From: Yann Ylavic Date: Mon, 17 May 2021 13:54:02 +0000 (+0000) Subject: Sync CHANGES entries. [skip ci] X-Git-Tag: 2.5.0-alpha2-ci-test-only~941 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3685c7a960c572f83d74ddbae23f7087a129979;p=thirdparty%2Fapache%2Fhttpd.git Sync CHANGES entries. [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889961 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 5f7d63b4133..4c22d3aa1ec 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,36 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) core: Fix a regression that stripped the ETag header from 304 responses. + PR 61820 [Ruediger Pluem, Roy T. Fielding] + + *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This + allows modules to access and provide OCSP response data without being tied + of each other. The data is exchanged in standard, portable formats (PEM encoded + certificates and DER encoded responses), so that the actual SSL/crypto + implementations used by the modules are independant of each other. + Registration and retrieval happen in the context of a server (server_rec) + which modules may use to decide if they are configured for this or not. + The area of changes: + 1. core: defines 2 functions in include/http_ssl.h, so that modules may + register a certificate, together with its issuer certificate for OCSP + response provisioning and ask for current response data (DER bytes) later. + Also, 2 hooks are defined that allow modules to implement this OCSP + provisioning. + 2. mod_ssl uses the new functions, in addition to what it did already, to + register its certificates this way. If no one is interested in providing + OCSP, it falls back to its own (if configured) stapling implementation. + 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending + on configuration, it will accept registrations of its own certificates only, + all certificates or none. + [Stefan Eissing] + + *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the + fallback to mod_proxy_http for WebSocket upgrade and tunneling. + [Yann Ylavic] + + *) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic] + *) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] *) mod_md: Tolerate a missing "revokeCert" or "keyChange" resource. diff --git a/changes-entries/ProxyWebsocketFallbackToProxyHttp.txt b/changes-entries/ProxyWebsocketFallbackToProxyHttp.txt deleted file mode 100644 index 660acd3d81e..00000000000 --- a/changes-entries/ProxyWebsocketFallbackToProxyHttp.txt +++ /dev/null @@ -1,3 +0,0 @@ - *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the - fallback to mod_proxy_http for WebSocket upgrade and tunneling. - [Yann Ylavic] diff --git a/changes-entries/fix_pr61820_regression.txt b/changes-entries/fix_pr61820_regression.txt deleted file mode 100644 index c1ce8e5c8f2..00000000000 --- a/changes-entries/fix_pr61820_regression.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) core: Fix a regression that stripped the ETag header from 304 responses. - PR 61820 [Ruediger Pluem, Roy T. Fielding] diff --git a/changes-entries/hc_timeouts.txt b/changes-entries/hc_timeouts.txt deleted file mode 100644 index 50992bf40ae..00000000000 --- a/changes-entries/hc_timeouts.txt +++ /dev/null @@ -1 +0,0 @@ - *) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic] \ No newline at end of file diff --git a/changes-entries/ocsp_stapling_core.txt b/changes-entries/ocsp_stapling_core.txt deleted file mode 100644 index c07cd3e77e2..00000000000 --- a/changes-entries/ocsp_stapling_core.txt +++ /dev/null @@ -1,20 +0,0 @@ - *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This - allows modules to access and provide OCSP response data without being tied - of each other. The data is exchanged in standard, portable formats (PEM encoded - certificates and DER encoded responses), so that the actual SSL/crypto - implementations used by the modules are independant of each other. - Registration and retrieval happen in the context of a server (server_rec) - which modules may use to decide if they are configured for this or not. - The area of changes: - 1. core: defines 2 functions in include/http_ssl.h, so that modules may - register a certificate, together with its issuer certificate for OCSP - response provisioning and ask for current response data (DER bytes) later. - Also, 2 hooks are defined that allow modules to implement this OCSP - provisioning. - 2. mod_ssl uses the new functions, in addition to what it did already, to - register its certificates this way. If no one is interested in providing - OCSP, it falls back to its own (if configured) stapling implementation. - 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending - on configuration, it will accept registrations of its own certificates only, - all certificates or none. - [Stefan Eissing]