Stefan Eissing [Fri, 17 Jun 2022 09:24:57 +0000 (09:24 +0000)]
*) mod_http2: new implementation of h2 worker pool.
- O(1) cost at registration of connection processing producers
- no limit on registered producers
- join of ongoing work on unregister
- callbacks to unlink dependencies into other h2 code
- memory cleanup on workers deactivation (on idle timeouts)
- idle_limit as apr_time_t instead of seconds
Eric Covener [Sat, 4 Jun 2022 15:37:33 +0000 (15:37 +0000)]
-qinitauto=FE conflicts with -qcheck=unset
maintainer mode only
causes a warning for every compiler invocation. If automatics are initialized
by -qinitauto, use before being assigned cannot be detected with -qcheck=unset
(part of all)
Yann Ylavic [Wed, 1 Jun 2022 09:56:43 +0000 (09:56 +0000)]
mod_proxy: Let fixup hooks know about the Host header (and eventually overwrite it).
If proxy_run_fixups() sets a Host header there will be two ones sent to the
origin server.
Instead, let the hooks know about the Host by setting it in the r->headers_in
passed to proxy_run_fixups(), and use the actual value afterwards.
Note: if proxy_run_fixups() unsets the Host we'll keep ours.
Yann Ylavic [Tue, 31 May 2022 23:01:24 +0000 (23:01 +0000)]
mod_ssl: SSLFIPS compatible with OpenSSL 3.0. PR 66063.
* modules/ssl/ssl_private.h():
#define modssl_fips_is_enabled() and modssl_fips_enable() to wrap the
native OpenSSL FIPS functions available on OPENSSL_VERSION_NUMBER.
* modules/ssl/ssl_engine_init.c(ssl_init_Module, modssl_fips_cleanup):
Use the new wrappers instead of the OPENSSL_VERSION_NUMBER < 3.0 functions.
Submitted by: Petr Sumbera <petr.sumbera oracle.com>, ylavic
Yann Ylavic [Tue, 31 May 2022 15:06:13 +0000 (15:06 +0000)]
mod_proxy: Align ap_proxy_create_hdrbrgd() with 2.4.x's.
In 2.4.x, the copy of r->headers_in is left in r->headers_in for the whole
function, while the original r->headers_in are restored at the end. This
is simpler and avoids the r->headers_in <=> saved_headers_in danse when
calling a function that modifies r->headers_in in place.
Yann Ylavic [Mon, 30 May 2022 15:54:34 +0000 (15:54 +0000)]
mod_proxy_http: Avoid 417 responses for non forwardable 100-continue. PR 65666.
Stop returning 417 when mod_proxy has to forward an HTTP/1.1 request with both
"Expect: 100-continue" and "force-proxy-request-1.0" set, mod_proxy can instead
handle the 100-continue by itself before forwarding the request, like in the
"Proxy100Continue Off" case.
Note that this does not change the behaviour of httpd receiving an HTTP/1.0
request with an Expect header, ap_check_request_header() will still correctly
return 417 in this case.
Stefan Eissing [Thu, 26 May 2022 08:43:13 +0000 (08:43 +0000)]
Merge of PR 318:
*) core: the conf/mime.types has been updated in conformance with RFC 9239:
- .js moved from 'application/javascript' to 'text/javascript'
- .mjs was added as 'text/javascript'
[Mathias Bynens <@mathiasbynens> via PR 318]
Stefan Eissing [Wed, 25 May 2022 11:32:52 +0000 (11:32 +0000)]
*) mod_md: a logic bug in sending long OCSP HTTP request bodies was fixed.
This did not happen in normal use as request sizes for OSCP queries
never exceed that length.
Ruediger Pluem [Fri, 20 May 2022 15:15:24 +0000 (15:15 +0000)]
* Port r546128 to mod_proxy_connect to ensure that core_pre_connection does not
succeed in resetting the timeout of our socket to base_server->timeout.
Stefan Eissing [Fri, 13 May 2022 11:03:51 +0000 (11:03 +0000)]
*) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
an ACME CA. This gives a failover for renewals when several consecutive attempts
to get a certificate failed.
A new directive was added: `MDRetryDelay` sets the delay of retries.
A new directive was added: `MDRetryFailover` sets the number of errored
attempts before an alternate CA is selected for certificate renewals.
This allows for multiple CPUs to handle the load, the number of requests and
concurrency level asked are distributed over the configured number of workers,
allowing for as much parallelism.
On unixes (only for now), -W0 will use all the CPUs available on the system.
To avoid synchronization during runtime, the stats and requests times are
gathered per worker and consolidated at the end of the run before being
printed.
Connection closes, keepalives and errors are now handled in a single place,
namely cleanup_connection(), which takes care of the good/bad state of each
request based on the response fully received or not.
When multiple workers are running, SIGINT is handled by the main thread only
and masked in workers, workers are asked to stop and woken up if waiting in
poll().
A single worker is started first to determine the connectivity with the peer,
if that fails (10 tries) ab will stop early still without starting the other
workers, otherwise the first worker will signal the main thread to start the
others.
Stefan Eissing [Wed, 27 Apr 2022 11:53:04 +0000 (11:53 +0000)]
*) mod_md: implement full auto status ("key: value" type status output).
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
what was used for mod_proxy_balancer.
added change desription for code added in r1900313.
Stefan Eissing [Wed, 27 Apr 2022 11:48:36 +0000 (11:48 +0000)]
*) mod_md: added support for managing certificates via a
local tailscale demon for users of that secure networking.
This gives trusted certificates for tailscale assigned
domain names in the *.ts.net space.
Joe Orton [Wed, 27 Apr 2022 07:45:01 +0000 (07:45 +0000)]
* modules/ssl/ssl_engine_io.c:
Drop noop functions for BIO methods mod_ssl doesn't implement.
OpenSSL handles missing BIO methods internally in BIO_xxxx() wrappers.
Consistently log at TRACE4 unhandled _ctrl commands, but note
these are not a "BUG" as in the previous log message.
core: Disable TCP_NOPUSH optimization on OSX. BZ 66019.
OSX supports TCP_NOPUSH but does not release the data retained (in TCP stack)
when the option is unset. It seems that unsetting it before the last write
does not help either so just disable the optimization for OSX in the core
output filter to avoid uncontrollable transmission delays.
* server/core_filters.c():
Add the sock_nopush() helper that does nothing on OSX and platforms not
supporting TCP_NOPUSH or TCP_CORK.
* server/core_filters.c(send_brigade_nonblocking):
Use sock_nopush() instead of apr_socket_opt_set() for APR_TCP_NOPUSH option.
Stefan Eissing [Tue, 19 Apr 2022 14:11:39 +0000 (14:11 +0000)]
* Implement full auto status ("key: value" type status output).
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
what was used for mod_proxy_balancer.
[Rainer Jung]
Stefan Eissing [Tue, 19 Apr 2022 10:17:05 +0000 (10:17 +0000)]
*) mod_http2: use new ap_sb_get_child_thread() to get child_num
and create unique h2 session identifiers in logging that stay
unique among re-activations of the master connection.
*) mod_heartmonitor: Set the documented default value
"10" for HeartbeatMaxServers instead of "0". With "0"
no shared memory slotmem was initialized. [Rainer Jung]
Stefan Eissing [Sat, 16 Apr 2022 10:09:59 +0000 (10:09 +0000)]
*) core: improved checks in ap_escape_quotes() for
extra long strings (or resulting strings) that
exceed ptrdiff_t ranges.
[Yann Ylavic, Stefan Eissing]
projects / thirdparty / apache / httpd.git / log
