Passed: apache/httpd#1466 (2.4.x - 184a3aa)

2021-03-02 Thread Travis CI 
Build Update for apache/httpd
-

Build: #1466
Status: Passed

Duration: 16 mins and 17 secs
Commit: 184a3aa (2.4.x)
Author: Yann Ylavic
Message: Merge r1885691 from trunk:

mod_proxy_hcheck: don't pile up health checks.  PR 63010.

Prevent health checks from running for a worker until the last one is fully
finished, to avoid making things worse (memory growth, #connections, ..).

This is done by zeroing worker->s->updated before scheduling the worker in the
threadpool, and resetting the time when it's finished. The scheduler then does
nothing if worker->s->updated is zero.

Also, to save some apr_time_now() calls when !HC_USE_THREADS, *baton->now is
updated in the callback and reused by the scheduler.


Submitted by: ylavic
Reviewed by: ylavic, covener, icing


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1887119 
13f79535-47bb-0310-9956-ffa450edef68

View the changeset: 
https://github.com/apache/httpd/compare/9f7d27daddf1...184a3aa8b71d

View the full build log and details: 
https://travis-ci.com/github/apache/httpd/builds/218770762?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the apache/httpd repository going to 
https://travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Passed: apache/httpd#1465 (2.4.x - 9f7d27d)

2021-03-02 Thread Travis CI 
Build Update for apache/httpd
-

Build: #1465
Status: Passed

Duration: 16 mins and 30 secs
Commit: 9f7d27d (2.4.x)
Author: Yann Ylavic
Message: Merge r1886141, r1886151 from trunk:

* We need to check for (!scheme && (u = strchr(url, ':')) && (u - url) > 14)
  later as (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') is true
  for requests with the CONNECT method which we need to decline. But in many
  cases requests with the CONNECT method have (u - url) > 14 as in this
  case (u - url) is the length of the FQDN the forward proxy should connect
  to.


mod_proxy_http: follow up to r1886141, axe overlong scheme check.

Since mod_proxy can see CONNECT URIs, "hostname:port" versus "scheme:"
is hardly distinguishable (we don't want to limit the length of hostnames),
and we don't allocate the scheme anymore while parsing, let's simply decline
unrecognized schemes (overlong or not) and be caught by the no-handler case
if there really is no proxy handler interested.


Submitted by: rpluem, ylavic
Reviewed by: ylavic, covener, icing


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1887118 
13f79535-47bb-0310-9956-ffa450edef68

View the changeset: 
https://github.com/apache/httpd/compare/599310caf39a...9f7d27daddf1

View the full build log and details: 
https://travis-ci.com/github/apache/httpd/builds/218770654?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the apache/httpd repository going to 
https://travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Errored: apache/httpd#1464 (2.4.x - 599310c)

2021-03-02 Thread Travis CI 
Build Update for apache/httpd
-

Build: #1464
Status: Errored

Duration: 18 mins and 2 secs
Commit: 599310c (2.4.x)
Author: Ruediger Pluem
Message: Merge r1398307, r1465839, r1530603, r1578759, r1729507 from trunk:

* If we face a timeout during receiving the response from the backend and if
  we pinged it successfully before don't assume the whole backend has failed.
  Assume that only the request has failed and return a gateway timeout then.



Add failontimeout to allow server admin to mark balancer member in err if IO 
timeout occurs.

ping tuning via Yann Ylavic 


Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save 
memory.

mod_proxy: axe negative "ping" parameter setting and handling.
This used to check for the backend connection readability only (instead of
the full ping/100-continue round-trip), but the case is already handled by
ap_proxy_connect_backend() which is always called.


Submitted by: rpluem, druggeri, jim, jailletc36, ylavic
Reviewed by: rpluem, ylavic, icing

Github: closes #170


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1887116 
13f79535-47bb-0310-9956-ffa450edef68

View the changeset: 
https://github.com/apache/httpd/compare/d9fcb966e486...599310caf39a

View the full build log and details: 
https://travis-ci.com/github/apache/httpd/builds/218765059?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the apache/httpd repository going to 
https://travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Re: svn commit: r1887085 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/http_protocol.h modules/md/mod_md.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_pri

2021-03-02 Thread Ruediger Pluem 



On 3/2/21 3:21 PM, ic...@apache.org wrote:
> Author: icing
> Date: Tue Mar  2 14:21:18 2021
> New Revision: 1887085
> 
> URL: http://svn.apache.org/viewvc?rev=1887085=rev
> Log:
> Adding more ap_ssl_* functions and hooks to the core server.
> 
>  - ap_ssl_add_cert_files() to enable other modules like mod_md to provide
>certificate and keys for an SSL module like mod_ssl.
>  - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
>provide a fallback certificate in case no 'proper' certificate is
>available for an SSL module like mod_ssl.
>  - ap_ssl_answer_challenge() to enable other modules like mod_md to
>provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge
>for the ACME protocol for an SSL module like mod_ssl.
> - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and
>   'ssl_answer_challenge' where modules like mod_md can provide providers
>   to the above mentioned functions.
> 
> 
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/include/ap_mmn.h
> httpd/httpd/trunk/include/http_protocol.h
> httpd/httpd/trunk/modules/md/mod_md.c
> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> httpd/httpd/trunk/modules/ssl/ssl_private.h
> httpd/httpd/trunk/server/protocol.c
> 

> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1887085=1887084=1887085=diff
> ==
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Tue Mar  2 14:21:18 2021
> @@ -2316,11 +2316,29 @@ void ssl_callback_Info(const SSL *ssl, i
>  #ifdef HAVE_TLSEXT
>  
>  static apr_status_t set_challenge_creds(conn_rec *c, const char *servername,
> -SSL *ssl, X509 *cert, EVP_PKEY *key)
> +SSL *ssl, X509 *cert, EVP_PKEY *key,
> +const char *cert_file, const char 
> *key_file)
>  {
>  SSLConnRec *sslcon = myConnConfig(c);
>  
>  sslcon->service_unavailable = 1;
> +if (cert_file) {
> +if (SSL_use_certificate_chain_file(ssl, cert_file) < 1) {

As noted by the failure of build #1461 (
https://travis-ci.com/github/apache/httpd/jobs/487481449)
SSL_use_certificate_chain_file is not available with OpenSSL 1.0.2 which is 
still the OS
provided standard version with Ubuntu 16 LTS and RedHat / Centos 7.

Regards

RĂ¼diger

Re: Errored: apache/httpd#1461 (trunk - cd1fa48)

2021-03-02 Thread Joe Orton 
On Tue, Mar 02, 2021 at 03:17:36PM +, Travis CI wrote:
> Build Update for apache/httpd
> -
> 
> Build: #1461
> Status: Errored
> 
> Duration: 21 mins and 38 secs
> Commit: cd1fa48 (trunk)
> Author: Stefan Eissing
> Message: Adding log tags where log tags are needed.
> 
> 
> 
> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887087 
> 13f79535-47bb-0310-9956-ffa450edef68
> 
> View the changeset: 
> https://github.com/apache/httpd/compare/5dc01860dbf5...cd1fa489d29d
> 
> View the full build log and details: 
> https://travis-ci.com/github/apache/httpd/builds/218728190?utm_medium=notification_source=email

Most of this crop of failures are docker hub stuff, which I apparently 
forgot to test/push fixes for (WIP, sorry), but the other half is a 
genuine failure:

waiting 60 seconds for server to start: .httpd: Syntax error on line 312 
of 
/home/travis/build/apache/httpd/test/perl-framework/t/conf/httpd.conf: 
Cannot load /home/travis/build/apache/httpd/modules/ssl/.libs/mod_ssl.so 
into server: 
/home/travis/build/apache/httpd/modules/ssl/.libs/mod_ssl.so: undefined 
symbol: SSL_use_certificate_chain_file

on the Xenial build, which has: OpenSSL 1.0.2g 1 Mar 2016

https://travis-ci.com/github/apache/httpd/jobs/487481449

Re: Allowing balancer without ProxyPass

2021-03-02 Thread jean-frederic clere 

On 02/03/2021 16:07, Yann Ylavic wrote:

On Tue, Mar 2, 2021 at 3:44 PM jean-frederic clere  wrote:


On 02/03/2021 12:35, Yann Ylavic wrote:

On Tue, Mar 2, 2021 at 11:05 AM jean-frederic clere  wrote:


Has anyone something against making the above creating a balancer that
can be used later by the balancer-manager handler to create the
corresponding workers and a customized load_balancer provider to replace
the ProxyPass logic?


+1

That's something like this right?


Yes ;-)


OK, but note that it also affects the proxy workers (not only
balancers), such that it may define workers that weren't previously
and thus enabling keepalive and things like this for them.


Yes I already had to add a WorkerGrowth directive in my prototype to be 
able to create the workers via the logic of the balancer-handler.




So at backport time (if ever), this is possibly something to think about ;)


Yes I will try to minimize changes ;-)



Cheers;
Yann.




--
Cheers

Jean-Frederic

Errored: apache/httpd#1462 (2.4.x - 97c9e9d)

2021-03-02 Thread Travis CI 
Build Update for apache/httpd
-

Build: #1462
Status: Errored

Duration: 13 mins and 13 secs
Commit: 97c9e9d (2.4.x)
Author: Yann Ylavic
Message: Merge r1887050, r1887052 from trunk:

mod_session: save one apr_strtok() in session_identity_decode().

When the encoding is invalid (missing '='), no need to parse further.


mod_session: account for the '&' in identity_concat().


Submitted by: ylavic
Reviewed by: ylavic, covener, jailletc36


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1887090 
13f79535-47bb-0310-9956-ffa450edef68

View the changeset: 
https://github.com/apache/httpd/compare/d40961fcef88...97c9e9d66cd2

View the full build log and details: 
https://travis-ci.com/github/apache/httpd/builds/218735008?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the apache/httpd repository going to 
https://travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Errored: apache/httpd#1461 (trunk - cd1fa48)

2021-03-02 Thread Travis CI 
Build Update for apache/httpd
-

Build: #1461
Status: Errored

Duration: 21 mins and 38 secs
Commit: cd1fa48 (trunk)
Author: Stefan Eissing
Message: Adding log tags where log tags are needed.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887087 
13f79535-47bb-0310-9956-ffa450edef68

View the changeset: 
https://github.com/apache/httpd/compare/5dc01860dbf5...cd1fa489d29d

View the full build log and details: 
https://travis-ci.com/github/apache/httpd/builds/218728190?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the apache/httpd repository going to 
https://travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Re: Allowing balancer without ProxyPass

2021-03-02 Thread Yann Ylavic 
On Tue, Mar 2, 2021 at 3:44 PM jean-frederic clere  wrote:
>
> On 02/03/2021 12:35, Yann Ylavic wrote:
> > On Tue, Mar 2, 2021 at 11:05 AM jean-frederic clere  
> > wrote:
> >>
> >> Has anyone something against making the above creating a balancer that
> >> can be used later by the balancer-manager handler to create the
> >> corresponding workers and a customized load_balancer provider to replace
> >> the ProxyPass logic?
> >
> > +1
> >
> > That's something like this right?
>
> Yes ;-)

OK, but note that it also affects the proxy workers (not only
balancers), such that it may define workers that weren't previously
and thus enabling keepalive and things like this for them.

So at backport time (if ever), this is possibly something to think about ;)

Cheers;
Yann.

Broken: apache/httpd#1460 (trunk - 5dc0186)

2021-03-02 Thread Travis CI 
Build Update for apache/httpd
-

Build: #1460
Status: Broken

Duration: 6 mins and 46 secs
Commit: 5dc0186 (trunk)
Author: Stefan Eissing
Message: Adding more ap_ssl_* functions and hooks to the core server.

 - ap_ssl_add_cert_files() to enable other modules like mod_md to provide
   certificate and keys for an SSL module like mod_ssl.
 - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
   provide a fallback certificate in case no 'proper' certificate is
   available for an SSL module like mod_ssl.
 - ap_ssl_answer_challenge() to enable other modules like mod_md to
   provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge
   for the ACME protocol for an SSL module like mod_ssl.
- Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and
  'ssl_answer_challenge' where modules like mod_md can provide providers
  to the above mentioned functions.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887085 
13f79535-47bb-0310-9956-ffa450edef68

View the changeset: 
https://github.com/apache/httpd/compare/ba708f0e78a5...5dc01860dbf5

View the full build log and details: 
https://travis-ci.com/github/apache/httpd/builds/218724522?utm_medium=notification_source=email


--

You can unsubscribe from build emails from the apache/httpd repository going to 
https://travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Re: Allowing balancer without ProxyPass

2021-03-02 Thread jean-frederic clere 

On 02/03/2021 12:35, Yann Ylavic wrote:

On Tue, Mar 2, 2021 at 11:05 AM jean-frederic clere  wrote:


Has anyone something against making the above creating a balancer that
can be used later by the balancer-manager handler to create the
corresponding workers and a customized load_balancer provider to replace
the ProxyPass logic?


+1

That's something like this right?


Yes ;-)



Index: modules/proxy/mod_proxy.c
===
--- modules/proxy/mod_proxy.c(revision 1887057)
+++ modules/proxy/mod_proxy.c(working copy)
@@ -2649,7 +2649,7 @@ static const char *proxysection(cmd_parms *cmd, vo

  ap_add_per_proxy_conf(cmd->server, new_dir_conf);

-if (*arg != '\0') {
+{
  if (thiscmd->cmd_data)
  return "Multiple  arguments not (yet) supported.";
  if (conf->p_is_fnmatch)
--

Regards;
Yann.




--
Cheers

Jean-Frederic

Re: Allowing balancer without ProxyPass

2021-03-02 Thread Yann Ylavic 
On Tue, Mar 2, 2021 at 11:05 AM jean-frederic clere  wrote:
>
> Has anyone something against making the above creating a balancer that
> can be used later by the balancer-manager handler to create the
> corresponding workers and a customized load_balancer provider to replace
> the ProxyPass logic?

+1

That's something like this right?

Index: modules/proxy/mod_proxy.c
===
--- modules/proxy/mod_proxy.c(revision 1887057)
+++ modules/proxy/mod_proxy.c(working copy)
@@ -2649,7 +2649,7 @@ static const char *proxysection(cmd_parms *cmd, vo

 ap_add_per_proxy_conf(cmd->server, new_dir_conf);

-if (*arg != '\0') {
+{
 if (thiscmd->cmd_data)
 return "Multiple  arguments not (yet) supported.";
 if (conf->p_is_fnmatch)
--

Regards;
Yann.

Allowing balancer without ProxyPass

2021-03-02 Thread jean-frederic clere 

Hi,

The following in httpd.conf:
+++


+++
does nothing in a configuration, not even a warning ;-)

Has anyone something against making the above creating a balancer that 
can be used later by the balancer-manager handler to create the 
corresponding workers and a customized load_balancer provider to replace 
the ProxyPass logic?


--
Cheers

Jean-Frederic