www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-11-06 16:49:32 +03:00
Code Activity
13,520 Commits 62 Branches 304 Tags
7584e8b211f2bdf085e0697f5cb15fcbed536adb
Commit Graph

669 Commits

Author SHA1 Message Date
Joe Orton
5afedd0422 * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_remain): New 
function.  (ssl_var_lookup_ssl_cert): Support _V_REMAIN suffix for
SSL_{SERVER,CLIENT} as number of days until certificate expires.

* modules/ssl_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if
+StdEnvVars is configured.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104700 13f79535-47bb-0310-9956-ffa450edef68
 2004-08-18 11:05:22 +00:00
Joe Orton
63b4ad0dcb * modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix rollback 
handling for AP_MODE_SPECULATIVE.

PR: 30134


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104687 13f79535-47bb-0310-9956-ffa450edef68
 2004-08-17 16:31:23 +00:00
Joe Orton
d2e2c4e584 * modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL), 
* server/log.c (ap_log_pid),
* server/mpm/prefork/prefork.c (accept_mutex_on, accept_mutex_off),
* support/htdbm.c (htdbm_list):
Fix some non-literal format strings (warnings from gcc -Wformat-security).

PR: 30585
Submitted by: Ulf Harnhammar (SITIC), Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104548 13f79535-47bb-0310-9956-ffa450edef68
 2004-08-11 14:25:30 +00:00
Joe Orton
371ef0b07e * modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix potential 
infinite loop in ssl_io_input_getline if connection is aborted without
inctx->rc being set.

PR: 29964


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104547 13f79535-47bb-0310-9956-ffa450edef68
 2004-08-11 13:19:24 +00:00
Bradley Nicholes
8994a47b7a Tokenize the header while parsing it for the upgrade tokens and once the protocol has been upgraded, allow the request to complete encrypted. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104273 13f79535-47bb-0310-9956-ffa450edef68
 2004-07-13 18:11:22 +00:00
Martin Kraemer
97e2af662c Use the correct Apache-2.x EBCDIC conversion function (not the old apache-1.3 routine) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104082 13f79535-47bb-0310-9956-ffa450edef68
 2004-06-29 14:06:08 +00:00
Joe Orton
56230926c0 * modules/ssl/ssl_engine_io.c (bio_filter_out_flush): Create a new 
brigade for sending output after passing on the current one.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103967 13f79535-47bb-0310-9956-ffa450edef68
 2004-06-15 21:00:22 +00:00
Joe Orton
c5e7b2778e Add "SSLUserName" directive to set r->user based on a chosen SSL 
environment variable name.

* modules/ssl/ssl_private.h (struct SSLDirConfigRec): Add
szUserName field.

* modules/ssl/ssl_engine_config.c (ssl_config_perdir_create,
ssl_config_perdir_merge): Initialize and merge szUserName field.
(ssl_cmd_SSLUserName): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Set r->user to
 the value of the chosen SSL environment variable.

* modules/ssl/mod_ssl.c: Add SSLUserName config directive.

PR: 20957
Submitted by: Martin v. Loewis <martin v.loewis.de>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103834 13f79535-47bb-0310-9956-ffa450edef68
 2004-06-03 15:00:15 +00:00
Joe Orton
e9ef262085 Add "SSLHonorCipherOrder" directive to enable the OpenSSL 0.9.7 flag 
which uses the server's cipher preference order rather than the
client's.

* modules/ssl/ssl_private.h (struct SSLSrvConfigRec): Add
cipher_server_pref field.

* modules/ssl/ssl_engine_config.c (ssl_config_server_create,
ssl_config_server_merge): Initialize and merge cipher_server_pref
field.
(ssl_cmd_SSLHonorCipherOrder): New function.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Set the
context option SSL_OP_CIPHER_SERVER_PREFERENCE when required.

PR: 28665
Submitted by: Jim Shneider <jschneid netilla.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103832 13f79535-47bb-0310-9956-ffa450edef68
 2004-06-03 13:03:08 +00:00
Joe Orton
4ea42b6e3b Drop support for the "CompatEnvVars" argument to SSLOptions, which was 
never implemented in 2.0 and never needed to be.

* docs/ssl/ssl-std.conf.in: Remove CompatEnvVars examples.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLOptions): Don't allow
the CompatEnvVars argument.

* modules/ssl/ssl_private.h: Remove SSL_OPT_COMPATENVVARS macro.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103829 13f79535-47bb-0310-9956-ffa450edef68
 2004-06-03 09:28:12 +00:00
Joe Orton
b67b9a0670 * modules/ssl/ssl_scache.c (ssl_scache_expire): Remove unused function. 
* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_expire): Likewise.

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_expire): Likewise.

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_expire): Make static.

* modules/ssl/ssl_private.h: Remove prototypes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103793 13f79535-47bb-0310-9956-ffa450edef68
 2004-05-27 09:20:00 +00:00
Joe Orton
f10b0ad3dc * modules/ssl/ssl_util.c, modules/ssl/ssl_private.h: Remove unused 
functions ssl_util_strupper, ssl_util_ptxtstub, and
ssl_util_uuencode*.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103755 13f79535-47bb-0310-9956-ffa450edef68
 2004-05-25 12:16:53 +00:00
Joe Orton
3efccf4239 * modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer 
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103754 13f79535-47bb-0310-9956-ffa450edef68
 2004-05-25 12:09:01 +00:00
Joe Orton
3f6c2ba352 * modules/ssl/ssl_engine_config.c (ssl_config_global_create): Fix gcc 
strict-aliasing warning.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103688 13f79535-47bb-0310-9956-ffa450edef68
 2004-05-17 18:57:39 +00:00
Madhusudan Mathihalli
8a35d297cf Fix SEGV in 'shmcb' session cache: 
When a 'read' or 'write' to session cache is done, we need to check the size
of the data being 'read' or 'written' to avoid buffer over-run.

PR: 27751
Submitted by: Geoff Thorpe
Reviewed by: Madhusudan Mathihalli


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103669 13f79535-47bb-0310-9956-ffa450edef68
 2004-05-12 21:36:52 +00:00
Madhusudan Mathihalli
b9164cbc0b In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 
just prevents the internal lookup but does not prevent the caching.
OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to
prevent OpenSSL from both lookup and caching the sessions internally.

PR: 26562
Reviewed by: Geoff Thorpe, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103165 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-26 23:53:35 +00:00
Joe Orton
fea85e203c * modules/ssl/ssl_engine_io.c (ssl_io_filter_cleanup): Don't try and 
send an SSL shutdown from a pool cleanup.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103156 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-25 19:36:32 +00:00
Joe Orton
670b834207 * modules/ssl/ssl_engine_log.c (ssl_log_annotation): const-ify more. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102943 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-12 17:14:28 +00:00
William A. Rowe Jr
ce9d647ae5 Pick up mod_status.h 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102938 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-11 20:19:24 +00:00
Joe Orton
ddecd8ab9e * modules/ssl/ssl_engine_log.c (ssl_log_annotate, ssl_log_annotation, 
ssl_log_ssl_error): const-ify annotation strings and simplify
ssl_log_annotation.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102927 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-10 21:54:17 +00:00
Joe Orton
15e2a44274 Fix use of mod_ssl as a DSO linked against static SSL libraries; also 
stop linking all of support/* against the SSL libraries:

* acinclude.m4 (APACHE_MODULE): Define MOD_FOO_LDADD which each
module .la library will be linked against.
(APACHE_MODPATH_ADD): Link static modules against the provided libraries.
(APACHE_CHECK_SSL_TOOLKIT): Put SSL libraries in SSL_LIBS and export
that to config_vars.mk.

* support/Makefile.in: Link ab against SSL_LIBS.

* modules/ssl/config.m4: Add SSL_LIBS and distcache libraries to
MOD_SSL_LDADD.

PR: 17217


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102870 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-06 16:47:41 +00:00
Bradley Nicholes
74c5908625 Allow the enabled flag to be set to more than just TRUE or FALSE so that 
the OPTIONAL flag can be correctly merged within the
ssl_config_server_merge() function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102860 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-05 02:44:40 +00:00
Bradley Nicholes
344ea84d8e Allow the enabled flag to be set to more that just TRUE or FALSE so that 
the OPTIONAL flag is correctly merged within the
ssl_config_server_merge() function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102859 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-05 02:41:39 +00:00
Joe Orton
1c5889d105 * modules/ssl/ssl_engine_init.c (ssl_init_Engine): Log the OpenSSL 
error stack contents if engine load/init fails.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102857 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-04 22:00:25 +00:00
Joe Orton
f205725d2e * modules/ssl/ssl_engine_log.c (ssl_log_ssl_error): Use %lu to print 
an unsigned long.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102856 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-04 21:54:09 +00:00
Joe Orton
4c36ea2ab5 * modules/ssl/ssl_engine_vars.c (ssl_var_lookup, 
ssl_var_lookup_ssl_cipher): Use apr_itoa instead of psprintf %d.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102855 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-04 20:44:13 +00:00
Joe Orton
919194363c * modules/ssl/ssl_engine_vars (ssl_var_lookup): const'ify result and 
drop a bunch of casts; use apr_table_get directly in place of
ssl_var_lookup_header.
(ssl_var_lookup_header): Remove function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102854 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-04 20:39:53 +00:00
Joe Orton
0015ef74b5 * modules/ssl/ssl_engine_vars (ssl_var_lookup): Optimise such that 
lookup of SSL_* variables (the common case) requires 2 rather than 29
strcasecmp calls before getting to ssl_var_lookup_ssl().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102851 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-04 13:42:09 +00:00
Joe Orton
0f7f4106a3 * modules/ssl/mod_ssl.h: Declare ssl_is_https optional function. 
* modules/ssl/ssl_engine_vars (ssl_is_https): New function.
(ssl_var_register): Register it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102850 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-04 13:06:54 +00:00
Joe Orton
3f58695141 * modules/ssl/ssl_engine_vars (ssl_var_lookup): Fix potential 
segfaults if called with r=NULL, c!=NULL, spotted by Andr��.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102849 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-04 07:59:30 +00:00
Joe Orton
e878bf757b * modules/ssl/ssl_engine_io.c (ssl_io_filter_disable, 
ssl_io_filter_error): Clear the SSL * pointer in the SSLConnRec too.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102819 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-29 00:29:20 +00:00
Joe Orton
dd2b6c2bf8 * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Simplify 
to use apr_pstrmemdup.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102815 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-28 23:03:15 +00:00
Joe Orton
eb78a22c85 * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): For a DN 
which includes several RDNs with the same OID, allow lookup of any
particular RDN using an "_<n>" suffix on the name.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102813 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-28 22:56:01 +00:00
Joe Orton
3ca3524c31 Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h 
to be included even when mod_ssl is not enabled.

* Makefile.in (install-include): Only install mod_ssl.h.

* modules/ssl/ssl_private.h: New file.

* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.

* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h

* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.

* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102803 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-28 18:06:35 +00:00
Joe Orton
3b3113012f Relicense. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102799 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-28 11:55:46 +00:00
Madhusudan Mathihalli
48c38a4533 Send the 'Close Alert' message to the peer upon closing a SSL session. This 
required creating a new EOC (End-Of-Connection) bucket type to notify mod_ssl
that the connection is about to be closed.


Reviewed by: Joe Orton, Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102793 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-28 00:45:26 +00:00
Joe Orton
0e34b8f5f4 * modules/ssl/ssl_engine_io.c (ssl_io_filter_disable): Don't leak an 
SSL structure for each plain-HTTP-on-SSL-port request.

PR: 27106


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102770 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-25 10:54:29 +00:00
Joe Orton
825005a089 * modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle): Wording 
tweaks.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102747 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-22 10:27:21 +00:00
Joe Orton
ba689780fa * modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_init): Use an 
anonymous shm segment by default or fall back on name-based shm.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102746 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-22 10:23:01 +00:00
Joe Orton
1609950077 * modules/ssl/ssl_engine_pphrase.c: Note that the ERR_clear_error() 
call is not merely a cosmetic fix in light of PR 21160.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102628 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-10 12:17:44 +00:00
André Malo
a688f06b19 fix name of The Apache Software Foundation 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102618 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-09 20:31:03 +00:00
André Malo
0b6155c539 fix copyright dates according to the first check in 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102573 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-08 12:52:25 +00:00
André Malo
4f02cb1e18 apply Apache License, Version 2.0 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102525 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-06 22:58:42 +00:00
Justin Erenkrantz
a91a2e172b We need the SSL module dir in our path in order to compile mod_ssl. 
Otherwise, we can't find mod_ssl.h.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102515 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-05 17:54:30 +00:00
Joe Orton
812f43e569 * modules/ssl/ssl_engine_io.c (ssl_io_filter_output): Use non-blocking 
bucket reads whilst data remains available; flush when a read returns
EAGAIN.  Fixes streaming nph- CGI scripts over SSL.

PR: 21944
Inspired by: Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102397 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-23 16:50:24 +00:00
Joe Orton
faf133a577 * modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl): Fix segfault if 
SSL_get_session() returns NULL.

PR: 15057
Submitted by: Otmar Lendl (lendl@nic.at)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102281 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-12 10:51:44 +00:00
Joe Orton
223c481ae9 * modules/ssl/ssl_scache_dc.c: Add the Apache Software License. 
* modules/ssl/mod_ssl.h: Undo accidental comment change in previous
commit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102228 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-08 16:40:18 +00:00
Joe Orton
3c52d23027 Add support to mod_ssl for a distributed session cache using 
distcache.

* LAYOUT: Update for removal of scache_shmht and addition of scache_dc.

* modules/ssl/config.m4: Check for libdistcache; build ssl_scache_dc.lo.

* modules/ssl/mod_ssl.dsp: Build ssl_scache_dc (with luck).

* modules/ssl/mod_ssl.h: Add SSL_SCMODE_DC and scache_dc_* prototypes.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLSessionCache): Allow
use of dc: argument.

* modules/ssl/ssl_scache_dc.c: New file.

* modules/ssl/ssl_scache.c (ssl_scache_init, ssl_scache_kill,
ssl_scache_store, ssl_scache_retrieve, ssl_scache_remove,
ssl_ext_status_hook): Hook into scache_dc.

Submitted by: Geoff Thorpe <geoff@geoffthorpe.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102227 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-08 16:26:53 +00:00
André Malo
fb07607180 update license to 2004. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102135 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-01 13:26:26 +00:00
Martin Kraemer
28bd9fb514 We need the error strings loaded as early as possible 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102067 13f79535-47bb-0310-9956-ffa450edef68
 2003-12-15 14:30:12 +00:00