*) mod_md: a new directive `MDStoreLocks` can be used on cluster
setups with a shared file system for `MDStoreDir` to order
activation of renewed certificates when several cluster nodes are
restarted at the same time. Store locks are not enabled by default.
Restored curl_easy cleanup behaviour from v2.4.14 and refactored
the use of curl_multi for OCSP requests to work with that.
Fixes <https://github.com/icing/mod_md/issues/293>.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903677 13f79535-47bb-0310-9956-ffa450edef68
error was logged when "SSLProxyEngine" was only configured in the
location/proxy section and not the overall server. The connection
continued to work, the error log was in error. Fixed PR66190.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903167 13f79535-47bb-0310-9956-ffa450edef68
an ACME CA. This gives a failover for renewals when several consecutive attempts
to get a certificate failed.
A new directive was added: `MDRetryDelay` sets the delay of retries.
A new directive was added: `MDRetryFailover` sets the number of errored
attempts before an alternate CA is selected for certificate renewals.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900852 13f79535-47bb-0310-9956-ffa450edef68
local tailscale demon for users of that secure networking.
This gives trusted certificates for tailscale assigned
domain names in the *.ts.net space.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900313 13f79535-47bb-0310-9956-ffa450edef68
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
what was used for mod_proxy_balancer.
[Rainer Jung]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900039 13f79535-47bb-0310-9956-ffa450edef68
It seems that h2load somehow issues more connections than the 6 requested (saw
up to 12), so adapt the MPM event configuration accordingly.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899862 13f79535-47bb-0310-9956-ffa450edef68
This replaces the internal H2_HEADERS bucket, removing its
source file and also obsoletes any interim response parsing
needs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899649 13f79535-47bb-0310-9956-ffa450edef68
create_secondary_connection and ap_create_secondary_connection()
to setup connections related to a "master" one, as used in
the HTTP/2 protocol implementation.
*) mod_http2: using the new API calls to get rid of knowledge
about how the core handles conn_rec specifics.
Improvements in pollset stream handling to use less sets.
Using atomic read/writes instead of volatiles now.
Keeping a reserve of "transit" pools and bucket_allocs for
use on secondary connections to avoid repeated setup/teardowns.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899032 13f79535-47bb-0310-9956-ffa450edef68
to stabilize CI tests again. Previous revision of trunk has been copied
to branches/trunk-ssl-handshake-unblocking to make those into a PR where
changes can be discussed and tested separately.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897760 13f79535-47bb-0310-9956-ffa450edef68
- disabling test_h2_105_02 due to handshake timeouts no longer working
- adjusting some log levels
- ignoring new handshake error AHLOGNOs
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897650 13f79535-47bb-0310-9956-ffa450edef68
- modules/http2: ignore some SSL library error logs when using openssl 3.x
- modules/tls: right now, we seem unable to force curl to use TLSv1.3, adjust
test case expectations accordingly. Use --tls-max to force v1.2 where needed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897257 13f79535-47bb-0310-9956-ffa450edef68
send a GOAWAY frame much too early on new connections, leading to invalid
protocol state and a client failing the request. See PR65731 at
<https://bz.apache.org/bugzilla/show_bug.cgi?id=65731>.
The module now initializes the HTTP/2 protocol correctly and allows the
client to submit one request before the shutdown via a GOAWAY frame
is being announced.
No changes-entries, since this fix is proposed for backport on the 1.15.x
module codebase in 2.4.x in a separate PR.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895724 13f79535-47bb-0310-9956-ffa450edef68
* testsuite: handling of cert+key in same file improved
* testsuite: using 'stop' configuration to terminate server in case test cases
leave borked test configs lying around.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894919 13f79535-47bb-0310-9956-ffa450edef68
