Changes with Apache 2.4.24
+ *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung]
+
+ *) mpm_unix: Apache fails to start if previously crashed then restarted with
+ the same PID (e.g. in container). PR 60261.
+ [Val <valentin.bremond gmail.com>, Yann Ylavic]
+
+ *) mod_http2: unannounced and multiple interim responses (status code < 200)
+ are parsed and forwarded to client until a final response arrives.
+ [Stefan Eissing]
+
+ *) mod_proxy_http2: improved robustness when main connection is closed early
+ by resetting all ongoing streams against the backend.
+ [Stefan Eissing]
+
+ *) mod_http2: allocators from slave connections are released earlier, resulting
+ in less overall memory use on busy, long lived connections.
+ [Stefan Eissing]
+
+ *) mod_remoteip: Pick up where we left off during a subrequest rather
+ than running with the modified XFF but original TCP address.
+ PR 49839/PR 60251
+
+ *) http: Respond with "408 Request Timeout" when a timeout occurs while
+ reading the request body. [Yann Ylavic]
+
+ *) mod_http2: connection shutdown revisited: corrected edge cases on
+ shutting down ongoing streams, changed log warnings to be less noisy
+ when waiting on long running tasks. [Stefan Eissing]
+
+ *) mod_http2: changed all AP_DEBUG_ASSERT to ap_assert to have them
+ available also in normal deployments. [Stefan Eissing]
+
+ *) mod_http2/mod_proxy_http2: 100-continue handling now properly implemented
+ up to the backend. Reused HTTP/2 proxy connections with more than a second
+ not used will block request bodies until a PING answer is received.
+ Requests headers are not delayed by this, since they are repeatable in
+ case of failure. This greatly increases robustness, especially with
+ busy server and/or low keepalive connections. [Stefan Eissing]
+
+ *) mod_proxy_http2: fixed duplicate symbols with mod_http2.
+ [Stefan Eissing]
+
+ *) mod_http2: rewrite of how responses and trailers are transferred between
+ master and slave connection. Reduction of internal states for tasks
+ and streams, stability. Heuristic id generation for slave connections
+ to better keep promise of connection ids unique at given point int time.
+ Fix for mod_cgid interop in high load situtations.
+ Fix for handling of incoming trailers when no request body is sent.
+ [Stefan Eissing]
+
+ *) mod_http2: fix suspended handling for streams. Output could become
+ blocked in rare cases. [Stefan Eissing]
+
+ *) mpm_winnt: Prevent a denial of service when the 'data' AcceptFilter is in
+ use by replacing it with the 'connect' filter. PR 59970. [Jacob Champion]
+
+ *) mod_cgid: Resolve a case where a short CGI response causes a subsequent
+ CGI to be killed prematurely, resulting in a truncated subsequent
+ response. [Eric Covener]
+
+ *) mod_proxy_hcheck: Set health check URI and expression correctly for health
+ check worker. PR 60038 [zdeno <zdeno@scnet.sk>]
+
+ *) mod_http2: if configured with nghttp2 1.14.0 and onward, invalid request
+ headers will immediately reset the stream with a PROTOCOL error. Feature
+ logged by module on startup as 'INVHD' in info message.
+ [Stefan Eissing]
+
+ *) mod_http2: fixed handling of stream buffers during shutdown.
+ [Stefan Eissing]
+
+ *) mod_reqtimeout: Fix body timeout disabling for CONNECT requests to avoid
+ triggering mod_proxy_connect's AH01018 once the tunnel is established.
+ [Yann Ylavic]
+
+ *) ab: Set the Server Name Indication (SNI) extension on outgoing TLS
+ connections (unless -I is specified), according to the Host header (if
+ any) or the requested URL's hostname otherwise. [Yann Ylavic]
+
+ *) mod_proxy_fcgi: avoid loops when ProxyErrorOverride is enabled
+ and the error documents are proxied. PR 55415. [Luca Toscano]
+
+ *) mod_proxy_fcgi: read the whole FCGI response even when the content has
+ not been modified (HTTP 304) to avoid subsequent bougus reads and
+ confusing error messages logged. [Luca Toscano]
+
+ *) mod_http2: h2 status resource follows latest draft, see
+ http://www.ietf.org/id/draft-benfield-http2-debug-state-01.txt
+ [Stefan Eissing]
+
+ *) mod_http2: handling graceful shutdown gracefully, e.g. handling existing
+ streams to the end. [Stefan Eissing]
+
+ *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
+ [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+
+ *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data
+ available before the request is sent. PR 57832. [Yann Ylavic]
+
+ *) mod_proxy_balancer: Prevent redirect loops between workers within a
+ balancer by limiting the number of redirects to the number balancer
+ members. PR 59864 [Ruediger Pluem]
+
+ *) mod_proxy: Correctly consider error response codes by the backend when
+ processing failonstatus. PR 59869 [Ruediger Pluem]
+
+ *) mod_dav: Add dav_get_provider_name() function to obtain the name
+ of the provider from mod_dav. [Graham Leggett]
+
+ *) mod_dav: Add support for childtags to dav_error.
+ [Jari Urpalainen <jari.urpalainen nokia.com>]
+
++>>>>>>> .merge-right.r1769587
*) mod_proxy_fcgi: Fix 2.4.23 breakage for mod_rewrite per-dir and query
string showing up in SCRIPT_FILENAME. PR59815
} else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
meth = TLSv1_client_method();
}
+#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
+ meth = TLS_client_method();
+ if (strncasecmp(opt_arg, "ALL", 3) == 0) {
+ max_prot = TLS1_2_VERSION;
+#ifndef OPENSSL_NO_SSL3
+ min_prot = SSL3_VERSION;
+#else
+ min_prot = TLS1_VERSION;
+#endif
+#ifndef OPENSSL_NO_SSL3
+ } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
+ max_prot = SSL3_VERSION;
+ min_prot = SSL3_VERSION;
+#endif
+ } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) {
+ max_prot = TLS1_1_VERSION;
+ min_prot = TLS1_1_VERSION;
+ } else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) {
+ max_prot = TLS1_2_VERSION;
+ min_prot = TLS1_2_VERSION;
+ } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
+ max_prot = TLS1_VERSION;
+ min_prot = TLS1_VERSION;
+ }
+#endif /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
break;
+ #ifdef HAVE_TLSEXT
+ case 'I':
+ tls_use_sni = 0;
+ break;
+ #endif
#endif
}
}
projects / thirdparty / apache / httpd.git / commitdiff
