Luca Toscano [Sun, 22 Dec 2019 10:45:03 +0000 (10:45 +0000)]
test/travis_before_linux.sh: remove bash -e flag
To allow a proper fail/retry, -e needs to be removed.
Ideally this shouldn't happen, so I'd consider this
a test to see if the bash for workaround is a viable
option or not.
Luca Toscano [Sun, 22 Dec 2019 10:30:59 +0000 (10:30 +0000)]
test/travis_before_linux.sh: add a simple bash retry to svn export
Sometimes a build is killed by Travis due to svn export taking
a long time to complete (> 10m). This change should be a test to see
if a simple workaround reduces the noise to the dev@ mailing list.
Luca Toscano [Thu, 19 Dec 2019 10:01:26 +0000 (10:01 +0000)]
travis: send notification to httpd-dev@ only on failure
Due to a combination of Daniel's work and probably some fix
on Travis end, we are now finally getting Travis emails in
httpd-dev@. Since having notifications for successful builds
might become a little spammy, let's just alert when a build
fails (like we do with buildbot IIUC).
Stefan Eissing [Tue, 26 Nov 2019 09:36:28 +0000 (09:36 +0000)]
*) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
always `on`, irregardless of configuration. Found and reported by
<Armin.Abfalterer@united-security-providers.ch> and
<Marcial.Rion@united-security-providers.ch>. [Stefan Eissing]
*) mod_http2: Multiple field length violations in the same request no longer cause
several log entries to be written. [@mkauf]
Joe Orton [Thu, 21 Nov 2019 15:51:32 +0000 (15:51 +0000)]
Buffer HTTP request bodies for TLSv1.3 PHA in the same way as for
TLSv<1.3 renegotiation.
* modules/ssl/ssl_engine_kernel.c (fill_reneg_buffer): Factor
out...
(ssl_hook_Access_classic): ... from here.
(ssl_hook_Access_modern): Use it here too.
Joe Orton [Thu, 21 Nov 2019 10:46:38 +0000 (10:46 +0000)]
Build on s390x (interesting test target since it's big-endian).
IRC notifications work, e-mail doesn't; branches are done.
ppc64le builds also work but are extremely slow, so not enabled.
Stefan Eissing [Tue, 19 Nov 2019 12:39:32 +0000 (12:39 +0000)]
*) mod_md: v2.2.4 from github, Fixes a compile time issue with OpenSSL 1.0.2 in
the new OCSP code. Skips port checks for domain server_rec selection when "tls-alpn-01"
is configured explicitly (related to #133). [@mkauf, Stefan Eissing]
Joe Orton [Fri, 15 Nov 2019 09:46:30 +0000 (09:46 +0000)]
mod_ssl: Log private key material to file set by $SSLKEYLOGFILE in the
environment, using the standard format which can be parsed by (e.g.)
wireshark for decoding SSL/TLS traffic; supported from OpenSSL 1.1.1.
* modules/ssl/ssl_private.h: Add keylog_file to SSLModConfigRec.
* modules/ssl/ssl_engine_init.c (ssl_init_Module): Open log file if
SSLKEYLOGFILE is set in the environment.
(ssl_init_ctx_protocol): Register the keylog callback with OpenSSL.
* modules/ssl/ssl_engine_kernel.c (modssl_callback_keylog):
New function.
Joe Orton [Thu, 14 Nov 2019 08:39:46 +0000 (08:39 +0000)]
Also avoid adding the Set-Cookie header in both r->headers_out and
r->err_headers_out in ap_cookie_remove and ap_cookie_remove2 functions
to avoid duplication in HTTP response. (Follow-up to r1843244)
Joe Orton [Wed, 13 Nov 2019 08:01:13 +0000 (08:01 +0000)]
Non terminal cannot have string aliases (only tokens appear in error
messages). %token is used to define tokens, and %nterm non terminals.
The hidden %type (which was only recently documented) is meant for
both tokens and non terminals. Yet
%type <foo> expr "expression"
is actually more or less equivalent to
%nterm <foo> expr
%token <foo> "expression"
which is clearly not the intention of the author here.
* server/util_expr_parse.y: Remove useless string-literal only tokens.
Prefer %nterm to %type to avoid this error.
Joe Orton [Tue, 12 Nov 2019 12:45:57 +0000 (12:45 +0000)]
Add buildconf option to force (rather than suppress) regeneration of
the ap_expr parser. Add a Travis job which uses this, so a patch
which changes the parser sources is tested appropriately (e.g PR#72).
* buildconf: Add --with-regen-expr to force ap_expr regeneration.
* .travis.yml, test/travis_run_linux.sh: Pass BUILDCONF to buildconf
and add job which uses the new option.
Luca Toscano [Wed, 6 Nov 2019 10:21:20 +0000 (10:21 +0000)]
Update travis config
* Add 'if TRAVIS_OS_NAME' to before_install/before_script/script to allow multi-os testing.
* Add separation lines in matrix config (better visual impact).
* Add Linux to all the current job's name.
* Add tests for Worker mpm.
Joe Orton [Wed, 6 Nov 2019 09:28:54 +0000 (09:28 +0000)]
Pull in more -dev packages to get more modules building (including mod_md).
Test gcc 7 on bionic, xenial is the Travis default anyway.
Only add the toolchain PPA where really needed.
Yann Ylavic [Tue, 5 Nov 2019 16:41:14 +0000 (16:41 +0000)]
mod_proxy: Improve tunneling loop.
Support half closed connections and pending data draining (for protocols like
rsync). PR 61616.
When reading on one side goes faster than writing on the other side, the output
filters chain may start buffering data and finally block, which will break
bidirectional tunneling for some protocols.
To avoid this, proxy_tunnel_run() now stops polling/reading until pending data
are drained, and recovers appropriately.
Yann Ylavic [Tue, 5 Nov 2019 12:43:29 +0000 (12:43 +0000)]
mod_proxy: Add proxy check_trans hook.
This allows proxy modules to decline request handling at early stage.
Then mod_proxy_wstunnel can implement that hook to verify that an Upgrade
is requested, and otherwise hand over to mod_proxy_http.
Stefan Eissing [Tue, 5 Nov 2019 10:06:15 +0000 (10:06 +0000)]
*) mod_md v2.2.3:
- Configuring MDCAChallenges replaces any previous existing challenge configuration. It
had been additive before which was not the intended behaviour. [@mkauf]
- Fixing order of ACME challenges used when nothing else configured. Code now behaves as
documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this.
- Fixing a potential, low memory null pointer dereference [thanks to @uhliarik].
- Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted
"transfer-encoding" to POST requests. This failed in directy communication with
Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing.
Yann Ylavic [Sun, 3 Nov 2019 15:48:53 +0000 (15:48 +0000)]
mod_proxy: factorize mod_proxy_{connect,wstunnel} tunneling code in proxy_util.
This commit adds struct proxy_tunnel_rec that contains the fields needed for a
poll() loop through the filters chains, plus functions ap_proxy_tunnel_create()
and ap_proxy_tunnel_run() to respectively initialize a tunnel and (re)start it.
Proxy connect and wstunnel modules now make use of this new API to avoid
duplicating logic and code.
Yann Ylavic [Thu, 31 Oct 2019 16:16:05 +0000 (16:16 +0000)]
mod_proxy_http: follow up to r1869216.
Let's call stream_reqbody() for all rb_methods, no RB_SPOOL_CL special case.
This both simplifies code and allows to keep EOS into the input_brigade until
it's sent, and thus detect whether we already fetched the whole body if/when
proxy_http_handler() re-enters for different balancer members.
Yann Ylavic [Thu, 31 Oct 2019 16:08:33 +0000 (16:08 +0000)]
mod_proxy_http: follow up to r1869216.
Let's call stream_reqbody() for all rb_methods, no RB_SPOOL_CL special case.
This both simplifies code and allows to keep EOS into the input_brigade until
it's sent, and thus detect whether we already fetched the whole body if/when
proxy_http_handler() re-enters for different balancer members.
Yann Ylavic [Thu, 31 Oct 2019 14:15:07 +0000 (14:15 +0000)]
mod_proxy_http: fix load-balancer fallback for requests with a body.
Since r1656259 (or r1656259 in 2.4.41) and the move of prefetch before connect,
the balancer fallback case where proxy_http_handler() is re-entered with the
next balancer member broke.
We need to save the body (partially) prefetched the first time and reuse it on
successive calls, otherwise we might forward partial or empty body.
Fix alignment in a <highlight> block.
Add directive name in <default> so that 'quickreference.html' is generated with the corresponding default value.
Avoid some duplicated words (i.e. 'to to').
Fix some incorrect directive name in some description.
Fix the description of 'AuthFormBody' which was a copy&paste of 'AuthFormMethod'.
Remove some useless <var></var> around 'On|Off'.