summaryrefslogtreecommitdiff
path: root/CHANGES
Commit message (Collapse)AuthorAgeFilesLines
* *) mod_autht_jwt: New module to handle RFC 7519 JWT tokens withinGraham Leggett2023-04-251-0/+11
| | | | | | | | | | | | | | | bearer tokens, both as part of the aaa framework, and as a way to generate tokens and pass them to backend servers and services. *) mod_auth_bearer: New module to handle RFC 6750 Bearer tokens, using the token_checker hook. *) mod_autht_core: New module to handle provider aliases for token authentication. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909411 13f79535-47bb-0310-9956-ffa450edef68
* core: Add the token_checker hook, that allows authentication to takeGraham Leggett2023-04-251-0/+4
| | | | | | | | place using mechanisms other than username/password, such as bearer tokens. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909409 13f79535-47bb-0310-9956-ffa450edef68
* mod_alias: When an alias is declared inside a Location, make sureGraham Leggett2023-04-141-0/+5
| | | | | | | | | the balance of the URL is preserved to match the alias declared outside a location. Fixes an error where all requests are mapped to the root of the location. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909137 13f79535-47bb-0310-9956-ffa450edef68
* core: Be explicit if an enclosing directive contains a path or aGraham Leggett2023-04-141-0/+3
| | | | | | | regex. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909135 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES.Yann Ylavic2023-03-311-0/+36
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908867 13f79535-47bb-0310-9956-ffa450edef68
* Add SSL_SHARED_CIPHER environment variableDirk-Willem van Gulik2023-03-061-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908132 13f79535-47bb-0310-9956-ffa450edef68
* Sync changes [skip ci]Yann Ylavic2023-03-021-0/+82
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907983 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_proxy_hcheck: Re-enable workers in standard ERROR state. PR 66302.Jim Jagielski2022-10-111-0/+3
| | | | | | | [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904518 13f79535-47bb-0310-9956-ffa450edef68
* Remove trailing whitespaceJim Jagielski2022-10-111-112/+112
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904517 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_proxy_hcheck: Detect AJP/CPING support correctly. PR 66300.Jim Jagielski2022-10-111-0/+3
| | | | | | | | | [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904516 13f79535-47bb-0310-9956-ffa450edef68
* Document hcmethod enhancement to allow HTTP/1.1 commsJim Jagielski2022-08-281-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903745 13f79535-47bb-0310-9956-ffa450edef68
* Trigger ci (check APR revert r1902369).Yann Ylavic2022-06-301-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1902370 13f79535-47bb-0310-9956-ffa450edef68
* typo [skip ci]Giovanni Bechis2022-06-031-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901596 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES [skip ci]Yann Ylavic2022-06-021-0/+18
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901551 13f79535-47bb-0310-9956-ffa450edef68
* Credits [skip ci]Yann Ylavic2022-05-181-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901035 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries [skip ci]Yann Ylavic2022-05-181-0/+106
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901034 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1899809: Will reapply using newRainer Jung2022-04-191-4/+0
| | | | | | | changes-entries method for CHANGES handling. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900025 13f79535-47bb-0310-9956-ffa450edef68
* mod_heartmonitor: Set the documented default valueRainer Jung2022-04-131-0/+4
| | | | | | | | "10" for HeartbeatMaxServers instead of "0". With "0" no shared memory slotmem was initialized. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899809 13f79535-47bb-0310-9956-ffa450edef68
* Remove libsystemd dependency from main httpd binaryJoe Orton2022-04-121-0/+4
| | | | | | | | | | | | | | | Until this change httpd was linking libsystemd to the main httpd binary. If you want to run lightweight version of httpd in container, sometimes you just want to install httpd binary with as little dependencies as possible to make container small in size and do not pull uncencessary dependencies and libraries. This change will move all systemd library calls from listen.c to mod_systemd module and remove systemd linking from the main httpd bin. Fixed mixed declaration and wrongly declared variable. Submitted by: Luboš Uhliarik <luhliari redhat.com> Github: closes #312 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899784 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1899390.Jean-Frederic Clere2022-04-011-4/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899479 13f79535-47bb-0310-9956-ffa450edef68
* Add WorkerBalancerGrowth. To allow creation of workersJean-Frederic Clere2022-03-301-0/+4
| | | | | | | to dynamically added balancers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899390 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries [skip ci]Yann Ylavic2022-03-071-0/+60
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898697 13f79535-47bb-0310-9956-ffa450edef68
* Fix CHANGES typo. [skip ci]Yann Ylavic2022-02-081-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897862 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries. [skip ci]Yann Ylavic2022-02-081-0/+26
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897858 13f79535-47bb-0310-9956-ffa450edef68
* *) core/mod_ssl/mpm_event: reverting changes to nonblocing SSL handshakesStefan Eissing2022-02-041-6/+0
| | | | | | | | | | to stabilize CI tests again. Previous revision of trunk has been copied to branches/trunk-ssl-handshake-unblocking to make those into a PR where changes can be discussed and tested separately. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897760 13f79535-47bb-0310-9956-ffa450edef68
* event: Add AP_MPM_CAN_AGAIN and AGAIN to signal to the MPM thatGraham Leggett2022-01-241-2/+3
| | | | | | | non blocking behaviour is requested. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897423 13f79535-47bb-0310-9956-ffa450edef68
* event: Add support for non blocking behaviour in theGraham Leggett2022-01-211-0/+5
| | | | | | | | | CONN_STATE_READ_REQUEST_LINE phase, in addition to the existing CONN_STATE_WRITE_COMPLETION phase. Update mod_ssl to perform non blocking TLS handshakes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897281 13f79535-47bb-0310-9956-ffa450edef68
* Revert 1897156.Graham Leggett2022-01-201-5/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897273 13f79535-47bb-0310-9956-ffa450edef68
* core: Allow an optional expression to be specified for an effectiveGraham Leggett2022-01-171-0/+5
| | | | | | | | | path in the DirectoryMatch and LocationMatch directives. This allows modules like mod_dav to map URLs to URL spaces or to directories on the filesystem. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897156 13f79535-47bb-0310-9956-ffa450edef68
* Trim leading empty lines [skip ci]Yann Ylavic2021-12-141-3/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895957 13f79535-47bb-0310-9956-ffa450edef68
* Sync changes-entries [skip ci].Yann Ylavic2021-12-141-0/+18
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895953 13f79535-47bb-0310-9956-ffa450edef68
* * Whitespace fixesRuediger Pluem2021-12-091-35/+35
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895718 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries. [skip ci].Yann Ylavic2021-12-031-0/+99
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895558 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES [skip ci].Yann Ylavic2021-10-071-0/+10
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893983 13f79535-47bb-0310-9956-ffa450edef68
* Adding old changelog entryChristophe Jaillet2021-09-291-0/+2
| | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893735 13f79535-47bb-0310-9956-ffa450edef68
* * Update CHANGES [skip ci]Ruediger Pluem2021-09-241-0/+43
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893590 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES [skip ci].Yann Ylavic2021-09-071-0/+19
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893049 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES [skip ci].Yann Ylavic2021-09-031-0/+15
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892879 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries [skip ci].Yann Ylavic2021-08-301-0/+40
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892737 13f79535-47bb-0310-9956-ffa450edef68
* Fix CHANGES typo s/mpm/mod/ [skip ci].Yann Ylavic2021-07-121-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891478 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries.Yann Ylavic2021-07-021-0/+45
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891217 13f79535-47bb-0310-9956-ffa450edef68
* dbm: Split the loading of a dbm driver from the opening of a dbm file. WhenGraham Leggett2021-06-241-0/+4
| | | | | | | | an attempt to load a dbm driver fails, log clearly which driver triggered the error (not "default"), and what the error was. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891019 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries. [skip ci]Yann Ylavic2021-05-171-0/+30
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889961 13f79535-47bb-0310-9956-ffa450edef68
* Fix some typosChristophe Jaillet2021-04-191-3/+3
| | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888963 13f79535-47bb-0310-9956-ffa450edef68
* Add a change entryChristophe Jaillet2021-04-181-1/+2
| | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888925 13f79535-47bb-0310-9956-ffa450edef68
* Apply CHANGES. [skip ci]Yann Ylavic2021-04-011-0/+26
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888270 13f79535-47bb-0310-9956-ffa450edef68
* mod_md:Stefan Eissing2021-03-221-0/+2
| | | | | | | | | - MDCertificateFile and MDCertificateKeyFile can now be specified several times to add multiple, static certificates to a MDomain. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887923 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: v2.4.0 with improvements and bugfixesStefan Eissing2021-03-081-0/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - MDPrivateKeys allows the specification of several types. Beside "RSA" plus optional key lengths elliptic curves can be configured. This means you can have multiple certificates for a Managed Domain with different key types. With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA certificate and all modern client will use the shorter ECDSA, while older client will get the RSA certificate. Many thanks to @tlhackque who pushed and helped on this. - Support added for MDomains consisting of a wildcard. Configuring ```MDomain *.host.net``` will match all virtual hosts matching that pattern and obtain one certificate for it (assuming you have 'dns-01' challenge support configured). Addresses #239. - Removed support for ACMEv1 servers. The only known installation used to be Let's Encrypt which has disabled that version more than a year ago for new accounts. - Andreas Ulm (<https://github.com/root360-AndreasUlm>) implemented the ```renewing``` call to ```MDMessageCmd``` that can deny a certificate renewal attempt. This is useful in clustered installations, as discussed in #233). - New event ```challenge-setup:<type>:<domain>```, triggered when the challenge data for a domain has been created. This is invoked before the ACME server is told to check for it. The type is one of the ACME challenge types. This is invoked for every DNS name in a MDomain. - The max delay for retries has been raised to daily (this is like all retries jittered somewhat to avoid repeats at fixed time of day). - Certain error codes reported by the ACME server that indicate a problem with the configured data now immediately switch to daily retries. For example: if the ACME server rejects a contact email or a domain name, frequent retries will most likely not solve the problem. But daily retries still make sense as there might be an error at the server and un-supervised certificate renewal is the goal. Refs #222. - Test case and work around for domain names > 64 octets. Fixes #227. When the first DNS name of an MD is longer than 63 octets, the certificate request will not contain a CN field, but leave it up to the CA to choose one. Currently, Lets Encrypt looks for a shorter name in the SAN list given and fails the request if none is found. But it is really up to the CA (and what browsers/libs accept here) and may change over the years. That is why the decision is best made at the CA. - Retry delays now have a random +/-[0-50]% modification applied to let retries from several servers spread out more, should they have been restarted at the same time of day. - Fixed several places where the 'badNonce' return code from an ACME server was not handled correctly. The test server 'pebble' simulates this behaviour by default and helps nicely in verifying this behaviour. Thanks, pebble! - Set the default `MDActivationDelay` to 0. This was confusing to users that new certificates were deemed not usably before a day of delay. When clocks are correct, using a new certificate right away should not pose a problem. - When handling ACME authorization resources, the module no longer requires the server to return a "Location" header, as was necessary in ACMEv1. Fixes #216. - Fixed a theoretical uninitialized read when testing for JSON error responses from the ACME CA. Reported at <https://bz.apache.org/bugzilla/show_bug.cgi?id=64297>. - ACME problem reports from CAs that include parameters in the Content-Type header are handled correctly. (Previously, the problem text would not be reported and retries could exist CA limits.) - Account Update transactions to V2 CAs now use the correct POST-AS-GET method. Previously, an empty JSON object was sent - which apparently LE accepted, but others reject. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887337 13f79535-47bb-0310-9956-ffa450edef68
* typo in old CHANGES entryEric Covener2021-03-081-1/+1
| | | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887311 13f79535-47bb-0310-9956-ffa450edef68
* Changed ap_ssl_answer_challenge() and its hook to provide PEM data forStefan Eissing2021-03-031-1/+2
| | | | | | | | | | | certificate and key instead of file names. Added support for this in mod_ssl and verified with a local mod_md version that uses it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887151 13f79535-47bb-0310-9956-ffa450edef68
View Lorry Controller Status