think dev, but I wouldn’t swear to it). I’m not sure if those were related or
not.
Best Regards,
--
Doug Whitfield | Enterprise Architect, OpenLogic
From: Jeff McKenna
Date: Monday, February 14, 2022 at 2:11 PM
To: dev@httpd.apache.org
Subject: Re: PCRE2 compatibility
Hi Doug,
If by
/blob/12cfcf08fffc6e4ec597e0396016d09afdb89fa8/server/util_pcre.c
Is pcre2 incompatible? Is there a specific set of circumstance where
individuals are running into this issue?
Best Regards,
--
Doug Whitfield | Enterprise Architect, OpenLogic
Perforce Software
This e-mail may contain information
Afternoon all,
We have a setup where we have to use MIL CAC's to access our site. It
currently works with SSLVerifyClient require and SSLVerifyDepth 10, but
we want to limit what the users see to just of the certs that is
presented. We tried changing the VerifyDepth to 1 and removed all the
non-e
pect there have been no reports. Sorry!
This seems more like an issue for the Lucene PMC than for me personally
or the httpd developers.
I will work with the Lucene PMC to to write a report ASAP, first
reviewing the Apache reporting requirements.
Doug
On Wed, 18 Sep 2002, Doug MacEachern wrote:
> On Wed, 18 Sep 2002, Geoffrey Young wrote:
>
> > I think the attached patch behaves as suggested.
>
> perfectly, thanks.
with 5.8.0 that is. with 5.6.1, dies with:
Error in optio
On Wed, 18 Sep 2002, Geoffrey Young wrote:
> I think the attached patch behaves as suggested.
perfectly, thanks.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
a fresh build/install of .42-dev:
Cannot load
/.../modules/mod_authn_file.so into server:
/.../modules/mod_authn_file.so:
undefined symbol: authn_register_provider
stock httpd.conf is installed (by 'make install') with modules in this
order:
LoadModule authn_file_module modules/mod_authn_file
On Tue, 11 Jun 2002, Cliff Woolley wrote:
> Because threads are forced to be disabled on FreeBSD. I believe there's a
> warning message about this in the ./configure output... you might just not
> have noticed it as it scrolled by.
that's odd, why not just abort with a message "sorry only pref
why is it on freebsd --with-mpm=worker actually compiles the prefork mpm?
i just tried building on icarus with the 2.0.37 tarball, same thang with
2.0.36
% cat config.nice
#! /bin/sh
#
# Created by configure
CFLAGS="-g"; export CFLAGS
"./configure" \
"--prefix=/home/dougm/apache2-worker" \
"--
On Mon, 10 Jun 2002, Doug MacEachern wrote:
> i'd be surprised if 'SSLOptions +OptRengotiate' actually ever worked for
> anybody before this change, including the 1.3 based modssl which still has
> this issue.
i take that back a bit, i'd be surprised if it worke
1.819
> diff -u -r1.818 -r1.819
> --- CHANGES 10 Jun 2002 18:51:37 - 1.818
> +++ CHANGES 11 Jun 2002 03:12:33 - 1.819
> @@ -1,5 +1,11 @@
>Changes with Apache 2.0.37
>
> + *) 'SSLOptions +OptRengotiate' will use client cert in from the
try with current cvs and 'SSLOptions +OptRenegotiate' configured.
with this option enabled, modssl will use the client cert from the ssl
session cache if one was not already sent by the client. in this case,
modssl will not need to read from the client since full renegotiation is
by-passed. t
On Fri, 31 May 2002, Justin Erenkrantz wrote:
> httpd-test has no tests for input filtering.
mod_input_body_filter.c at least, no? the protocol/ tests also hit input
filters.
> If I knew how to
> get perl to send bogus requests, I would. But, my perl-fu is
> severely lacking. -- justin
s
On Thu, 30 May 2002, William A. Rowe, Jr. wrote:
> Perhaps we could resurrect the porting history [although I believe it's
> horribly
> incomplete] as modules/ssl/HISTORY? OTOH, those parts that are correct
> aught to have been committed to CHANGES if they were not in the first place.
they are
i see value the old modules/ssl/README. it has been very handy in the
past, and i would expect it to be for anybody coming from mod_ssl 1.3
based sources to contribute to 2.0 or even just being brand new to the 2.0
source. now they have lost the source roadmap, summary of major changes,
inco
On Thu, 30 May 2002, William A. Rowe, Jr. wrote:
> is modules/ssl/README even valuable anymore?
yes. fine to remove the stale stuff, but not the whole damn thing. there
was a useful roadmap of the source in there and everything that was in the
TODO section is still valid:
o SSL renegotiati
ap_os_escape_path currently requires a pool argument to allocate the
string and does a strlen on it. wondering if we could do something like
the concept patch below, adding ap_os_escape_pathn which does not require
a pool and the path arg would be assumed to be allocated to the correct
size.
On Wed, 22 May 2002, Greg Ames wrote:
> Which release of httpd? 1.3 has a Configure rule to turn off expat.
right. i'm asking about 2.0 (my original message specified)
On Tue, 21 May 2002, Greg Stein wrote:
> Euh... we switched over to a shared library to specifically fix this
> problem. Are you saying that that didn't work? I'm not buying it... :-)
sooo, i guess the answer to my question on how to disable expat is
"you can't" ?
i haven't see the problem fir
On Mon, 20 May 2002, William A. Rowe, Jr. wrote:
> Context?
httpd links in expat, perl extension links against a different version of
expat. both have the same symbol names, and they are not binary
compatible. perl extension resolves symbols to the httpd version.
kaboom. its been an issu
how does one disable linking httpd against libexpat in 2.0?
and on win32?
i thought the nightmare was over where the expat linked with httpd cause
segfaults with perl expat extensions. looks like i was wrong.
On Tue, 14 May 2002, Doug MacEachern wrote:
> On Wed, 15 May 2002, Thomas Eibner wrote:
>
> > Full list of posters with more than 10 posts can be found at:
> > http://stderr.net/history/topposters
>
> cool, now i am tied with ben hyde.
haha, now i am 1 ahead of ben hyde, i'm #32 woohoo!
On Wed, 15 May 2002, Thomas Eibner wrote:
> Full list of posters with more than 10 posts can be found at:
> http://stderr.net/history/topposters
cool, now i am tied with ben hyde.
On Tue, 9 Apr 2002, Doug MacEachern wrote:
> On Tue, 9 Apr 2002, Cliff Woolley wrote:
>
> it is possible jim is correct about the config issue, but it might also be
> a bug in the static build (which i haven't tried in months)
fyi - just ran httpd-test with a static buil
On Tue, 9 Apr 2002, Cliff Woolley wrote:
it is possible jim is correct about the config issue, but it might also be
a bug in the static build (which i haven't tried in months)
> (i also tried configuring mod_ssl as a shared module, but then I had
> problems with X509_INFO_free not being found)
coupla dumb questions:
- how do i get a login for the bugdb?
- just fixed bug #7802, do i close it or mark as fixed and somebody else
verifies and closes?
i haven't been able to reproduce this, but the patch below (also in
cvs) may fix. seeing that ssl_io_hook_read sets rc = 0 if SSL_read
returns -1 and SSL_get_error is SSL_ERROR_WANT_READ. ssl_io_input_read
was *always* returning APR_SUCCESS if it got 0 bytes. now it only does so
if SSL_ERRO
future.
mod_perl-2.0-tobe is not 100% feature complete with the 1.xx version.
See the todo/ directory for what remains to be done.
Comments, questions, bug-reports, etc., should be sent to the mod_perl
users list: [EMAIL PROTECTED]
Enjoy,
-Doug
argh. i tested http <-> https and https <-> https, but never
https <-> http. it is indeed broken, although i don't see how it ever
could have worked, unless mod_proxy was somehow removing the ssl filter by
accident (which it had been at one point during keepalives after the first
request).
p
+1 on GA. 2 issues on HEAD i'd like to see resolved first:
- proxy not sending content-length
- httpd.conf not installed with vpath builds (issue does not exist with
current .34 tag)
On Thu, 4 Apr 2002, Ryan Bloom wrote:
> The proxy should flush, because otherwise the data won't stream to the
> client.
doesn't the core flush once it has max-something bytes or eos?
> The problem that I see, is that the proxy shouldn't be removing
> the C-L from the response that the origin s
mod_proxy does not send a Content-Length header, seems because of the
flush bucket inserted by ap_proxy_http_process_response()
if i break in ap_content_length_filter, when a request is handled by
default_handler, brigade looks like so:
(gdb) dump_brigade b
dump of brigade 0x8235318
0: bucke
dear RM, please consider bumping for .34, else users with the typical ssl
proxy config:
SSLProxyEngine On
ProxyPass/ https://foo/
ProxyPassReverse / https://foo/
will get this ugly error message on every request:
[error] mod_ssl: Certificate Verification: Error ...
even tho
On Thu, 4 Apr 2002, Pier Fumagalli wrote:
> What do your last lines of configure.in look like? And when you run
> "./configure. " what's the output of the last (let's say) 50 lines?
mkdir: cannot create directory `docs/conf': No such file or directory
creating docs/conf/httpd-std.conf
./con
nope, still isn't there.
% uname -a
Linux mako.covalent.net 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown
% autoconf --version
Autoconf version 2.13
% cat config.nice
#! /bin/sh
#
# Created by configure
CFLAGS="-Wall -g"; export CFLAGS
"/home/dougm/apache/farm/src/httpd-2.0-cvs/configu
On Thu, 4 Apr 2002, Pier Fumagalli wrote:
> Did you run ./buildconf?
yup, always. i probably just need blow away my cvs tree and start from
scratch. has cured similar trouble in the past. i'll report back if the
problem is still there.
with httpd-2.0-HEAD, installing into a directory where no conf/ already
exists, no httpd.conf is installed, only:
% ls -1 conf/
highperformance.conf
highperformance-std.conf
httpd.conf.in
httpd-std.conf.in
magic
mime.types
ssl.conf
ssl-std.conf
problem does not exist with the APACHE_2_0_34 tag.
On Wed, 3 Apr 2002, Cliff Woolley wrote:
> Only one other thing I'm concerned about with it: It's only correct if
> we're in AP_MODE_GETLINE at the time of the error. Which we are in this
> case, but will it always be that way?
i think so, assuming AP_MODE_GETLINE always happens first. on the
On Wed, 3 Apr 2002, Cliff Woolley wrote:
> On Tue, 2 Apr 2002, Doug MacEachern wrote:
>
> > apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
> > - sizeof(HTTP_ON_HTTPS_PORT) - 1, \
> > + sizeof(HTTP_ON_
this is not quite fixed. currently does return 400 Bad Request, but
reports:
"Your browser sent a request that this server could not understand.
Request header field is missing colon separator."
with the patch below it properly reports:
"Your browser sent a request that this server could not un
if the following tags in modules/ssl could be pushed:
/ssl_engine_config.c/1.66/Tue Apr 2 21:49:09 2002//
/ssl_engine_init.c/1.94/Tue Apr 2 21:46:22 2002//
/ssl_util_ssl.c/1.20/Tue Apr 2 22:04:16 2002//
minor fixes to get SSLProxyMachineCertificatePath working.
On Tue, 2 Apr 2002, Ryan Bloom wrote:
> Nope, I fixed this. The problem was that we couldn't remove the first
> filter in any of the three lists, because the previous filter structure
> wouldn't be updated. The solution was to walk the filter list each time
> we tried to remove a filter. This
On Tue, 2 Apr 2002, Ryan Bloom wrote:
> It is perfectly possible for a filter to remove itself. In fact, the
> byterange filter relies on that ability to work correctly. While I
> would be interested to know what happened to make that case fail, if the
> patch below works, then +1.
i was think
the test started failing at some point due to filter changes. i think i
heard it is not longer possible for a filter to remove itself? in any
case, mod_ssl already checks in the output filter already passes if its
ssl pointer is NULL (normally due to error). the input filter should
probably
On Mon, 1 Apr 2002, William A. Rowe, Jr. wrote:
> Sounds like that could be Doug's latest changes he asked to incorporate.
>
> Doug, was there an additional file to bump, beyond the three you cited?
nope. sounds specific to perchild, cliff does the proxy test pass for
you with
your grep pattern missed this one:
ctx->inbio.block = block;
RM can you bump the .34 tag on these files? thanks.
-- Forwarded message --
Date: 2 Apr 2002 04:30:49 -
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: cvs commit: httpd-2.0/modules/proxy mod_proxy.h proxy_http.c
proxy_util.c
dougm
On Sun, 31 Mar 2002, Brian Pane wrote:
> Should that be in the 2.0.34 section, or the 2.0.35 one?
wrowe has moved HEAD to the 2.0.34 tag, which includes the ssl proxy
changes.
On Fri, 29 Mar 2002, Cliff Woolley wrote:
> Yes. The SSLProxyEngine on directive is missing from the config file. I
> added it manually and it works. I expect something like this would do the
> trick:
oh duh, i had made the change but didn't commit. glad to hear it works.
On Fri, 29 Mar 2002, Cliff Woolley wrote:
> Okay, fixed.
excellent, thanks.
> PS: I now pass all httpd-test tests except these:
http.t fails for me too, has for a while.
proxy.t passes for me, but this is new stuff. anything interesting in the
error_log?
On Fri, 29 Mar 2002, Brian Pane wrote:
> Does the rest of *h look valid? (That could help us differentiate memory
> corruption from some code path that just forgot to set h->free_func.)
(gdb) p *h
$1 = {refcount = {refcount = 0},
base = 0x824f568 "mod_include test(\026/@\021", alloc_len = 1
just looked a bit more, the problem is related to heap buckets and the
free functions. something is broken for sure. i could probably bandaid,
but cliff if you take a look, i'm assuming the right fix would be obvious
to you.
#1 0x4001cf76 in heap_destroy (data=0x824f758)
at
/home/dougm
On Fri, 29 Mar 2002, Cliff Woolley wrote:
> On Fri, 29 Mar 2002, Doug MacEachern wrote:
>
> > fyi: t/php/virtual produces the same stacktrace
>
> I'll look into this this afternoon.
great. probably easier to work with t/modules/include2.t, stacktrace
looks like they
On Fri, 29 Mar 2002, Doug MacEachern wrote:
> not sure if this is related to the bucket list change or mod_includes
> changes or what, but i just checked in a test adapted from modperl that
> dumps core. stacktrace below from t/TEST t/modules/include2.t
fyi: t/php/virtual produces
On Fri, 29 Mar 2002, Doug MacEachern wrote:
> another problem after fixing the httpd-test c-modules to compile:
> t/apache/passbrigade eats all cpu. have not looked into it.
nevermind. i didn't notice the modules had been updated and my cvs commit
up-to-date check failed. t
another problem after fixing the httpd-test c-modules to compile:
t/apache/passbrigade eats all cpu. have not looked into it.
not sure if this is related to the bucket list change or mod_includes
changes or what, but i just checked in a test adapted from modperl that
dumps core. stacktrace below from t/TEST t/modules/include2.t
#0 0x0815a897 in ?? () at eval.c:41
41 eval.c: No such file or directory.
in
On Wed, 27 Mar 2002, Greg Stein wrote:
> Maybe this could return a status, rather than just calling ssl_die()? (and
> have the caller do the die...)
>
> Personally, I'd rather see an eventual case where you bubble up the death,
> and let Apache core do the exiting, rather than having the module
On Thu, 14 Mar 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> if (Pass-1) {
...
> }
> else if (Pass-2) {
i don't know how to fix it, but we should't assume anything based pass-1,
pass-2, etc. otherwise it isn't possible to add mod_ssl to a server that
was started without it, consider
looks good to me madhu. haven't tested, but it compiles, so i've
committed the patch and remaining issues can be worked out later.
only have one question at the moment, what is this for?
+void *data;
+const char *userdata_key = "ssl_scache_init";
+
+apr_pool_userdata_get
a few notes on this.. the purpose of mod_scoreboard_send was to "download"
the scoreboard image on a remote machine. the scoreboard image was then
used on the client machine to generate fancy graphical images to make our
boss feel like he knew what was going on. sorta like a graphical
mod_st
On Wed, 13 Mar 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> 'just did a cvs update and found that SSL_SESSION_id2sz in ssl_engine_vars.c
> has fewer parameters than required.
whoops, my bad. thanks, applied.
On Tue, 12 Mar 2002, Sander Striker wrote:
> #User-Agent: libwww-perl/5.53
could be a bug in the client. try 5.64
you can also grab:
http://httpd.apache.org/~dougm/httpd-test-bundle-0.02.tar.gz
unpack and run:
% echo | perl Makefile.PL && make install
(the 'echo |' trick makes all prompts use
i'm working on implementing the proxy extensions for mod_ssl in 2.0.
the 1.3 based implementation duplicates a bunch of code, for example
the directives:
SSLProxyProtocol - same as SSLProtocol
SSLProxyCipherSuite - same as SSLCipherSuite
SSLProxyVerify - same as SSLVerifyClient
SSLProxyVerifyD
to those working on filters, please make sure httpd-test/perl-framework
tests are passing. i'm seeing a bunch fail at the moment, a couple with
"response had protocol HTTP/0.9 (headers not sent?)" and various
segvs:
filter/case, filter/input_body:
Program received signal SIGSEGV, Segmentation
On Mon, 25 Feb 2002, Cliff Woolley wrote:
> ssl_rand_seed() runs on every request if you configure it that way.
this is true, when 'SSLRandomSeed connect builtin' is configured, which is
the default. not sure how much the scoreboard image changes between
requests. though somewhat related, i
mod_ssl is hardwired only to initialize certain things on the first module
init during startup. the only reason i can see is because the builtin
SSLPassPhraseDialog can only read the passphrase from the tty before
detach. but if SSLPassPhraseDialog is exec: or the server key is not
passphrase
i thought it was added as a workaround during one of the mod_ssl filter
rewrites. during the last one i tried removing APR_BRIGADE_NORMALIZE from
core.c and all tests in httpd-test passed except for protocol/echo and
protocol/nntp_like (which are the same code in the place where the
problem shows
On Sun, 20 Jan 2002, Justin Erenkrantz wrote:
> Oh, also, mod_ssl may want to take advantage of the new
> apr_brigade_split_line call (see how core_input_filter calls it).
> I'm rewriting ap_rgetline in my tree, so things are sort of a mess
> in my tree. But, it should ease the complexity a bit
On Sun, 20 Jan 2002, Justin Erenkrantz wrote:
> Also, be aware that the *readbytes may change to readbytes. I
> don't know who has commit access to PHP, but it'd be nice if
> someone over there applied the following for now. =) -- justin
i've adjusted modperl and php (with the same fix as yo
On Wed, 16 Jan 2002, Justin Erenkrantz wrote:
> Perhaps you *could* read all of the brigade in the getline case in
> bio_bucket_io_read, but that's not a sticking point (as I see your
> point - ap_getline *should* be able to pick up on an incomplete
> line).
i was just trying to avoid blocking
wondering if we could have a mechanism where MPMs set some sort of note
after calling apr_proc_detach()? reason is, mod_ssl is hardwired only to
initialize certain things on the first module init during startup. but
the only reason i can see is because the builtin SSLPassPhraseDialog can
only re
On Wed, 9 Jan 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> Hi,
> Here comes a more complete patch..Any suggestions, comments are
> appreciated.
looks great to me, applied to cvs. might be worth submitting those macros
back to OpenSSL and put #ifndefs or similar around the curre
On Wed, 9 Jan 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> mod_ssl build is broken because of the new argument introduced in
> ssl_util_ppopen().. [build breaks for ssl_engine_rand.c]
compiles again and works now too.
everything is ok now after blowing away the cvs tree and checking
out from scratch. either something stale in the cvs tree, or a bug in
my build script. sorry for the hassle.
On Sat, 5 Jan 2002, Justin Erenkrantz wrote:
> Huh. That's what I have and it works. What does config.status
> say for APR_INCLUDES:
nada. there's no reference to APR_INCLUDES in there at all. are you
using a --srcdir? that's my main suspect, though i haven't tried without
it yet.
> It lo
On Sat, 5 Jan 2002, Justin Erenkrantz wrote:
> How is APR-util's configure script getting the --with-apr
> option (see config.nice)? -- justin
% cat srclib/apr-util/config.nice
#! /bin/sh
#
# Created by configure
CFLAGS="-Wall -g"; export CFLAGS
"/usr/local/apache/src/httpd-2.0-cvs/srclib/ap
On Sat, 5 Jan 2002, Justin Erenkrantz wrote:
> @APR_INCLUDES@ is not being substituted properly. You reran buildconf
> and configure?
yeah, the script i use always blows away the old build tree and re-runs
buildconf and configure.
updating for the first time in 2 weeks, blowing up here:
/bin/sh /usr/local/apache/build/prefork-debug-shared-all-exp/srclib/apr/libtool
--silent --mode=compile gcc -Wmissing-prototypes -Wstrict-prototypes
-Wmissing-declarations -pthread -Wall -g -DHAVE_CONFIG_H -DLINUX=2 -D_REENTRANT
-D_XOPEN
On Thu, 20 Dec 2001, Justin Erenkrantz wrote:
> so that we can always call apr_generate_random_bytes()?
oh, i assumed we already could. +1 on whatever it takes to make that
function usable on all platforms.
On Thu, 20 Dec 2001, Daniel Lopez wrote:
>
> /dev/urandom is not available in all platforms
right, which is why it is not portable to use directly. /dev/random is
also not available on all platforms, so apr uses whats available to
provide the same functionality for the given platform in
apr_g
On Thu, 20 Dec 2001, Aaron Bannert wrote:
> /dev/urandom won't block, so maybe we could live with that once per
> request and use the /dev/random for startup.
right, only problem is apr doesn't support /dev/urandom. maybe we need an
apr_generate_urandom_bytes() function or a non-blocking flag
On Thu, 20 Dec 2001, Justin Erenkrantz wrote:
> FWIW, DougM submitted this function to flood to generate OpenSSL
> entropy. I'd almost suggest somehow factoring this into apr-util
> since flood needs this too (and doesn't have a scoreboard).
that function was derived from mod_ssl-1.xx and ha
On 18 Dec 2001, Jeff Trawick wrote:
> or just an entropy function? why should any module care that it is
> from the scoreboard?
+1 on that or anything to get mod_ssl working again.
irective and no Port directive was
configured. configuring ServerName foo:port will fix that.
i was told that was "the expected behavior" back when i posted this patch,
but it still applies..
Date: Thu, 9 Aug 2001 18:59:08 -0700 (PDT)
From: Doug MacEachern <[EMAIL PROTECTED]>
mod_rewrite has a race condition with threaded mpms:
static int rewrite_rand_init_done = 0;
static void rewrite_rand_init(void)
{
if (!rewrite_rand_init_done) {
srand((unsigned)(getpid()));
rewrite_rand_init_done = 1;
}
return;
}
and mod_ssl calls srand(time(NULL)) o
On Mon, 26 Nov 2001, Ryan Bloom wrote:
> But, that will only happen if we are modifying the contents. I think the best we
> could probably do is get rid of the seek call, and if we change the read API,
> the malloc.
ok. would be nice if there were an api where caller could provide the
buffer a
On Sat, 24 Nov 2001, Cliff Woolley wrote:
> Actually, that's not exactly true. If APR_HAS_MMAP, and the file bucket
> is between MMAP_THRESHOLD and MMAP_LIMIT (MMAP_LIMIT is 4MB by default),
> then yes, len will be up to 4MB. But if the file bucket is bigger than
> 4MB or the system doesn't ha
actually, i take some of that back, didn't do enough homework. SSL_write
will break the calls to mem_write() into reasonable chunks (~16k).
so we don't need this part of the patch:
+while (len > 0) {
+int wlen = len > AP_IOBUFSIZE ? AP_IOBUFSIZE : len;
+if ((nrd = SSL_write
On Fri, 23 Nov 2001, Justin Erenkrantz wrote:
> My only question is whether we could end up reading from the bucket
> (i.e. calling bucket_read) if we decide to "setaside" the bucket - this
> should be possible now with Ryan's latest patches to core_output_filter.
> So, might we have to implem
this is a carry over from 1.3, other mpms would need to
AP_MONCONTROL(1) in the appropriates places..
Index: include/ap_mpm.h
===
RCS file: /home/cvs/httpd-2.0/include/ap_mpm.h,v
retrieving revision 1.31
diff -u -r1.31 ap_mpm.h
--- i
ssl_io_filter_Output currently does this:
/* read filter */
apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ);
/* write SSL */
n = ssl_io_hook_write(ctx->pssl, (unsigned char *)data, len);
=> above writes into a single memory buffer
On Wed, 21 Nov 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> If I'm not wrong, what we're trying to do here is to enforce the strongest
> SSLVerifyDepth b/w the directory config and the server-config -
right, but i don't see why ssl::verify::depth was ever needed for that.
i mean, the
i was about to move the usage of c->notes.ssl::verify::depth to
SSLConnRec.verify_depth and in the process noticed the bloody thing is
never used. the comment says:
/*
* override of SSLVerifyDepth
*
* The depth checks are handled by us manually inside the verify callback
first hunk switches from using r->notes to r->request_config, which is
much faster. and important considering that code runs at least twice for
every request if mod_setenvif is loaded.
second gets rids of a strcmp. if there is a '!' in val, it will never be
more than that.
Index: modules/metada
mod_ssl currently does quite a bit of apr_table_{get,set}s. it would be
much faster to use c->conn_config instead. the patch below attaches a new
SSLConnRec structure to the c->conn_config and replaces all usage of
apr_table_{get,set}(c->notes, "ssl") with conn_config. if this approach
is ok,
On Tue, 20 Nov 2001, Bill Stoddard wrote:
> What is the source of the bytes being written? Is it a pipe? Or a file?
a heap bucket. i guess my question should be:
when using memory (heap,transient,pool,etc) buckets, what is the optimal
apr_brigade_length() to build up before passing to core_outp
On Tue, 20 Nov 2001, sterling wrote:
> Hi -
>
> Set up an auth directory without AuthType but with require valid-user and
> AuthName and load an auth module that uses ap_note_basic_auth_failure...
> el kabong!! this patch stops the coro dumpo.
this has bitten others in 1.x too. ended up adding
can someone explain how the core output buffering is supposed to work?
if you look at
httpd-test/perl-framework/c-modules/test_pass_brigade/mod_test_pass_brigade.c
this intentionally creates a brigade with just one bucket and calls
ap_pass_brigade with that bucket. you can make a request like so:
i mentioned a while back that i had hacked jim winstead's "colobus" NNTP
server (designed to run under tcpserver or inetd) into a protocol handler
using modperl-2.0. and that i had it working with mod_ssl. however, to
get it working with ssl required a special case hack that didn't always
work.
1 - 100 of 137 matches
Mail list logo
