| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with the gitgub version. This is a partial rewrite of how connections
and streams are handled.
- an APR pollset and pipes (where supported) are used to monitor
the main connection and react to IO for request/response handling.
This replaces the stuttered timed waits of earlier versions.
- H2SerializeHeaders directive still exists, but has no longer an effect.
- Clients that seemingly misbehave still get less resources allocated,
but ongoing requests are no longer disrupted.
- Fixed an issue since 1.15.24 that "Server" headers in proxied requests
were overwritten instead of preserved. [PR by @daum3ns]
- A regression in v1.15.24 was fixed that could lead to httpd child
processes not being terminated on a graceful reload or when reaching
MaxConnectionsPerChild. When unprocessed h2 requests were queued at
the time, these could stall. See #212.
- Improved information displayed in 'server-status' for H2 connections when
Extended Status is enabled. Now one can see the last request that IO
operations happened on and transferred IO stats are updated as well.
- When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
send a GOAWAY frame much too early on new connections, leading to invalid
protocol state and a client failing the request. See PR65731 at
<https://bz.apache.org/bugzilla/show_bug.cgi?id=65731>.
The module now initializes the HTTP/2 protocol correctly and allows the
client to submit one request before the shutdown via a GOAWAY frame
is being announced.
- :scheme pseudo-header values, not matching the
connection scheme, are forwarded via absolute uris to the
http protocol processing to preserve semantics of the request.
Checks on combinations of pseudo-headers values/absence
have been added as described in RFC 7540. Fixes #230.
- A bug that prevented trailers (e.g. HEADER frame at the end) to be
generated in certain cases was fixed. See #233 where it prevented
gRPC responses to be properly generated.
- Request and response header values are automatically stripped of leading
and trialing space/tab characters. This is equivalent behaviour to what
Apache httpd's http/1.1 parser does.
The checks for this in nghttp2 v1.50.0+ are disabled.
- Extensive testing in production done by Alessandro Bianchi (@alexskynet)
on the v2.0.x versions for stability. Many thanks!
*) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
request ':authority' is known. Improved test case that did not catch that
the previous 'fix' was incorrect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906475 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
r1887337, r1887340, r1887342, r1887343, r1887360, r1887364,
r1887923, r1887965, r1887993, r1888006, r1888083, r1888084,
r1888723, r1888724, r1888726, r1888729, r1889788] from trunk:
*) core/mod_ssl/mod_md:
- adding new ap_ssl_*() functions for a backward
compatible replacement of the major optional mod_ssl functions. This
allows other ssl modules to work without impersonating mod_ssl and
also allows different ssl modules being active on separate ports.
- latest mod_md with support for multiple certificates per domain
and ECDSA certificates. Removed ACMEv1 support.
- Interworking mod_md and ssl modules changed to exchange PEM strings
instead of file paths for ACME challenges.
- core/mod_ssl/mod_md: adding OCSP response provisioning as core feature.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1889793 13f79535-47bb-0310-9956-ffa450edef68
|
