Joe Orton [Fri, 1 May 2020 08:17:16 +0000 (08:17 +0000)]
Add gcc-10 job, drop gcc-9 config from allow_failures (seems stable again).
Use -O2 for all gcc -Werror jobs otherwise warnings triggered under e.g.
aggressive inlining are not found.
util_filter: axe misleading AP_BUCKET_IS_MORPHING() macro and fix comments.
Morphing buckets are not only those with ->length == -1, so the macro is
misleading. Modify comments to talk about opaque buckets when length == -1
and about morphing buckets (once) for opaque and FILE buckets.
Provide a compatible version of ssl_callback_SessionTicket() which does not
use the deprecated HMAC_CTX and HMAC_Init_ex(), replaced by EVP_MAC_CTX and
EVP_MAC_CTX_set_params() respectively. This requires adapting struct
modssl_ticket_key_t to replace hmac_secret[] with OSSL_PARAM mac_params[],
created once at load time still.
The callback is registered by SSL_CTX_set_tlsext_ticket_key_evp_cb() instead
of SSL_CTX_set_tlsext_ticket_key_cb().
Since BIO_eof() may now be called openssl-3 state machine, the never-called
assertion in bio_filter_in_ctrl() does not hold anymore, and we have to
handle BIO_CTRL_EOF. For any other cmd, we continue to AP_DEBUG_ASSERT(0) and
log an error, yet the return value is changed from -1 to 0 which is the usual
unhandled value.
Note that OpenSSL 3.0.0 is still in alpha stage as of now, the API shouldn't
change though, neither breakage to 1.x.x API.
systemd dependencies are only needed by mod_systemd.
They should currently not be needed by httpd directly
or any other binary. So no need to add them to
HTTPD_LIBS.
Joe Orton [Thu, 23 Apr 2020 08:26:26 +0000 (08:26 +0000)]
Add optional options= argument to Listen to add listener-specific
socket options.
Reimplement "use_specific_errors" listener flag under generic
ap_listen_rec flags field holding all listener-specific options.
* include/ap_listen.h: Add AP_LISTEN_* flags.
(ap_listen_rec): Rename use_specific_errors to flags.
* server/listen.c (make_sock): Set APR_SO_FREEBIND if
AP_LISTEN_FREEBIND flag is set on listener; set APR_SO_REUSEPORT
unconditionally if AP_LISTEN_REUSEPORT is set.
(alloc_listener): Take flags argument.
(ap_setup_listeners): Set AP_LISTEN_SPECIFIC_ERRORS flag here.
(ap_set_listener): Parse optional options=... argument, catch
typos and fail if protocol name contains a "=".
(ap_duplicate_listeners): Duplicate flags.
core: follow up to r1876664: allow ErrorDocument to read body when applicable
Unless ap_read_request() failed to read the request line or header, or
Transfer-Encoding is invalid, we can still provide the request body to custom
error handlers (ErrorDocument) that ask it (e.g. internal redirects to CGI).
So this commit splits early failure path (previously die_early label) in two,
die_unusable_input and die_before_hooks, where the latter preserves input
filters (including HTTP_IN).
Also, the code to apply the connection timeout and r->per_dir_config from the
server is now in a new apply_server_config() helper since it's used multiple
times. Note that apr_socket_timeout_set() is a noop if the new timeout is the
same as the one already in place, so there is no need to cache the old timeout
nor use apr_socket_timeout_get(). Likewise, r->server is initially set to
c->base_server so apply_server_config() is overall a noop when no change is
needed.
Fix the way we are looking for "TLS/1.0" tokens.
ap_find_token() is more robust than expecting the token to be the first one in the 'Upgrade' header field.
Joe Orton [Mon, 20 Apr 2020 09:25:39 +0000 (09:25 +0000)]
* support/suexec.c (safe_strtol): New function.
(main): Use ^ to be avoid using atoi(); try to catch more string to
integer and integer to uid/gid conversion errors/surprises.
core, h2: common ap_parse_request_line() and ap_check_request_header() code.
Extract parsing/validation code from read_request_line() and ap_read_request()
into ap_parse_request_line() and ap_check_request_header() helpers such that
mod_http2 can validate its HTTP/1 request with the same/configured policy.
Joe Orton [Thu, 16 Apr 2020 18:22:43 +0000 (18:22 +0000)]
* server/mpm/prefork/prefork.c (prefork_pre_config): Use pconf as
passed to the hook with ap_fatal_signal_child_setup, since
prefork.c's pconf "global" is not set until the (later) open_logs
hook, and if built as a DSO it may be reset inbetween.
Joe Orton [Thu, 16 Apr 2020 17:55:48 +0000 (17:55 +0000)]
* modules/core/mod_watchdog.c (wd_worker): Fix crashes snuck into
r1876599 where a destroyed pool was reused. Rename the "ctx"
variable to reflect its purpose. Also tweak the pool tags.
Joe Orton [Tue, 14 Apr 2020 12:37:17 +0000 (12:37 +0000)]
* modules/core/mod_watchdog.c: Switch to simpler logic to avoid the
thread cleanup running before the thread has started, avoiding
mutex operations which both have undefined behaviour:
a) double-locking an UNNESTED (non-recursive) mutex twice in the parent
b) unlocking a mutex in the spawned thread which was locked by the parent
(wd_startup, wd_worker_cleanup, wd_worker): Use a boolean to ensure
the cleanup does nothing if the thread wasn't started, drop the mutex.
Joe Orton [Thu, 2 Apr 2020 08:54:29 +0000 (08:54 +0000)]
* modules/ssl/ssl_engine_io.c (ssl_io_filter_coalesce): Further tweaks
to logic, comments and debugging:
- allow buffering up to exactly COALESCE_BYTES rather than COALESCE_BYTES-1.
- put bucket type name in logging output
- do not coalesce a single-bucket prefix of length equal to the
buffer size (which would be a pointless memory copy).
core: add r->flushed flag and set it when the response is sent.
By setting EOR->r->flushed in the core output filter, allow one to determine at
log_transaction hook time whether the request has been fully flushed through
the network, or not (network issue, filter error, n-th pipelined resposne...).
Introduce the ap_bucket_eor_request() helper to get the request bound to an EOR
bucket, and uses it in ap_core_output_filter() to mark the EOR's request just
before destroying it, after all the previous buckets have been sent.
While at it, rename the request_rec* member of struct ap_bucket_eor from "data"
to "r", which makes the code clearer (not to be confused with b->data).
Finally, add CustomLog format %F, showing "F" or "-" depending on r->flushed,
for admins to figure out for each request.
* modules/ssl/ssl_engine_io.c (ssl_io_filter_coalesce): Handle the case
where apr_bucket_read fails with an error and hence our current bucket
remains the morphing bucket and is not replaced with a 'data' bucket.
If the error is not EAGAINi, error out with an AP_FILTER_ERROR,
otherwise just do not consider the morphing bucket that has no data for
coalesce.
Yann Ylavic [Tue, 31 Mar 2020 16:22:53 +0000 (16:22 +0000)]
core: handle morphing buckets setaside/reinstate and kill request core filter.
The purpose of ap_request_core_filter() is not clear, it seems to prevent
potential morphing buckets to go through AP_FTYPE_CONNECTION filters which
would fail to set them aside (ENOTIMPL), and read them (unbounded) in memory.
This patch allows ap_filter_setaside_brigade() to set morphing buckets aside
by simply moving them, assuming they have the correct lifetime (either until
some further EOR, or the connection lifetime, or whatever). IOW, the module is
responsible for sending morphing buckets whose lifetime needs not be changed
by the connection filters.
Now since morphing buckets consume no memory until (apr_bucket_)read, like FILE
buckets, we don't account for them in flush_max_threshold either. This changes
ap_filter_reinstate_brigade() to only account for in-memory and EOR buckets to
flush_upto.
Also, since the EOR bucket is sent only to c->output_filters once the request
is processed, when all the filters < AP_FTYPE_CONNECTION have done their job
and stopped retaining data (after the EOS bucket, if ever), we prevent misuse
of ap_filter_{setaside,reinstate}_brigade() outside connection filters by
returning ENOTIMPL. This is not the right API for request filters as of now.
Finally, ap_request_core_filter() and co can be removed.
Joe Orton [Mon, 30 Mar 2020 13:18:29 +0000 (13:18 +0000)]
* modules/ssl/ssl_engine_io.c: (ssl_io_filter_coalesce): Handle the
case of a bucket which morphs to a bucket short enough to fit within
the buffer without needing to split.
Joe Orton [Mon, 30 Mar 2020 09:17:35 +0000 (09:17 +0000)]
mod_ssl: Extend the coalescing filter to avoid sending HTTP response
headers in a separate TLS record to the response body in some cases.
* modules/ssl/ssl_engine_io.c:
Increase size of coalesce buffer to AP_IOBUFSIZE (8Kb).
(ssl_io_filter_coalesce): Try harder to fill the prefix which
gets coalesced, including a read&split of a morphing bucket type
Add some compatibility notes for new directives in 2.4.42.
Add some missing <module> and <directive> to improve navigation and style.
Fix the format of some <default>
Add some placeholders for the MDCertificateCheck and MDActivationDelay directives. (new in 2.4.42)
Joe Orton [Thu, 26 Mar 2020 11:03:54 +0000 (11:03 +0000)]
* modules/ssl/ssl_private.h: Define X509_up_ref and EVP_PKEY_up_ref
for OpenSSL < 1.1.
* modules/ssl/ssl_engine_kernel.c (modssl_set_cert_info):
* modules/ssl/ssl_util_stapling.c (stapling_get_issuer):
Use the above macros for all OpenSSL versions.
Rainer Jung [Mon, 23 Mar 2020 13:33:22 +0000 (13:33 +0000)]
Fix compilation breakage with OpenSSL 1.1.0 up to 1.1.0f.
SSL_CTX_get_min_proto_version() and
SSL_CTX_get_max_proto_version() were only introduced in
1.1.0g.
Joe Orton [Mon, 23 Mar 2020 12:08:01 +0000 (12:08 +0000)]
Better define conditions for skipping tests on 2.4.x or non-2.4.x.
Use YAML anchors and references to avoid copy&pasting, hopefully
the syntax remains reasonably readable.
Joe Orton [Fri, 20 Mar 2020 11:36:27 +0000 (11:36 +0000)]
Test exclsion doesn't work since "tag !~" matches when tag is undefined.
Exclude tests from 2.4.x by explicitly matching against master. Will
have to revisit this for 2.5.x.
Ruediger Pluem [Wed, 18 Mar 2020 11:31:20 +0000 (11:31 +0000)]
* modules/ssl/ssl_util_stapling.c (stapling_check_response) Don't send
out an OCSP response that can't be parsed.
If the crypto/ASN library can't parse a response as 'basic OCSP'
even if it leads with a OCSP successful status, then don't pass it
to the client. There is nothing to say at all it isn't just garbage.
And if other types of messages are standardized they can be added.
projects / thirdparty / apache / httpd.git / log
