diff options
author | Jim Jagielski <jim@apache.org> | 2015-09-28 13:00:59 +0000 |
---|---|---|
committer | Jim Jagielski <jim@apache.org> | 2015-09-28 13:00:59 +0000 |
commit | b0d87a9837eaf068c53b79a636d57e021747f053 (patch) | |
tree | ff7030d3ffdae8da15cb4929613e73db7a3ec70c | |
parent | 7705f25308a56e46e33ea71e1e267c1e49ea28f4 (diff) | |
parent | 7475aa0909975f8491de64bb08d9793c6e503ae2 (diff) | |
download | httpd-b0d87a9837eaf068c53b79a636d57e021747f053.tar.gz |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2@1705681 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | STATUS | 63 | ||||
-rw-r--r-- | docs/manual/mod/core.xml | 4 | ||||
-rw-r--r-- | modules/filters/mod_xml2enc.c | 2 | ||||
-rw-r--r-- | modules/loggers/mod_logio.c | 78 | ||||
-rw-r--r-- | modules/ssl/ssl_engine_io.c | 1 | ||||
-rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 11 | ||||
-rw-r--r-- | server/core.c | 1 | ||||
-rw-r--r-- | server/util.c | 1 |
9 files changed, 71 insertions, 94 deletions
@@ -4,6 +4,10 @@ Changes with Apache 2.4.17 *) mod_h2: added donated http/2 implementation to build system. Similar configuration options to mod_ssl. [Stefan Eissing] + *) mod_logio: Fix logging of %^FB (time to first byte) on the first request on + an SSL connection. PR 58454. + [Konstantin J. Chernov <k.j.chernov gmail.com>] + *) mod_cache: r->err_headers_out is not merged into r->headers when mod_cache is enabled and the response is cached for the first time. [Edward Lu] @@ -98,6 +98,7 @@ CURRENT RELEASE NOTES: then merge into branches/2.4.x, as applicable. * Current exceptions for RTC for this branch: + . http/2 - mod_h2 . mod_lua . documentation . non-Unix build @@ -109,7 +110,12 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - + *) mod_h2: add HTTP/2 support to httpd, depends on core/mod_ssl changes above + 2.4.x branch for this and core/mod_ssl: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2 + See diff and merged changelists via: + svn diff ^/httpd/httpd/branches/2.4.x ^/httpd/httpd/branches/2.4.17-protocols-http2 + +1: icing, jim, ylavic + PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] @@ -176,42 +182,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: ylavic: updated to v5 including r1697013 and r1697015, the diff to v4 is: http://people.apache.org/~ylavic/httpd-2.4.x-SubstituteInheritBefore-v4_vs_v5.diff - *) core/mod_ssl: add Protocols/ProtocolsHonorOrder directives and new - protocols hooks to control Upgrade: and ALPN protocol switching. - HTTP_MISDIRECTED_REQUEST addition and handling in mod_ssl - trunk patch: http://svn.apache.org/r1697855 - http://svn.apache.org/r1697339 - http://svn.apache.org/r1696428 - http://svn.apache.org/r1696266 - http://svn.apache.org/r1696264 - http://svn.apache.org/r1695874 - http://svn.apache.org/r1695727 - http://svn.apache.org/r1692516 - http://svn.apache.org/r1692486 - http://svn.apache.org/r1610674 - http://svn.apache.org/r1685069 - http://svn.apache.org/r1693918 - http://svn.apache.org/r1698116 - http://svn.apache.org/r1698133 - http://svn.apache.org/r1694950 - http://svn.apache.org/r1700968 - http://svn.apache.org/r1701005 - http://svn.apache.org/r1701145 - http://svn.apache.org/r1701178 - All changes to files in modules/http2 need to be ignored. - v2: added r1698116, r1693918 to patch - v3: added changes to ap_array_index and ap_array_contains - 2.4.x patch: https://raw.githubusercontent.com/icing/mod_h2/master/sandbox/httpd/patches/core-protocols-v4.patch - +1: icing, jim - minfrin: +1 with proposed MMN bump at https://people.apache.org/~minfrin/core-protocols-mmn.patch - +1: jim - - *) mod_h2: add HTTP/2 support to httpd, depends on core/mod_ssl changes above - 2.4.x branch for this and core/mod_ssl: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2 - See diff and merged changelists via: - svn diff ^/httpd/httpd/branches/2.4.x ^/httpd/httpd/branches/2.4.17-protocols-http2 - +1: icing, jim - *) mod_proxy: don't recyle backend announced "Connection: close" connections to avoid reusing it should the close be effective after some new request is ready to be sent. @@ -228,19 +198,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.4.x patch: trunk works (module CHANGES) +1: ylavic, minfrin - *) mod_logio: Fix %^FB on initial request on SSL connection by not counting - handshake writes as first byte. Also fix processing per Yann's observations - about potential problems with e.g. write completion. - trunk patch: http://svn.apache.org/r1705099 - http://svn.apache.org/r1705134 - 2.4.x patch: trunk works - +1: covener, minfrin - - *) mod_xml2enc: fix spurious (and harmless) test - trunk patch: http://svn.apache.org/r1704099 - 2.4.x patch: trunk works - +1: jailletc36, minfrin - *) mod_ssl: namespacing changes from May 2015 trunk patches: https://svn.apache.org/r1674538 https://svn.apache.org/r1677143 @@ -260,20 +217,20 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: https://svn.apache.org/r1677834 https://svn.apache.org/r1677835 2.4.x patch: https://people.apache.org/~kbrand/mod_ssl-2.4.x-namespacing.diff - +1: kbrand + +1: kbrand, ylavic *) mod_ssl: add support for msUPN and dnsSRV otherName form entries in the subjectAltName extension. PR 58020. trunk patch: https://svn.apache.org/r1693792 2.4.x patch: trunk works (modulo CHANGES), but depends on the namespacing backport (see above) - +1: kbrand + +1: kbrand, ylavic *) mod_ssl: support SUITEB* cipher strings with OpenSSL 1.0.2 and later. PR 58213. trunk patch: https://svn.apache.org/r1702643 2.4.x patch: trunk works (modulo CHANGES) - +1: kbrand + +1: kbrand, ylavic *) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3, and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3". diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 03fd555f12..fc4e253cd3 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -3589,6 +3589,8 @@ On Windows, from Apache 2.3.3 and later.</compatibility> </directivesynopsis> +> + <directivesynopsis> <name>Protocols</name> <description>Protocols available for a server/virtual host</description> @@ -3634,7 +3636,7 @@ On Windows, from Apache 2.3.3 and later.</compatibility> <directivesynopsis> <name>ProtocolsHonorOrder</name> - <description>Determines if order of Protocols determines precedence during negotiation</description> + <description>Protocols available for a server/virtual host</description> <syntax>ProtocolsHonorOrder On|Off</syntax> <default>ProtocolsHonorOrder On</default> <contextlist><context>server config</context><context>virtual host</context></contextlist> diff --git a/modules/filters/mod_xml2enc.c b/modules/filters/mod_xml2enc.c index d28c97d1be..7b34c717af 100644 --- a/modules/filters/mod_xml2enc.c +++ b/modules/filters/mod_xml2enc.c @@ -127,7 +127,7 @@ static void fix_skipto(request_rec* r, xml2ctx* ctx) { apr_status_t rv; xml2cfg* cfg = ap_get_module_config(r->per_dir_config, &xml2enc_module); - if ((cfg->skipto != NULL) && (ctx->flags | ENC_SKIPTO)) { + if ((cfg->skipto != NULL) && (ctx->flags & ENC_SKIPTO)) { int found = 0; char* p = ap_strchr(ctx->buf, '<'); tattr* starts = (tattr*) cfg->skipto->elts; diff --git a/modules/loggers/mod_logio.c b/modules/loggers/mod_logio.c index ab922e30c6..58aa92cf05 100644 --- a/modules/loggers/mod_logio.c +++ b/modules/loggers/mod_logio.c @@ -38,6 +38,7 @@ module AP_MODULE_DECLARE_DATA logio_module; static const char logio_filter_name[] = "LOG_INPUT_OUTPUT"; +static const char logio_ttfb_filter_name[] = "LOGIO_TTFB_OUT"; /* * Logging of input and output config... @@ -47,15 +48,18 @@ typedef struct logio_config_t { apr_off_t bytes_in; apr_off_t bytes_out; apr_off_t bytes_last_request; - apr_time_t ttfb; - request_rec *r; /* Use for TTFB only */ - unsigned int first_byte_seen:1; } logio_config_t; typedef struct logio_dirconf_t { unsigned int track_ttfb:1; } logio_dirconf_t; +typedef struct logio_req_t { + apr_time_t ttfb; +} logio_req_t; + + + /* * Optional function for the core to add to bytes_out */ @@ -64,19 +68,6 @@ static void ap_logio_add_bytes_out(conn_rec *c, apr_off_t bytes) { logio_config_t *cf = ap_get_module_config(c->conn_config, &logio_module); cf->bytes_out += bytes; - - if (!cf->first_byte_seen) { - /* cleared during log_transaction, after mod_log_config */ - cf->first_byte_seen = 1; - - if (cf->r) { - logio_dirconf_t *conf = (logio_dirconf_t*) - ap_get_module_config(cf->r->per_dir_config, &logio_module); - if (conf && conf->track_ttfb) { - cf->ttfb = apr_time_now() - cf->r->request_time; - } - } - } } /* @@ -132,14 +123,14 @@ static const char *log_bytes_combined(request_rec *r, char *a) static const char *log_ttfb(request_rec *r, char *a) { - logio_config_t *cf = ap_get_module_config(r->connection->conn_config, - &logio_module); + logio_req_t *rconf = ap_get_module_config(r->request_config, + &logio_module); - if (!cf->first_byte_seen || !cf->ttfb) { + if (!rconf || !rconf->ttfb) { return "-"; } - return apr_psprintf(r->pool, "%" APR_TIME_T_FMT, cf->ttfb); + return apr_psprintf(r->pool, "%" APR_TIME_T_FMT, rconf->ttfb); } /* * Reset counters after logging... @@ -154,20 +145,6 @@ static int logio_transaction(request_rec *r) cf->bytes_last_request = cf->bytes_in + cf->bytes_out; cf->bytes_in = cf->bytes_out = 0; - cf->r = NULL; - cf->ttfb = 0; - cf->first_byte_seen = 0; - - return OK; -} - -static int logio_post_read_request(request_rec *r) -{ - logio_config_t *cf = ap_get_module_config(r->connection->conn_config, - &logio_module); - if (cf) { - cf->r = r; - } return OK; } @@ -226,6 +203,34 @@ static int logio_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) return OK; } +static apr_status_t logio_ttfb_filter(ap_filter_t *f, apr_bucket_brigade *b) +{ + request_rec *r = f->r; + logio_dirconf_t *conf = ap_get_module_config(r->per_dir_config, + &logio_module); + if (conf && conf->track_ttfb) { + logio_req_t *rconf = ap_get_module_config(r->request_config, + &logio_module); + if (rconf == NULL) { + rconf = apr_pcalloc(r->pool, sizeof(logio_req_t)); + rconf->ttfb = apr_time_now() - r->request_time; + ap_set_module_config(r->request_config, &logio_module, rconf); + } + } + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, b); +} + +static void logio_insert_filter(request_rec * r) +{ + logio_dirconf_t *conf = ap_get_module_config(r->per_dir_config, + &logio_module); + if (conf->track_ttfb) { + ap_add_output_filter(logio_ttfb_filter_name, NULL, r, r->connection); + } + return; +} + static const char *logio_track_ttfb(cmd_parms *cmd, void *in_dir_config, int arg) { logio_dirconf_t *dir_config = in_dir_config; @@ -254,12 +259,15 @@ static void register_hooks(apr_pool_t *p) ap_hook_pre_connection(logio_pre_conn, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_pre_config(logio_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); - ap_hook_post_read_request(logio_post_read_request, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_log_transaction(logio_transaction, pre, NULL, APR_HOOK_MIDDLE); ap_register_input_filter(logio_filter_name, logio_in_filter, NULL, AP_FTYPE_NETWORK - 1); + ap_hook_insert_filter(logio_insert_filter, NULL, NULL, APR_HOOK_LAST); + ap_register_output_filter(logio_ttfb_filter_name, logio_ttfb_filter, NULL, + AP_FTYPE_RESOURCE); + APR_REGISTER_OPTIONAL_FN(ap_logio_add_bytes_out); APR_REGISTER_OPTIONAL_FN(ap_logio_add_bytes_in); APR_REGISTER_OPTIONAL_FN(ap_logio_get_last_bytes); diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 5ea76c6b67..cbbb8f8e9c 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -28,6 +28,7 @@ core keeps dumping.'' -- Unknown */ #include "ssl_private.h" +#include "mod_ssl.h" #include "apr_date.h" /* _________________________________________________________________ diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index aef6b46535..ac0c670174 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -29,6 +29,7 @@ time I was too famous.'' -- Unknown */ #include "ssl_private.h" +#include "mod_ssl.h" #include "util_md5.h" static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); @@ -201,10 +202,12 @@ int ssl_hook_ReadReq(request_rec *r) * selected by the SNI. */ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032) - "Hostname %s provided via SNI and hostname %s provided" - " via HTTP select a different server", - servername, r->hostname); - return HTTP_MISDIRECTED_REQUEST; + "Hostname %s provided via SNI and hostname %s provided" + " via HTTP are different", servername, host); + if (r->connection->keepalives > 0) { + return HTTP_MISDIRECTED_REQUEST; + } + return HTTP_BAD_REQUEST; } } else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE) diff --git a/server/core.c b/server/core.c index 37484b66e6..de54dc5a42 100644 --- a/server/core.c +++ b/server/core.c @@ -423,6 +423,7 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv) static void *create_core_server_config(apr_pool_t *a, server_rec *s) { core_server_config *conf; + const char **np; int is_virtual = s->is_virtual; conf = (core_server_config *)apr_pcalloc(a, sizeof(core_server_config)); diff --git a/server/util.c b/server/util.c index 916213c380..b56926a6b7 100644 --- a/server/util.c +++ b/server/util.c @@ -1451,6 +1451,7 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, return find_list_item(p, line, tok, AP_ETAG_WEAK); } + /* Grab a list of tokens of the format 1#token (from RFC7230) */ AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, const char *str_in, |