From: Rich Bowen Date: Tue, 31 Mar 2020 15:01:59 +0000 (+0000) Subject: rebuild X-Git-Tag: 2.4.44~148 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6f5ec76ebe9619ce3139430b4839e7c98c3a8764;p=thirdparty%2Fapache%2Fhttpd.git rebuild git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1875944 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/developer/request.html.en b/docs/manual/developer/request.html.en index f0f87f8c1de..0fe8755620b 100644 --- a/docs/manual/developer/request.html.en +++ b/docs/manual/developer/request.html.en @@ -89,9 +89,10 @@

Strips Parent and This Elements from the URI

All /../ and /./ elements are - removed by ap_getparents(). This helps to ensure + removed by ap_getparents(), as well as any trailing + /. or /.. element. This helps to ensure the path is (nearly) absolute before the request processing - continues.

+ continues. (See RFC 1808 section 4 for further discussion.)

This step cannot be bypassed.

diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en index 4dd30e5a277..3404cd806a6 100644 --- a/docs/manual/mod/directives.html.en +++ b/docs/manual/mod/directives.html.en @@ -420,10 +420,12 @@
  • MaxSpareServers
  • MaxSpareThreads
  • MaxThreads
    • +
  • MDActivationDelay
  • MDBaseServer
  • MDCAChallenges
  • MDCertificateAgreement
  • MDCertificateAuthority
    • +
  • MDCertificateCheck
  • MDCertificateFile
  • MDCertificateKeyFile
  • MDCertificateMonitor
    • diff --git a/docs/manual/mod/mod_md.html.en b/docs/manual/mod/mod_md.html.en index 9db4b55a9cd..8eb5f30d8e0 100644 --- a/docs/manual/mod/mod_md.html.en +++ b/docs/manual/mod/mod_md.html.en @@ -247,7 +247,7 @@ </MDomain>

    - and use the 'server-status' and/or MDMessageCmd to see how it operates. You will + and use the 'server-status' and/or MDMessageCmd to see how it operates. You will see if Stapling information is there, how long it is valid, from where it came and when it will be refreshed.

    @@ -286,10 +286,12 @@

    Support Apache!

    Directives

    +
    top
    +

    MDActivationDelay Directive

    + + + + + + + +
    Description:
    Syntax:MDActivationDelay duration
    Context:server config
    Status:Experimental
    Module:mod_md
    Compatibility:Available in version 2.4.42 and later
    +

    +

    + +
    top

    MDBaseServer Directive

    @@ -358,7 +374,7 @@ to find out which methods can be used.

    If the server listens on port 80, for example, the 'http-01' method is available. - The prerequisite for 'dns-01' is a configured 'MDChallengeDns01' command. + The prerequisite for 'dns-01' is a configured MDChallengeDns01 command. 'tls-alpn-01' is described above in 'https: Challenges'.

    This auto selection works for most setups. But since Apache is a very powerful @@ -366,7 +382,7 @@ possible cases. For example: it may listen on multiple IP addresses where some are reachable on `https:` and some not.

    - If you configure 'MDCAChallenges' directly, this auto selection is disabled. + If you configure MDCAChallenges directly, this auto selection is disabled. Instead, the module will use the configured challenge list when talking to the ACME server (a challenge type must be offered by the server as well). This challenges are examined in the order specified. @@ -415,12 +431,26 @@

    LE Staging Setup

    MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
    + +
    top
    +

    MDCertificateCheck Directive

    +
    + + + + + + +
    Description:
    Syntax:MDCertificateCheck name url
    Context:server config
    Status:Experimental
    Module:mod_md
    Compatibility:Available in version 2.4.42 and later
    +

    +

    +
    top

    MDCertificateFile Directive

    - + @@ -451,7 +481,7 @@ in your configuration. Then you can add MDRenewMode 'always' to it and the module will get a new certificate before the one from the file expires. When it has done so, you remove the - MDCertificateFile and reload the server. + MDCertificateFile and reload the server.

    Another use case is that you renew your Let's Encrypt certificates with another ACME clients, for example the excellent @@ -464,7 +494,7 @@

    MDCertificateKeyFile Directive

    Description:Specify a static certificate file for the MD.
    Syntax:MDCertificateFile path-to-pem-file
    Syntax:MDCertificateFile path-to-pem-file
    Context:server config
    Status:Experimental
    Module:mod_md
    - + @@ -484,7 +514,7 @@
    Description:Specify a static private key for for the static cerrtificate.
    Syntax:MDCertificateKeyFile path-to-file
    Syntax:MDCertificateKeyFile path-to-file
    Context:server config
    Status:Experimental
    Module:mod_md
    - + @@ -551,7 +581,7 @@

    MDChallengeDns01 Directive

    Description:The URL of a certificate log monitor.
    Syntax:MDCertificateMonitor name url
    Default:crt.sh https://crt.sh?q=
    Default:MDCertificateMonitor crt.sh https://crt.sh?q=
    Context:server config
    Status:Experimental
    Module:mod_md
    - + @@ -574,7 +604,7 @@

    MDContactEmail Directive

    Description:
    Syntax:MDChallengeDns01 path-to-command
    Syntax:MDChallengeDns01 path-to-command
    Context:server config
    Status:Experimental
    Module:mod_md
    - + @@ -582,9 +612,9 @@

    The ACME protocol requires you to give a contact url when you sign up. Currently, Let's Encrypt wants an email address (and it will use it to inform you about renewals - or changed terms of service). mod_md uses the MDContactEmail directive email in + or changed terms of service). mod_md uses the MDContactEmail directive email in your Apache configuration, so please specify the correct address there. - If MDContactEmail is not present, mod_md will use the + If MDContactEmail is not present, mod_md will use the ServerAdmin directive.

    @@ -613,7 +643,7 @@
    Description:
    Syntax:MDContactEmail address
    Syntax:MDContactEmail address
    Context:server config
    Status:Experimental
    Module:mod_md
    Status:Experimental
    Module:mod_md
    -

    Use a http proxy to connect to the MDCertificateAuthority. Define this +

    Use a http proxy to connect to the MDCertificateAuthority. Define this if your webserver can only reach the internet with a forward proxy.

    @@ -629,7 +659,7 @@

    Instead of listing all dns names on the same line, you may use - MDMember to add such names + MDMember to add such names to a managed domain.

    Example

    <MDomain example.org>
@@ -665,7 +695,7 @@
 
    MDMessageCmd Directive
    
 
-
+
@@ -678,14 +708,12 @@
             
    
                 This is the more flexible companion to MDNotifyCmd.
             
    
-            
    Example
    
-MDMessageCmd /etc/apache/md-message
+            
    Example
    MDMessageCmd /etc/apache/md-message
    
+
    
 
 # will be invoked when a new certificate for mydomain.org is available as:
 /etc/apache/md-message renewed mydomain.com
-                
    -                
    
-
    
+            
    
                 The program should not block, as the module will wait for it to finish. A
                 return code other than 0 is regarded as an error. 
@@ -706,7 +734,7 @@ MDMessageCmd /etc/apache/md-message
             
    
                 'installed' is triggered when a new certificate has been transferred from
                 staging into the domains location in MD store. This happens at server
-                startup/reload. Different to all other invocations, MDMessageCmd is run
+                startup/reload. Different to all other invocations, MDMessageCmd is run
                 with root permissions (on *nix systems) and has access to the certificate
                 files (and keys). Certificates needed for other applications or
                 in different formats can be processed on this event.
@@ -1082,14 +1110,15 @@ MDRenewWindow 10%
 
    
 
    Description:Handle events for Manage Domains
    Syntax:MDMessageCmd path-to-cmd optional-args
    Syntax:MDMessageCmd path-to-cmd optional-args
    
 
    Context:server config
    
 
    Status:Experimental
    
 
    Module:mod_md
    
             
    
-
+
+
    
 
    Description:Enable stapling for certificates not managed by mod_md.
    
 
    Syntax:MDStapleOthers on|off
    Default:on
    Default:MDStapleOthers on
    
 
    Context:server config
    
 
    Status:Experimental
    
 
    Module:mod_md
    Compatibility:Available in version 2.4.42 and later
    
 
    
             
    
-                This setting only takes effect when `MDStapling` is enabled. It controls 
-                if `mod_md` should also provide stapling information for certificates 
+                This setting only takes effect when MDStapling is enabled. It controls 
+                if mod_md should also provide stapling information for certificates 
                 that are not directly controlled by it, e.g. renewed via an ACME CA.
             
    
         
@@ -1099,24 +1128,26 @@ MDRenewWindow 10%
    - + +
    Description:Enable stapling for all or a particular MDomain.
    Syntax:MDStapling on|off
    Default:off
    Default:MDStapling off
    Context:server config
    Status:Experimental
    Module:mod_md
    Compatibility:Available in version 2.4.42 and later

    - mod_md offers an implementation for providing OCSP stapling information. - This is an alternative to the one provided by 'mod_ssl'. For backward + mod_md offers an implementation for providing OCSP stapling information. + This is an alternative to the one provided by mod_ssl. For backward compatibility, this is disabled by default.

    The stapling can be switched on for all certificates on the server or - for an individual MDomain. This will replace any stapling configuration - in `mod_ssl` for these hosts. When disabled, the 'mod_ssl' stapling + for an individual MDomain. + This will replace any stapling configuration + in mod_ssl for these hosts. When disabled, the mod_ssl stapling will do the work (if it is itself enabled, of course). This allows for a gradual shift over from one implementation to the other.

    - The stapling of `mod_md` will also work for domains where the certificates - are not managed by this module (see MDStapleOthers for how to control this). + The stapling of mod_md will also work for domains where the certificates + are not managed by this module (see MDStapleOthers for how to control this). This allows use of the new stapling without using any ACME certificate management.

    @@ -1126,11 +1157,12 @@ MDRenewWindow 10%

    MDStaplingKeepResponse Directive

    - - + + +
    Description:Controls when old responses should be removed.
    Syntax:MDStaplingKeepResponse duration
    Default:7d
    Syntax:MDStaplingKeepResponse duration
    Default:MDStaplingKeepResponse 7d
    Context:server config
    Status:Experimental
    Module:mod_md
    Compatibility:Available in version 2.4.42 and later

    This time window specifies when OCSP response data used in stapling @@ -1145,15 +1177,16 @@ MDRenewWindow 10%

    MDStaplingRenewWindow Directive

    - - + + +
    Description:Control when the stapling responses will be renewed.
    Syntax:MDStaplingRenewWindow duration
    Default:33%
    Syntax:MDStaplingRenewWindow duration
    Default:MDStaplingRenewWindow 33%
    Context:server config
    Status:Experimental
    Module:mod_md
    Compatibility:Available in version 2.4.42 and later

    - If the validity of the OCSP response used in stapling falls below 'duration', - mod_md will obtain a new OCSP response. + If the validity of the OCSP response used in stapling falls below duration, + mod_md will obtain a new OCSP response.

    The CA issuing a certificate commonly also operates the OCSP responder service and determines how long its signed response about the validity @@ -1184,7 +1217,7 @@ MDRenewWindow 10%

    MDStoreDir Directive

    - + diff --git a/docs/manual/mod/mod_md.xml.fr b/docs/manual/mod/mod_md.xml.fr index ae48d6bb382..5be7dfb152e 100644 --- a/docs/manual/mod/mod_md.xml.fr +++ b/docs/manual/mod/mod_md.xml.fr @@ -2,7 +2,7 @@ - + - - + \ No newline at end of file diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en index 0d2e7cde2f9..ad0fb24f8fe 100644 --- a/docs/manual/mod/quickreference.html.en +++ b/docs/manual/mod/quickreference.html.en @@ -685,23 +685,25 @@ simultaneously - - - + + + - - - - + + + + + - - + + - + @@ -712,11 +714,11 @@ simultaneously - - - - - + + + + +
    Description:Path on the local file system to store the Managed Domains data.
    Syntax:MDStoreDir path
    Syntax:MDStoreDir path
    Default:MDStoreDir md
    Context:server config
    Status:Experimental
    MaxSpareServers number 10 sM
    Maximum number of idle child server processes
    MaxSpareThreads numbersM
    Maximum number of idle threads
    MaxThreads number 2048 sM
    Set the maximum number of worker threads
    MDBaseServer on|off off sX
    Control if base server may be managed or only virtual hosts.
    MDCAChallenges name [ name ... ] tls-alpn-01 http-01 +sX
    Type of ACME challenge used to prove domain ownership.
    MDCertificateAgreement acceptedsX
    You confirm that you accepted the Terms of Service of the Certificate +
    MDActivationDelay durationsX
    -
    MDBaseServer on|off off sX
    Control if base server may be managed or only virtual hosts.
    MDCAChallenges name [ name ... ] tls-alpn-01 http-01 +sX
    Type of ACME challenge used to prove domain ownership.
    MDCertificateAgreement acceptedsX
    You confirm that you accepted the Terms of Service of the Certificate Authority.
    MDCertificateAuthority url https://acme-v02.ap +sX
    The URL of the ACME Certificate Authority service.
    MDCertificateFile path-to-pem-filesX
    Specify a static certificate file for the MD.
    MDCertificateKeyFile path-to-filesX
    Specify a static private key for for the static cerrtificate.
    MDCertificateMonitor name urlsX
    The URL of a certificate log monitor.
    MDCertificateAuthority url https://acme-v02.ap +sX
    The URL of the ACME Certificate Authority service.
    MDCertificateCheck name urlsX
    -
    MDCertificateFile path-to-pem-filesX
    Specify a static certificate file for the MD.
    MDCertificateKeyFile path-to-filesX
    Specify a static private key for for the static cerrtificate.
    MDCertificateMonitor name url crt.sh https://crt. +sX
    The URL of a certificate log monitor.
    MDCertificateProtocol protocol ACME sX
    The protocol to use with the Certificate Authority.
    MDCertificateStatus on|off on sX
    Exposes public certificate information in JSON.
    MDChallengeDns01 path-to-commandsX
    -
    MDContactEmail addresssX
    -
    MDChallengeDns01 path-to-commandsX
    -
    MDContactEmail addresssX
    -
    MDDriveMode always|auto|manual auto sX
    former name of MDRenewMode.
    MDHttpProxy urlsX
    Define a proxy for outgoing connections.
    MDMember hostnamesX
    Additional hostname for the managed domain.
    MDMembers auto|manual auto sX
    Control if the alias domain names are automatically added.
    MDMessageCmd path-to-cmd optional-argssX
    Handle events for Manage Domains
    MDMessageCmd path-to-cmd optional-argssX
    Handle events for Manage Domains
    MDMustStaple on|off off sX
    Control if new certificates carry the OCSP Must Staple flag.
    MDNotifyCmd path [ args ]sX
    Run a program when a Managed Domain is ready.
    MDomain dns-name [ other-dns-name... ] [auto|manual]sX
    Define list of domain names that belong to one group.
    MDRenewWindow duration 33% sX
    Control when a certificate will be renewed.
    MDRequireHttps off|temporary|permanent off sX
    Redirects http: traffic to https: for Managed Domains.
    MDServerStatus on|off on sX
    Control if Managed Domain information is added to server-status.
    MDStapleOthers on|offsX
    Enable stapling for certificates not managed by mod_md.
    MDStapling on|offsX
    Enable stapling for all or a particular MDomain.
    MDStaplingKeepResponse durationsX
    Controls when old responses should be removed.
    MDStaplingRenewWindow durationsX
    Control when the stapling responses will be renewed.
    MDStoreDir path md sX
    Path on the local file system to store the Managed Domains data.
    MDStapleOthers on|off on sX
    Enable stapling for certificates not managed by mod_md.
    MDStapling on|off off sX
    Enable stapling for all or a particular MDomain.
    MDStaplingKeepResponse duration 7d sX
    Controls when old responses should be removed.
    MDStaplingRenewWindow duration 33% sX
    Control when the stapling responses will be renewed.
    MDStoreDir path md sX
    Path on the local file system to store the Managed Domains data.
    MDWarnWindow duration 10% sX
    Define the time window when you want to be warned about an expiring certificate.
    MemcacheConnTTL num[units] 15s svE
    Keepalive time for idle connections
    MergeSlashes ON|OFF ON svC
    Controls whether the server merges consecutive slashes in URLs. diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en index c8d24b52d34..f116a834912 100644 --- a/docs/manual/suexec.html.en +++ b/docs/manual/suexec.html.en @@ -325,7 +325,7 @@ to ensure safe operations?

    - suEXEC cleans the process' environment by establishing a + suEXEC cleans the process's environment by establishing a safe execution PATH (defined during configuration), as well as only passing through those variables whose names are listed in the safe environment list (also created