Re: svn commit: r1569108 - /httpd/httpd/branches/2.4.x/STATUS

On Feb 17, 2014, at 4:11 PM, Mike Rumph wrote: > Hello Jim, > > I voted for this change for backport to 2.4.8. > > The fix looks solid to me at this time. > > But I do have a couple of questions/ideas for the future. > > 1) proxy_schemes_t in modules/proxy/proxy_util.c and schemes_t in > a

Re: Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

Dne Út 17. prosince 2013 18:35:50, Kaspar Brand napsal(a): > On 26.11.2013 06:31, Kaspar Brand wrote: > > As far as PR 55782 is concerned, the problem might be that > > proxy_util.c:ap_proxy_determine_connection() does not take Host: header > > differences into account when checking if an existing

Re: Welcome to Mike Rumph and Yann Ylavic!

w00t! On Feb 17, 2014, at 12:26 PM, Eric Covener wrote: > Mike Rumph and Yann Ylavic have recently joined us as committers. > > Welcome! > > (We don't usually send this welcome e-mail to dev@, but I think it's a > good thing to do). >

Re: asynch websocket, how to timeout?

I think this needs to be handled as 1 API within event, taking the existing API and adding a timeout, rather than having the caller register separate timed callbacks. This way, event can mark the timeout as no longer needed before pushing the first event to the worker. This way there's no questio

Re: Adding AddHandler support for mod_proxy

>AddHandler might be tricky from security point of view, eg. most of cms >software >usually checks only for last extension before writing uploaded files, >but this AddHandler will also >pass test.php.jpeg to php which might execute this Yes, It would be probably safer to use something like:

Segmentation faults when SSLProxyCheckPeerName On

Hi, since we've enabled SSLProxyCheckPeerName our reverserse proxy I can see AH00052: child pid 5711 exit signal Segmentation fault (11) in our logs during Nessus scans. Backend server has several X509v3 Subject Alternative Names and Nessus sends just IP as Host header. We are running: Apache/2.

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

On 02/18/2014 08:14 AM, Pavel Matěja wrote: > There is one big risk when someone uses reverse HTTPS proxy with ServerAlias. > > Let say you have on both - backend and proxy servers options: > ServerName www.example.com > ServerAlias example.com > > In old non-SNI days everything was working just

Re: asynch websocket, how to timeout?

+1... On Feb 18, 2014, at 9:29 AM, Eric Covener wrote: > I think this needs to be handled as 1 API within event, taking the > existing API and adding a timeout, rather than having the caller > register separate timed callbacks. > > This way, event can mark the timeout as no longer needed before

Re: SSL_CTX_get_{first,next}_certificate (Re: svn commit: r1562500 - /httpd/httpd/branches/2.4.x/STATUS)

On Mon, Feb 3, 2014 at 6:21 AM, Dr Stephen Henson < shen...@opensslfoundation.com> wrote: > On 02/02/2014 13:45, Kaspar Brand wrote: > > On 01.02.2014 14:37, Dr Stephen Henson wrote: > >> I'm wondering how that could be avoided. Would a way to enumerate all > >> certificates in an SSL_CTX structur

[PATCH 55467] - Updates to mod_ssl to support TLS hello extensions and TLS supplemental data

Hi folks, I was wondering if someone would be willing/interested in reviewing the patch I've attached to issue 55467. https://issues.apache.org/bugzilla/show_bug.cgi?id=55467 The patch adds hooks to mod_ssl which give third-party modules the ability to send and receive custom TLS hello extensi

Re: SSL_CTX_get_{first,next}_certificate (Re: svn commit: r1562500 - /httpd/httpd/branches/2.4.x/STATUS)

On 18/02/2014 20:06, Jeff Trawick wrote: > On Mon, Feb 3, 2014 at 6:21 AM, Dr Stephen Henson > > wrote: > > On 02/02/2014 13:45, Kaspar Brand wrote: > > On 01.02.2014 14:37, Dr Stephen Henson wrote: > >> I'm wondering how that could be avoided. W