Stefan Eissing [Mon, 13 Dec 2021 15:16:55 +0000 (15:16 +0000)]
Merge r1895719 from trunk:
*) mod_http: Correctly sent a 100 Continue status code when sending an interim
response as result of an Expect: 100-Continue in the request and not the
current status code of the request. PR 65725 [Ruediger Pluem]
Stefan Eissing [Mon, 13 Dec 2021 15:02:44 +0000 (15:02 +0000)]
Merge r1879889,r1879889,r1893644 from trunk:
*) mod_dav: Some DAV extensions, like CalDAV, specify both document
elements and property elements that need to be taken into account
when generating a property. The document element and property element
are made available in the dav_liveprop_elem structure by calling
dav_get_liveprop_element(). [Graham Leggett]
Stefan Eissing [Mon, 13 Dec 2021 14:43:38 +0000 (14:43 +0000)]
Merged r1879889,r1893643,r1893644 from trunk:
*) mod_dav: Add utility functions dav_validate_root_ns(),
dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and
dav_find_attr() so that other modules get to play too.
[Graham Leggett]
Graham Leggett [Mon, 13 Dec 2021 10:43:53 +0000 (10:43 +0000)]
Backport:
*) mpm_event: Restart stopping of idle children after a load peak. PR 65626.
trunk patch: http://svn.apache.org/r1894285
http://svn.apache.org/r1894286
http://svn.apache.org/r1894291
http://svn.apache.org/r1895550
http://svn.apache.org/r1895553
http://svn.apache.org/r1895630
backport PR: https://github.com/apache/httpd/pull/276
2.4.x patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/276.patch
+1: ylavic, rpluem, minfrin
ylavic: updated with r1894291 for correctness of perform_idle_server_maintenance()
w.r.t. num_buckets > 1 and ease merging of r1895553, with r1895550 for
correctness of active_daemons used in r1895553 and r1895630.
Stefan Eissing [Fri, 10 Dec 2021 13:59:10 +0000 (13:59 +0000)]
*) mod_tls: added mod_tls from abetterinternet, donated
by ISRG/Prossimo <https://github.com/abetterinternet/mod_tls>.
- adds font-/backend TLS (v1.2/v1.3) via the Rust rustls crate
and its rustls-ffi C binding <https://github.com/rustls/rustls-ffi>.
- documentation at <https://github.com/abetterinternet/mod_tls>
(adding to Apache's manual TBD)
- build support for Apache httpd configure on *nix platforms,
rustls is linked statically into mod_tls.
Graham Leggett [Fri, 10 Dec 2021 13:23:51 +0000 (13:23 +0000)]
Backport:
*) mod_proxy_connect: Honor the smallest of the backend or client timeout
while tunneling, and handle "proxy-nohalfclose" as opt-out for hlaf-close
tunneling. PR 65631, 65662, 65689.
trunk patch: http://svn.apache.org/r1894290
http://svn.apache.org/r1895304
backport PR: https://github.com/apache/httpd/pull/278
2.4.x patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/278.patch
+1: ylavic, rpluem, minfrin
Yann Ylavic [Fri, 3 Dec 2021 15:34:16 +0000 (15:34 +0000)]
Merge r1894171 from trunk:
*) core: Be safe with ap_lingering_close() called with a socket NULL-ed.
PR 65627.
mod_itk seems to:
ap_set_core_module_config(c->conn_config, NULL)
before calling ap_lingering_close(), causing a crash after r1891721.
Until we have an API to no-op ap_lingering_close(), let's be safe.
* server/connection.c(ap_start_lingering_close):
The socket should not be NULL here, add an assertion.
* server/connection.c(ap_lingering_close):
Set c->aborted if the socket is NULL, and give up.
Stefan Eissing [Thu, 25 Nov 2021 15:48:08 +0000 (15:48 +0000)]
test: adapting http2 test 200_16 to compensate for not getting a response.
This happens for newer nghttp2 versions that RST a stream with the
tested, invalid header.
*) mod_md: Fix memory leak in case of failures to load the private key.
PR 65620 [ Filipe Casal <filipe.casal@trailofbits.com> ]
*) mod_md: adding v2.4.8 with the following changes
- Added support for ACME External Account Binding (EAB).
Use the new directive `MDExternalAccountBinding` to provide the
server with the value for key identifier and hmac as provided by
your CA.
While working on some servers, EAB handling is not uniform
across CAs. First tests with a Sectigo Certificate Manager in
demo mode are successful. But ZeroSSL, for example, seems to
regard EAB values as a one-time-use-only thing, which makes them
fail if you create a seconde account or retry the creation of the
first account with the same EAB.
- The directive 'MDCertificateAuthority' now checks if its parameter
is a http/https url or one of a set of known names. Those are
'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
for now and they are not case-sensitive.
The default of LetsEncrypt is unchanged.
- `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
section.
- Treating 401 HTTP status codes for orders like 403, since some ACME
servers seem to prefer that for accessing oders from other accounts.
- When retrieving certificate chains, try to read the repsonse even
if the HTTP Content-Type is unrecognized.
- Fixed a bug that reset the error counter of a certificate renewal
and prevented the increasing delays in further attempts.
- Fixed the renewal process giving up every time on an already existing
order with some invalid domains. Now, if such are seen in a previous
order, a new order is created for a clean start over again.
See <https://github.com/icing/mod_md/issues/268>
- Fixed a mixup in md-status handler when static certificate files
and renewal was configured at the same time.
*) mod_md: values for External Account Binding (EAB) can
now also be configured to be read from a separate JSON
file. This allows to keep server configuration permissions
world readable without exposing secrets.
Graham Leggett [Sun, 26 Sep 2021 14:35:55 +0000 (14:35 +0000)]
Backport:
*) mpm event: Correctly count active child processes in parent process if
child process dies due to MaxConnectionsPerChild. PR 65592.
Trunk version of patch:
https://svn.apache.org/r1893520
Backport version for 2.4.x of patch:
Trunk version of patch works
svn merge -c 1893520 ^/httpd/httpd/trunk .
+1: rpluem, ylavic, minfrin
Graham Leggett [Sun, 26 Sep 2021 14:30:51 +0000 (14:30 +0000)]
Backport:
*) mod_http2: when a server is restarted gracefully, any idle h2 worker
threads are shut down immediately.
Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
Adds all other, never proposed code changes to make a clean
sync of http2 sources.
trunk patch: http://svn.apache.org/r1893214
http://svn.apache.org/r1893215
http://svn.apache.org/r1893220
and other never proposed code changes
PR: https://github.com/apache/httpd/pull/270
+1: icing, rpluem, minfrin
Graham Leggett [Sun, 26 Sep 2021 14:18:55 +0000 (14:18 +0000)]
Backport:
*) mod_dav: Correctly handle errors returned by dav providers on REPORT
requests.
Trunk version of patch:
https://svn.apache.org/r1893589
Backport version for 2.4.x of patch:
Trunk version of patch works
svn merge -c 1893589 ^/httpd/httpd/trunk .
+1: rpluem, minfrin, ylavic
Graham Leggett [Sun, 26 Sep 2021 14:14:37 +0000 (14:14 +0000)]
Backport:
*) core: do not install core input/output filters on secondary
connections.
Trunk version of patch:
http://svn.apache.org/viewvc?view=revision&revision=1787606
Backport version for 2.4.x of patch:
svn merge -c 1787606 ^/httpd/httpd/trunk .
+1: icing, rpluem, ylavic
Graham Leggett [Sun, 26 Sep 2021 14:11:22 +0000 (14:11 +0000)]
Backport:
*) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
and use it to prevent that failures in running the pre_connection
hook cause crashes afterwards.
Trunk version of patch:
https://svn.apache.org/r1893497
https://svn.apache.org/r1893507
Backport version for 2.4.x of patch:
https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/269.diff
Can be applied via apply_backport_pr.sh 269.
+1: rpluem, icing, ylavic
projects / thirdparty / apache / httpd.git / log
