Merge r790587 from trunk:

Security fix for CVE-2009-1890:

* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base
  passed to apr_strtoff, and validate the Content-Length in the same
  way the HTTP_IN filter does.  If the number of bytes streamed
  exceeds the expected body length, bail out of the loop.

Thanks to: Toadie <toadie643 gmail.com> for reporting and diagnosis of
       this issue.
Submitted by: niq, jorton
Reviewed by: rpluem, jim, jorton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790914 13f79535-47bb-0310-9956-ffa450edef68

Merge r776325 from trunk:

Fix the error string returned by RewriteRule. RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd argument of RewriteRule was not started with "[" or not ended with "]".

PR: 45082
Submitted by: Vitaly Polonetsky <m_vitaly topixoft.com>

Submitted by: takashi
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790878 13f79535-47bb-0310-9956-ffa450edef68

Merge r395552 from trunk:

* modules/proxy/proxy_util.c (ap_proxy_initialize_worker): Fix
gcc strict-aliasing warning.

Submitted by: jorton
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790876 13f79535-47bb-0310-9956-ffa450edef68

promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790875 13f79535-47bb-0310-9956-ffa450edef68

votes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790874 13f79535-47bb-0310-9956-ffa450edef68

Propose fixes for the mod_deflate DoS.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790840 13f79535-47bb-0310-9956-ffa450edef68

update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790822 13f79535-47bb-0310-9956-ffa450edef68

update for sync with English doc.

Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by:  Orhan Berent <berent belgeler.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790821 13f79535-47bb-0310-9956-ffa450edef68

additional (mod_perl test suite) OPT_INCLUDES compatibility

Submitted by: jorton
Reviewed by:  trawick, rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790738 13f79535-47bb-0310-9956-ffa450edef68

* Promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790711 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790709 13f79535-47bb-0310-9956-ffa450edef68

CVE-2009-1890
(tests out okay on 2.2.x with Joe's new testcase, but I'll try to look at it
a little more before voting)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790690 13f79535-47bb-0310-9956-ffa450edef68

note intent to release.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790432 13f79535-47bb-0310-9956-ffa450edef68

Fixed comment. Submitted by Arfrever Frehtes Taifersar Arahesis.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@788997 13f79535-47bb-0310-9956-ffa450edef68

Merge r641855 from trunk:

Update Timeout section, the semantics changed completely
since 1.3 and the caveats on signals not being reset
thankfully no longer apply either.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@787961 13f79535-47bb-0310-9956-ffa450edef68

* Add proposal

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@786826 13f79535-47bb-0310-9956-ffa450edef68

* Add comment

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@786825 13f79535-47bb-0310-9956-ffa450edef68

Add note about the APR-util security fixes.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@785982 13f79535-47bb-0310-9956-ffa450edef68

Propose backport before I forget the details and motivation of it ...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@785576 13f79535-47bb-0310-9956-ffa450edef68

Some typos.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@784408 13f79535-47bb-0310-9956-ffa450edef68

* Update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@783731 13f79535-47bb-0310-9956-ffa450edef68

* Add compatibility note.

Submitted by: Dan Poirier <poirier pobox.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@783730 13f79535-47bb-0310-9956-ffa450edef68

AccessConfig and ResourceConfig have been gone for how long?

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@783467 13f79535-47bb-0310-9956-ffa450edef68

doc xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782863 13f79535-47bb-0310-9956-ffa450edef68

compat mentioned in env.xml, echo in inline reference
 in CacheEnable/CacheDisable

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782861 13f79535-47bb-0310-9956-ffa450edef68

one more vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782424 13f79535-47bb-0310-9956-ffa450edef68

Pick up the win32 notes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782400 13f79535-47bb-0310-9956-ffa450edef68

Add windows build notes before any 2.2.X release, which should help
users with the integration notes for obtaining 3rd party db drivers.

This file was shipped in the tarball as a dist artifact, but it
better belongs in the httpd tree to warn users about the first pipe
handling issue if they are rolling their own.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782399 13f79535-47bb-0310-9956-ffa450edef68

update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782386 13f79535-47bb-0310-9956-ffa450edef68

use proper xml

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782385 13f79535-47bb-0310-9956-ffa450edef68

update transformation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782384 13f79535-47bb-0310-9956-ffa450edef68

Some typos.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782374 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782268 13f79535-47bb-0310-9956-ffa450edef68

* This showstopper is now moot: APR / APR-UTIL were released.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782267 13f79535-47bb-0310-9956-ffa450edef68

Two proposals.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@782183 13f79535-47bb-0310-9956-ffa450edef68

Note IndexHeadInsert is available in >= 2.2.11.
PR:47297

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@781422 13f79535-47bb-0310-9956-ffa450edef68

Somes typos.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@780459 13f79535-47bb-0310-9956-ffa450edef68

Restore backwards compatibility of OPT_* handling in the fix for
CVE-2009-1195:

* include/http_core.h: Add back the OPT_INCNOEXEC and hide
  OPT_INC_WITH_EXEC as internal-only.

* server/core.c (ap_allow_options): Invert the returned
  OPT_INC_WITH_EXEC bit such that the exposed semantics of
  OPT_INCNOEXEC are retained.

* modules/filters/mod_include.c (includes_filter): Revert to using
  OPT_INCNOEXEC.

Submitted by: trawick, jorton
Reviewed by: jorton, trawick, rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779472 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779404 13f79535-47bb-0310-9956-ffa450edef68

Thanks, Joe!

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779292 13f79535-47bb-0310-9956-ffa450edef68

Formal proposal for fix to CVE-2009-1195 compat issue.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779180 13f79535-47bb-0310-9956-ffa450edef68

ome typos.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779150 13f79535-47bb-0310-9956-ffa450edef68

try to entice some others to join the API preservation thread

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@778447 13f79535-47bb-0310-9956-ffa450edef68

two user-visible changes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777213 13f79535-47bb-0310-9956-ffa450edef68

Committed revision 777193.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777194 13f79535-47bb-0310-9956-ffa450edef68

 * log: Provide "||program" syntax to optionally restore behavior broken in
      2.0.50 which leads to bad process handling on Solaris and wasted process
           resources on all platforms.
              Trunk version (new behavior);
                     http://svn.apache.org/viewvc?view=rev&revision=775300
                            http://svn.apache.org/viewvc?view=rev&revision=775320
                               Proposed 2.2.12 patch, retaining default behavior from 2.2.11;
                                      http://people.apache.org/~wrowe/fixlog22.patch

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777193 13f79535-47bb-0310-9956-ffa450edef68

Committed revision 777191.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777192 13f79535-47bb-0310-9956-ffa450edef68

Merge r771587, r771610 from trunk:

As mentioned inline in comments, correctly handle more sophisticated
transformations which currently fail for balancer://foo targets, but
work just fine with other ProxyReverse targets.

  The balancer comparison is a bit trickier.  Given the context

    BalancerMember balancer://alias http://example.com/foo
    ProxyPassReverse /bash balancer://alias/bar

  translate url http://example.com/foo/bar/that to /bash/that

E.g. there may be several different url-suffixes (1st order) of any
particular BalancerMember set e.g. /app1, /app1 and /appbeta while
there may be additional suffixes associated with the actual
ProxyPassReverse directive.  Neither were properly reversed, now
both should be properly handled.

One *critical* assumption;

    BalancerMember balancer://alias/foo http://example.com/bar

should be documented as a meaningless construct, since one cannot
have two members, balancer://alias/foo and balancer://alias/bar,
and the balancer member structures discard this path.

Note one more existing error case as an XXX comment due to invalid
uri comparisons.

* Silence compiler warning.

Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777191 13f79535-47bb-0310-9956-ffa450edef68

Promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777188 13f79535-47bb-0310-9956-ffa450edef68

Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777187 13f79535-47bb-0310-9956-ffa450edef68

* Add a comment

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777079 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@777067 13f79535-47bb-0310-9956-ffa450edef68

raise a question, remove all snarky commentary

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776436 13f79535-47bb-0310-9956-ffa450edef68

reference PR's

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776433 13f79535-47bb-0310-9956-ffa450edef68

Update docco xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776284 13f79535-47bb-0310-9956-ffa450edef68

   * mod_ssl:  Add server name indication support (RFC 4366) and better
     support for name based virtual hosts with SSL. PR 34607

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776281 13f79535-47bb-0310-9956-ffa450edef68

Merge r769809 from trunk:

* Improve and simplify the implementation of SSLProxyCheckPeerExpire by
  directly using X509_get_notBefore(), X509_get_notAfter() and
  X509_cmp_current_time().
  Thanks to jorton for the pointer.

Submitted by: rpluem
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776279 13f79535-47bb-0310-9956-ffa450edef68

o vote and promote 2 patches
o formally unstall the pcre debate

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@776195 13f79535-47bb-0310-9956-ffa450edef68

Vote on a "clarification" fix :)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775757 13f79535-47bb-0310-9956-ffa450edef68

Revised proposal

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775323 13f79535-47bb-0310-9956-ffa450edef68

Propose

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@775314 13f79535-47bb-0310-9956-ffa450edef68

Update docco xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774746 13f79535-47bb-0310-9956-ffa450edef68

English xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774745 13f79535-47bb-0310-9956-ffa450edef68

Spanish xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774744 13f79535-47bb-0310-9956-ffa450edef68

German xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774743 13f79535-47bb-0310-9956-ffa450edef68

Update xforms

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774742 13f79535-47bb-0310-9956-ffa450edef68

merge from trunk r774530

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774547 13f79535-47bb-0310-9956-ffa450edef68

merge from trunk r774184

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774501 13f79535-47bb-0310-9956-ffa450edef68

Yeppers

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774443 13f79535-47bb-0310-9956-ffa450edef68

Adds [NE] to the canonical hostname rules, as per
https://issues.apache.org/bugzilla/show_bug.cgi?id=47186 to avoid
double-escaping of URIs.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@774162 13f79535-47bb-0310-9956-ffa450edef68

move SECURITY to top

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773882 13f79535-47bb-0310-9956-ffa450edef68

backport 772997, 773322, 773342 from trunk.
Reviewed By: jorton, rpluem, covener

Security fix for CVE-2009-1195: fix Options handling such that
'AllowOverride Options=IncludesNoExec' does not permit Includes with
exec= enabled to be configured in an .htaccess file:

* include/http_core.h: Change semantics of Includes/IncludeNoExec
 options bits to be additive; OPT_INCLUDES now means SSI is enabled
 without exec=.  OPT_INCLUDES|OPT_INC_WITH_EXEC means SSI is enabled
 with exec=.

* server/core.c (create_core_dir_config): Remove defunct OPT_INCNOEXEC
 from default override_opts; no functional change.
 (merge_core_dir_configs): Update logic to ensure that exec= is
 disabled in a context where IncludesNoexec is configured, even if
 Includes-with-exec is permitted in the inherited options set.
 (set_allow_opts, set_options): Update to reflect new semantics
 of OPT_INCLUDES, OPT_INC_WITH_EXEC.

* server/config.c: Update to remove OPT_INCNOEXEC from default
 override_opts; no functional change.

* modules/filters/mod_include.c (includes_filter): Update to reflect
 new options semantics - disable exec= support if the
 OPT_INC_WITH_EXEC bit is not set.

Submitted by: Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>,
         jorton
Thanks to: Vincent Danon <vdanon redhat.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773881 13f79535-47bb-0310-9956-ffa450edef68

vote & promote CVE-2009-1195

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773880 13f79535-47bb-0310-9956-ffa450edef68

Merge r752812 from trunk:

* Escape pathes of filenames in 406 responses to avoid HTML injections and
  HTTP response splitting.

PR: 46837
Submitted by: Geoff Keating <geoffk apple.com>
Reviewed by: rpluem, jim, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773354 13f79535-47bb-0310-9956-ffa450edef68

Merge r757376 from trunk:

Prevent a case of SSI timefmt-smashing with filter chains including
multiple INCLUDES filters:

* modules/filters/mod_include.c (add_include_vars): Drop unused
  timefmt argument.
  (add_include_vars_lazy): Take timefmt argument.
  (get_include_var, handle_printenv): Pass time format from context.

PR: 39369

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773352 13f79535-47bb-0310-9956-ffa450edef68

Merge r757427 from trunk:

* modules/mappers/mod_rewrite.c (apply_rewrite_rule): When evaluating
  a proxy rule in directory context, do escape the filename by
  default, since mod_proxy will not escape in that case due to the
  (deliberate) fixup hook ordering.

Thanks to: rpluem
PR: 46428

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773351 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773348 13f79535-47bb-0310-9956-ffa450edef68

Propose CVE-2009-1195 backport.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773345 13f79535-47bb-0310-9956-ffa450edef68

fix whitespace, explanation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773058 13f79535-47bb-0310-9956-ffa450edef68

vote and promote 3 patches

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773056 13f79535-47bb-0310-9956-ffa450edef68

propose backport

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@772393 13f79535-47bb-0310-9956-ffa450edef68

Commit no-op/comment to allow proposed backport to apply cleanly' proxy_util.c

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@772388 13f79535-47bb-0310-9956-ffa450edef68

* Revive old proposal, update it and reset comments and votes.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771967 13f79535-47bb-0310-9956-ffa450edef68

Committed revision 771433.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771434 13f79535-47bb-0310-9956-ffa450edef68

Merge r680082 from trunk:

Change r->content_type when mod_headers sets the Content-Type header
Submitted by: issac
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771433 13f79535-47bb-0310-9956-ffa450edef68

approve

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771430 13f79535-47bb-0310-9956-ffa450edef68

Cast votes

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771429 13f79535-47bb-0310-9956-ffa450edef68

Add Ctrl-Break to Windows platform docs
(triggers restart for console use).
Documentation backport of r769134 from trunk.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771328 13f79535-47bb-0310-9956-ffa450edef68

* Vote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771255 13f79535-47bb-0310-9956-ffa450edef68

* Add proposal

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771249 13f79535-47bb-0310-9956-ffa450edef68

One typo.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771068 13f79535-47bb-0310-9956-ffa450edef68

Arrange BalancerMember explainations.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@770332 13f79535-47bb-0310-9956-ffa450edef68

propose mod_headers content-type handling for 2.2.x

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@769163 13f79535-47bb-0310-9956-ffa450edef68

Merge r768535 from trunk:

* Fix an error in the documentation.

Submitted by: rpluem
Reviewed by: pluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768536 13f79535-47bb-0310-9956-ffa450edef68

Merge r764239 from trunk:

* Check more strictly that the backend follows the AJP protocol.

Submitted by: mturk
Reviewed by: rpluem, jim, jfclere

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768507 13f79535-47bb-0310-9956-ffa450edef68

Merge r763394 from trunk:

* Avoid delivering content from a previous request which failed to send a request
  body by closing the connection to the backend in this case instead of reusing it.

CVE: CVE-2009-1191 (cve.mitre.org)
PR: 46949
Submitted by: rpluem
Reviewed by: rpluem, wrowe, jfclere

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768506 13f79535-47bb-0310-9956-ffa450edef68

Backport of r760866:

* Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives to enable
  stricter checking of remote server certificates.

  (docs/manual/mod/mod_ssl.xml)
    Documentation of SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.

  (modules/proxy/mod_proxy_http.c)
    Set the hostname of the request URL as note on the connection.

  (modules/ssl/ssl_private.h)
    Add proxy_ssl_check_peer_expire and proxy_ssl_check_peer_cn fields to
    the SSLSrvConfigRec.

  (modules/ssl/ssl_engine_config.c)
    Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.

  (modules/ssl/ssl_engine_io.c)
    Check whether the remote servers certificate is expired / if there is a
    mismatch between the requested hostanme and the remote server certificates
    CN field.
    Be able to parse ASN1 times.

  (modules/ssl/mod_ssl.c)
    Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.

Submitted by: rpluem
Reviewed by: rpluem, jim, jfclere

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768504 13f79535-47bb-0310-9956-ffa450edef68

* Correct logic with non-seq lbsets config'ed

Submitted by: jim
Reviewed by: jim, rpluem, jfclere

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768503 13f79535-47bb-0310-9956-ffa450edef68

* Promote

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768502 13f79535-47bb-0310-9956-ffa450edef68

* Add a comment to the showstoppers.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@767815 13f79535-47bb-0310-9956-ffa450edef68