httpd) with
--enable-mpms-shared, so they still have to be built with apxs to load
dynamically.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@832228 13f79535-47bb-0310-9956-ffa450edef68
