git.ipfire.org Git - thirdparty/apache/httpd.git/log

  FINALLY Correct ap_http_method()!  It is NOT a method, it's a SCHEME!

  Bumped mmn, and ap module cookie, for this function rename.

  It's not a deprecation, as ap_http_method would be a lovely function
  name sometime in the future: to determine what the function name implies.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@123882 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (bio_filter_out_flush): Revert the
passed-brigade-reuse "fix" which is currently unnecessary.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@111962 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_cleanup): Fix segfaults
from using ap_log_cerror from a c->pool cleanup; the debug message
triggers too often anyway so just remove it.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@111959 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Use
X509_STORE_CTX_get_ex_data() and SSL_get_ex_data_X509_STORE_CTX_idx()
to use the correct ex_data index from the context in pathological
cases where SSL_get_ex_data_X509_STORE_CTX_idx() does not return 0.

PR: 32529

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@111241 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Simplify the
Upgrade header check; allow upgrades on any method; don't drop the
ap_pass_brigade return value.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@111159 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove the
unnecessary check of the Connection request header.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@109499 13f79535-47bb-0310-9956-ffa450edef68

Use a case insensitive compare when looking for 'Upgrade'.
The first client I tested was sending 'upgrade'.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@109447 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_mutex.c (ssl_mutex_on, ssl_mutex_off):
Improve error messages.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@106573 13f79535-47bb-0310-9956-ffa450edef68

general property cleanup

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@106103 13f79535-47bb-0310-9956-ffa450edef68

Remove the .cvsignore files.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105796 13f79535-47bb-0310-9956-ffa450edef68

Fix handling of non-blocking reads in mod_ssl (triggered by recent
change to mod_proxy_http):

* modules/ssl/ssl_engine_io.c (bio_filter_in_read): Return an error if
the read would block so that the SSL_read() caller checks for
SSL_ERROR_WANT_READ, rather than 0, which is treated like EOF.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105768 13f79535-47bb-0310-9956-ffa450edef68

Add -t -DDUMP_CERTS option to mod_ssl which dumps the filenames of all
configured SSL certificates to stdout, useful for cron-ing through a
"do I need to renew any of my certificates this week" tool:

* modules/ssl/ssl_engine_config.c (ssl_hook_ConfigTest): New function.

* modules/ssl/mod_ssl.c (ssl_register_hooks): ...register it as a
test_config hook.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105741 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/config.m4: Use libtool's -export-symbols-regex flag to
hide all global symbols defined by mod_ssl other than the module
structure (where possible).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105740 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c, modules/ssl/ssl_engine_kernel.c,
modules/mod_ssl.c: Switch to using ap_log_cerror() in place of
ap_log_error() everywhere that the conn_rec * is available.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105739 13f79535-47bb-0310-9956-ffa450edef68

Remove bogus comment: for SSLPassPhraseDialog exec:..., argv is
defined and documented and can't be changed.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105683 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix possible
NULL pointer dereference in some configurations.

PR: 31848

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105663 13f79535-47bb-0310-9956-ffa450edef68

Add a check for SSL_ENABLED_OPTIONAL to the http_method and default_port hook so that they return the correct values for an upgradeable connection.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105426 13f79535-47bb-0310-9956-ffa450edef68

* os/unix/os.h: Define AP_NEED_SET_MUTEX_PERMS.

* modules/mappers/mod_rewrite.c, modules/ssl/ssl_engine_mutex.c: Use
AP_NEED_SET_MUTEX_PERMS to determine whether unixd_set_*_mutex_perms
calls are necessary.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105411 13f79535-47bb-0310-9956-ffa450edef68

Fix CAN-2004-0885:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated, else deny access.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
0.9.7, prevent session resumption during a renegotiation to force the
client to negotiate a new (and acceptable) cipher suite.

Submitted by: Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105396 13f79535-47bb-0310-9956-ffa450edef68

Use the right length.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105354 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_connect): Return
502 not 501 if SSL_connect() fails for a proxy connection.

PR: 31083

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105252 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_scache_shmcb.c (ssl_scahe_shmcb_init): If anonymous
shm is not supported, always remove the named segment first to cope
with unclean shutdowns.

PR: 21335 (continued)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105249 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c: Map "UID" suffix to the same OID
(2.5.4.45) for old and new versions of OpenSSL.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105244 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_remain): New
function. (ssl_var_lookup_ssl_cert): Support _V_REMAIN suffix for
SSL_{SERVER,CLIENT} as number of days until certificate expires.

* modules/ssl_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if
+StdEnvVars is configured.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104700 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix rollback
handling for AP_MODE_SPECULATIVE.

PR: 30134

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104687 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL),
* server/log.c (ap_log_pid),
* server/mpm/prefork/prefork.c (accept_mutex_on, accept_mutex_off),
* support/htdbm.c (htdbm_list):
Fix some non-literal format strings (warnings from gcc -Wformat-security).

PR: 30585
Submitted by: Ulf Harnhammar (SITIC), Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104548 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix potential
infinite loop in ssl_io_input_getline if connection is aborted without
inctx->rc being set.

PR: 29964

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104547 13f79535-47bb-0310-9956-ffa450edef68

Tokenize the header while parsing it for the upgrade tokens and once the protocol has been upgraded, allow the request to complete encrypted.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104273 13f79535-47bb-0310-9956-ffa450edef68

Use the correct Apache-2.x EBCDIC conversion function (not the old apache-1.3 routine)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104082 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (bio_filter_out_flush): Create a new
brigade for sending output after passing on the current one.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103967 13f79535-47bb-0310-9956-ffa450edef68

Add "SSLUserName" directive to set r->user based on a chosen SSL
environment variable name.

* modules/ssl/ssl_private.h (struct SSLDirConfigRec): Add
szUserName field.

* modules/ssl/ssl_engine_config.c (ssl_config_perdir_create,
ssl_config_perdir_merge): Initialize and merge szUserName field.
(ssl_cmd_SSLUserName): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Set r->user to
the value of the chosen SSL environment variable.

* modules/ssl/mod_ssl.c: Add SSLUserName config directive.

PR: 20957
Submitted by: Martin v. Loewis <martin v.loewis.de>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103834 13f79535-47bb-0310-9956-ffa450edef68

Add "SSLHonorCipherOrder" directive to enable the OpenSSL 0.9.7 flag
which uses the server's cipher preference order rather than the
client's.

* modules/ssl/ssl_private.h (struct SSLSrvConfigRec): Add
cipher_server_pref field.

* modules/ssl/ssl_engine_config.c (ssl_config_server_create,
ssl_config_server_merge): Initialize and merge cipher_server_pref
field.
(ssl_cmd_SSLHonorCipherOrder): New function.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Set the
context option SSL_OP_CIPHER_SERVER_PREFERENCE when required.

PR: 28665
Submitted by: Jim Shneider <jschneid netilla.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103832 13f79535-47bb-0310-9956-ffa450edef68

Drop support for the "CompatEnvVars" argument to SSLOptions, which was
never implemented in 2.0 and never needed to be.

* docs/ssl/ssl-std.conf.in: Remove CompatEnvVars examples.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLOptions): Don't allow
the CompatEnvVars argument.

* modules/ssl/ssl_private.h: Remove SSL_OPT_COMPATENVVARS macro.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103829 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_scache.c (ssl_scache_expire): Remove unused function.

* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_expire): Likewise.

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_expire): Likewise.

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_expire): Make static.

* modules/ssl/ssl_private.h: Remove prototypes.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103793 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_util.c, modules/ssl/ssl_private.h: Remove unused
functions ssl_util_strupper, ssl_util_ptxtstub, and
ssl_util_uuencode*.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103755 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103754 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Fix gcc
strict-aliasing warning.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103688 13f79535-47bb-0310-9956-ffa450edef68

Fix SEGV in 'shmcb' session cache:
When a 'read' or 'write' to session cache is done, we need to check the size
of the data being 'read' or 'written' to avoid buffer over-run.

PR: 27751
Submitted by: Geoff Thorpe
Reviewed by: Madhusudan Mathihalli

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103669 13f79535-47bb-0310-9956-ffa450edef68

In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
just prevents the internal lookup but does not prevent the caching.
OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to
prevent OpenSSL from both lookup and caching the sessions internally.

PR: 26562
Reviewed by: Geoff Thorpe, Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103165 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_cleanup): Don't try and
send an SSL shutdown from a pool cleanup.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103156 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_log.c (ssl_log_annotation): const-ify more.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102943 13f79535-47bb-0310-9956-ffa450edef68

Pick up mod_status.h

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102938 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_log.c (ssl_log_annotate, ssl_log_annotation,
ssl_log_ssl_error): const-ify annotation strings and simplify
ssl_log_annotation.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102927 13f79535-47bb-0310-9956-ffa450edef68

Fix use of mod_ssl as a DSO linked against static SSL libraries; also
stop linking all of support/* against the SSL libraries:

* acinclude.m4 (APACHE_MODULE): Define MOD_FOO_LDADD which each
module .la library will be linked against.
(APACHE_MODPATH_ADD): Link static modules against the provided libraries.
(APACHE_CHECK_SSL_TOOLKIT): Put SSL libraries in SSL_LIBS and export
that to config_vars.mk.

* support/Makefile.in: Link ab against SSL_LIBS.

* modules/ssl/config.m4: Add SSL_LIBS and distcache libraries to
MOD_SSL_LDADD.

PR: 17217

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102870 13f79535-47bb-0310-9956-ffa450edef68

Allow the enabled flag to be set to more than just TRUE or FALSE so that
the OPTIONAL flag can be correctly merged within the
ssl_config_server_merge() function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102860 13f79535-47bb-0310-9956-ffa450edef68

Allow the enabled flag to be set to more that just TRUE or FALSE so that
the OPTIONAL flag is correctly merged within the
ssl_config_server_merge() function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102859 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_init.c (ssl_init_Engine): Log the OpenSSL
error stack contents if engine load/init fails.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102857 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_log.c (ssl_log_ssl_error): Use %lu to print
an unsigned long.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102856 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup,
ssl_var_lookup_ssl_cipher): Use apr_itoa instead of psprintf %d.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102855 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars (ssl_var_lookup): const'ify result and
drop a bunch of casts; use apr_table_get directly in place of
ssl_var_lookup_header.
(ssl_var_lookup_header): Remove function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102854 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars (ssl_var_lookup): Optimise such that
lookup of SSL_* variables (the common case) requires 2 rather than 29
strcasecmp calls before getting to ssl_var_lookup_ssl().

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102851 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/mod_ssl.h: Declare ssl_is_https optional function.

* modules/ssl/ssl_engine_vars (ssl_is_https): New function.
(ssl_var_register): Register it.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102850 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars (ssl_var_lookup): Fix potential
segfaults if called with r=NULL, c!=NULL, spotted by Andr��.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102849 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_disable,
ssl_io_filter_error): Clear the SSL * pointer in the SSLConnRec too.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102819 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Simplify
to use apr_pstrmemdup.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102815 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): For a DN
which includes several RDNs with the same OID, allow lookup of any
particular RDN using an "_<n>" suffix on the name.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102813 13f79535-47bb-0310-9956-ffa450edef68

Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h
to be included even when mod_ssl is not enabled.

* Makefile.in (install-include): Only install mod_ssl.h.

* modules/ssl/ssl_private.h: New file.

* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.

* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h

* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.

* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102803 13f79535-47bb-0310-9956-ffa450edef68

Relicense.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102799 13f79535-47bb-0310-9956-ffa450edef68

Send the 'Close Alert' message to the peer upon closing a SSL session. This
required creating a new EOC (End-Of-Connection) bucket type to notify mod_ssl
that the connection is about to be closed.

Reviewed by: Joe Orton, Justin Erenkrantz

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102793 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_disable): Don't leak an
SSL structure for each plain-HTTP-on-SSL-port request.

PR: 27106

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102770 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle): Wording
tweaks.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102747 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_init): Use an
anonymous shm segment by default or fall back on name-based shm.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102746 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_pphrase.c: Note that the ERR_clear_error()
call is not merely a cosmetic fix in light of PR 21160.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102628 13f79535-47bb-0310-9956-ffa450edef68

fix name of The Apache Software Foundation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102618 13f79535-47bb-0310-9956-ffa450edef68

fix copyright dates according to the first check in

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102573 13f79535-47bb-0310-9956-ffa450edef68

apply Apache License, Version 2.0

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102525 13f79535-47bb-0310-9956-ffa450edef68

We need the SSL module dir in our path in order to compile mod_ssl.
Otherwise, we can't find mod_ssl.h.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102515 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_output): Use non-blocking
bucket reads whilst data remains available; flush when a read returns
EAGAIN. Fixes streaming nph- CGI scripts over SSL.

PR: 21944
Inspired by: Jeff Trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102397 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl): Fix segfault if
SSL_get_session() returns NULL.

PR: 15057
Submitted by: Otmar Lendl (lendl@nic.at)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102281 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_scache_dc.c: Add the Apache Software License.

* modules/ssl/mod_ssl.h: Undo accidental comment change in previous
commit.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102228 13f79535-47bb-0310-9956-ffa450edef68

Add support to mod_ssl for a distributed session cache using
distcache.

* LAYOUT: Update for removal of scache_shmht and addition of scache_dc.

* modules/ssl/config.m4: Check for libdistcache; build ssl_scache_dc.lo.

* modules/ssl/mod_ssl.dsp: Build ssl_scache_dc (with luck).

* modules/ssl/mod_ssl.h: Add SSL_SCMODE_DC and scache_dc_* prototypes.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLSessionCache): Allow
use of dc: argument.

* modules/ssl/ssl_scache_dc.c: New file.

* modules/ssl/ssl_scache.c (ssl_scache_init, ssl_scache_kill,
ssl_scache_store, ssl_scache_retrieve, ssl_scache_remove,
ssl_ext_status_hook): Hook into scache_dc.

Submitted by: Geoff Thorpe <geoff@geoffthorpe.net>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102227 13f79535-47bb-0310-9956-ffa450edef68

update license to 2004.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102135 13f79535-47bb-0310-9956-ffa450edef68

We need the error strings loaded as early as possible

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102067 13f79535-47bb-0310-9956-ffa450edef68

get mod_ssl.dsp to load again
(we *x weenies have to be careful :) )

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102062 13f79535-47bb-0310-9956-ffa450edef68

Fix format string warnings from gcc on amd64:

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_store):
Print apr_size_t using APR_SIZE_T_FMT.

* modules/ssl/ssl_engine_io.c (ssl_filter_write): Print difference
between sizes using APR_SSIZE_T_FMT, apr_size_t using APR_SIZE_T_FMT.

* modules/proxy/proxy_http.c (ap_proxy_http_request): Print
apr_uint64_t using APR_UINT64_T_HEX_FMT.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102037 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/mod_ssl.h: Remove prototypes for shmht.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101900 13f79535-47bb-0310-9956-ffa450edef68

Extend mod_status output to include SSL session cache status
information:

* modules/ssl/mod_ssl.c (ssl_hook_pre_config): Call
ssl_scache_status_register.

* modules/ssl/ssl_scache.c (ssl_scache_status): Removed function.
(ssl_ext_status_hook): Renamed from ssl_ext_ms_display: switch to
2.1's mod_status "status_hook" API.
(ssl_scache_status_register): Register optional hook.

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_status): Adjust to use
new API.

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_status): Adjust
to use new API.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101889 13f79535-47bb-0310-9956-ffa450edef68

Remove shmht session cache in favour of shmcb; shmht has had
data corruption bugs since being apr_rmm'ified.

* config.m4, mod_ssl.dsp: Don't build ssl_util_table and
ssl_scache_shmht.

* ssl_util_table.h, ssl_util_table.c, ssl_scache_shmht.c: Removed
files.

* mod_ssl.h (SSLModConfigRec): Use a void * pointer for storing
the scache-specific data.

* ssl_engine_config.c (ssl_cmd_SSLSessionCache): Treat shmht: as
shmcb:.

* ssl_scache.c: Remove shmht hooks throughout.

* ssl_scache_shmcb.c: Remove casts to use the table_t * pointer as a
void *.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101888 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_log_handler_x): Fix
unused variable from previous commit.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101881 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup): Only call
ssl_var_lookup_ssl for a real SSL connection; fix lookup of "HTTPS"
for non-SSL connections.
(ssl_var_log_handler_x): Give results for non-SSL connections too;
e.g. %{HTTPS}x does the right thing.

PR: 23956

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101880 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_version):
Determine the library version string at run-time rather than at
compile-time.

Submitted by: Eric Seidel <eseidel@apple.com>
PR: 23956

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101879 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_init.c (ssl_init_proxy_certs): Fail early
(rather than segfault later) if a client cert is configured which is
missing either the certificate or private key.

PR: 24030

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101878 13f79535-47bb-0310-9956-ffa450edef68

Sync with APR-util deprecated functions.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101789 13f79535-47bb-0310-9956-ffa450edef68

* ssl_engine_log.c (ssl_log_ssl_error): Use the thread-safe
interface for retrieving error strings.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101625 13f79535-47bb-0310-9956-ffa450edef68

Fix missing human-readable error information in SSL log messages:

* mod_ssl.c (ssl_cleanup_pre_config): Don't free the error strings,
since they can't be loaded again once.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101624 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_log_handler_c): Fix
segfault on a non-SSL request.

PR: 22741
Submitted by: Gary E. Miller <gem@rellim.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101534 13f79535-47bb-0310-9956-ffa450edef68

Fix a cosmetic issue where OpenSSL 0.9.7 will dump the error stack
during pass phrase entry.

* ssl_engine_pphrase.c (ssl_pphrase_Handle): Clear the OpenSSL error
stack before reading the private key.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101515 13f79535-47bb-0310-9956-ffa450edef68

SSL-C doesn't declare the char* file arg const, so we shouldn't either.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101303 13f79535-47bb-0310-9956-ffa450edef68

These silent errors have bitten me a few times, now that we
use APR'd dbm. mod_ssl had hacked sdbm for larger sizes.

PR:
Obtained from:
Submitted by:
Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101214 13f79535-47bb-0310-9956-ffa450edef68

  Simplify includes - we always (in HTTPD 2.1 forward) are looking
  for the openssl/foo.h headers explicitly.  Fix the abs.dsp build
  to define HAVE_OPENSSL instead of USE_SSL so the correct headers
  are included upfront.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101195 13f79535-47bb-0310-9956-ffa450edef68

switch to APR 1.0 API (which is still in flux)

because of the changes to the argument lists of apr_mmap_dup and apr_socket_create,
2.1-dev won't build with apr and apr-util's 0.9 branch anymore

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101154 13f79535-47bb-0310-9956-ffa450edef68

* ssl_engine_io.c (ssl_io_filter_connect): Check the
library code as well as the reason code when looking for the
plain-HTTP-request error.

Submitted by: Stephen Henson <steve@openssl.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101135 13f79535-47bb-0310-9956-ffa450edef68

Make mod_ssl consistent with itself when you have a halfass install of
openssl-engine (ie, you're missing the headers). ssl_cmd_SSLCryptoDevice()
is thrown away by the preprocessor if you're missing the header, so the
call to it should have the same condition applied. otherwise, mod_ssl
will fail to link.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100970 13f79535-47bb-0310-9956-ffa450edef68

Trivial change to reporting an error when an identity spoof is
encountered with respect to FakeBasicAuth.

Submitted by: Greg Stein

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100941 13f79535-47bb-0310-9956-ffa450edef68

Add an error msg when encountering a spoofed identity. If this would
have been here in the first place. Makes issues like these be found
easier in the future.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100937 13f79535-47bb-0310-9956-ffa450edef68

Fix FakeBasicAuth for subrequests.  This was reported via issue
#1364 in Subversion:

  http://subversion.tigris.org/issues/show_bug.cgi?id=1364

The fix is to make mod_ssl's check_user_id hook stop tripping
over it's own checks in case of a subrequest.  That is, it
should DECLINE in case of a subrequest.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100926 13f79535-47bb-0310-9956-ffa450edef68

  Although we initialize mc->pid in the child init phase,
  we haven't initialized it before initially performing
  our ssl_rand_seed() in the parent/postconfig phase.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100912 13f79535-47bb-0310-9956-ffa450edef68

Prevent the OpenSSL id_callback from pointing at a mod_ssl
function after mod_ssl is unloaded.

* ssl_util.c (ssl_util_thread_cleanup): Clear the id_callback.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100767 13f79535-47bb-0310-9956-ffa450edef68

Prevent segfaults after SSL renegotiation failures.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Set aborted flag
after renegotiation failure.

* modules/ssl/ssl_engine_io.c (ssl_filter_write, ssl_io_filter_output):
Don't dereference BIOs in filter_ctx when filter_ctx->pssl is NULL.
(ssl_filter_io_shutdown): Set aborted flag on abortive shutdown.

PR: 21370
Submitted by: Hartmut Keil <Hartmut.Keil@adnovum.ch>
Cleaned up by: Jeff Trawick, Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100720 13f79535-47bb-0310-9956-ffa450edef68

mod_ssl: Fix a problem setting variables that represent the
client certificate chain.

PR: 21371

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100605 13f79535-47bb-0310-9956-ffa450edef68