*) mpm_event: avoid possible KeepAlveTimeout off by -100 ms.
[Eric Covener, Yann Ylavic]
+ *) mod_md:
+ - Prefer MDContactEmail directive to ServerAdmin for registration. New directive
+ thanks to Timothe Litt (@tlhackque).
+ - protocol check for pre-configured "tls-alpn-01" challenge has been improved. It will now
+ check all matching virtual hosts for protocol support. Thanks to @mkauf.
+ - Corrected a check when OCSP stapling was configured for hosts
+ where the responsible MDomain is not clear, by Michal Karm Babacek (@Karm).
+ - Softening the restrictions where mod_md configuration directives may appear. This should
+ allow for use in <If> and <Macro> sections. If all possible variations lead to the configuration
+ you wanted in the first place, is another matter.
+ [Michael Kaufmann <mail michael-kaufmann.ch>, Timothe Litt (@tlhackque),
+ Michal Karm Babacek (@Karm), Stefan Eissing (@icing)]
+
*) core: ap_method_mask_t type added for method bitmasks, changed
from apr_int64_t and used for the method_mask field in
ap_method_list_t, AP_METHOD_BIT, allowed field of request_rec,
*) Add a config layout for OpenWRT. [Graham Leggett]
+ *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
+ [Yann Ylavic, Stefan Eissing]
+
*) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env,
r.headers_out, etc) to remove the key from the table. PR63971.
[Eric Covener]
+ *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
+ ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
+ always `on`, regardless of configuration. Found and reported by
+ <Armin.Abfalterer@united-security-providers.ch> and
+ <Marcial.Rion@united-security-providers.ch>. [Stefan Eissing]
+
+ *) mod_http2: Multiple field length violations in the same request no longer cause
+ several log entries to be written. [@mkauf]
+
+ *) mod_md: v2.2.4 from github, Fixes a compile time issue with OpenSSL 1.0.2 in
+ the new OCSP code. Skips port checks for domain server_rec selection when "tls-alpn-01"
+ is configured explicitly (related to #133). [@mkauf, Stefan Eissing]
+
*) mod_ssl: Support logging private key material for use with
wireshark via log file given by SSLKEYLOGFILE environment
variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton]
*) mod_http2: core setting "LimitRequestFieldSize" is not additionally checked on
merged header fields, just as HTTP/1.1 does. [Stefan Eissing, Michael Kaufmann]
+ *) mod_http2: fixed a bug that prevented proper stream cleanup when connection
+ throttling was in place. Stream resets by clients on streams initiated by them
+ are counted as possible trigger for throttling. [Stefan Eissing]
+
+ *) mod_http2/mpm_event: Fixes the behaviour when a HTTP/2 connection has nothing
+ more to write with streams ongoing (flow control block). The timeout waiting
+ for the client to send WINODW_UPDATE was incorrectly KeepAliveTimeout and not
+ Timeout as it should be. Fixes PR 63534. [Yann Ylavic, Stefan Eissing]
+
+ *) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks for
+ adding certificates and keys to a virtual host. An additional hook allows
+ answering special TLS connections as used in ACME challenges.
+ Adding 2 new hooks for init/get of OCSP stapling status information when
+ other modules want to provide those. Falls back to own implementation with
+ same behaviour as before.
+ [Stefan Eissing]
+
*) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
[Graham Leggett]
projects / thirdparty / apache / httpd.git / commitdiff
