| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
access control checks if SSL is not in use regardless of vhost
settings.
Submitted by: Rüdiger Plüm, Joe Orton
PR: 37791
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354394 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@350202 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@349906 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
with OpenSSL 0.9.8a.
* support/ab.c (ssl_print_cb, ssl_print_cert_info): Fix warnings with
OpenSSL 0.9.8a.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@349415 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@345053 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
means that "blank" lines consisting of just spaces or
tabs are now really blank lines
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332306 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332305 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
key generation which passed a bogus pointer for a %pA conversion,
hence could give false warnings for name-based-vhost use.
PR: 37051
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@320796 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
but safe fix for the mod_ssl renegotiation-vs-requests-with-bodies
bug:
* modules/ssl/ssl_private.h (ssl_io_buffer_fill): Add prototype.
* modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill,
ssl_io_filter_buffer): New functions.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): If a
renegotiation is needed, and the request has a non-zero
content-length, or a t-e header (and 100-continue was not requested),
call ssl_io_buffer_fill to set aside the request body data if
possible, then proceed with the negotiation.
PR: 12355
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290965 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
Reported by David Blake in 2003, including patch.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290459 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290414 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
4.x different-pointer-signedness warning.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290136 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- change ssl_expr_eval_oid to use ssl_ext_list
This change provides for a singfle function that provides an array of all
values from a certificate that match a given extension and removes the
duplictaed code that was present.
Reviewed by: Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@289444 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
This is useful to know as the most likely cause will be a misconfiguration
and so should be easily fixed, but to be fixed it's helpful if you're
aware it needs fixed!
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@279893 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
| |
returned by X509_LOOKUP_add_dir or X509_LOOKUP_load_file to detect
malformed or misconfigured CRLs. Clear error stack beforehand to
ensure reported errors are relevant.
PR: 36438
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@265702 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".
The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
configured to support exactly one protocol, use that explicit server
and client mechansim to handshake with the client or proxied machine,
rather than the generic SSLv23_[client|server]_method().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264621 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
submited by: Neale Ranns neale ranns.org
reviewed by: Ian Holsman
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263931 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
to try and parse what was going on :-)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@240089 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@226993 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
ssl_expr_scan.l
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@226990 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
algorithms in OpenSSL; enables PKCS#8 keyfile support.
PR: 35469
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@226777 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
variable.
* modules/ssl/ssl_private.h, modules/ssl/mod_ssl.h
(ssl_extlist_by_oid): Move prototype to ssl_private.h.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@224722 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
environment variables, so that their value can be used by any
module that is aware of environment variables, as in:
SetEnvIf OID("2.16.840.1.113730.1.13") "(.*) Generated (Certificate)" ca=$1
sets
ca=TinyCA
if the cert was issued by TinyCA.
Similarly,
SetenvIf OID("2.16.840.1.113730.1.13") "(.*)" NetscapeComment=$1
will set $NetscapeComment to the whole string.
It is technically allowed to have multiple instances of an extension
field, all with the same oid. In this case, the environment variable
will be set to the list of all fields, separated by commas.
The [PATCH] uses a cross-module call from mod_setenvif to
mod_ssl (the latter may also be missing: in this case the
variable will never be set). It calls a common function
in the ssl module that is also used for the SSLRequire
directive's test.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@220307 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement OID checking for mod_ssl. This code allows for checking of arbitrary client
certificate extensions by OID, in a syntax like:
SSLRequire "BaDCA Generated Certificate" in Oid("2.16.840.1.113730.1.13") \
|| "committers" in Oid("1.3.6.1.4.1.18060.1")
Note the following:
* A given OID can occur multiple times in one cert, with different values. Therefore
the OID function compares the left-hand string against each of the OID values,
until a complete match is found. If none patches, the result is FALSE
* The left hand side can be another expression, so can be a reference to a variable
or an file() invocation etc.
* The OID is also just a reference to a string, or function, or whatever.
* My manual description is very short. Someone else please help improve the description
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219940 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209827 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209823 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
So don't bother to store it, but still force OpenSSL
to provide a Session ID.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
style for const modifiers so the reader can still follow that
the data is [const] unsigned char *
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209795 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
differ as openssl has modified pointer constness from bump to bump.
This needs testing on Netware, it builds clean on 0.9.6m, 0.9.7d,
0.9.7g, and 0.9.8-final on Win32.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209675 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
0.9.7g to 0.9.7h in const'ness.
PR: 34520
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209530 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
the negotiated compression.
Reviewed by: wrowe, Maxime Petazzoni
Submitted by: Georg v. Zezschwitz <gvz 2scale.de>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209469 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
paths to each custom build target. However, the time stamps of these
directories will trigger a rebuild in bison where sources haven't
changed. These targets are not necessary, as these generated files
reside in the current directory (which, obviously, already exists.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209466 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
Submitted by: Georg v. Zezschwitz <gvz@2scale.de>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209465 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
ensure that the protocol is set in all cases, and in all MPMs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@201576 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@191578 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@190592 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I will be adding documentation for the new directives hopefully in the next day or so.
* server/core.c: Added 'Protocol' to the core module config
Added ap_{set,get}_server_protocol API.
Added new directive: 'AcceptFilter'.
Enable 'httpready' by default on systems that support it. Use dataready filters for others.
* server/listen.c: Attempt to inherit protocols from Listener Records to Server configs.
The 'Listen' directive can now optionally take a protocol arg
Move bits that determined which accept filter is applied to core.c.
Added bits to find the correct accept filter based on the core's configuration.
* include/{ap_listen.h,http_core.h}: Add Protocol to respective structures.
* include/http_core.h: Add the accf_map table to the core_server_config structure
* include/ap_mmn.h: Minor MMN Bump for the new interfacces.
* modules/ssl/ssl_engine_init.c: Use the new protocol framework to enable mod_ssl for 'https' websites.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@190563 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
nobuffer flag to zero since the structure is palloc'ed not pcalloc'ed.
PR: 35279
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@189971 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
it generates the current C code again (after some refactoring a while
ago); and regenerate the file.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@189570 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
off-by-one.
PR: 35081
Submitted by: Marc Stern <mstern csc.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@179781 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
This makes binaries far easier to debug, during operation and for post-crash
.dmp analysis. Do not alter /Gs optimizations per brane.
Reviewed by: stoddard, brane
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@170253 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setting when configured e.g. as a reverse proxy:
* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate. (ssl_hook_Translate): Remove.
* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.
PR: 34452
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161958 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
Submitted by: Guenter Knauf <fuankg@apache.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161813 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@157947 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@157946 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* modules/ssl/ssl_engine_vars.c (ssl_ext_lookup): New function.
(ssl_var_register): Register optional function.
* modules/ssl/ssl_private.h (ssl_ext_lookup): Add prototype.
Submitted by: David Reid, Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153933 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
internalise the ap_reg*<->PCRE wrapper:
* configure.in: Add srclib/pcre to the include path.
* include/ap_regex.h: Renamed from include/pcreposix.h. Prefix all
constants with AP_; prefix all functions and types with ap_. Define
AP_DECLARE to nothing if necessary. Remove regcomp error codes.
* include/httpd.h: Include ap_regex.h not pcreposix.h.
(ap_pregcomp, ap_regexec, ap_regfree): s/regex_t/ap_regex_t/.
(ap_regexec, ap_regerror): Prototypes moved to ap_regex.h.
* server/util.c (regex_cleanup, ap_pregcomp, ap_pregsub, ap_pregfree):
Adjust for ap_ prefixed types. (ap_regexec, ap_regerror): Removed.
* server/Makefile.in: Build util_pcre.c.
* server/util_pcre.c: Copied from srclib/pcre/pcreposix.c; remove use
of PCRE-internals to do error mapping; rename types to add AP_/ap_
prefixes as above. Use APR includes. (ap_regerror): Use apr_snprintf.
* srclib/pcre/Makefile.in: Don't build pcreposix.c into libpcre.la.
* modules/*: Update to use new type and constant names.
PR: 27750 (part one)
Submitted by: Andres Salomon <dilinger voxel.net>, Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153384 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
SSLUsername-controlled assignment of r->user above the SSLRequire
checks so that the "username" gets logged if SSLRequire denies access.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153280 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
were escaped as fallout from CAN-2003-0020.
Submitted by: Eric Covener <ecovener gmail.com>
Reviewed by: Jeff Trawick
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153105 13f79535-47bb-0310-9956-ffa450edef68
|
