Re: Plan for T of 2.4.19

2016-03-18 Thread Yann Ylavic 
On Fri, Mar 18, 2016 at 10:01 AM,   wrote:
>
> I would like to suggest backporting:
>
> https://svn.apache.org/viewvc?view=revision=1734412

Sounds reasonable, would you add an entry in the STATUS file (at the
root of branches/2.4.x) to start the vote (with your own)?

>
> Now I'm not sure of the update policy on "bug fix" release, maybe adding a
> feature is too much, in which case apply the policy and do not backport:-)

2.4.x is also a features branch ;)

Regards,
Yann.

Re: [Patch] Ensure HTTP1 filters are only added on HTTP1 requests

2016-03-18 Thread William A Rowe Jr 
On Wed, Mar 16, 2016 at 3:58 AM, Stefan Eissing <
stefan.eiss...@greenbytes.de> wrote:

> Hmm, I can tell you for certain that modules encountering HTTP/2
> connections
> in 2.4 do not find the filters as they may expect.
>

Right, that's by design.  Existing protocol modules assume a particular
stack
for a 'default' newly created connection.  If that connection is configured
as h2
then all bets are off, but this wouldn't be the case, especially on an
upgrade
of one subversion to another (e.g. 2.4.18 to 2.4.20).

A content module that assumes anything about the filter stack can run into
troubles using mod_http2, or mod_ftp, or lots of other examples, but these
protocol modules are making assumptions about 2.4.x based on what the
server was already doing.  Let's not break those assumptions until 2.6.0
when lots of assumptions go out the door.

Bill

Re: TLS session ticket key (shared) renewal

2016-03-18 Thread Yann Ylavic 
On Fri, Mar 18, 2016 at 2:55 PM, Yann Ylavic  wrote:
> Currently this can be done by using a (shared) SSLSessionTicketKeyFile
> and gracefuly restarting httpd instances, but there is room for
> improvements here.
>
> Thoughts?

For the single httpd instance case at least, I'm thinking of
SSLSessionTicketKeyTimeout which could be used for renewing the
key(s), without the need for a scheduled restart.
The key(s) would have to be stored/sync-ed in a SHM (or slotmem)...

Re: svn commit: r1735216 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/ap_mpm.h include/mpm_common.h modules/proxy/mod_proxy_wstunnel.c server/mpm/event/event.c server/mpm/event/fdqueue.h

2016-03-18 Thread Stefan Eissing 
Thanks Rainer. So, my tests now concur: r1735176 is the cuplrit and I reverted 
it. The reversion of r1735174 has been reverted again, so the original change 
by Graham stands as it is.

The change of http/1 filter apply needs some more thoughts. Graham, do you 
build and test with mod_http2 loaded?

-Stefan

> Am 16.03.2016 um 13:55 schrieb Ruediger Pluem :
> 
> Try svn co -r 1735175 https://svn.apache.org/repos/asf/httpd/httpd/trunk or 
> svn up -r 1735175 and see where you end
> compiling and testing it.
> 
> Regards
> 
> RĂ¼diger
> 
> On 03/16/2016 01:49 PM, Stefan Eissing wrote:
>> I am very confused right now. Nothing makes sense.
>> 
>> Can someone who is certain check in a trunk that is working for him?
>> 
>>> Am 16.03.2016 um 13:23 schrieb Stefan Eissing 
>>> :
>>> 
>>> Testing again to verify...
>>> 
 Am 16.03.2016 um 13:15 schrieb Yann Ylavic :
 
 On Wed, Mar 16, 2016 at 12:06 PM,   wrote:
> Author: icing
> Date: Wed Mar 16 11:06:28 2016
> New Revision: 1735216
> 
> URL: http://svn.apache.org/viewvc?rev=1735216=rev
> Log:
> reverting r1735174 as http/1.1 just terminated before response
 
 Hmm, not sure to understand.
 Didn't you mean to revert r1735176 instead?
>>> 
>> 
>>

Re: svn commit: r1734396 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/ssl/mod_ssl.c

2016-03-18 Thread Jeff Trawick 
On Thu, Mar 10, 2016 at 7:31 AM,  wrote:

> Author: ylavic
> Date: Thu Mar 10 12:31:13 2016
> New Revision: 1734396
>
> URL: http://svn.apache.org/viewvc?rev=1734396=rev
> Log:
> Merge r1734006 from trunk:
>
> mod_ssl: Don't lose track of the SSL context if the ssl_run_pre_handshake()
> hook returns an error.
>

The ssl_run_pre_handshake() hook doesn't exist in the 2.4.x branch.  I
would rather like it to exist there and will propose so after some testing,
but it isn't yet clear that the CHANGES entry will make sense for httpd
2.4.19.  (We'll see.)


>
> Submitted by: minfrin
> Reviewed by: minfrin, jim, ylavic
> Backported by: ylavic
>
> Modified:
> httpd/httpd/branches/2.4.x/   (props changed)
> httpd/httpd/branches/2.4.x/CHANGES
> httpd/httpd/branches/2.4.x/STATUS
> httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c
>
> Propchange: httpd/httpd/branches/2.4.x/
>
> --
> --- svn:mergeinfo (original)
> +++ svn:mergeinfo Thu Mar 10 12:31:13 2016
> @@ -2,4 +2,4 @@
>  /httpd/httpd/branches/2.4.17-protocols-http2:1701609-1705681
>  /httpd/httpd/branches/revert-ap-ldap:1150158-1150173
>  /httpd/httpd/branches/wombat-integration:723609-723841
>
> -/httpd/httpd/trunk:1200475,1200478,1200482,1200491,1200496,1200513,1200550,1200556,1200580,1200605,1200612,1200614,1200639,1200646,1200656,1200667,1200679,1200699,1200702,1200955,1200957,1200961,1200963,1200968,1200975,1200977,1201032,1201042,120,1201194,1201198,1201202,1201443,1201450,1201460,1201956,1202236,1202453,1202456,1202886,1203400,1203491,1203632,1203714,1203859,1203980,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206472,1206587,1206850,1206940,1206978,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210067,1210080,1210120,1210124,1210130,1210148,1210219,1210221,1210252,1210284,1210336,1210378,1210725,1210892,1210951,1210954,1211351-1211352,1211364,1211490,1211495,1211528,1211663,1211680,1212872,1212883,1213338,1213380-1213381,1213391,1213399,1213567,1214003,1214005,1214015,12
>
>  
> 15514,1220462,1220467,1220493,1220524,1220570,1220768,1220794,1220826,1220846,1221205,1221292,1222335,1222370,1222473,1222915,1222917,1222921,1222930,1223048,1225060,1225197-1225199,1225223,1225380,1225476,1225478,1225791,1225795-1225796,1226339,1226375,1227910,1228700,1228816,1229024,1229059,1229099,1229116,1229134,1229136,1229930,1230286,1231255,1231257,1231442,1231446,1231508,1231510,1231518,1232575,1232594,1232630,1232838,1234180,1234297,1234479,1234511,1234565,1234574,1234642-1234643,1234876,1234899,1235019,1236122,1236701,1237407,1238545,1238768,1239029-1239030,1239071,1239565,1240315,1240470,1240778,1241069,1241071,1242089,1242798,1242967,1243176,1243246,1243797,1243799,1244211,1245717,1290823,1290835,1291819-1291820,1291834,1291840,1292043,1293405,1293534-1293535,1293658,1293678,1293708,1294306,1294349,1294356,1294358,1294372,1294471,1297560,1299718,1299786,1300766,130,1301725,1302444,1302483,1302653,1302665,1302674,1303201,1303435,1303827,1304087,1304874-1304875,1305167
>
>  
> ,1305586,1306350,1306409,1306426,1306841,1307790,1308327,1308459,1309536,1309567,1311468,1324760,1325218,1325227,1325250,1325265,1325275,1325632,1325724,1326980,1326984,1326991,1327689,1328325-1328326,1328339,1328345,1328950,1330189,1330964,1331110,1331115,1331942,1331977,1332378,1333969,1334343,1335882,1337344,1341906,1341913,1343085,1343087,1343094,1343099,1343109,1343935,1345319,1345329,1346905,1347980,1348036,1348653,1348656,1348660,1349905,1351012-1351020,1351071-1351072,1351074,1351737,1352047,1352534,1352909-1352912,1357685,1358061,1359057,1359881,1359884,1361153,1361298,1361766,1361773,1361778,1361784,1361791-1361792,1361801,1361803,1362020,1362538,1362707,1363035,1363183,1363186,1363312,1363440,1363557,1363589,1363829,1363832,1363836-1363837,1363853,1364133,1364138,1364229,1364601,1364695,1365001,1365020,1365029,1365479,1366319,1366344,1366621,1367778,1367819,1368053,1368058,1368094,1368121,1368131,1368393,1368396,1369419,1369568,1369604,1369618,1369904,1369995,136,1370
>
>  
>

Re: svn commit: r1734396 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/ssl/mod_ssl.c

2016-03-18 Thread Yann Ylavic 
On Fri, Mar 18, 2016 at 5:06 PM, Jeff Trawick  wrote:
> On Thu, Mar 10, 2016 at 7:31 AM,  wrote:
>>
>> Author: ylavic
>> Date: Thu Mar 10 12:31:13 2016
>> New Revision: 1734396
>>
>> URL: http://svn.apache.org/viewvc?rev=1734396=rev
>> Log:
>> Merge r1734006 from trunk:
>>
>> mod_ssl: Don't lose track of the SSL context if the
>> ssl_run_pre_handshake()
>> hook returns an error.
>
>
> The ssl_run_pre_handshake() hook doesn't exist in the 2.4.x branch.  I would
> rather like it to exist there and will propose so after some testing, but it
> isn't yet clear that the CHANGES entry will make sense for httpd 2.4.19.
> (We'll see.)

I think the backport worth it because in 2.4.x like in trunk, we could
also (unlikely) fail in SSL_set_session_id_context(), and likewise
lose track of sslconn->ssl.

Maybe s/ssl_run_pre_handshake/SSL_set_session_id_context/ in CHANGES?

mod_lua LuaHookAccessChecker not working

2016-03-18 Thread Mark Taylor 
Hi,

I'm trying to use LuaHookAccessChecker but with the config below I am able
to access everything under "/", including example.lua

 httpd.conf:

LuaHookAccessChecker /usr/local/apache/htdocs/access.lua access_check


SetHandler lua-script


 /usr/local/apache/htdocs/access.lua:

function access_checker(r)
r:err('access_checker')
return 403 -- 403 is the 'Forbidden' status code
end

 /usr/local/apache/htdocs/example.lua

function handle(r)
r.content_type = "text/plain"
r:puts("Hello Lua World!\n")
return apache2.OK
end