delta/apache/httpd.git/modules/ssl/ssl_engine_kernel.c, branch authz-dev github.com: apache/httpd.git No functional Change: Removing trailing whitespace. This also 2005-11-10T15:11:44+00:00 Jim Jagielski jim@apache.org 2005-11-10T15:11:44+00:00 5061d9fa920cb1821a51495fc42833c54e5bd714 means that "blank" lines consisting of just spaces or tabs are now really blank lines git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332306 13f79535-47bb-0310-9956-ffa450edef68 
means that "blank" lines consisting of just spaces or
tabs are now really blank lines


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332306 13f79535-47bb-0310-9956-ffa450edef68
Implement a (bounded) buffer of request body data to provide a limited 2005-09-22T15:38:14+00:00 Joe Orton jorton@apache.org 2005-09-22T15:38:14+00:00 23a3c20db2ba540c8e3557772944c0513086f3ed but safe fix for the mod_ssl renegotiation-vs-requests-with-bodies bug: * modules/ssl/ssl_private.h (ssl_io_buffer_fill): Add prototype. * modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill, ssl_io_filter_buffer): New functions. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): If a renegotiation is needed, and the request has a non-zero content-length, or a t-e header (and 100-continue was not requested), call ssl_io_buffer_fill to set aside the request body data if possible, then proceed with the negotiation. PR: 12355 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290965 13f79535-47bb-0310-9956-ffa450edef68 
but safe fix for the mod_ssl renegotiation-vs-requests-with-bodies
bug:

* modules/ssl/ssl_private.h (ssl_io_buffer_fill): Add prototype.

* modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill,
ssl_io_filter_buffer): New functions.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): If a
renegotiation is needed, and the request has a non-zero
content-length, or a t-e header (and 100-continue was not requested),
call ssl_io_buffer_fill to set aside the request body data if
possible, then proceed with the negotiation.

PR: 12355


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290965 13f79535-47bb-0310-9956-ffa450edef68
Record the fact that we failed to set the username as requested. 2005-09-09T22:10:25+00:00 David Reid dreid@apache.org 2005-09-09T22:10:25+00:00 d01f2df246f275552807340c3b465a06d1cbb2e2 This is useful to know as the most likely cause will be a misconfiguration and so should be easily fixed, but to be fixed it's helpful if you're aware it needs fixed! git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@279893 13f79535-47bb-0310-9956-ffa450edef68 
This is useful to know as the most likely cause will be a misconfiguration
and so should be easily fixed, but to be fixed it's helpful if you're
aware it needs fixed!



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@279893 13f79535-47bb-0310-9956-ffa450edef68
Fix CVE CAN-2005-2700: 2005-08-30T15:57:38+00:00 Joe Orton jorton@apache.org 2005-08-30T15:57:38+00:00 a1e9d51be373b9c9e537d129a48e140232643a9e * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that renegotiation is performed for a transition from "SSLVerifyClient optional" to "SSLVerifyClient require". The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old context merely has optional verification configured, since the definition of SSL_VERIFY_PEER_STRICT is (SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68 
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".

The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68
Add SSL_COMPRESS_METHOD variable (included in +StdEnvVars) to note 2005-07-06T15:16:28+00:00 William A. Rowe Jr wrowe@apache.org 2005-07-06T15:16:28+00:00 340df9ce2f73c6984948d3cff0c81580a9c4d2de the negotiated compression. Reviewed by: wrowe, Maxime Petazzoni Submitted by: Georg v. Zezschwitz <gvz 2scale.de> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209469 13f79535-47bb-0310-9956-ffa450edef68 
  the negotiated compression.

Reviewed by: wrowe, Maxime Petazzoni
Submitted by: Georg v. Zezschwitz <gvz 2scale.de>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209469 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix 2005-06-03T12:54:53+00:00 Joe Orton jorton@apache.org 2005-06-03T12:54:53+00:00 968bb860f90729601e59d8b2bab747e74dc3d612 off-by-one. PR: 35081 Submitted by: Marc Stern <mstern csc.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@179781 13f79535-47bb-0310-9956-ffa450edef68 
off-by-one.

PR: 35081
Submitted by: Marc Stern <mstern csc.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@179781 13f79535-47bb-0310-9956-ffa450edef68
Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown 2005-04-19T20:02:09+00:00 Joe Orton jorton@apache.org 2005-04-19T20:02:09+00:00 645809dbba9341629b6469d6516786814428748b setting when configured e.g. as a reverse proxy: * modules/ssl/ssl_private.h: Remove ssl_hook_Translate. * modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in ssl_hook_Translate. (ssl_hook_Translate): Remove. * modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq hook runs after mod_setenvif.c; don't register translate_name hook. PR: 34452 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161958 13f79535-47bb-0310-9956-ffa450edef68 
setting when configured e.g. as a reverse proxy:

* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate.  (ssl_hook_Translate): Remove.

* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.

PR: 34452


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161958 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Move the 2005-02-10T18:28:43+00:00 Joe Orton jorton@apache.org 2005-02-10T18:28:43+00:00 c2f37c7a4db5fa2018de24c08aa32821e46af03d SSLUsername-controlled assignment of r->user above the SSLRequire checks so that the "username" gets logged if SSLRequire denies access. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153280 13f79535-47bb-0310-9956-ffa450edef68 
SSLUsername-controlled assignment of r->user above the SSLRequire
checks so that the "username" gets logged if SSLRequire denies access.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153280 13f79535-47bb-0310-9956-ffa450edef68
Remove formatting characters from ap_log_error() calls. These 2005-02-09T19:01:43+00:00 Jeff Trawick trawick@apache.org 2005-02-09T19:01:43+00:00 9ff46dd755ac65fe91fb7f35d7657b8342470c24 were escaped as fallout from CAN-2003-0020. Submitted by: Eric Covener <ecovener gmail.com> Reviewed by: Jeff Trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153105 13f79535-47bb-0310-9956-ffa450edef68 
were escaped as fallout from CAN-2003-0020.

Submitted by: Eric Covener <ecovener gmail.com>
Reviewed by: Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153105 13f79535-47bb-0310-9956-ffa450edef68
Change where we set r->user if we're setting it from a 2005-02-05T14:20:26+00:00 David Reid dreid@apache.org 2005-02-05T14:20:26+00:00 98d1aa261a313f0d8f1693f7b8565063ba59ab82 client certificate. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151493 13f79535-47bb-0310-9956-ffa450edef68 
client certificate.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151493 13f79535-47bb-0310-9956-ffa450edef68