Re: external redirect

2009-01-23 Thread Peter Poeml 
On Fri, Jan 23, 2009 at 10:07:38AM +0100, fka...@googlemail.com wrote:
 Hi,
 
 I'd like to do an external redirect.
 
 When I return HTTP_MOVED_TEMPORARILY from my request
 handler, the client browser gets the standard FOUND
 message which is ok so far.
 
 However, when I also try to set the new Location this
 always causes a segmentation fault:
 
 char* uri=apr_pstrdup(r-pool,http://localhost/abcdef;);
 apr_table_setn(r-headers_out,Location,uri);
 
 return HTTP_MOVED_TEMPORARILY;
 
 I also tried to do this from the access-checker hook (for
 testing), however it segfaults immediately:
 
 
 static int done_once=false;
 
 static int
 _hook_access_checker(request_rec* r){
 
   if(done_once)
 return DECLINED;
   else{
 done_onc=true;
 
 /* ok (no segfault) but of course no redirection: */
 //return HTTP_MOVED_TEMPORARILY;
 
 /* seg fault: */
 char* uri=apr_pstrdup(r-pool,http://localhost/abcdef;);
 apr_table_setn(r-headers_out,Location,uri);
 
 return HTTP_MOVED_TEMPORARILY;
   }
 }
 
 Thank You for any further hints...
  Felix

It should work just like that. In which line does the crash precisely
happen?

If the innocent looking lines trigger this, I would expect that
something is hosed already when they are reached, something like
corruption of the request object by something else which is going on
above.

Can you reproduce it easily, i.e. with starting the server and issueing
a single request?

Peter
-- 
Contact: ad...@opensuse.org (a.k.a. ftpad...@suse.com)
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgphpIJP6vSeC.pgp
Description: PGP signature

Re: external redirect

2009-01-23 Thread Peter Poeml 
On Fri, Jan 23, 2009 at 06:24:14PM +0900, Juhani Connolly wrote:
 I had a similar problem answered here not long ago though it wasn't causing 
 a segfault.

 Try using r-err_headers_out instead of r-headers_out

For the Location header, r-headers_out is correct. For additional
headers, r-err_headers_out would need to be used though.

 As you're returning an error, I believe these are the values that will be 
 used for headers.

 If that doesn't fix it, try running through a debugger or check the core 
 dump for the exact cause of the segfault for further hints.

If that does seemingly fix it, I would expect the real problem to still
exist and surface somewhere else later :)

Peter
-- 
Contact: ad...@opensuse.org (a.k.a. ftpad...@suse.com)
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgp7mj0x9WY0p.pgp
Description: PGP signature

Re: external redirect

2009-01-23 Thread Peter Poeml 
On Fri, Jan 23, 2009 at 11:33:29AM +0100, fka...@googlemail.com wrote:
 Peter Poeml:
 
  It should work just like that. In which line does the
  crash precisely happen?
 
 In my code (see below) it is triggered if I try to set the
 apr_table_t and *then* return. When returning *only* there
 is no seg fault. Please see the comments in the code.  It
 must be something trivial...
 
 I recompiled apache with debugging symbols, however, I
 failed to track the issue with the debugger gdb since I am
 not very familiar with it. Is there an easy way to get more
 info about the crash?
 
 
  If the innocent looking lines trigger this, I would expect
  that something is hosed already when they are reached,
  something like corruption of the request object by
  something else which is going on above.
 
 
 FYI, this is my little module:

I built the module from that source and it works for me. It doesn't crash.

 % curl -sI 
'http://mbopensuse.suse.de/zrkadlo/repositories/Apache/openSUSE_11.0/Apache.repo?country=us'
HTTP/1.1 302 Found
Date: Fri, 23 Jan 2009 11:10:15 GMT
Server: Apache/2.2.11 (Linux/SUSE) mod_zrkadlo/2.2
Location: http://localhost/abcdef
Content-Type: text/html; charset=iso-8859-1

  Can you reproduce it easily, i.e. with starting the server
  and issueing a single request?
 
 Yes, exactly. I restart apache, open the browser to
 http://localhost and then apache crashs.
 /var/log/apache2/error_log:
 
 [Fri Jan 23 11:02:35 2009] [notice] Apache/2.2.10 (Unix)
 DAV/2 mod_ssl/2.2.10 OpenSSL/0.9.8j SVN/1.5.4 configured --
 resuming normal operations
 
 [Fri Jan 23 11:02:40 2009] [notice] child pid 12364 exit
 signal Segmentation fault (11)
 
 [Fri Jan 23 11:04:19 2009] [notice] caught SIGTERM, shutting
 down
 
 Hm...

I suggest you compile with debug symbols and run it under gdb.

apxs2 -c -Wc,-Wall -g mod_hs.c
# (make sure to load .libs/mod_hs.so)

# start it under gdb like the following. It'll start only a single
# process that doesn't fork, which makes it easier to debug the crash
gdb --args /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DONE_PROCESS 
-DNO_DETACH
# type 'r' in gdb to run it

# trigger the crash
# look at back trace with 'bt' and 'l', observing the local variables

I hope you get a good trace, which helps you further.

Peter
-- 
Contact: ad...@opensuse.org (a.k.a. ftpad...@suse.com)
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgpKA2U1PBVIW.pgp
Description: PGP signature

Re: mod_dbd issues in worker vs prefork mpm

2008-11-07 Thread Peter Poeml 
Hi,

On Fri, Nov 07, 2008 at 03:24:00PM +0100, B. F. wrote:
 I have recently started using the mod_dbd module for database
 connection handling in my own module and a had slight hope that it
 would perform better than a classic persistent connection approach.
 
 Basically I am using the ap_dbd_acquire(request_rec*) function in a
 handler function (in my own module) and then uses some of the apr_dbd
 functions to fetch data from a PostgreSQL database, all this seems
 fine.
 
 When I run a performance test (using httperf) with the prefork mpm I
 get numbers like ~100 requests/s.
 However when I run the same test but now using the worker mpm, this
 number drops to almost nothing...
 
 As I understood it, the worker (or any threaded mpm) should make
 mod_dbd/apr_dbd perform better as it enables functionality needing
 multi threading (like connection pooling) while prefork limits mod_dbd
 to only use a persistent connection strategy. Despite this the prefork
 mpm performs better...
 
 I have tried several different configuration setups without seeing any
 great difference. A typical setup is however: 200 max_connections (in
 postgresql.conf, the same for both the prefork and worker tests).
 Having DBDMax set to 10 while setting ServerLimit to 20 should fully
 make mod_dbd utilize all the 200 available connections in Postgres, is
 that correct?

One suggestion, you could check with netstat during the test how many
connections to the database are actually opened. Just to get a feel of
how the pool size behaves, and also to double check assumptions.

 Another thing that suggets there is something wrong is that the load
 while running the prefork test is overall high, while running the
 worker test the system load is much lower.

Peter
-- 
Contact: [EMAIL PROTECTED] (a.k.a. [EMAIL PROTECTED])
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgpz0Q7k2siHE.pgp
Description: PGP signature

Where to prepare DBD statements? post_config or child_init?

2008-11-05 Thread Peter Poeml 
Hi,

I wonder where is the best place to prepare a mod_dbd statement - I'm
thinking about either the post_config or child_init hook.

So far, I prepared the statements when a configuration directive is
processed, like many other similar modules do, too. To decrease error
proneness by (me) forgetting to update the configuration when I change
my module in a way that requires a changed SQL query, I want to compile
a default query into the module. This means that no config directive for
this is needed in the config anymore (although it can optionally still
be given). Therefore, I don't have the occasion any longer to use my
config directive processing handler to prepare the statement.

So this needs to be moved to another place (which is always run, after
configuration processing). 

Therefore I was thinking about a post_config or child_init hook. I'm not
exactly sure about the difference, I know that child_init is run after
forking but before thread creation, but I am not sure which way is
appropriate to be used with mod_dbd.

Could someone who knows share their insight? 
Pointers to examples would be appreciated very much, too.

I'm using Apache 2.2.10 worker, in a multi-process and multi-threaded
configuration.

Thanks,
Peter
-- 
Contact: [EMAIL PROTECTED] (a.k.a. [EMAIL PROTECTED])
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgpvuJ9gIvnnP.pgp
Description: PGP signature

Re: How can i decrypt a cookie in a module

2008-10-28 Thread Peter Poeml 
On Tue, Oct 28, 2008 at 12:35:51PM +0100, Christian Klinger wrote:
 Hello,
 
 how can i decrypt a blowfish sigend cookie in an module.
 
 I have tried to do this so far: mod_auth_tkt is the module which  
 should decrypt the cookie.
 
 I have included openssl/blowfish in the mod_auth_tkt.c
 #include openssl/blowfish.h
 
 I try to get my key config with this command:
 
   BF_set_key(key, 8, (unsigned char *)bf_key[1]);
   BF_Decrypt(b, key);
 
 I hope this is correct so far?
 make  make install works so far.
 
 But if i try to start apache i get this error message:
 
 Syntax error on line 235 of /opt/apache/server/conf/httpd.conf:
 
 Cannot load /opt/apache/server/modules/mod_auth_tkt.so into server: / 
 opt/apache/server/modules/mod_auth_tkt.so: undefined symbol: BF_Decrypt
 
 Any ideas where i can look for this? 

The symbol BF_Decrypt is probably to be found in libcrypto from OpenSSL.

When mod_auth_tkt was compiled, it was not linked with that library. So
either you need to add -lcrypto to the compile command, or you can
alternatively start Apache with the LoadFile directive, which will
cause Apache to load the library so that the symbol can be found at
runtime.

Peter
-- 
Contact: [EMAIL PROTECTED] (a.k.a. [EMAIL PROTECTED])
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgpbN8Ck8unfl.pgp
Description: PGP signature

Re: How can i decrypt a cookie in a module

2008-10-28 Thread Peter Poeml 
On Tue, Oct 28, 2008 at 02:12:26PM +0100, Christian Klinger wrote:
 
 
 The symbol BF_Decrypt is probably to be found in libcrypto from  
 OpenSSL.
 
 When mod_auth_tkt was compiled, it was not linked with that library.  
 So
 either you need to add -lcrypto to the compile command, or you can
 alternatively start Apache with the LoadFile directive, which will
 cause Apache to load the library so that the symbol can be found at
 runtime.
 
 Peter
 
 Hello Peter,
 
 thanks for the answers, but i don´t get it.
 
 I try to add the Icrypto in my Makefile i get the error again:

I meant -l (as in link), not -I (as in include).

Try to add this into the command: 
-lssl -lcrypto

This will add a reference to libssl and libcrypto (from your library
path) be added to the shared object that you compile with 'apxs -c ...'.


You didn't get an error from the -I you tried, because it just adds a
search path to look for include files, and non-existing paths are
ignored.


 What file should i include to the LoadFile? Blowfish.h mod_auth_tkt.so?

You would use it as such:

LoadFile /usr/lib/libcrypto.so

To find the correct library, you could try 
ldd $(which sshd) | grep crypto

 Sorry i´m a newbie in this stuff.

Everybody is at some point in time :)

Peter
-- 
Contact: [EMAIL PROTECTED] (a.k.a. [EMAIL PROTECTED])
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgpqL2OEZkIIB.pgp
Description: PGP signature

Re: How can i decrypt a cookie in a module

2008-10-28 Thread Peter Poeml 
Hi Christian,

On Tue, Oct 28, 2008 at 02:45:05PM +0100, Christian Klinger wrote:
 now i have the -lssl and -lcrypt in the gcc command but i alwas get  
 the same error again.

With the same error, you mean the same symbol is still missing when you
run Apache and use the modules functionality?

 make
[...]
 Libraries have been installed in:
/opt/apache/server/modules
[...]

The output of your make command looks fine anyway.

 
 I have added the LoadFile with all possibilitys of libcrypto

Just to not be misunderstood: You need only one of the two means -
either linking to all needed libraries, and letting the runtime linker
do the work -- or use the LoadFile directive to take care.

 I´ve included all versions of the libcrypto lib.
 
 LoadFile /usr/lib/libcrypto.so.0.9.8
 LoadFile /usr/lib/libcrypto.so.0.9.7
 LoadFile /usr/lib/libcrypto

Btw, doing this with different version of a library is maybe not a good
idea, because their symbols could clash.

 but with no success
 
 Any Ideas left
 
 Christian

On Tue, Oct 28, 2008 at 03:40:12PM +0100, Christian Klinger wrote:
 Hi again,
 
 ldd mod_auth_tkt.so
   linux-gate.so.1 =  (0xe000)
   libssl.so.0.9.8 = /usr/lib/libssl.so.0.9.8 (0xb7f6f000)
   libcrypto.so.0.9.8 = /usr/lib/libcrypto.so.0.9.8 (0xb7e29000)
   libc.so.6 = /lib/libc.so.6 (0xb7cf6000)
   libdl.so.2 = /lib/libdl.so.2 (0xb7cf2000)
   libz.so.1 = /lib/libz.so.1 (0xb7cde000)
   /lib/ld-linux.so.2 (0x8000)
 
 is this ok? Or do I need something special for blowfish.h?

You could check if your libcrypto actually contains the symbol you were
missing -- after all it might be possible that your OpenSSL is compiled
without blowfish support? Does
strings /usr/lib/libcrypto.so.0.9.8 | grep BF_Decrypt
print something?

If all else fails, check if you have some kind of mess from previous
build attempts which causes Apache to load other objects than you might
think. lsof -p $pid_of_parent_apache_proxy can be a valuable tool to
double check.

Peter
-- 
Contact: [EMAIL PROTECTED] (a.k.a. [EMAIL PROTECTED])
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgpUDd7EU4Y4X.pgp
Description: PGP signature

Re: FWD: Testing modules using Python

2008-08-07 Thread Peter Poeml 
Hi Steven,

On Tue, Aug 05, 2008 at 10:21:01 +0200, [EMAIL PROTECTED] wrote:
 Hi,
 on [EMAIL PROTECTED] Peter gave me the advice to build apache with the 
 SHARED_CORE rule. Apache 2.x does not have this rule anymore. Is there 
 something comparable in Apache 2.x?
 Sorry for cross-posting but I think you are the guys who could help me.
 
 Steven

The build infrastructure doesn't seem to know this anymore - 

but does it work if you do the following?

make clean
CFLAGS='-D SHARED_CORE -fPIC' ./configure
make

and then take the line which links together the httpd binary (the
one with
libtool ... -mode=link gcc ... -o httpd ...
which is probably the last line)
and rerun it manually with a slight change:

libtool ... -mode=link gcc ... -shared -o libhttpd.so ... 
server/exports.o

This should build the shared object anyway.
But it is possible that it doesn't provide what you need. YMMV.

 
 Steven Mohr
 Bachelor student
 
 DLR (German Aerospace Center), 
 Simulation and Software Technology
 Linder Hoehe, 51147 Cologne, Germany
 voice: +49 2203 601 2956  fax: +49 2203 601 3070
 eMail: steven.mohr at dlr.de  http://www.dlr.de/sc
 
 
 
 -Ursprüngliche Nachricht-
 Von: Peter Poeml [mailto:[EMAIL PROTECTED] 
 Gesendet: Montag, 4. August 2008 16:37
 An: [EMAIL PROTECTED]
 Betreff: Re: Testing modules using Python
 
 On Mon, Aug 04, 2008 at 04:27:58PM +0200, [EMAIL PROTECTED] wrote:
  Hi,
  I want to unit test my module (catacomb.tigris.org) using Python. My
  idea is to load the module with ctypes (a python module that allows to
  load functions from shared libraries into python) and test it in this
  environment. The main advantage is that it's much easier to create
  mock-up objects in Python than in C. My problem is that ctypes fails if
  the shared library contains any undefined symbols. Because the module is
  used normally together with a httpd server,
  there're a lot of undefined symbols. My solution is to link libapr,
  libaprutil, libexpat and libmysql statically in my module and to add a
  file with the definitions of the apache-internal functions (just copy
  and paste from httpd source). With every function which I copy in this
  file I get a few new undefined symbols. All in all it's a pain to search
  all definitions and I probably have to do this again after adding new
  features which uses other functionalities. 
  
  Is there an easier way to do this? To build a module which includes all
  needed links to apache functions without linking the needed libraries
  statically and copy-and-paste functions from apache source? Or do you
  know a better way to do this?
  
  Steven 
 
 With httpd 1.3, there used to be a way to build something what was
 called shared core, a shared object that contained the server in a
 form you could link it into an application.
 
 I don't know if this is still possible with httpd 2.x, but what used I
 in an RPM package at the time was 
 
 --enable-rule=SHARED_CORE
 
 mkdir shared_core
 cp -p src/libhttpd.ep src/libhttpd.so src/httpd
 shared_core
 
 
# install shared-core apache
install -m 755 shared_core/libhttpd.ep $RPM_BUILD_ROOT/%{_libdir}/%{name}
install -m 755 shared_core/libhttpd.so $RPM_BUILD_ROOT/%{_libdir}/%{name}
ln -s %{_libdir}/%{name}/libhttpd.ep 
 $RPM_BUILD_ROOT/%{_sbindir}/httpd-shared_core
ln -s %{_libdir}/%{name}/libhttpd.so $RPM_BUILD_ROOT/%{_libdir}/libhttpd.so
 
 
 At the time, that was reportedly working to build DSOs with Kylix 3.
 
 Peter
 -- 
 Contact: [EMAIL PROTECTED] (a.k.a. [EMAIL PROTECTED])
  #opensuse-mirrors on freenode.net
 Info: http://en.opensuse.org/Mirror_Infrastructure
  
 SUSE LINUX Products GmbH
 Research  Development

Peter
-- 
WARNING: This bug is visible to non-employees. Please be respectful!
 
SUSE LINUX Products GmbH
Research  Development


pgpRrhC2qDicb.pgp
Description: PGP signature

Re: Testing modules using Python

2008-08-04 Thread Peter Poeml 
On Mon, Aug 04, 2008 at 04:27:58PM +0200, [EMAIL PROTECTED] wrote:
 Hi,
 I want to unit test my module (catacomb.tigris.org) using Python. My
 idea is to load the module with ctypes (a python module that allows to
 load functions from shared libraries into python) and test it in this
 environment. The main advantage is that it's much easier to create
 mock-up objects in Python than in C. My problem is that ctypes fails if
 the shared library contains any undefined symbols. Because the module is
 used normally together with a httpd server,
 there're a lot of undefined symbols. My solution is to link libapr,
 libaprutil, libexpat and libmysql statically in my module and to add a
 file with the definitions of the apache-internal functions (just copy
 and paste from httpd source). With every function which I copy in this
 file I get a few new undefined symbols. All in all it's a pain to search
 all definitions and I probably have to do this again after adding new
 features which uses other functionalities. 
 
 Is there an easier way to do this? To build a module which includes all
 needed links to apache functions without linking the needed libraries
 statically and copy-and-paste functions from apache source? Or do you
 know a better way to do this?
 
 Steven 

With httpd 1.3, there used to be a way to build something what was
called shared core, a shared object that contained the server in a
form you could link it into an application.

I don't know if this is still possible with httpd 2.x, but what used I
in an RPM package at the time was 

--enable-rule=SHARED_CORE

mkdir shared_core
cp -p src/libhttpd.ep src/libhttpd.so src/httpd
shared_core


   # install shared-core apache
   install -m 755 shared_core/libhttpd.ep $RPM_BUILD_ROOT/%{_libdir}/%{name}
   install -m 755 shared_core/libhttpd.so $RPM_BUILD_ROOT/%{_libdir}/%{name}
   ln -s %{_libdir}/%{name}/libhttpd.ep 
$RPM_BUILD_ROOT/%{_sbindir}/httpd-shared_core
   ln -s %{_libdir}/%{name}/libhttpd.so $RPM_BUILD_ROOT/%{_libdir}/libhttpd.so


At the time, that was reportedly working to build DSOs with Kylix 3.

Peter
-- 
Contact: [EMAIL PROTECTED] (a.k.a. [EMAIL PROTECTED])
 #opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
 
SUSE LINUX Products GmbH
Research  Development


pgp5uxWB6T0sk.pgp
Description: PGP signature

Re: [Apache Module] Request External Redirection

2008-01-14 Thread Dr. Peter Poeml 
On Mon, Jan 14, 2008 at 03:50:25PM +0100, karim Bendadda wrote:
 Thanks for your answer! But I don't understand the second way to implement
 it?? it can respond with a Location: header and a status of 302.??
 
 On 1/14/08, Joe Lewis [EMAIL PROTECTED] wrote:
 
  karim Bendadda wrote:
I'm writing a module (MyModule_mod.c) wich has an *HTTP
  request* as
   input . I want to add an information to the request (an integer) and
   redirect it to an *external *server ...Did you know any method for doing
   this?
  
  
 
  There are two paths.  The server can PROXY to the external server (e.g.
  grab the result from the external server and then relay that to the
  client) or it can respond with a Location: header and a status of 302.
  Figure out which you wanted to do, and if you struggle to implement it,
  let us know.

In your handler, you would do something like this to implement the latter:

/* set a Location: header and 302 redirect. */

/* assemble the url by appending the filename to a baseurl */
uri = apr_pstrcat(r-pool, baseurl, filename, NULL);

apr_table_setn(r-headers_out, Location, uri);

return HTTP_MOVED_TEMPORARILY;

Peter
-- 
WARNING: This bug is visible to non-employees. Please be respectful!
 
SUSE LINUX Products GmbH
Research  Development


pgpm6ZSxphXgE.pgp
Description: PGP signature

Re: Problems on Suse

2007-10-17 Thread Dr. Peter Poeml 
Hi,

On Tue, Oct 09, 2007 at 03:44:22PM -0300, Deodoro Filho wrote:
 I guess you're right, beats me why the distribution rpm was compiled 
 with AP_DEBUG.
 
 Thank you very much,
 
 Deodoro Filho
 
 Nick Kew wrote:
 On Tue, 09 Oct 2007 14:54:27 -0300
 Deodoro Filho [EMAIL PROTECTED] wrote:
 
 Can anyone help me ?
 
 Looks like the SuSE is compiled with debug, and is unhappy about
 you passing 0 for readbytes.

indeed, the httpd on SuSE was compiled with AP_DEBUG until recently
(tripped over it myself). 

I think the background was that in 2.0 alpha times, it had the effect of
causing a compile with -Wall and probably was added for that effect.

I have corrected the mistake.

Peter
-- 
WARNING: This bug is visible to non-employees. Please be respectful!
 
SUSE LINUX Products GmbH
Research  Development


pgpJJL0qQ7gV0.pgp
Description: PGP signature

Re: auth dbd pgsql issues

2007-08-31 Thread Dr. Peter Poeml 
On Tue, Aug 21, 2007 at 10:32:56AM -0700, Chris Darroch wrote:
I think you're right about the problem you're encountering;
 the patches for 2.2.x await a third vote and so they're not in
 expected in 2.2.5/6, as it stands at the moment.

I am using the trunk version of mod_dbd.c with 2.2.4 since about March,
and I can confirm that it works well enough to have served millions of
requests with database lookups since then, by a custom module through
mod_dbd into a mysql database.

The only difference of my mod_dbd.c version being the recent small
apr_dbd_check_conn() change (r539687).

Peter
-- 
WARNING: This bug is visible to non-employees. Please be respectful!
 
SUSE LINUX Products GmbH
Research  Development


pgp1LE9XW06MR.pgp
Description: PGP signature

Re: [PATCH] mod_autoindex character set

2007-03-21 Thread Dr. Peter Poeml 
On Thu, Feb 01, 2007 at 11:13:38AM -0600, William A. Rowe, Jr. wrote:
 Dr. Peter Poeml wrote:
  On Thu, Feb 01, 2007 at 10:59:46 +, Joe Orton wrote:
  On Wed, Jan 31, 2007 at 09:45:12PM +0100, Dr. Peter Poeml wrote:
  Users have a problem with directory listings generated by mod_autoindex:
  It is not possible to control the character setting which which the
  response is marked.
  AddDefaultCharset does allow this already as you mention in the bug.  
  Can't users who insist on using filenames using one encoding and file 
  content using another simply use:
 
  AddDefaultCharset UTF-8
  AddCharset ISO-8859-1 .html
 
  or similar?
  
  I don't think so, because it means 
   1) that all .html files would need to be ISO-8859-1
   2) you cannot have files with charset=somethingelse anymore
   3) all non-html files would need to be UTF-8 then, unless you add
  AddCharset directives for all of them...
 
 And you can't match by name.  I'm reviewing the patch, but I'll already
 offer a +1 on the concept.

On Thu, Feb 01, 2007 at 10:01:52PM +0100, Ruediger Pluem wrote:
 In the general case I agree with Joe that if things can be done with existing
 directives / code, no new directives / code should be added, but this case 
 here
 is different.
 
 I think it is the ultimate duty of the content generator to set the correct
 content type / encoding. So in this case this would be mod_autoindex. Whether
 mod_autoindex detects this automatically or has a directive to set this is 
 another
 story. Currently I would be in favour of a directive provided that there is
 no reliable and performant autodetection mechanism.
 
 From my point of view AddDefaultCharset and AddCharset should be used to
 
 - configure the core content generator of httpd (serving static files)
 - help fixing broken content generators who cannot set the encoding correctly
   by themselves
 
 So +1 on the general concept.

Cool.

Here is the patch against trunk, with documentation added.

I hope I got the way of patching the documentation right. A review would
be very much appreciated.

Thanks,
Peter
-- 
SUSE LINUX Products GmbH   Bug, bogey, bugbear, bugaboo:
Research  Development   A malevolent monster (not true?);
  Some mischief microbic;
 What makes someone phobic;
 The work one does not want to do.
  From: Chris Young (The Omnificent English Dictionary In Limerick Form)
Index: docs/manual/mod/mod_autoindex.xml
===
--- docs/manual/mod/mod_autoindex.xml	(revision 520782)
+++ docs/manual/mod/mod_autoindex.xml	(working copy)
@@ -263,6 +263,46 @@
 /directivesynopsis
 
 directivesynopsis
+nameAddDirectoryIndexCharset/name
+descriptionAlternate character set of filenames in generated directory 
+index/description
+syntaxAddDirectoryIndexCharset varcharset/var/syntax
+defaultutf-8/default
+contextlistcontextserver config/contextcontextvirtual host/context
+contextdirectory/contextcontext.htaccess/context
+/contextlist
+overrideIndexes/override
+
+usage
+pThe directiveAddDirectoryIndexCharset/directive directive
+specifies the character set in which filenames are encoded, so that
+the generated directory index can be correctly displayed in a
+browser./p
+
+pTo convey this information, Apache sends a
+codeContent-Language/code header, to specify the language that
+the document is in, and appends additional information onto the
+codeContent-Type/code header to indicate the particular
+character set that should be used to correctly render the
+information:/p
+
+example
+  Content-Type: text/html; charset=utf-8
+/example
+
+pIf filenames are not encoded in utf-8, you may specify an alternate
+character set with this directive. The codecharset/code is the
+name of the particular 
+a href=http://www.iana.org/assignments/character-sets;character
+set/awhich should be used./p
+
+exampletitleExample/title
+  AddDirectoryIndexCharset iso-8859-1
+/example
+/usage
+/directivesynopsis
+
+directivesynopsis
 nameAddDescription/name
 descriptionDescription to display for a file/description
 syntaxAddDescription varstring file/var [varfile/var] .../syntax
Index: docs/manual/convenience.map
===
--- docs/manual/convenience.map	(revision 520782)
+++ docs/manual/convenience.map	(working copy)
@@ -17,6 +17,7 @@
 addcharset	mod/mod_mime.html#addcharset
 adddefaultcharset	mod/core.html#adddefaultcharset
 adddescription	mod/mod_autoindex.html#adddescription
+adddirectoryindexcharset	mod/mod_autoindex.html#adddirectoryindexcharset
 addencoding	mod/mod_mime.html#addencoding
 addhandler	mod/mod_mime.html#addhandler
 addicon	mod/mod_autoindex.html#addicon
Index: modules/generators/mod_autoindex.c

Check for IP address in network/netmask

2007-03-14 Thread Dr. Peter Poeml 
Hi,

what is the standard way to store network/netmask combos, and check if a
client IP address is contained in them?

I once saw a function for that but I can't find it now. Maybe it was
apr_ipsubnet_test(), as used in modules/aaa/mod_authz_host.c. Probably
this does what I need. I find further code in apr/test/testipsub.c.

However, I would appreciate pointers to possible alternatives. I would
also appreciate pointers to examples where this is used in a module
other than mod_authz_host.

Thanks!
Peter
-- 
SUSE LINUX Products GmbH   Bug, bogey, bugbear, bugaboo:
Research  Development   A malevolent monster (not true?);
  Some mischief microbic;
 What makes someone phobic;
 The work one does not want to do.
  From: Chris Young (The Omnificent English Dictionary In Limerick Form)


pgpu5dv1TYPDe.pgp
Description: PGP signature

Re: [PATCH] mod_autoindex character set

2007-02-01 Thread Dr. Peter Poeml 
On Thu, Feb 01, 2007 at 10:59:46 +, Joe Orton wrote:
 On Wed, Jan 31, 2007 at 09:45:12PM +0100, Dr. Peter Poeml wrote:
  Users have a problem with directory listings generated by mod_autoindex:
  It is not possible to control the character setting which which the
  response is marked.
 
 AddDefaultCharset does allow this already as you mention in the bug.  
 Can't users who insist on using filenames using one encoding and file 
 content using another simply use:
 
 AddDefaultCharset UTF-8
 AddCharset ISO-8859-1 .html
 
 or similar?

I don't think so, because it means 
 1) that all .html files would need to be ISO-8859-1
 2) you cannot have files with charset=somethingelse anymore
 3) all non-html files would need to be UTF-8 then, unless you add
AddCharset directives for all of them...

Therefore, I consider this not practical enough...

Peter
-- 
SUSE LINUX Products GmbH   Bug, bogey, bugbear, bugaboo:
Research  Development   A malevolent monster (not true?);
  Some mischief microbic;
 What makes someone phobic;
 The work one does not want to do.
  From: Chris Young (The Omnificent English Dictionary In Limerick Form)


pgphVjPZaFCys.pgp
Description: PGP signature

[PATCH] mod_autoindex character set

2007-01-31 Thread Dr. Peter Poeml 
Hi!

Users have a problem with directory listings generated by mod_autoindex:
It is not possible to control the character setting which which the
response is marked. The server cannot know what the real encoding on
disk is, it decides on a very rough guess based on the OS it is running
on: APR_HAS_UNICODE_FS, which is, as far (as little) as I looked, 1 on
Windows, and 0 on Linux. Depending on it, mod_autoindex decides whether
to add a (fixed) charset to the content type:

#if APR_HAS_UNICODE_FS
ap_set_content_type(r, text/html;charset=utf-8);
#else
ap_set_content_type(r, text/html);
#endif

Thing is, that Linux uses filesystems that encode UTF-8 since ages, and
since a system-wide UTF-8 locale is becoming more and more widespread,
filenames encoded as such are occurring much more frequently. This
means, that on many servers the content type needs to be set
appropriately, so the browser can display things correctly.

My first thought was to define APR_HAS_UNICODE_FS to 1, but that could
be just as wrong; it only means that the filesystem is unicode capable
but not that the actual filenames happen to be encoded like that.
Instead, it only depends on site specific needs. 

Thus, I think the right way is to make the character set configurable. 
I am attaching a patch which adds a AddDirectoryIndexCharset directive
to the mod_autoindex configuration.

The patch actually removes the dependency on APR_HAS_UNICODE_FS. My
train of thought here is that utf-8 can (and should) be the default,
unless configured otherwise. This fits Windows (it has always been like
that), and it (largely) fits Linux. But I don't know about other
platforms.

So, things remaining to discuss:
 - check the code for correctness (warning: I'm a beginner)
 - how to do it in a backwards compatible way
 - check if it is appropriate on all possible platforms
 - update the documentation

The latter thing is what I can easily do :) But on the other issues I
need help.

As a totally optional addition, it might be possible to let
mod_autoindex figure out the actual encoding, and automatically set an
appropriate character set. There are some more details in
https://bugzilla.novell.com/show_bug.cgi?id=153557 .

Regards,
Peter
-- 
SUSE LINUX Products GmbH   Bug, bogey, bugbear, bugaboo:
Research  Development   A malevolent monster (not true?);
  Some mischief microbic;
 What makes someone phobic;
 The work one does not want to do.
  From: Chris Young (The Omnificent English Dictionary In Limerick Form)
diff -uNr httpd-2.2.3.orig/modules/generators/mod_autoindex.c httpd-2.2.3/modules/generators/mod_autoindex.c
--- httpd-2.2.3.orig/modules/generators/mod_autoindex.c	2006-07-12 05:38:44.0 +0200
+++ httpd-2.2.3/modules/generators/mod_autoindex.c	2006-12-21 10:32:01.478754000 +0100
@@ -130,6 +130,7 @@
 int icon_height;
 char default_keyid;
 char default_direction;
+char *fs_charset;
 
 apr_array_header_t *icon_list;
 apr_array_header_t *alt_list;
@@ -556,6 +557,9 @@
 AP_INIT_ITERATE2(AddAltByEncoding, add_alt, BY_ENCODING, DIR_CMD_PERMS,
  alternate descriptive text followed by one or more 
  content encodings),
+AP_INIT_TAKE1(AddDirectoryIndexCharset, ap_set_string_slot,
+  (void *)APR_OFFSETOF(autoindex_config_rec, fs_charset),
+  DIR_CMD_PERMS, alternative encoding of filenames, if not utf-8),
 AP_INIT_TAKE_ARGV(IndexOptions, add_opts, NULL, DIR_CMD_PERMS,
   one or more index options [+|-][]),
 AP_INIT_TAKE2(IndexOrderDefault, set_default_order, NULL, DIR_CMD_PERMS,
@@ -617,6 +621,8 @@
   : base-default_icon;
 new-style_sheet = add-style_sheet ? add-style_sheet
   : base-style_sheet;
+new-fs_charset = add-fs_charset ? add-fs_charset
+  : base-fs_charset;
 new-icon_height = add-icon_height ? add-icon_height : base-icon_height;
 new-icon_width = add-icon_width ? add-icon_width : base-icon_width;
 
@@ -1978,11 +1984,15 @@
 return HTTP_FORBIDDEN;
 }
 
-#if APR_HAS_UNICODE_FS
-ap_set_content_type(r, text/html;charset=utf-8);
-#else
-ap_set_content_type(r, text/html);
-#endif
+if (autoindex_conf-fs_charset != NULL) {
+ap_set_content_type(r, apr_pstrcat(r-pool,
+   text/html;charset=,
+   autoindex_conf-fs_charset,
+   NULL));
+} else {
+ap_set_content_type(r, text/html;charset=utf-8);
+}
+
 if (autoindex_opts  TRACK_MODIFIED) {
 ap_update_mtime(r, r-finfo.mtime);
 ap_set_last_modified(r);


pgpt1csXBFlof.pgp
Description: PGP signature

Re: Syntax error during HTTP2 reload

2005-06-08 Thread Dr. Peter Poeml 
On Tue, Mar 01, 2005 at 05:57:39AM -0500, Jeff Trawick wrote:
 On Tue, 1 Mar 2005 10:04:03 +0100, Henri Gomez [EMAIL PROTECTED] wrote:
  Nobody to wonder about this bug ?
 
 sure; note that you're using old code (2.0.49/2.0.49) which isn't
 supported here anyway since we don't know what code is in it (SuSE)

(sorry about the late reply)

The apache shipped by SUSE is basically built from the pristine sources.
A package named 2.0.49 would contain exactly version 2.0.49, except for
- changes of configuration (I always complied 100% to the old license :)
- security fixes, which are added later (inevitably)
- and, since the codebase was relicensed under the Apache License 2.0
  and it is now allowed to do that, an occasional important fix from
  later released versions of the respective branch

   It's seems the problem occurs will Apache receive the SIGUSR1 and is
   also handling requests  (forwared to Tomcat via mod_jk 1.2.5 and
   1.2.6).
 
 the config parsing happens in the parent process, which shouldn't be
 impacted by active requests
 
 seems fairly likely that there is memory corruption which occurs at
 restart time (a relatively common time to find out about such
 badness)...  I'd bet my money on it being caused by a module not
 distributed as part of Apache httpd...

I was not able to reproduce the problem but I wonder if the problem is
that the BrowserMatch directives are located in an unusual place in our
configuration. They are placed before the LoadModule statements. But
BrowserMatch is provided by the module mod_setenvif, so they should
probably be put after loading that module. However, I wonder why the
server does not error out about this on normal startup, but only during
the graceful restart, and only in rare setups.

Henri, did you ever try to move the BrowserMatch directives further down
in the config? (sorry if you alread did so, and my memory is just too
weak)

Peter

-- 
SUSE LINUX Products GmbH Thought is limitation.
Research  Development   Free your mind.


pgp14flO1FdBc.pgp
Description: PGP signature

Re: Syntax error during HTTP2 reload

2005-06-08 Thread Dr. Peter Poeml 
On Wed, Jun 08, 2005 at 10:08:35AM -0400, Jeff Trawick wrote:
 On 6/8/05, Dr. Peter Poeml [EMAIL PROTECTED] wrote:
  On Tue, Mar 01, 2005 at 05:57:39AM -0500, Jeff Trawick wrote:
   On Tue, 1 Mar 2005 10:04:03 +0100, Henri Gomez [EMAIL PROTECTED] wrote:
Nobody to wonder about this bug ?
  
   sure; note that you're using old code (2.0.49/2.0.49) which isn't
   supported here anyway since we don't know what code is in it (SuSE)
  
  (sorry about the late reply)
  
  The apache shipped by SUSE is basically built from the pristine sources.
  A package named 2.0.49 would contain exactly version 2.0.49, except for
  - changes of configuration (I always complied 100% to the old license :)
  - security fixes, which are added later (inevitably)
  - and, since the codebase was relicensed under the Apache License 2.0
and it is now allowed to do that, an occasional important fix from
later released versions of the respective branch
 
 I didn't mean to imply that there is anything at all wrong with taking
 pristine Apache sources and turning it into a product, with the
 ncessary modifications  (applying security fixes == modifying).  After
 all, that's a major part of the job that pays my mortgage.  There are
 a number of vendors who do this.
[...]

After I found your reply a bit puzzling at first, I think I understand
it now ;) I realize that I should add to my previous posting that I did
not mean to say that you should be expected to support vendor packages.
If it sounded like that, it wasn't my intention.

It's just that you said you didn't know what code is in there, which
implied that there could be arbitrary modifications, but this is not the
case, which is why I'm confident that the bug that Henri saw would occur
with a tarball from apache.org just as well. However, digging deeper in
my mailbox I just found a later mail from Henri and it looks as if the
problem disappeared in a later version (2.0.53). So it seems the problem
was solved already. (Sorry about the confusion. Still catching up.)

Thanks,
Peter

-- 
SUSE LINUX Products GmbH Thought is limitation.
Research  Development   Free your mind.


pgpnQMExOMOAT.pgp
Description: PGP signature

Re: NULL Pointer in auth module (Apache 2.0.48)

2004-06-02 Thread Peter Poeml 
On Sat, May 22, 2004 at 04:53:12PM +0100, Dermot Tynan wrote:
 I'm at Witts End (twisty passages everwhere!).  I have
 written an authentication module as a DSO for Apache 2.0.48
 I run FreeBSD here and it works just fine.  I move the
 source over to a SuSE 9.0 box where Apache 2.0.48 has
 been installed from a binary RPM, and it compiles and
 drops into /usr/lib/apache2-prefork.  The problems arise
[...]
 but I can't figure out how.  APXS does give some grief in
 that it seems to want to refer to HTTP v1 on SuSE but
 even hand-compiling doesn't do the right thing.

If you have apache (1.3) installed alongside apache 2.0, and you call
the 'apxs' command, it will be the apxs of the 1.3 apache. The correct
command would be 'apxs2'.

Peter

-- 
Thought is limitation. Free your mind.


pgpdCelC2zQAJ.pgp
Description: PGP signature

Re: providing apache2 rpms ?

2002-09-30 Thread Peter Poeml 

On Sun, Sep 29, 2002 at 05:10:09PM -0700, Ian Holsman wrote:
 I would be more keen to use an official apache RPM than say a Redhat 
 one, as Redhat (and possibly other distros) are rather slow at releasing 
 the latest bugfixes.
 
 +1 from me.
 I think the only technical issues stopping us are:
   - layout to choose

I think each distro has some version identifier installed like
/etc/SuSE-release, so it wouldn't be hard to make this decision within
the specfile. However I don't know the other identifiers, I only know
/etc/UnitedLinux-release and /etc/SuSE-release :)

   - a method of getting the version number in the spec file.
(which would need to be part of the buildconf process I think)

Yes, as the specfile would be in CVS, you could create it from spec.in
as part of the build proces..

 the second is important because doing this we could simply allow us to 
 do something like:
   rpmbuild --sign -ta disttarfile
 
 I'm not sure if it makes a difference on which distribution it was 
 actually built on.. maybe the mandrake/redhat/suse guys have some 
 suggestions.

If the spec file doesn't use too much magic, it might be feasible :)

Peter

-- 
Thought is limitation. Free your mind.



msg12741/pgp0.pgp
Description: PGP signature

Re: providing apache2 rpms ?

2002-09-27 Thread Peter Poeml 

Hi!

On Fri, Sep 27, 2002 at 09:19:55AM -0700, Ian Holsman wrote:
 I would be happy putting a spec file in the distribution,
 if someone could agree where apache should live on linux box.

I think the layout on Linux shouldn't be so different between the
distros anymore because most already follow FHS (the filesystem
hierarchy standard). FHS makes pretty clear what lives where.  
(Except for the server root, where there is no real standard yet.)

Including a spec file would be a nice idea anyway but IMHO it would be
hard to have a common one for all distros.

Wrt RPM packages... AFAIK you apache folks provide binaries only when
someone from the team had built them, and I guess this includes RPMs. 
However, would it be an option for you, and acceptable, to link to sites
that provide packages for a given distro? Maybe this could suit Henri,
too.

I would be happy to provide RPMs for UnitedLinux and for SuSE 7.2-8.1,
anyway.

 Henri Gomez wrote:
 Now that jk 1.2.0 has been released many users ask me for
 Apache 2.0.42 rpms which are located at :
 
 http://ftp.falsehope.com/home/gomez/apache2/
 
 What about copying it also on httpd.apache.org,
 ie http://www.apache.org/dist/httpd/binaries/linux/

Peter

-- 
Thought is limitation. Free your mind.



msg12710/pgp0.pgp
Description: PGP signature

Re: [PATCH] 64bit compiler issues

2002-07-17 Thread Peter Poeml 

Hi, 

On Tue, Jul 16, 2002 at 06:01:08PM -0700, Greg Stein wrote:
 On Tue, Jul 16, 2002 at 10:31:46AM -0500, William A. Rowe, Jr. wrote:
  At 07:23 PM 7/15/2002, Ryan Bloom wrote:
  
  We could force the size, by using apr_int32_t.  The problem that he is
 
 There is no need to force the size. The value is a simple integer. There is
 no need to make it a long, and that integer will always be castable into a
 void*, and then back (when we pull it out of the hash table).
 
 I see no purpose in the patch's casting to a long. What exactly is that
 solving? We need a response from Peter.

Sorry for keeping you waiting on this.

[...]
 * mod_dav's namespace indexes are integers
 * we stuff those into a hash table
 * we extract them from a hash table
 
 Peter's patch changes the indexes to longs. Why?

The code assumes that a pointer == int == 32 bit.  While in fact int is
32 bit wide on all architectures, a pointer is sized long on 64 bit
architectures...  What the compiler sees is that a pointer is put into an
incompatible type. It warns, and it can't know which actual values will
occur at runtime.  The patch was meant to take care of these possibly
dangerous cases, while ignoring the more obvious harmless ones.

But I'm certainly okay if you say that all these values are indices that
actually never grow larger than int -- it's you who have the deep
understanding of the code, not me. So, if you say that long wasts too
many resources, we'll have to live with the compiler warnings; but at
least we know that the could should work :^}

Anyway, even if the code is safe in all places, one could argue that it
is not written in a clean way, making assumptions about the pointer
size. I would find it desirable if we could get rid of all benign
warnings, so that actual harmful ones do not get lost in the noise. 


The stderr output of make (using gcc 3.1.1 20020708) is this:

protocol.c: In function `ap_note_digest_auth_failure':
protocol.c:1102: warning: long long unsigned int format, apr_time_t arg (arg 4)
http_core.c: In function `chunk_filter':
http_core.c:216: warning: long long unsigned int format, long unsigned int arg (arg 4)
http_protocol.c: In function `ap_byterange_filter':
http_protocol.c:2839: warning: long long unsigned int format, apr_time_t arg (arg 3)
ab.c: In function `output_html_results':
ab.c:1103: warning: long long int format, long int arg (arg 5)
ab.c:1103: warning: long long int format, long int arg (arg 6)
mod_disk_cache.c:431: warning: `remove_url' defined but not used
mod_mem_cache.c: In function `set_max_cache_size':
mod_mem_cache.c:1049: warning: int format, different type arg (arg 3)
mod_mem_cache.c: In function `set_min_cache_object_size':
mod_mem_cache.c:1060: warning: int format, different type arg (arg 3)
mod_mem_cache.c: In function `set_max_cache_object_size':
mod_mem_cache.c:1071: warning: int format, different type arg (arg 3)
mod_mem_cache.c: In function `set_max_object_count':
mod_mem_cache.c:1082: warning: int format, different type arg (arg 3)
cache_pqueue.c: In function `cache_pq_dump':
cache_pqueue.c:259: warning: int format, different type arg (arg 7)
mod_log_config.c: In function `log_request_duration':
mod_log_config.c:548: warning: long long int format, long int arg (arg 3)
mod_log_config.c: In function `log_request_duration_microseconds':
mod_log_config.c:553: warning: long long int format, apr_time_t arg (arg 3)
mod_expires.c: In function `add_expires':
mod_expires.c:502: warning: long long int format, long int arg (arg 3)
mod_headers.c: In function `header_request_duration':
mod_headers.c:185: warning: long long int format, apr_time_t arg (arg 3)
mod_headers.c: In function `header_request_time':
mod_headers.c:189: warning: long long int format, apr_time_t arg (arg 3)
mod_usertrack.c: In function `make_cookie':
mod_usertrack.c:149: warning: long long int format, apr_time_t arg (arg 5)
ssl_scache_shmcb.c: In function `ssl_scache_shmcb_init':
ssl_scache_shmcb.c:391: warning: unsigned int format, different type arg (arg 7)
ssl_scache_shmht.c: In function `ssl_scache_shmht_init':
ssl_scache_shmht.c:177: warning: int format, different type arg (arg 8)
liveprop.c: In function `dav_register_liveprop_namespace':
liveprop.c:83: warning: cast from pointer to integer of different size
liveprop.c:91: warning: cast to pointer from integer of different size
liveprop.c: In function `dav_get_liveprop_ns_index':
liveprop.c:96: warning: cast from pointer to integer of different size
liveprop.c: In function `dav_add_all_liveprop_xmlns':
liveprop.c:115: warning: cast from pointer to integer of different size
mod_cgid.c: In function `close_unix_socket':
mod_cgid.c:938: warning: cast from pointer to integer of different size
mod_cgid.c: In function `connect_to_daemon':
mod_cgid.c:981: warning: cast to pointer from integer of different size
mod_cgid.c: In function `cgid_handler':
mod_cgid.c:1241: warning: cast to pointer from integer of different size
mod_cgid.c:1253: warning: cast to pointer

Re: [PATCH] make pathnames in ssl-std.conf configurable

2002-07-17 Thread Peter Poeml 

On Tue, Jul 16, 2002 at 03:54:36PM -0700, Justin Erenkrantz wrote:
 On Mon, Jul 15, 2002 at 06:57:05PM +0200, Peter Poeml wrote:
  Hi, 
  
  I'd like to propose to create ssl-std.conf from ssl-std.conf.in, just as
  it is done with httpd-std.conf.in. Then, the log file paths could be
  substituted in the same flexible way. 
  
  Currently, of patching / hand editing is necessary for adjustments in
  that file.
 
 In the past, we have been relucant to have SSL work for people
 out-of-the-box.

I understand.

 I don't have a problem with adding this, but I would like some
 buy-in from others before committing this.  I think we've
 discussed this before and the consensus was not to subsitute
 values for ssl-std.conf.  -- justin

Hhm, but mod_ssl conveniently patched conf/httpd.conf-dist to
contain the pathnames enclosed in ..., so they would be substituted
together with all other pathnames in httpd.conf-dist.

So now it is harder than before...

Peter

-- 
VFS: Busy inodes after unmount. Self-destruct in 5 seconds.  Have a nice day...

Re: [PATCH] autoconf macros: quote macro names

2002-07-17 Thread Peter Poeml 

On Tue, Jul 16, 2002 at 03:50:45PM -0700, Justin Erenkrantz wrote:
 On Mon, Jul 15, 2002 at 06:01:10PM +0200, Peter Poeml wrote:
  Hi, 
  
  in the autoconf macro definitions of acinclude.m4, the macro names are
  not quoted as suggested in the autoconf documentation for AC_DEFUN:
  
  
  [...]
 Be sure to properly quote both the MACRO-BODY _and_ the MACRO-NAME
  to avoid any problems if the macro happens to have been previously
  defined.
  [...]
  
  
  The missing quotes actually lead to problems when running autoreconf
  with recent autoconf versions.
 
 What versions of autoconf have this problem?  -- justin

I'm not entirely sure -- at least with 2.52 and 2.53 it occurs here. They end
up in a recursion loop:

chroot ROOT@pepper /usr/src/packages/BUILD/httpd-2.0.39/ # aclocal
chroot ROOT@pepper /usr/src/packages/BUILD/httpd-2.0.39/ # autoconf
/usr/bin/m4: acinclude.m4: 289: ERROR: Recursion limit of 1024 exceeded, use -LN to 
change it

This happens not only in our stable branch but also on SuSE Linux 8.0.

However, obviously the configure script packaged with the 2.0.39 tarball has
been created with autoconf 2.53. So it seems to work for you, somehow. 

Peter

-- 
VFS: Busy inodes after unmount. Self-destruct in 5 seconds.  Have a nice day...

Re: [PATCH] 64bit compiler issues

2002-07-15 Thread Peter Poeml 

On Mon, Jul 15, 2002 at 02:19:06PM +0200, Peter Poeml wrote:
 Hi, 
 
 building httpd-2.0.39 on x86_64 (AMD's upcoming 64 bit architecture)
 there are a few compiler warnings, e.g. due to misfitting type casts. 

I just noticed that the patch I sent you doesn't apply against the CVS
head branch anymore. Sorry about that.

Please find a revised patch attached!

Thanks,
Peter

-- 
VFS: Busy inodes after unmount. Self-destruct in 5 seconds.  Have a nice day...


Index: modules/dav/fs/dbm.c
===
RCS file: /home/cvspublic/httpd-2.0/modules/dav/fs/dbm.c,v
retrieving revision 1.25
diff -u -r1.25 dbm.c
--- modules/dav/fs/dbm.c10 Jul 2002 06:01:10 -  1.25
+++ modules/dav/fs/dbm.c15 Jul 2002 12:30:57 -
 -344,7 +344,7 
l_ns = 0;
 }
 else {
-int ns_id = (int)apr_hash_get(db-uri_index, name-ns,
+long ns_id = (long)apr_hash_get(db-uri_index, name-ns,
   APR_HASH_KEY_STRING);
 
 
 -353,7 +353,7 
 return key; /* zeroed */
 }
 
-l_ns = sprintf(nsbuf, %d, ns_id - 1);
+l_ns = sprintf(nsbuf, %ld, ns_id - 1);
 }
 
 /* assemble: #:name */
 -608,7 +608,7 
 
 const char *uri = *puri;
 apr_size_t uri_len = strlen(uri);
-int ns_id = (int)apr_hash_get(db-uri_index, uri, uri_len);
+long ns_id = (long)apr_hash_get(db-uri_index, uri, uri_len);
 
 if (ns_id == 0) {
 dav_check_bufsize(db-pool, db-ns_table, uri_len + 1);
Index: modules/dav/fs/repos.c
===
RCS file: /home/cvspublic/httpd-2.0/modules/dav/fs/repos.c,v
retrieving revision 1.70
diff -u -r1.70 repos.c
--- modules/dav/fs/repos.c  23 Jun 2002 06:46:52 -  1.70
+++ modules/dav/fs/repos.c  15 Jul 2002 12:30:58 -
 -1829,7 +1829,7 
 const char *s;
 apr_pool_t *p = resource-info-pool;
 const dav_liveprop_spec *info;
-int global_ns;
+long global_ns;
 
 /* an HTTP-date can be 29 chars plus a null term */
 /* a 64-bit size can be 20 chars plus a null term */
 -1910,11 +1910,11 
 /* DBG3(FS: inserting lp%d:%s  (local %d), ns, scan-name, scan-ns); */
 
 if (what == DAV_PROP_INSERT_VALUE) {
-   s = apr_psprintf(p, lp%d:%s%s/lp%d:%s DEBUG_CR,
+   s = apr_psprintf(p, lp%ld:%s%s/lp%ld:%s DEBUG_CR,
  global_ns, info-name, value, global_ns, info-name);
 }
 else if (what == DAV_PROP_INSERT_NAME) {
-   s = apr_psprintf(p, lp%d:%s/ DEBUG_CR, global_ns, info-name);
+   s = apr_psprintf(p, lp%ld:%s/ DEBUG_CR, global_ns, info-name);
 }
 else {
 /* assert: what == DAV_PROP_INSERT_SUPPORTED */
Index: modules/dav/main/liveprop.c
===
RCS file: /home/cvspublic/httpd-2.0/modules/dav/main/liveprop.c,v
retrieving revision 1.13
diff -u -r1.13 liveprop.c
--- modules/dav/main/liveprop.c 23 Jun 2002 06:42:13 -  1.13
+++ modules/dav/main/liveprop.c 15 Jul 2002 12:30:58 -
 -73,14 +73,14 
 
 static void dav_register_liveprop_namespace(apr_pool_t *p, const char *uri)
 {
-int value;
+long value;
 
 if (dav_liveprop_uris == NULL) {
 dav_liveprop_uris = apr_hash_make(p);
 apr_pool_cleanup_register(p, NULL, dav_cleanup_liveprops, 
apr_pool_cleanup_null);
 }
 
-value = (int)apr_hash_get(dav_liveprop_uris, uri, APR_HASH_KEY_STRING);
+value = (long)apr_hash_get(dav_liveprop_uris, uri, APR_HASH_KEY_STRING);
 if (value != 0) {
 /* already registered */
 return;
 -91,9 +91,9 
  (void *)++dav_liveprop_count);
 }
 
-DAV_DECLARE(int) dav_get_liveprop_ns_index(const char *uri)
+DAV_DECLARE(long) dav_get_liveprop_ns_index(const char *uri)
 {
-return (int)apr_hash_get(dav_liveprop_uris, uri, APR_HASH_KEY_STRING);
+return (long)apr_hash_get(dav_liveprop_uris, uri, APR_HASH_KEY_STRING);
 }
 
 int dav_get_liveprop_ns_count(void)
 -112,7 +112,7 
 
 apr_hash_this(idx, key, NULL, val);
 
-s = apr_psprintf(p,  xmlns:lp%d=\%s\, (int)val, (const char *)key);
+s = apr_psprintf(p,  xmlns:lp%ld=\%s\, (long)val, (const char *)key);
 apr_text_append(p, phdr, s);
 }
 }
 -145,7 +145,7 
 return 0;
 }
 
-DAV_DECLARE(int) dav_get_liveprop_info(int propid,
+DAV_DECLARE(long) dav_get_liveprop_info(int propid,
const dav_liveprop_group *group,
const dav_liveprop_spec **info)
 {
Index: modules/dav/main/mod_dav.h
===
RCS file: /home/cvspublic/httpd-2.0/modules/dav/main/mod_dav.h,v
retrieving revision 1.63
diff -u -r1.63 mod_dav.h
--- modules/dav/main/mod_dav.h  23 Jun 2002 06:42:13 -  1.63
+++ modules/dav/main/mod_dav.h  15 Jul 2002 12:30:58 -
 -899,7 +899,7

[PATCH] find SSL/TLS toolkit libraries on 64bit platforms

2002-07-15 Thread Peter Poeml 

Hi, 

the attached patch adds /usr/lib64 to the list of directories to
look for SSL/TLS toolkit libraries. 

/usr/lib64 is the libdir on AMD x86_64 and other 64 bit platforms where
32bit and 64bit libs can be installed side by side. 

The patch applies against 2.0.39 and the head branch.

Peter

-- 
VFS: Busy inodes after unmount. Self-destruct in 5 seconds.  Have a nice day...


Index: acinclude.m4
===
RCS file: /home/cvspublic/httpd-2.0/acinclude.m4,v
retrieving revision 1.125
diff -u -r1.125 acinclude.m4
--- acinclude.m414 May 2002 07:51:52 -  1.125
+++ acinclude.m415 Jul 2002 12:41:41 -
 -474,7 +474,7 
   AC_MSG_CHECKING(for SSL/TLS toolkit libraries)
   ap_ssltk_libdir=
   for p in $ap_ssltk_base/lib /usr/local/openssl/lib \
-   /usr/local/ssl/lib /usr/local/lib /usr/lib /lib; do
+   /usr/local/ssl/lib /usr/local/lib /usr/lib /lib /usr/lib64; do
 if test -f $p/libssl.a -o -f $p/libssl.so; then
   ap_ssltk_libdir=$p
   break

[PATCH] find expat library on 64 Bit platforms

2002-07-15 Thread Peter Poeml 

Hi, 

the attached patch against 2.0.39 adds /usr/lib64 to the list of
directories to look for expat libraries.

/usr/lib64 is the libdir on AMD x86_64 and other 64 bit platforms
where 32bit and 64bit libs can be installed side by side.

Note: I found the file in question (srclib/apr-util/build/apu-conf.m4)
in the apr-util module of the apache CVS. But since apr-util is not
mentioned on http://apr.apache.org/, I suppose that this list is the
right place to submit the patch to. Of course I'll be happy to post it
to [EMAIL PROTECTED] or elsewhere, if someone tells me where.

Thanks,
Peter

-- 
VFS: Busy inodes after unmount. Self-destruct in 5 seconds.  Have a nice day...


diff -uNr httpd-2.0.39.orig/srclib/apr-util/build/apu-conf.m4 
httpd-2.0.39.lib64/srclib/apr-util/build/apu-conf.m4
--- httpd-2.0.39.orig/srclib/apr-util/build/apu-conf.m4 Tue May 14 11:14:39 2002
+++ httpd-2.0.39.lib64/srclib/apr-util/build/apu-conf.m4Mon Jul 15 14:20:16 
+2002
@@ -414,6 +414,11 @@
 expat_libs=-lexpat
 expat_libtool=$1/lib/libexpat.la
   elif test -r $1/include/expat.h -a \
+-r $1/lib64/libexpat.la; then
+dnl same, but */lib64/
+expat_include_dir=$1/include
+expat_libs=$1/lib64/libexpat.la
+  elif test -r $1/include/expat.h -a \
 -r $1/lib/libexpat.a; then
 dnl Expat 1.95.* installation (without libtool)
 dnl FreeBSD textproc/expat2

[PATCH] autoconf macros: quote macro names

2002-07-15 Thread Peter Poeml 

Hi, 

in the autoconf macro definitions of acinclude.m4, the macro names are
not quoted as suggested in the autoconf documentation for AC_DEFUN:


[...]
   Be sure to properly quote both the MACRO-BODY _and_ the MACRO-NAME
to avoid any problems if the macro happens to have been previously
defined.
[...]


The missing quotes actually lead to problems when running autoreconf
with recent autoconf versions.

The attached patch adds brackets around those macro names. It applies
against 2.0.39 as well as the head branch.

Peter

-- 
VFS: Busy inodes after unmount. Self-destruct in 5 seconds.  Have a nice day...


--- httpd-2.0.36.orig/acinclude.m4  Thu Apr 18 19:29:59 2002
+++ httpd-2.0.36/acinclude.m4   Mon Jun  3 17:38:11 2002
 -4,25 +4,25 
 dnl AC_HELP_STRING, so let's try to call it if we can.
 dnl Note: this define must be on one line so that it can be properly returned
 dnl as the help string.
-AC_DEFUN(APACHE_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, 
AC_HELP_STRING($1,$2),[  ]$1 substr([   ],len($1))$2)])dnl
+AC_DEFUN([APACHE_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, 
+AC_HELP_STRING($1,$2),[  ]$1 substr([   ],len($1))$2)])dnl
 
 dnl APACHE_SUBST(VARIABLE)
 dnl Makes VARIABLE available in generated files
 dnl (do not use variable in Makefiles, but $(variable))
-AC_DEFUN(APACHE_SUBST,[
+AC_DEFUN([APACHE_SUBST],[
   APACHE_VAR_SUBST=$APACHE_VAR_SUBST $1
   AC_SUBST($1)
 ])
 
 dnl APACHE_FAST_OUTPUT(FILENAME)
 dnl Perform substitutions on FILENAME (Makefiles only)
-AC_DEFUN(APACHE_FAST_OUTPUT,[
+AC_DEFUN([APACHE_FAST_OUTPUT],[
   APACHE_FAST_OUTPUT_FILES=$APACHE_FAST_OUTPUT_FILES $1
 ])
 
 dnl APACHE_GEN_CONFIG_VARS
 dnl Creates config_vars.mk
-AC_DEFUN(APACHE_GEN_CONFIG_VARS,[
+AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
   APACHE_SUBST(abs_srcdir)
   APACHE_SUBST(bindir)
   APACHE_SUBST(sbindir)
 -98,14 +98,14 
 
 dnl APACHE_GEN_MAKEFILES
 dnl Creates Makefiles
-AC_DEFUN(APACHE_GEN_MAKEFILES,[
+AC_DEFUN([APACHE_GEN_MAKEFILES],[
   $SHELL $srcdir/build/fastgen.sh $srcdir $ac_cv_mkdir_p $BSD_MAKEFILE 
$APACHE_FAST_OUTPUT_FILES
 ])
 
 dnl ## APACHE_OUTPUT(file)
 dnl ## adds file to the list of files generated by AC_OUTPUT
 dnl ## This macro can be used several times.
-AC_DEFUN(APACHE_OUTPUT, [
+AC_DEFUN([APACHE_OUTPUT], [
   APACHE_OUTPUT_FILES=$APACHE_OUTPUT_FILES $1
 ])
 
 -114,7 +114,7 
 dnl
 dnl If rlim_t is not defined, define it to int
 dnl
-AC_DEFUN(APACHE_TYPE_RLIM_T, [
+AC_DEFUN([APACHE_TYPE_RLIM_T], [
   AC_CACHE_CHECK([for rlim_t], ac_cv_type_rlim_t, [
 AC_TRY_COMPILE([
 #include sys/types.h
 -132,7 +132,7 
 ])
 
 dnl APACHE_MODPATH_INIT(modpath)
-AC_DEFUN(APACHE_MODPATH_INIT,[
+AC_DEFUN([APACHE_MODPATH_INIT],[
   current_dir=$1
   modpath_current=modules/$1
   modpath_static=
 -141,7 +141,7 
$modpath_current/modules.mk
 ])dnl
 dnl
-AC_DEFUN(APACHE_MODPATH_FINISH,[
+AC_DEFUN([APACHE_MODPATH_FINISH],[
   echo DISTCLEAN_TARGETS = modules.mk  $modpath_current/modules.mk
   echo static = $modpath_static  $modpath_current/modules.mk
   echo shared = $modpath_shared  $modpath_current/modules.mk
 -154,7 +154,7 
 ])dnl
 dnl
 dnl APACHE_MODPATH_ADD(name[, shared[, objects [, ldflags[, libs)
-AC_DEFUN(APACHE_MODPATH_ADD,[
+AC_DEFUN([APACHE_MODPATH_ADD],[
   if test -z $3; then
 objects=mod_$1.lo
   else
 -197,7 +197,7 
 dnlsetting. otherwise, fall under the all setting.
 dnlexplicit yes/no always overrides.
 dnl
-AC_DEFUN(APACHE_MODULE,[
+AC_DEFUN([APACHE_MODULE],[
   AC_MSG_CHECKING(whether to enable mod_$1)
   define([optname],[--]ifelse($5,yes,disable,enable)[-]translit($1,_,-))dnl
   
AC_ARG_ENABLE(translit($1,_,-),APACHE_HELP_STRING(optname(),$2),,enable_$1=ifelse($5,,maybe-all,$5))
 -267,7 +267,7 
 dnl
 dnl APACHE_LAYOUT_DEFAULTS
 dnl
-AC_DEFUN(APACHE_LAYOUT_DEFAULTS,[
+AC_DEFUN([APACHE_LAYOUT_DEFAULTS],[
   dnl Apache defaults for autoconf variables.
   test x${prefix} = xNONE  prefix='/usr/local/apache2'
   test x${exec_prefix} = xNONE  exec_prefix='${prefix}'
 -286,7 +286,7 
 dnl
 dnl APACHE_LAYOUT(configlayout, layoutname)
 dnl
-AC_DEFUN(APACHE_LAYOUT,[
+AC_DEFUN([APACHE_LAYOUT],[
   if test ! -f $srcdir/config.layout; then
 echo ** Error: Layout file $srcdir/config.layout not found
 echo ** Error: Cannot use undefined layout '$LAYOUT'
 -338,7 +338,7 
 dnl
 dnl APACHE_ENABLE_LAYOUT
 dnl
-AC_DEFUN(APACHE_ENABLE_LAYOUT,[
+AC_DEFUN([APACHE_ENABLE_LAYOUT],[
 AC_ARG_ENABLE(layout,
 [  --enable-layout=LAYOUT],[
   LAYOUT=$enableval
 -356,7 +356,7 
 dnl
 dnl APACHE_ENABLE_MODULES
 dnl
-AC_DEFUN(APACHE_ENABLE_MODULES,[
+AC_DEFUN([APACHE_ENABLE_MODULES],[
   module_selection=default
   module_default=yes
 
 -385,7 +385,7 
   ])
 ])
 
-AC_DEFUN(APACHE_REQUIRE_CXX,[
+AC_DEFUN([APACHE_REQUIRE_CXX],[
   if test -z $apache_cxx_done; then
 AC_PROG_CXX
 AC_PROG_CXXCPP
 -402,7 +402,7 
 dnl and then AC_TRY_LINK to test the libraries directly for the version,
 dnl but that will require someone who knows

[PATCH] update config.layout for SuSE distributions

2002-07-15 Thread Peter Poeml 

Hi, 

attached patch, made for 2.0.39 and fitting into current cvs, updates
config.layout for the layout on our distribution.

Thanks,
Peter

-- 
VFS: Busy inodes after unmount. Self-destruct in 5 seconds.  Have a nice day...


diff -uNr httpd-2.0.39.orig/config.layout httpd-2.0.39.layout/config.layout
--- httpd-2.0.39.orig/config.layout Fri May 17 16:49:30 2002
+++ httpd-2.0.39.layout/config.layout   Mon Jul 15 17:46:56 2002
 -186,7 +186,7 
 sbindir:   ${prefix}/sbin
 libdir:${prefix}/lib
 libexecdir:${prefix}/lib/apache
-mandir:${prefix}/man
+mandir:${prefix}/share/man
 sysconfdir:/etc/httpd
 datadir:   /usr/local/httpd
 installbuilddir: ${datadir}/build
 -196,10 +196,10 
 manualdir: ${datadir}/manual
 cgidir:${datadir}/cgi-bin
 includedir:${prefix}/include/apache
-localstatedir: /var
-runtimedir:${localstatedir}/run
-logfiledir:${localstatedir}/log/httpd
-proxycachedir: ${localstatedir}/cache/httpd
+localstatedir: /var/lib/httpd
+runtimedir:/var/run
+logfiledir:/var/log/httpd
+proxycachedir: /var/cache/httpd
 /Layout
 
 #   BSD/OS layout

[PATCH] make pathnames in ssl-std.conf configurable

2002-07-15 Thread Peter Poeml 

Hi, 

I'd like to propose to create ssl-std.conf from ssl-std.conf.in, just as
it is done with httpd-std.conf.in. Then, the log file paths could be
substituted in the same flexible way. 

Currently, of patching / hand editing is necessary for adjustments in
that file.

I've attached a diff between docs/conf/ssl-std.conf and a suggestion for
a docs/conf/ssl-std.conf.in (for readability reasons).

Then, I have attached a real diff to apply against the current head
branch (for your convenience). 

The latter patch, finally, also adds docs/conf/ssl-std.conf to AC_OUTPUT
in configure.in. 

Thanks,
Peter

-- 
VFS: Busy inodes after unmount. Self-destruct in 5 seconds.  Have a nice day...


--- ssl-std.confThu May 16 21:05:24 2002
+++ ssl-std.conf.in Mon Jul 15 18:30:32 2002
@@ -29,8 +29,8 @@
 # Dynamic Shared Object (DSO) Support
 #
 # To be able to use the functionality of a module which was built as a DSO you
-#ErrorLog logs/dummy-host.example.com-error_log
-#CustomLog logs/dummy-host.example.com-access_log common
+#ErrorLog @rel_logfiledir@/dummy-host.example.com-error_log
+#CustomLog @rel_logfiledir@/dummy-host.example.com-access_log common
 
 ##
 ##  SSL Global Context
@@ -55,15 +55,15 @@
 #   Configure the SSL Session Cache: First the mechanism 
 #   to use and second the expiring timeout (in seconds).
 #SSLSessionCachenone
-#SSLSessionCacheshmht:logs/ssl_scache(512000)
-#SSLSessionCacheshmcb:logs/ssl_scache(512000)
-SSLSessionCache dbm:logs/ssl_scache
+#SSLSessionCacheshmht:@localstatedir@/ssl_scache(512000)
+#SSLSessionCacheshmcb:@localstatedir@/ssl_scache(512000)
+SSLSessionCache dbm:@localstatedir@/ssl_scache
 SSLSessionCacheTimeout  300
 
 #   Semaphore:
 #   Configure the path to the mutual exclusion semaphore the
 #   SSL engine uses internally for inter-process synchronization. 
-SSLMutex  file:logs/ssl_mutex
+SSLMutex  file:@localstatedir@/ssl_mutex
 
 #   Pseudo Random Number Generator (PRNG):
 #   Configure one or more sources to seed the PRNG of the 
@@ -89,11 +89,11 @@
 VirtualHost _default_:443
 
 #  General setup for the virtual host
-DocumentRoot @@ServerRoot@@/htdocs
+DocumentRoot @exp_htdocsdir@
 ServerName new.host.name:443
 ServerAdmin [EMAIL PROTECTED]
-ErrorLog logs/error_log
-TransferLog logs/access_log
+ErrorLog @rel_logfiledir@/error_log
+TransferLog @rel_logfiledir@/access_log
 
 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
@@ -111,16 +111,16 @@
 #   in mind that if you have both an RSA and a DSA certificate you
 #   can configure both in parallel (to also allow the use of DSA
 #   ciphers, etc.)
-SSLCertificateFile @@ServerRoot@@/conf/ssl.crt/server.crt
-#SSLCertificateFile @@ServerRoot@@/conf/ssl.crt/server-dsa.crt
+SSLCertificateFile @rel_sysconfdir@/ssl.crt/server.crt
+#SSLCertificateFile @rel_sysconfdir@/ssl.crt/server-dsa.crt
 
 #   Server Private Key:
 #   If the key is not combined with the certificate, use this
 #   directive to point at the key file.  Keep in mind that if
 #   you've both a RSA and a DSA private key you can configure
 #   both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile @@ServerRoot@@/conf/ssl.key/server.key
-#SSLCertificateKeyFile @@ServerRoot@@/conf/ssl.key/server-dsa.key
+SSLCertificateKeyFile @rel_sysconfdir@/ssl.key/server.key
+#SSLCertificateKeyFile @rel_sysconfdir@/ssl.key/server-dsa.key
 
 #   Server Certificate Chain:
 #   Point SSLCertificateChainFile at a file containing the
@@ -129,7 +129,7 @@
 #   the referenced file can be the same as SSLCertificateFile
 #   when the CA certificates are directly appended to the server
 #   certificate for convinience.
-#SSLCertificateChainFile @@ServerRoot@@/conf/ssl.crt/ca.crt
+#SSLCertificateChainFile @rel_sysconfdir@/ssl.crt/ca.crt
 
 #   Certificate Authority (CA):
 #   Set the CA certificate verification path where to find CA
@@ -138,8 +138,8 @@
 #   Note: Inside SSLCACertificatePath you need hash symlinks
 # to point to the certificate files. Use the provided
 # Makefile to update the hash symlinks after changes.
-#SSLCACertificatePath @@ServerRoot@@/conf/ssl.crt
-#SSLCACertificateFile @@ServerRoot@@/conf/ssl.crt/ca-bundle.crt
+#SSLCACertificatePath @rel_sysconfdir@/ssl.crt
+#SSLCACertificateFile @rel_sysconfdir@/ssl.crt/ca-bundle.crt
 
 #   Certificate Revocation Lists (CRL):
 #   Set the CA revocation path where to find CA CRLs for client
@@ -148,8 +148,8 @@
 #   Note: Inside SSLCARevocationPath you need hash symlinks
 # to point to the certificate files. Use the provided
 # Makefile to update the hash symlinks after changes.
-#SSLCARevocationPath @@ServerRoot@@/conf/ssl.crl
-#SSLCARevocationFile @@ServerRoot@@/conf/ssl.crl/ca-bundle.crl
+#SSLCARevocationPath @rel_sysconfdir@/ssl.crl
+#SSLCARevocationFile @rel_sysconfdir@/ssl.crl/ca-bundle.crl
 
 #   Client Authentication (Type):
 #   Client certificate verification type

[PATCH] 1.3: fix Content-Length in 416 response for files 2GB

2002-02-28 Thread Peter Poeml 

Hi, 

the attached patch for 13 fixes the Content-Length header in the 416
range not satisfiable response, that shows an overflow with files
larger than 2 GB 

Note that while this fix makes it work, there are likely other places
where the incorrect number still shows up, like in the log files

Details:
 - clength should match the off_t type of st_size, the file size as
   returned with stat(2)
 - Just to be sure, it is casted to AP_LONGEST_LONG before giving it out 

Peter

-- 
VFS: Busy inodes after unmount Self-destruct in 5 seconds  Have a nice day


diff -ur apache_1319orig/src/include/http_protocolh 
apache_1319/src/include/http_protocolh
--- apache_1319orig/src/include/http_protocolh  Mon Jan 15 18:04:35 2001
+++ apache_1319/src/include/http_protocolh   Mon Apr 16 17:59:00 2001
 -113,7 +113,7 
  * permit_cache argument is set to one)
  */
 
-API_EXPORT(int) ap_set_content_length(request_rec *r, long length);
+API_EXPORT(int) ap_set_content_length(request_rec *r, off_t length);
 API_EXPORT(int) ap_set_keepalive(request_rec *r);
 API_EXPORT(time_t) ap_rationalize_mtime(request_rec *r, time_t mtime);
 API_EXPORT(char *) ap_make_etag(request_rec *r, int force_weak);
diff -ur apache_1319orig/src/main/http_protocolc 
apache_1319/src/main/http_protocolc
--- apache_1319orig/src/main/http_protocolc Fri Feb 16 15:53:24 2001
+++ apache_1319/src/main/http_protocolc  Mon Apr 16 18:41:53 2001
 -406,10 +406,11 
 return 0;
 }
 
-API_EXPORT(int) ap_set_content_length(request_rec *r, long clength)
+API_EXPORT(int) ap_set_content_length(request_rec *r, off_t clength)
 {
 r-clength = clength;
-ap_table_setn(r-headers_out, Content-Length, ap_psprintf(r-pool, %ld, 
clength));
+ap_table_setn(r-headers_out, Content-Length, ap_psprintf(r-pool, %qd, 
+(AP_LONGEST_LONG) clength));
+   /* see src/ap/ap_snprintfc:787 for the definition of %qd */
 return 0;
 }

[PATCH] (1.3, 2.0) config.layout update for SuSE

2002-02-28 Thread Peter Poeml 

Hi, 

another small patch an update for configlayout for SuSE's
distributions 

It applies to 1323 as well as to 2032 (with some offset) 

Thanks,
Peter

-- 
VFS: Busy inodes after unmount Self-destruct in 5 seconds  Have a nice day


--- configlayoutorig  Mon Jan 14 10:39:25 2002
+++ configlayout   Thu Feb 28 20:13:10 2002
 -178,14 +178,14 
 proxycachedir: $localstatedir/proxy
 /Layout
 
-#   SuSE 6x layout
+#   SuSE 7x layout
 Layout SuSE
 prefix:/usr
 exec_prefix:   $prefix
 bindir:$prefix/bin
 sbindir:   $prefix/sbin
 libexecdir:$prefix/lib/apache
-mandir:$prefix/man
+mandir:$prefix/share/man
 sysconfdir:/etc/httpd
 datadir:   /usr/local/httpd
 iconsdir:  $datadir/icons

Re: [PATCH] (1.3, 2.0) config.layout update for SuSE

2002-02-28 Thread Peter Poeml 

On Thu, Feb 28, 2002 at 03:13:10PM -0800, Aaron Bannert wrote:
 Should I just create a new section labled Layout SuSE7?

Yes, why not while I doubt that the SuSE 6x section is still needed,
it would not harm to keep it of course The transition with the man path
was actually between 64 and 70 (just looked it up), so it would fit
This would also be the layout for the next release (80) 

Peter

-- 
VFS: Busy inodes after unmount Self-destruct in 5 seconds  Have a nice day