Re: mod_proxy_fcgi bug using CONTENT_LENGTH and Transfer-Encoding chunked

[Tom Browder]

On Sat, Jun 27, 2020 at 07:54 Luca Toscano  wrote:

> Hi Oliver,
>
> your request was duly noted, we might get somebody to look at this
> during the next days/weeks, but we can't promise anything. The bug is
> sadly not as simple as adding a line of code (see comments in bz
> 57087), plus the current dev resources have limited bandwidth.
>

I was just investigating moving to fast cgi from cgi and this caught my
attention.

Will affect non-php code? Can I avoid chunking files if necessary to work
around the bug?

Thanks.

Best regards,

-Tom

Re: mod_md

[Tom Browder]

On Mon, Jul 24, 2017 at 04:15 Stefan Eissing 
wrote:

> > On Sat, Jul 22, 2017 at 07:00 Stefan Eissing <
> stefan.eiss...@greenbytes.de> wrote:
> > Hey,
> >
> > the alpha version for Let's Encrypt (ACME) support for httpd can be
> found here: https://github.com/icing/mod_md
> >
> > I'd like to get early feedback and stabilize a tad more before bringing
> this into Apache trunk. It also contains a small patch for mod_ssl which
> people should get comfortable about. Or not. Maybe there is a better
> approach.


Stefan, I think you ought to advertise your mod_md on the Let's Encrypt
list of acme clients right now, even though it hasn't been released in a
stable version yet.

Best,

-Tom

Re: mod_md

[Tom Browder]

On Sat, Jul 22, 2017 at 07:00 Stefan Eissing 
wrote:

> Hey,
>
> the alpha version for Let's Encrypt (ACME) support for httpd can be found
> here: https://github.com/icing/mod_md
>
> I'd like to get early feedback and stabilize a tad more before bringing
> this into Apache trunk. It also contains a small patch for mod_ssl which
> people should get comfortable about. Or not. Maybe there is a better
> approach.
>
> Anyways, looking forward to feedback.


Stefan, I look forward to using this mod.  I hope it can be incorporated
into a release soon.

Have you thought about incorporating the cert update method through a
cooperating DNS server (can't think of the tecnical name)?

Thanks for this exciting announcement and the work you are doing.

With warmest regards,

-Tom

Two questions: Macro conversion tool? Any success with mod_dbd and SQLite3?

[Tom Browder]

I'm running httpd 2.4.25 on Debian 8, 64-bit.  I use macros for my 10 or so
vhosts on one server.

I have not yet been able to get mod_dbd to initialize my sqlite3 db for
authn and am going back to the file method until I know what's wrong.

I posted my macro on the users' list yesterday.

Is there any apache tool to convert the httpd.conf file with its includes
and macros into the final product for visual debugging?

Is there a working httpd.conf file doing successful dbd authn and form
login with sqlite3 that can be seen by the public? (Maybe in testing--going
to look there soon.)

Thanks.

Best regards,

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Sun, Apr 9, 2017 at 6:32 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
> Am 09.04.2017 um 13:16 schrieb Tom Browder:
...
> no distribution out there is using the bundeled apr for good reasons
>
> 1: build and install apr
> 2: build and install apr-util which uses apr
> 3: build httpd
...
> and for start building software you should look how your distribution does
> it, on Redhat systems you have the src,rpm packages and the spec files
> contain very clear BuildRequires and you should vene use that spec-files and
> modify them for your needs as start


Good suggestion.

Thanks,

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Sat, Apr 8, 2017 at 18:34 Nick Kew <n...@apache.org> wrote:

> On Sat, 2017-04-08 at 16:43 -0500, Tom Browder wrote:
>
> > config.log
> >
> >   https://gist.github.com/tbrowder/2878124ad5fc35cb71a65a38e2950583
>
> OK, where did you read that --with-pgsql would work with HTTPD's
> configure?  If it's anywhere at apache.org, we have a docs bug.
> You need to build apr-util with pgsql!  Or use your distro package.


With all due respect, Nick, the build and installation docs need some
work.  Some time ago, when I first started building httpd, the included
build seemed to be the way to go. That implied, at least to me, that
configuration options passed to httpd would get passed to apr and
apr-util.  Otherwise, how does sqlite3 get built in my case (and how does
pgsql NOT get built)?

Best regards,

-Tom

P.S.  I have loved the httpd macro capability and hope the warnings about
undefined defs at first touch wll get fixed before I die. I offered to help
if someone would just help me get started but got no response. I am no
expert, but I have contributed much significant C and C++ code to BRL-CAD (
brlcad.org) whose code is probably as hard to dive into as yours.  There
people willing to help are eased into the project while getting to learn
their way around.  I know there is much resistance to changing to C++ in
large C projects, but starting a gradual transition to C++ has helped to
get new contributors there as well as helping to get the code base better
organized.

Re: APr Utils and PostgreSQL

[Tom Browder]

On Sat, Apr 8, 2017 at 1:17 PM, Nick Kew <n...@apache.org> wrote:
> On Sat, 2017-04-08 at 10:45 -0500, Tom Browder wrote:
...
>> I would love to help debug or fix this if I can, but I'm out of ideas.
>> Best regards,
...
> If it's all greek to you, post it along with your config.nice
> to a pastebin and bug me or someone to take a look.

config.nice:

  https://gist.github.com/tbrowder/3bcf8a2f07000a6384bd8aba9df77406

config.log

  https://gist.github.com/tbrowder/2878124ad5fc35cb71a65a38e2950583

Good luck!

Best regards,

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 2:04 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> On Fri, Apr 7, 2017 at 10:36 Nick Kew <n...@apache.org> wrote:
>> On Fri, 2017-04-07 at 08:28 -0500, Tom Browder wrote:
>> > I am trying to get the pqsql lib built and cannot get the config
>> > option correct.  The help says:
...
> Now that my server is up and running (with sqlite directives now working), I
> will try rebuilding (but not installing) with apr and apr-util just to
> ensure it works.

Well, i tried again and NO pgsql build (although I do have it
available with the Deb apr-util pgsql package install).

I would love to help debug or fix this if I can, but I'm out of ideas.

Best regards,

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 10:36 Nick Kew <n...@apache.org> wrote:

>
> On Fri, 2017-04-07 at 08:28 -0500, Tom Browder wrote:
> > I am trying to get the pqsql lib built and cannot get the config
> > option correct.  The help says:
>
> OK, I read your mail (as I do most mail) on Debian, and I have
> their standard -dev package installed via aptitude.
> So I tested a new build, and a simple --with-pgsql worked for me:
> after make, I have the driver.  If it had not worked, that would
> be a bug, and we'd want to know about it!
>
> Since you're asking on the httpd list, is it possible you're
> mixing httpd/apr/apu builds, and not actually reconfiguring apu
> when you specify your options?


Thats possible, Nick, and the presence of the old libs probably didn't
help.  And I may also have used a munged config script during all my
changes.

Now that my server is up and running (with sqlite directives now working),
I will try rebuilding (but not installing) with apr and apr-util just to
ensure it works.

Thanks.

>
-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 11:47 AM, Yann Ylavic <ylavic@gmail.com> wrote:
> On Fri, Apr 7, 2017 at 6:28 PM, Tom Browder <tom.brow...@gmail.com> wrote:
>>
>> Well, I already had libpq-dev installed and nothing changed: no lib fpr 
>> pgsql.
>
> I'd try --with-pgsql=/usr on debian.


Thanks, Yann, but I have a successful build now without the
apr/apr-util. I have an old system and had to blow away some old local
apr/apr-util builds and I think all is well now.

Thanks for the help all.

Best regards,

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 11:28 AM, Tom Browder <tom.brow...@gmail.com> wrote:
...

Okay, I'm NOT going to use local build of apr and apr-util.  But while
I'm looking at my standard config, what is your advice on using (or
not):

  --with=distcache

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 11:06 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 07.04.2017 um 17:53 schrieb Tom Browder:
>>
>> On Fri, Apr 7, 2017 at 10:11 AM, Reindl Harald <h.rei...@thelounge.net>
>> wrote:
>>>
>>>
>>>
>>> Am 07.04.2017 um 17:06 schrieb Tom Browder:
>>>>
>>>>
>>>> On Fri, Apr 7, 2017 at 09:53 Jordan Gigov <colad...@gmail.com
>>>> <mailto:colad...@gmail.com>> wrote:
>>>>
>>>>  The =DIR parameter is optional. If you have the libpq-dev package
>>>>  installed, it should find it automatically.
>>>>
>>>> I do have the dev package installed, but it didn't find it.  In the
>>>> interim, would creating a pkg-config pc file and pointing DIR at it
>>>> work?
>>>
>>>
>>>
>>> http://www.catb.org/esr/faqs/smart-questions.html#beprecise
>>>
>>> why don't you tell in your first post relevant informations?
>>>
>>> * exact os version
>>> * installed packages
>>> * complete ./configure line
>>> * complete output of ./configure
>>
>>
>> Okay.
>>
>>> "I do have the dev package installed" 4 posts later - seriously?
>>
>>
>> Well, mea culpa, but I didn't think of it since it's so basic, sorry.
>
>
> yes, that's all basic, hnce it works everywhere but in your case
>
>> Packages  with postgresql in their name:
>>
>> $ aptitude search postgres | grep ^i
>> i A postgresql-client-common- manager for multiple PostgreSQL
>> client ver
>> i A postgresql-common   - PostgreSQL database-cluster manager
>> i A postgresql-server-dev-9.4   - development files for PostgreSQL 9.4
>> serve
>> i   postgresql-server-dev-all   - extension build tool for multiple
>> PostgreS
>
>
> looks good, i guess debian has a weird naming sicne it's the client
> libraries you link against
>
>>https://gist.github.com/tbrowder/451e0f735bd281dde6694f189b8f6d61
>
>
> https://gist.github.com/tbrowder/451e0f735bd281dde6694f189b8f6d61
>
> don't show any errors and postgresql is stattet with yes
> so what is your *problem*
> hecking postgresql/libpq-fe.h usability... yes
> checking postgresql/libpq-fe.h presence... yes
> checking for postgresql/libpq-fe.h... yes
>
> main question: why in the world are you building from source?
> https://packages.debian.org/jessie/libaprutil1-dbd-pgsql

Because I want to be running the latest httpd (and use pgsql and
splite3), and I didn't know of the package you mentioned:

  libaprutil1-dbd-pgsql

Thanks.

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 11:02 AM, Yann Ylavic <ylavic@gmail.com> wrote:
> On Fri, Apr 7, 2017 at 5:53 PM, Tom Browder <tom.brow...@gmail.com> wrote:
>>
>> Packages  with postgresql in their name:
>>
>> $ aptitude search postgres | grep ^i
>> i A postgresql-client-common- manager for multiple PostgreSQL client 
>> ver
>> i A postgresql-common   - PostgreSQL database-cluster manager
>> i A postgresql-server-dev-9.4   - development files for PostgreSQL 9.4 
>> serve
>> i   postgresql-server-dev-all   - extension build tool for multiple 
>> PostgreS
>
> I think you only need libpq-dev (the pgsql library).

Ah, I'll bet that's the key, Yann--thanks so much--I'll report back
momentarily.!

Best regards,

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 10:53 AM, Tom Browder <tom.brow...@gmail.com> wrote:
>>> I do have the dev package installed, but it didn't find it.  In the
>>> interim, would creating a pkg-config pc file and pointing DIR at it work?

I just rebuilt the package and don't see a *pgsql.so file, but I do see:

./srclib/apr-util-1.5.4/dbd/NWGNUdbdpgsql

whose contents are:

#
# Declare the sub-directories to be built here
#

SUBDIRS = \
$(EOLIST)

#
# Get the 'head' of the build environment.  This includes default targets and
# paths to tools
#

ifndef EnvironmentDefined
include $(APR_WORK)/build/NWGNUhead.inc
endif

#include $(APR)\build\NWGNUcustom.inc

#
# build this level's files

#
# Make sure all needed macro's are defined
#

# LINK_STATIC = 1

# for now defined here - should finally go into build/NWGNUenvironment.inc
PGSQL_INC = $(PGSQLSDK)/inc
PGSQL_IMP = libpq.imp
PGSQL_LIB = libpq.lib
PGSQL_NLM = libpq

#
# These directories will be at the beginning of the include list, followed by
# INCDIRS
#
XINCDIRS += \
$(APR)/include/arch/netware \
$(APR)/include \
$(APU)/include \
$(APU)/include/private \
$(APR) \
$(PGSQL_INC) \
$(EOLIST)

#
# These flags will come after CFLAGS
#
XCFLAGS += \
$(EOLIST)

#
# These defines will come after DEFINES
#
XDEFINES += \
-DAPU_DSO_MODULE_BUILD \
-DAPU_HAVE_PGSQL=1 \
-DHAVE_LIBPQ_FE_H \
$(EOLIST)

#
# These flags will be added to the link.opt file
#
XLFLAGS += \
$(EOLIST)

ifdef LINK_STATIC
XLFLAGS += \
-l $(PGSQLSDK)/lib \
$(EOLIST)
else
XLFLAGS += \
-l $(PGSQLSDK)/imp \
$(EOLIST)
endif

#
# These values will be appended to the correct variables based on the value of
# RELEASE
#
ifeq "$(RELEASE)" "debug"
XINCDIRS += \
$(EOLIST)

XCFLAGS += \
$(EOLIST)

XDEFINES += \
$(EOLIST)

XLFLAGS += \
$(EOLIST)
endif

ifeq "$(RELEASE)" "noopt"
XINCDIRS += \
$(EOLIST)

XCFLAGS += \
$(EOLIST)

XDEFINES += \
$(EOLIST)

XLFLAGS += \
$(EOLIST)
endif

ifeq "$(RELEASE)" "release"
XINCDIRS += \
$(EOLIST)

XCFLAGS += \
$(EOLIST)

XDEFINES += \
$(EOLIST)

XLFLAGS += \
$(EOLIST)
endif

#
# These are used by the link target if an NLM is being generated
# This is used by the link 'name' directive to name the nlm.  If left blank
# TARGET_nlm (see below) will be used.
#
NLM_NAME = dbdpgsql

#
# This is used by the link '-desc ' directive.
# If left blank, NLM_NAME will be used.
#
NLM_DESCRIPTION = Apache Portability Runtime Library $(VERSION_STR)
DBD PostgreSQL Driver Module

#
# This is used by the '-threadname' directive.  If left blank,
# NLM_NAME Thread will be used.
#
NLM_THREAD_NAME = dbdpgsql

#
# If this is specified, it will override VERSION value in
# $(AP_WORK)\build\NWGNUenvironment.inc
#
NLM_VERSION =

#
# If this is specified, it will override the default of 64K
#
NLM_STACK_SIZE = 8192


#
# If this is specified it will be used by the link '-entry' directive
#
NLM_ENTRY_SYM =

#
# If this is specified it will be used by the link '-exit' directive
#
NLM_EXIT_SYM =

#
# If this is specified it will be used by the link '-check' directive
#
NLM_CHECK_SYM =

#
# If these are specified it will be used by the link '-flags' directive
#
NLM_FLAGS =

#
# If this is specified it will be linked in with the XDCData option in the def
# file instead of the default of $(NWOS)/apache.xdc.  XDCData can be disabled
# by setting APACHE_UNIPROC in the environment
#
XDCDATA =

#
# If there is an NLM target, put it here
#
TARGET_nlm = \
$(OBJDIR)/$(NLM_NAME).nlm \
$(EOLIST)

#
# If there is an LIB target, put it here
#
TARGET_lib = \
$(EOLIST)

#
# These are the OBJ files needed to create the NLM target above.
# Paths must all use the '/' character
#
FILES_nlm_objs = \
$(OBJDIR)/apr_dbd_pgsql.o \
$(EOLIST)

#
# These are the LIB files needed to create the NLM target above.
# These will be added as a library command in the link.opt file.
#
FILES_nlm_libs = \
$(PRELUDE) \
$(EOLIST)

ifeq ($(LINK_STATIC),1)
FILES_nlm_libs += \
$(PGSQL_LIB) \
$(EOLIST)
endif

#
# These are the modules that the above NLM target depends on to load.
# These will be added as a module command in the link.opt file.
#
FILES_nlm_modules = \
aprlib \
libc \
$(EOLIST)

ifneq ($(LINK_STATIC),1)
FILES_nlm_modules += \
$(PGSQL_NLM) \
$(EOLIST)
endif

#
# If the nlm has a msg file, put it's path here
#
FILE_nlm_msg =

#
# If the nlm has a hlp file put it's path here
#
FILE_nlm_hlp =

#
# If this is specified, it will override $(NWOS)\copyright.txt.
#
FILE_nlm_copyright =

#
# Any additional imports go here
#
FILES_nlm_Ximports = \
@aprlib.imp \
@libc.imp \
$(EOLIST)

ifneq ($(LINK_STATIC),1)
FILES_nlm_Ximports += \
@$(PGSQL_IMP) \
$(EOLIST)
endif

#
# Any symbols exported to here
#
FILES_nlm_exports = \
apr_dbd_pgsql_driver \
$(EOLIST)

#
# These are the OBJ files needed to create the LIB target above.
# Paths must all use the '/' character
#
FILES_lib_objs = \
$(EOLIST)

#
# implement targets and dependancies (leave this section alone)
#

libs :: $(OBJDIR) $(

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 10:11 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 07.04.2017 um 17:06 schrieb Tom Browder:
>>
>> On Fri, Apr 7, 2017 at 09:53 Jordan Gigov <colad...@gmail.com
>> <mailto:colad...@gmail.com>> wrote:
>>
>> The =DIR parameter is optional. If you have the libpq-dev package
>> installed, it should find it automatically.
>>
>> I do have the dev package installed, but it didn't find it.  In the
>> interim, would creating a pkg-config pc file and pointing DIR at it work?
>
>
> http://www.catb.org/esr/faqs/smart-questions.html#beprecise
>
> why don't you tell in your first post relevant informations?
>
> * exact os version
> * installed packages
> * complete ./configure line
> * complete output of ./configure

Okay.

> "I do have the dev package installed" 4 posts later - seriously?

Well, mea culpa, but I didn't think of it since it's so basic, sorry.

Packages  with postgresql in their name:

$ aptitude search postgres | grep ^i
i A postgresql-client-common- manager for multiple PostgreSQL client ver
i A postgresql-common   - PostgreSQL database-cluster manager
i A postgresql-server-dev-9.4   - development files for PostgreSQL 9.4 serve
i   postgresql-server-dev-all   - extension build tool for multiple PostgreS

$ uname -a
Linux dedi2 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07)
x86_64 GNU/Linux

$ cat .apache-config.sh
SSLDIR=/opt/openssl
export LDFLAGS="-Wl,-rpath,${SSLDIR}/lib"
$SRCDIR/configure  \
--prefix=/usr/local/apache2\
\
--enable-ssl   \
--enable-ssl-staticlib-deps\
--enable-mods-static=ssl   \
--with-ssl=${SSLDIR}   \
\
--enable-mods-shared=reallyall \
--with-perl\
\
--with-included-apr\
--with-pgsql   \
--with-sqlite3 \
\
--with-python  \
--with-lua=/usr\
--enable-layout=Apache \
--with-pcre=/usr/local/bin/pcre-config \
--without-ldap \
--enable-session-crypto\
--enable-session \
--with-crypto\
--with-openssl=${SSLDIR}

See output of configure at github gist:

  https://gist.github.com/tbrowder/451e0f735bd281dde6694f189b8f6d61

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 09:53 Jordan Gigov  wrote:

> The =DIR parameter is optional. If you have the libpq-dev package
> installed, it should find it automatically.


I do have the dev package installed, but it didn't find it.  In the
interim, would creating a pkg-config pc file and pointing DIR at it work?

-Tom

Re: APr Utils and PostgreSQL

[Tom Browder]

On Fri, Apr 7, 2017 at 08:28 Tom Browder <tom.brow...@gmail.com> wrote:

> I am trying to get the pqsql lib built and cannot get the config
> option correct.  The help says:
>
>   with-pgsql=DIR


Uh,

  --with-pgsql=DIR

BTW, I also used

  --with-sqlite3

and that dbd lib was built fine. I'm guessing that the pqsql numbering
system might be causing the problem: more specific info needed.

-Tom

APr Utils and PostgreSQL

[Tom Browder]

I am trying to get the pqsql lib built and cannot get the config
option correct.  The help says:

  with-pgsql=DIR

What DIR, please?  Each package seems to have a different definition
of DIR. I have these on my Deb 8 system:

  /usr/include/postgresql
  ...

  /usr/include/postgresql/9.4 [and lots of subdirs]

  /usr/lib/postgresql/9.4
  /usr/lib/postgresql/9.4/bin
  /usr/lib/postgresql/9.4/lib

  /usr/share/postgresql-common/
  ...

There is no pkg-config postgresql.pc on the system, but I guess I
could make one and use that for DIR.

But what is expected?

Thanks.

Best regards,

-Tom

Re: server-status script donated to ASF

[Tom Browder]

On Sat, Mar 25, 2017 at 8:07 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> On Sat, Mar 25, 2017 at 18:12 Eric Covener <cove...@gmail.com> wrote:
>> On Sat, Mar 25, 2017 at 6:18 PM, Tom Browder <tom.brow...@gmail.com>
>> wrote:
>> >   LuaMapHandler ^/server-status$ /server-status.lua
>>
>> I think the second parm here is a filesystem path and not a URL-path.

Success!

Thanks so much, Eric.

Best regards,

-Tom

Re: server-status script donated to ASF

[Tom Browder]

On Sat, Mar 25, 2017 at 18:12 Eric Covener <cove...@gmail.com> wrote:

> On Sat, Mar 25, 2017 at 6:18 PM, Tom Browder <tom.brow...@gmail.com>
> wrote:
> >   LuaMapHandler ^/server-status$ /server-status.lua
>
> I think the second parm here is a filesystem path and not a URL-path.


Okay, I'll try that.

Thanks.

-Tom

Re: server-status script donated to ASF

[Tom Browder]

On Sat, Mar 25, 2017 at 17:18 Tom Browder <tom.brow...@gmail.com> wrote:
...

> When I compiled apache2 I used the following config entry
> for mod_lua:
>
>   --with-lua=/usr


The reasons I did that were:

+ No clear description in the docs about what path is needed.

+ I repetitively changed the path based on what the config error told me
until I got a clean build and a mod_lua.so.  The messages I was getting
were that the system could not find file lua.h.

Does it need the complete path to the lua interpreter? Or its directory? Or
the lua library? Or some kind of pkg-config incantation?

-Tom

Re: server-status script donated to ASF

[Tom Browder]

On Mon, Mar 20, 2017 at 07:57 Daniel Gruno  wrote:
>
> On 03/20/2017 01:56 PM, Jim Jagielski wrote:
> > Cool... URL?
>
> https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/server-status/

I'm trying to incorporate that script into one of my virtual servers
but am getting an error.

I'm using apache 2.4.25 and compiled it on Debian 8, 64-bit, Linux,
with lua installed using the following Debian packages:

  i A liblua5.2-0 - Shared library for the Lua
interpreter ver
  i   liblua5.2-dev   - Development files for the Lua
language ver
  i   lua5.2  - Simple, extensible, embeddable
programming

When I compiled apache2 I used the following config entry
for mod_lua:

  --with-lua=/usr

In my httpd.conf file in one of my virtual host directives I entered
the following line:

  LuaMapHandler ^/server-status$ /server-status.lua

When I attempt to access server-status at
 I get the following error in my
browser:


Internal Server Error

The server encountered an internal error or misconfiguration and was
unable to complete your request.

Please contact the server administrator at [no address given] to
inform them of the time this error occurred, and the actions you
performed just before this error.

More information about this error may be available in the server error log.


The error log shows:


[Sat Mar 25 16:49:56.654507 2017] [lua:error] [pid 17864:tid
139883896727296] AH01482: Error loading /server-status.lua: cannot
open /server-status.lua: No such file or directory
[Sat Mar 25 16:49:56.654518 2017] [lua:crit] [pid 17864:tid
139883896727296] [client 76.3.2.56:54332] AH02330: lua: Failed to
obtain Lua interpreter for entry function 'handle' in
/server-status.lua


I also tried this line in the httpd.conf:

and got essentially the same results. From the error log:


[Sat Mar 25 17:05:15.460393 2017] [lua:error] [pid 10792:tid
139883913512704] AH01482: Error loading
/https:/usafa-1965.org/server-status.lua: cannot open
/https:/usafa-1965.org/server-status.lua: No such file or directory
[Sat Mar 25 17:05:15.460406 2017] [lua:crit] [pid 10792:tid
139883913512704] [client 76.3.2.56:54364] AH02330: lua: Failed to
obtain Lua interpreter for entry function 'handle' in
https://usafa-1965.org/server-status.lua


In both cases the file actually exists.

I suspect the problem is in the config file, but that's just a guess.

Any ideas?

Thanks.

Best regards,

-Tom

Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)

[Tom Browder]

Interesting article in latest issue of subject titled:

  "A Differential Approach to Undefined Behavior Detection"

which may describe procedures not used in other static analysis programs.

Article references the authors' website here:

  http://css.csail.mit.edu/stack

which contains more info links and a link to the software on github here:

  https://github.com/xiw/stack

Best regards,

-Tom

Re: Unexpected Warnings from Macro Use in 2.4

[Tom Browder]

On Mon, Aug 24, 2015 at 6:40 AM, Nick Gearls  wrote:
> This is definitely a bug as we have a major incompatibility between two
> features.

I have filed bug report ID 58304.

-Tom

Re: Unexpected Warnings from Macro Use in 2.4

[Tom Browder]

On Tue, Feb 24, 2015 at 7:15 AM, Tom Browder tom.brow...@gmail.com wrote:

 On Feb 24, 2015 6:52 AM, Nick Gearls nickgea...@gmail.com wrote:

 Define mysite   www.mycompany.com

 Macro NewSite $mysite
  Servername${mysite}
  ErrorLog /var/log/httpd/${mysite}_error.log
 /Macro

 Use NewSite www.company1.com
 Use NewSite www.company2.com

 That's similar to the way I use it for multiple virtual hosts and have no
 problems except the warnings I reported.

The problem still exists in 2.4.16.  Shall I file a bug?

-Tom

Re: httpd and OpenSSL 1.0.2

[Tom Browder]

On Wed, May 27, 2015 at 11:33 AM, Mario Brandt jbl...@gmail.com wrote:
 Hi Tom,

 I tried on Debian 7 and 8 both x64

 To see your configure options would help a lot.

Okay, here's what I had to do to my Linux Deb 7, 64-bit system:

1.  Remove any deb packages of httpd, apr, apr-util, openssl.

2.  Source packages used (in order of installation):

  openssl-1.0.2a.tar.gz
  apr-1.5.1.tar.bz2
  apr-util-1.5.4.tar.bz2
  pcre2-10.00.tar.bz2
  httpd-2.4.12.tar.bz2

3.  Build and install:

$ sudo aptitude install zlib1g-dev

openssl
---

export SSLDIR=/opt/openssl
./config \
no-ec2m \
no-rc5  \
no-idea \
threads \
zlib-dynamic\
shared  \
--prefix=${SSLDIR}  \
--openssldir=${SSLDIR}  \
enable-ec_nistp_64_gcc_128  \
  make depend
  make
  make test
  sudo make install

apr


  ./configure --with-crypto
  make
  make check
  sudo make install

apr-util
--
  ./configure --with-apr=/usr/local/apr
  make
  make check
  sudo make install

pcre
--
  ./configure
  make
  make check
  sudo make install

httpd
---
\# we build all modules for now (all shared except mod_ssl)
# Note that 'session_module' needs to be activated (loaded).
export LDFLAGS=-Wl,-rpath,${SSLDIR}/lib
$SRCDIR/configure  \
--prefix=/usr/local/apache2\
--with-included-apr\
\
--enable-ssl   \
--enable-ssl-staticlib-deps\
--enable-mods-static=ssl   \
--with-ssl=${SSLDIR}   \
\
--enable-mods-shared=reallyall \
--with-perl\
--with-python  \
--enable-layout=Apache \
--with-pcre=/usr/local/bin/pcre-config \
--without-ldap \
--enable-session-crypto\
--with-crypto  \
--with-openssl=${SSLDIR}

make
sudo make install

Notes:

1. I used both local install of apr/apr-util AND source inside httpd.

2. Note --with-crypto option for apr in local build

3. Note I have not modified my LD_LIBRARY_PATH for any of the above programs.

It all works for me.

Hope that helps.

Best regards,

-Tom

Re: httpd and OpenSSL 1.0.2

[Tom Browder]

On Mon, Jun 1, 2015 at 10:22 AM, Tom Browder tom.brow...@gmail.com wrote:
 Okay, here's what I had to do to my Linux Deb 7, 64-bit system:
...
 2.  Source packages used (in order of installation):
...
   pcre2-10.00.tar.bz2

Oops, my error: I had to use pcre-8.36 (httpd cannot yet use pcre2).

Best,

-Tom

Re: httpd and OpenSSL 1.0.2

[Tom Browder]

On Wed, May 27, 2015 at 1:09 PM, Andy Wang aw...@ptc.com wrote:
 On 05/27/2015 11:33 AM, Mario Brandt wrote:
...
 mario@sasuke:~$ readelf -s /usr/lib/libssl.so | grep SSL_CONF_CTX_finish
 532: 000536f0 6 FUNCGLOBAL DEFAULT   11
 SSL_CONF_CTX_finish
 327: 000536f0 6 FUNCGLOBAL DEFAULT   11
 SSL_CONF_CTX_finish

 That's interesting.  I believe those methods are new to 1.0.2
 and AFAIK neither debian 7 nor 8 ship with openssl 1.0.2

 Either way, there was clearly a symbol mismatch.  I build Apache 2.4 with
 openssl 1.0.2 (i also build this) and have no problems.

 The key is, I make a self-contained structure, so you need be sure to use
 the proper LD_LIBRARY_PATH to allow, at runtime, things to be able to find
 the right openssl libraries.

 For example, my shell script that builds pcre, openldap, openssl, and apache
 sets this:

 LD_LIBRARY_PATH=$APACHE_ROOT/lib:$OPENSSL_ROOT/lib:$OPENLDAP_ROOT/lib:$PCRE_ROOT/lib
 export LD_LIBRARY_PATH

 And I build in the following order:
 pcre
 openssl
 openldap
 httpd

 and have no problems.

Mario, did that solve your problem?

If not, I'll send my solution.

Best,

-Tom

Re: httpd and OpenSSL 1.0.2

[Tom Browder]

On May 27, 2015 5:26 AM, Mario Brandt jbl...@gmail.com wrote:
 Hi Tom,
 I saw you on the httpd dev mailing list about that topic. How did you
 manage to build apache against 1.0.2?

 Cause if I try that I get in my VM

 /opt/apache2/modules/mod_ssl.so: undefined symbol: SSL_CONF_CTX_finish

 or on my real server

 /opt/apache2/modules/mod_ssl.so: undefined symbol: SSL_CONF_CTX_free

 OpenSSL
 ./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared no-ssl2
 make depend
 make
 sudo make install


 apache
 ./configure --prefix=/opt/apache2 --enable-pie
 --enable-mods-shared=all --enable-so --disable-include --enable-lua
 --enable-deflate --enable-headers --enable-expires --enable-ssl=shared
 --enable-mpms-shared=all --with-mpm=event --enable-rewrite
 --with-z=$HOME/apache24/httpd-2.4.12/srclib/zlib --enable-module=ssl
 --enable-fcgid --with-included-apr
 --with-openssl=$HOME/apache24/openssl-1.0.2a
 --enable-ssl-staticlib-deps

 with the 1.0.1m it works all fine
 seehttps://github.com/JBlond/debian_build_apache24/blob/master/build_apache.sh


 Please tell me how you got it working.

Mario, I did get it working, but I did have a bit more effort to make
the latest openssl work.  Taking a quick look at your blog I believe I
can help, but I'll explain my solution in a follow-up message so this
thread is on the public mailing lists.

I feel I must explain that I'm using a Debian 7, 64-bit server.  It
might help if we could know your server info as other architectures
may require more or other tweaks.

Finally, the best I can probably do is show you my configure options
which may conflict with yours.

TO BE CONTINUED

Best regards,

-Tom

Re: OpenSSL 1.02, PCRE 2.10

[Tom Browder]

On Wed, Apr 29, 2015 at 12:57 AM, Kaspar Brand httpd-dev.2...@velox.ch wrote:
 On 28.04.2015 14:04, Tom Browder wrote:
 Maybe I need to play tricks with ld.so.conf and openssl?

 Depends on whether you built OpenSSL with or without shared libraries -
 what are the contents of the /opt/openssl/lib directory?

Well, I failed to follow my original recipe and did NOT specify
'no-shared'.  I blem away openssl and used 'no-shared' and now have NO
shared libraries in /opt/openssl/lib.

 I have no system installed openssl,

 Hmm, what platform is this? Are you sure there are no libcrypto/libssl
 libraries somewhere under /usr?

I used a netinst installation of Debian 7.  But I find I do have those
libraries:

/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0

 The most important thing, though, is making sure that the directory
 which appears in the LDFLAGS/MOD_LDFLAGS lines of the ./configure
 outputs (after the checking for user-provided OpenSSL base
 directory...) in does not include any shared library files - only
 static ones.

That is now true.

After a rebuild and re-install of openssl, I reconfigured httpd.and get this:

configure: error: Crypto was requested but no crypto library could be
enabled; specify the location of a crypto library using
--with-openssl, --with-nss, etc.

The question to me is: what exact configuration do I need?  Do I point
to a path, or library, or a configure script?  I see nothing

I've tried '--with-openssl=path' and '--with-nss=path' to no avail.

Any suggestions?

Thanks.

Best,

-Tom

Re: OpenSSL 1.02, PCRE 2.10

[Tom Browder]

On Wed, Apr 29, 2015 at 3:29 PM, William A Rowe Jr wr...@rowe-clan.net wrote:
 Just to point out the obvious, it would be a Very Bad Idea(tm) to build
 httpd against the dynamic apr-util linked statically to bits and pieces of the
...

I'm just trying to work around the current build systems to meet a
specific goal and I would appreciate anyone who can tell me EXACTLY
how to:

+ use the latest openssl
+ use the latest apr and apr-util
+ use the latest httpd

At the moment I am starting again but this time trying:

+ building and installing the latest openssl with shared libraries
+ building and installing apr and apr-util to use latest openssl
+ building and installing httpd to use all the above

Best,

-Tom

Re: OpenSSL 1.02, PCRE 2.10

[Tom Browder]

On Wed, Apr 29, 2015 at 4:51 PM, Yann Ylavic ylavic@gmail.com wrote:
 Hi Tom,

 On Wed, Apr 29, 2015 at 11:10 PM, Tom Browder tom.brow...@gmail.com wrote:

 I'm just trying to work around the current build systems to meet a
 specific goal and I would appreciate anyone who can tell me EXACTLY
 how to:

 + use the latest openssl
 + use the latest apr and apr-util
 + use the latest httpd
...

One more requirement: I want to use mod_session_crypto so I have to
'--enable-sesion-crypto' and, with Yann's options, I still get the
error:

configure: error: Crypto was requested but no crypto library could be
enabled; specify the location of a crypto library using
--with-openssl, --with-nss, etc.
configure failed for srclib/apr-util

I have not found any documentation in apr or apr-util on how to
specify the crypto library.

Thanks.

Best regards,

-Tom

Re: OpenSSL 1.02, PCRE 2.10

[Tom Browder]

On Apr 29, 2015 6:08 PM, Yann Ylavic ylavic@gmail.com wrote:

 On Thu, Apr 30, 2015 at 12:39 AM, Tom Browder tom.brow...@gmail.com
wrote:
 
  configure: error: Crypto was requested but no crypto library could be
  enabled; specify the location of a crypto library using
  --with-openssl, --with-nss, etc.
  configure failed for srclib/apr-util

 Did you try --with-openssl=/opt/openssl in addition to --with-ssl?

No, but I tried other variants--let me try that.

-Tom

Re: OpenSSL 1.02, PCRE 2.10

[Tom Browder]

On Wed, Apr 29, 2015 at 6:30 PM, Tom Browder tom.brow...@gmail.com wrote:
 On Apr 29, 2015 6:08 PM, Yann Ylavic ylavic@gmail.com wrote:
...
 Did you try --with-openssl=/opt/openssl in addition to --with-ssl?

 No, but I tried other variants--let me try that.

Okay, now httpd is using openssl/libcrypto.

However, when I try apachectl I get:

apachectl
httpd: Syntax error on line 147 of /usr/local/apache2/conf/httpd.conf:
Cannot load modules/mod_session_crypto.so into server:
/usr/local/apache2/modules/mod_session_crypto.so: undefined symbol:
ap_hook_session_encode

It seems we are making progress, but what should be tried next.  Is
that a mod_session_crypto bug, or?

Thanks.

Best,

-Tom

Re: OpenSSL 1.02, PCRE 2.10

[Tom Browder]

On Wed, Apr 29, 2015 at 7:09 PM, Yann Ylavic ylavic@gmail.com wrote:
 On Thu, Apr 30, 2015 at 1:57 AM, Tom Browder tom.brow...@gmail.com wrote:

 apachectl
 httpd: Syntax error on line 147 of /usr/local/apache2/conf/httpd.conf:
 Cannot load modules/mod_session_crypto.so into server:
 /usr/local/apache2/modules/mod_session_crypto.so: undefined symbol:
 ap_hook_session_encode

 You probably need to also:
 LoadModule session_module modules/mod_sessions.so

First I tried

  --enable-session

which is supposed to have it enabled in the httpd.conf file but it
doesn't (a bug).

But the '--enable-load-all-modules' does work!

I also found that the https.conf file wasn't changing during my config
changes (I believe that warrants a better note and perhaps another
option such as '--force' which recreates all when experimenting as I
have been doing).  I have to remove them before installation.

But, after I manually uncommented the session module in the httpd.conf
file all seems to work fine and I am able to start my shiny new httpd.

Thanks so much Yann for bearing with me through this useful exercise!

Warmest regards,

-Tom

OpenSSL 1.02, PCRE 2.10

[Tom Browder]

I can't get httpd to work with either of the two subject packages, and
I found other, similar results from a web search.  Is there a
work-around for either or both, or do I have to drop back and punt
with older packages?

Best,

-Tom

P.S.  I have offered to start a tutorial on the wiki ref 2.4
configuration and installation but no reply yet.

Re: OpenSSL 1.02, PCRE 2.10

[Tom Browder]

On Tue, Apr 28, 2015 at 6:45 AM, Eric Covener cove...@gmail.com wrote:
 On Tue, Apr 28, 2015 at 7:36 AM, Tom Browder tom.brow...@gmail.com wrote:
 I can't get httpd to work with either of the two subject packages, and
 I found other, similar results from a web search.  Is there a
 work-around for either or both, or do I have to drop back and punt
 with older packages?


 AIUI PCRE2 doesn't work and it's not just a trivial port.

I understand.

 about openssl 1.02 though -- what exactly do you see?

I see this when attempting to start apache:

/usr/local/apache2/bin/httpd: symbol lookup error:
/usr/local/apache2/bin/httpd: undefined symbol: SSL_CONF_CTX_new

Maybe I need to play tricks with ld.so.conf and openssl?  I have no
system installed openssl, just my locally built version (1.0.2).  In
my configuration options I have:

SSLDIR=/opt/openssl
export LDFLAGS=-L${SSLDIR}/lib
$SRCDIR/configure  \
--prefix=/usr/local/apache2\
--with-included-apr\
\
--enable-ssl   \
--enable-ssl-staticlib-deps\
--enable-mods-static=ssl   \
--with-ssl=${SSLDIR}   \
\
--enable-mods-shared=reallyall \
--with-perl\
--with-python  \
--enable-layout=Apache \
--with-pcre=/usr/local/bin/pcre-config \
--without-ldap \
--enable-session-crypto\
--with-crypto  \
--with-openssl=/opt/openssl

Thanks, Eric.

Best,

-Tom

Re: OpenSSL 1.02, PCRE 2.10

[Tom Browder]

On Tue, Apr 28, 2015 at 7:05 AM, Stefan Eissing
stefan.eiss...@greenbytes.de wrote:
 Have openssl 1.0.2 running with 2.4.12 in a local installation on Ubuntu 
 14.04. No special wrestling other than —with-openssl=… in configure.

How about apr and apr-util: locally built and installed system-wide or
'--with-included-apr'?

Best,

-Tom

Re: Apache (httpd) Wiki

[Tom Browder]

On Apr 23, 2015 7:54 AM, Rich Bowen rbo...@rcbowen.com wrote:



 On 04/22/2015 10:53 AM, Tom Browder wrote:
 The error phrase is here:

   set all files to 640, or rw-r--r--

 which should read:

   set all files to 640, or rw-r-

 Thanks. Fixed.

Thanks for a rapid fix, Rich.

I haven't tried adding a new page at the same place as the file permissions
page. Is that possible for an ordinary user?

I would like to contribute my successful method for using the latest
openssl with the latest Apache while not interering with the system openssl
(from Ivan Ristic with slight mods).

Best regards,

-Tom

Apache (httpd) Wiki

[Tom Browder]

There is an error on this page which is immutable and cannot be
edited by an ordinary user (even logged in):

  https://wiki.apache.org/httpd/FileSystemPermissions

The error is in this the last line:

What we've done here is to set all files to 640, or rw-r--r-- and
directories to rwxr-x---. Because the group web-content is applied
to all the files and directories, httpd can read these files, but
cannot write to them.

The error phrase is here:

 set all files to 640, or rw-r--r--

which should read:

 set all files to 640, or rw-r-

Best regards,

-Tom

Re: Unexpected Warnings from Macro Use in 2.4

[Tom Browder]

On Feb 24, 2015 6:52 AM, Nick Gearls nickgea...@gmail.com wrote:

 Define mysite   www.mycompany.com

 Macro NewSite $mysite
  Servername${mysite}
  ErrorLog /var/log/httpd/${mysite}_error.log
 /Macro

 Use NewSite www.company1.com
 Use NewSite www.company2.com

That's similar to the way I use it for multiple virtual hosts and have no
problems except the warnings I reported.

 Obviously, you expect this to be done in different files modified by
 different people

Not in my case but, if you're saying accidental duplicate definitions or
duplicate uses would be a problem not caught, I do not know.  I will try it.

Best,

-Tom

Re: Unexpected Warnings from Macro Use in 2.4

[Tom Browder]

On Feb 23, 2015 6:38 AM, Nick Gearls nickgea...@gmail.com wrote:

 You could define, by mistake, the as wi Define  Macro, then, what will
happen ...

Can you be more specific, please?

-Tom

Re: Unexpected Warnings from Macro Use in 2.4

[Tom Browder]

On Thu, Feb 19, 2015 at 2:08 PM, Tim Bannister is...@c8h10n4o2.org.uk wrote:
 On 19 Feb 2015, at 13:02, Nick Gearls nickgea...@gmail.com wrote:

 Wrong answer: mod_macro uses the syntax $var but also ${var}, which is 
 mandatory if you want the variable to be a part of a string, like in 
 ${var}abc.
 The syntax really clashes with the Define directive, so it should be changed.
 Another unused character could be used, like §

 There aren't many suitable symbols left unused.

 To make interpolation not clash with Define I'd prefer “${macro:var}”, or 
 something like that, to “§{var}”.

Since there is a clash with Define why not '@{var}'?

But I still wonder why the need?  Since it works somehow, can't you
just fix the parse warningin the macro definition?  (I took a cursory
look at the code, and I'm again overwhelmed--will take some time to
get familiar with it for me.)

Best regards,

-Tom

Re: Unexpected Warnings from Macro Use in 2.4

[Tom Browder]

On Feb 19, 2015, at 8:04, Nick Gearl wrote
 Wrong answer: mod_macro uses the syntax $var but also ${var}, which is
 mandatory if you want the variable to be a part of a string, like in
 ${var}abc.
 The syntax really clashes with the Define directive, so it should be
 changed.

Actually it seems to me the parsing and subsequent configuration
handling works.  I have one server using the macro for seven virtual
hosts with no problems (although I must admit I do not use the define
directive).  The warning only appears as the macro definition is being
parsed and only appears once per variable regardless of how many times
it is used.

My naive approach would be to turn off the warning during any macro
definition parsing.  No new character need be used. (Note I have not
looked at the source code to see what is really happening.)

Best,

-Tom

Re: mod_macro New in 2.4

[Tom Browder]

On Feb 17, 2015 7:12 PM, Graham Leggett minf...@sharp.fm wrote:
 On 17 Feb 2015, at 23:07, Stefan Fritsch s...@sfritsch.de wrote:
  It has been introduced later, in 2.4.5 (see CHANGES file). Therefore
  it is not listed on the new in 2.4 web page.

 It is still new though, I think it should probably be listed.

One could always add a note like [added in 2.4.5].

Best,

-Tom

Re: Any reason why building with OpenSSL shouldn't add its lib dir to rpath?

[Tom Browder]

I've now been able to use the latest OpenSSL for mod_ssl while keeping
the system OpenSSL thanks to Ivan Ristic's examples in his books and
tutorials. His method is to compile mod_ssl statically linked with the
latest openssl while compiling all other modules dynamically.

My slightly-modified configure in a bash script looks like this:

SSLDIR=/opt/openssl
export LDFLAGS=-L${SSLDIR}/lib
.
./configure  \
--prefix=/usr/local/apache2\
--with-included-apr\
--enable-ssl   \
--enable-ssl-staticlib-deps\
--enable-mods-static=ssl   \
--with-ssl=${SSLDIR}   \
--enable-mods-shared=reallyall \
--with-perl\
--with-python  \
--enable-layout=Apache \
--with-pcre=/usr/local/bin/pcre-config \
--without-ldap \
--enable-session-crypto\
--with-crypto

Note the definition of LDFLAGS.  During the build, apache uses the
local openssl with no unknown symbol problems.  Then, after
installation, apache uses the system openssl, but the important part,
mod_ssl, is still using the local openssl since it was statically
compiled--again, no unknown symbol problems.
.
I have been successfully running Apache 2.4 for some time now with
several virtual https-only sites with no apparent problems.
.
Best regards,

-Tom

Unexpected Warnings from Macro Use in 2.4

[Tom Browder]

I have been using mod_macro for some time and always get the following
types of messages on startup (using 2.4.12 now, but this behavior has
been noticed since 2.4.7):

[Wed Feb 18 13:54:55.019032 2015] [core:warn] [pid 970:tid
140069833443200] AH00111: Config variable ${PROJECT} is not defined
[Wed Feb 18 13:54:55.019041 2015] [core:warn] [pid 970:tid
140069833443200] AH00111: Config variable ${TLD} is not defined

For the example httpd instance only one macro is defined, used, and
undefined like this:

Macro VHOST_NONTLS ${PROJECT} ${TLD}
 VirtualHost *:80
ServerName  ${PROJECT}.${TLD}
ServerAlias www.${PROJECT}.${TLD}
DocumentRoot /home/web-sites/${PROJECT}.${TLD}/public
  /VirtualHost
/Macro
Use VHOST_NONTLS mysite  org
UndefMacro VHOST_NONTLS

The warnings I believe are spurious and should not be there.  The
virtual hosts work fine after startup.  Apparently, the first time
though the macro definitions are read and, since they are not defined,
the warnings are produced.  It seems to me that is a bug.

Am I doing something wrong?

Thanks.

Best,

-Tom

Re: mod_macro New in 2.4

[Tom Browder]

On Feb 17, 2015 5:07 PM, Stefan Fritsch s...@sfritsch.de wrote:

 On Monday 16 February 2015 17:53:11, Tom Browder wrote:
  As far as I can tell mod_macro is new in 2.4 yet I cannot find it
...
 It has been introduced later, in 2.4.5 (see CHANGES file). Therefore
 it is not listed on the new in 2.4 web page.

I don't want to beat a dead horse, but will it ever get shown as a major
new feature?  Maybe I'm overrating its utility, but it just seems to be
hidden in the docs.

Possibly a reference to new features since 2.2 would be helpful,
especially for those many people clinging to 2.2.

Thanks, Stefan.

Best,

-Tom

mod_macro New in 2.4

[Tom Browder]

As far as I can tell mod_macro is new in 2.4 yet I cannot find it mentioned
in new features.  I think it is well worth advertising since it has
simplified multiple virtual hosting immensely.

Warmest regards.

-Tom

Re: Any reason why building with OpenSSL shouldn't add its lib dir to rpath?

[Tom Browder]

 On Apr 14, 2014, at 13:30, Yann Ylavic ylavic@gmail.com wrote:

 I usually force it with ./configure LDFLAGS=-Wl,-rpath
 -Wl,/path/to/my/openssl.
 +1 to have this automagically done according to --with-ssl

So that should solve the problem I have on Debian
where I can't get my version of Apache to use my version of openssl!

I tried to remove my system version of OpenSSL but ran into too many
dependency issues that I wasn't willing to deal with.

Kind regards,

-Tom

Re: Any reason why building with OpenSSL shouldn't add its lib dir to rpath?

[Tom Browder]

On Apr 19, 2014, at 12:06, olli hauer oha...@gmx.de wrote:

 Hi Tom,

 with apache 2.2.x or 2.4.x ?

2.4.7 at the moment but moving to latest release where I'll try
forcing the local OpenSSL use.

I raised this issue earlier but it got no traction-- probably because
I didn't articulate the problem well enough.  IMHO the
'--with-OpenSSL=' option could benefit from the RPATH nudge suggested
by Yann (or at least suggest that move for users unwilling or unable
to remove the current system OpenSSL).

Regards,

-Tom

Re: Problems with directive SSLPassPhraseDialog with a piped script

[Tom Browder]

On Mon, Mar 3, 2014 at 10:38 AM, William A. Rowe Jr. wmr...@gmail.com wrote:
 Tom,

 this code is shared with all the other pipe features in httpd, I
 believe the docs at
 http://httpd.apache.org/docs/current/logs.html#piped will explain why
 the shell was
 not invoked, and provides an example of how to invoke your pipe script
 with shell.

Ah, that '$' may be the ticket.  I'll try that and see if it works.

Given that it works, is there any inherent advantage (security-wise or
other) of the pipe vs. exec for returning the key passphrase at start
up?

Also, if it works, I'll comment at the appropriate place in the docs.

Thanks, Bill.

Best regards,

-Tom

Re: Problems with directive SSLPassPhraseDialog with a piped script

[Tom Browder]

On Mon, Mar 3, 2014 at 11:21 AM, Tom Browder tom.brow...@gmail.com wrote:
 On Mon, Mar 3, 2014 at 10:38 AM, William A. Rowe Jr. wmr...@gmail.com wrote:
 Tom,

 this code is shared with all the other pipe features in httpd, I

I've tried each of these versions to no avail:

   SSLPassPhraseDialog |/path/to/passphrase.sh
   SSLPassPhraseDialog |$/path/to/passphrase.sh
   SSLPassPhraseDialog |\$/path/to/passphrase.sh
   SSLPassPhraseDialog |/path/to/passphrase.sh
   SSLPassPhraseDialog |$/path/to/passphrase.sh
   SSLPassPhraseDialog |\$/path/to/passphrase.sh

I also changed the passphrase.sh script to require an argument (any argument).

I must be doing something wrong (my weak understanding of pipes).

Someone who can demonstrate the pipe method successfully should
document exactly how to do it.

In any event, I agree with Reindl Harald: SSLPassPhraseDialog
exec:/path/to/passphrase.sh is your friend.

Best regards,

-Tom

Re: Problems with directive SSLPassPhraseDialog with a piped script

[Tom Browder]

On Fri, Feb 28, 2014 at 8:10 AM, Reindl Harald h.rei...@thelounge.net wrote:
 Am 28.02.2014 14:01, schrieb Tom Browder:
 I got little response on the user list, so:
 http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslpassphrasedialog

 SSLPassPhraseDialog exec:/path/to/passphrase.sh
 is your friend

I agree, but even so shouldn't the pipe method work though it may be
less strict?

-Tom

Re: Problems with directive SSLPassPhraseDialog with a piped script

[Tom Browder]

On Fri, Feb 28, 2014 at 8:22 AM, Reindl Harald h.rei...@thelounge.net wrote:
 Am 28.02.2014 14:18, schrieb Tom Browder:
 On Fri, Feb 28, 2014 at 8:10 AM, Reindl Harald h.rei...@thelounge.net 
 wrote:
 Am 28.02.2014 14:01, schrieb Tom Browder:
 I agree, but even so shouldn't the pipe method work though it may be
 less strict?

 i don#t know nor care because i used the exec variant in
 production in the past, it worked fine and AFAIR with $1
 you get the hostname to echo the correct password if there
 are more than one certificates involved

That's the way I read the docs, too.

I have just the one cert good for multiple vhosts so it should work.

-Tom

Problems with directive SSLPassPhraseDialog with a piped script

[Tom Browder]

I got little response on the user list, so:

I am using httpd 2.4.7 built from source (On Debian Linux 7, 32-bit).
OpenSSL is a Debian package with version 1.0.1e.

The pertinent part of my httpd.conf is:

  SSLCertificateKeyFile  /path/to/key.file
  SSLPassPhraseDialog |/path/to/passphrase.sh

$ cat passphrase.sh
#!/bin/bash
echo averylongandrandompassord

But that doesn't work.

But when I use a decrypted key like so:

  SSLCertificateKeyFile  /path/to/key.file.unsecure
  #SSLPassPhraseDialog |/path/to/passphrase.sh

all works well.

So the question is:  (1) is my passphrase.sh script in the proper
format or (2) is something else wrong (e.g., a bug)?

I have my log level up to debug and can't see any clue that helps me.

Later...

I changed to the exec: method and it works fine, but it still begs the
question of the apparently-not-working pipe method.

Later...

I just looked at the docs again and wonder if the fact I have two SSL
vhosts may be the problem (but I have all the SSL cert directives at
the main server level).  Still, repetitive queries from Apache ought
to give the same (and correct) response, no?

Thanks and best regards,

-Tom

Re: Problems with directive SSLPassPhraseDialog with a piped script

[Tom Browder]

On Fri, Feb 28, 2014 at 8:52 AM, Tom Browder tom.brow...@gmail.com wrote:
 On Fri, Feb 28, 2014 at 8:22 AM, Reindl Harald h.rei...@thelounge.net wrote:
 Am 28.02.2014 14:18, schrieb Tom Browder:
 On Fri, Feb 28, 2014 at 8:10 AM, Reindl Harald h.rei...@thelounge.net 
 wrote:
 Am 28.02.2014 14:01, schrieb Tom Browder:
 I agree, but even so shouldn't the pipe method work though it may be
 less strict?

 i don#t know nor care because i used the exec variant in
 production in the past, it worked fine and AFAIR with $1
 you get the hostname to echo the correct password if there
 are more than one certificates involved

 That's the way I read the docs, too.

 I have just the one cert good for multiple vhosts so it should work.

So, shall I file a bug or not?

-Tom

Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Thu, Feb 20, 2014 at 1:50 AM, William A. Rowe Jr. wmr...@gmail.com wrote:
 There is no embedded.  httpd-2.2 included apr, apr-util.  httpd-2.4 by
 vote of the PMC excluded apr, apr-util, so you might be imagining

Sorry, sloppy terminology: I built httpd with apr and apr-util inside
its tree, i.e., with configuration option:

  --with-included-apr

-Tom

Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Thu, Feb 20, 2014 at 6:35 AM, Tom Browder tom.brow...@gmail.com wrote:
 On Thu, Feb 20, 2014 at 1:50 AM, William A. Rowe Jr. wmr...@gmail.com wrote:
 There is no embedded.  httpd-2.2 included apr, apr-util.  httpd-2.4 by
 vote of the PMC excluded apr, apr-util, so you might be imagining

 Sorry, sloppy terminology: I built httpd with apr and apr-util inside
 its tree, i.e., with configuration option:

   --with-included-apr

Okay, I started over and it looks like I have a good shared library set up.

Here is a fragment of my httpd configuration log:

checking whether to enable mod_ssl... checking dependencies
checking for OpenSSL... checking for user-provided OpenSSL base
directory... /usr/local/ssl
  adding -I/usr/local/ssl/include to CPPFLAGS
  setting MOD_CFLAGS to -I/usr/local/ssl/include
  setting ab_CFLAGS to -I/usr/local/ssl/include
  adding -L/usr/local/ssl/lib to LDFLAGS
  setting MOD_LDFLAGS to -L/usr/local/ssl/lib
  adding -lssl to MOD_LDFLAGS
  setting LIBS to -lssl -lcrypto  -lrt -lcrypt  -lpthread -ldl
  forcing ab_LDFLAGS to -L/usr/local/ssl/lib -lssl -lcrypto -lrt
-lcrypt -lpthread -ldl
checking openssl/engine.h usability... yes
...

However, when I start httpd I get this message in my error.log:

[Thu Feb 20 10:45:19.104311 2014] [ssl:warn] [pid 8992:tid 3075369280]
AH01882: Init: this version of mod_ssl was compiled against a newer
library (OpenSSL 1.0.1f 6 Jan 2014, version currently loaded is
OpenSSL 1.0.1e 11 Feb 2013) - may result in undefined or erroneous
behavior
[Thu Feb 20 10:45:19.104451 2014] [ssl:debug] [pid 8992:tid
3075369280] ssl_engine_pphrase.c(181): AH02199: SSL not enabled on
vhost tbrowde.net:80, skipping SSL setup

So how can I force httpd to load the new library?  I know I can use
tricks with a wrapper script and LD_LIBRARY_CONFIG but is there
something I can do in the configuration step instead?

Otherwise I guess I can fall back to the package installed version of
ssl (bummer).

(BTW, my host is Debian Linux 7, 32-bit.)

Thanks.

-Tom

P.S. I  can include all configuration and build logs and confiuration
options used for openssl and httpd if wanted.

Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Thu, Feb 20, 2014 at 11:45 AM, William A. Rowe Jr. wmr...@gmail.com wrote:
 Output from ldd /user/local/bin/httpd ?

linux-gate.so.1 =  (0xb77a9000)
libpcre.so.1 = /usr/local/lib/libpcre.so.1 (0xb7782000)
libaprutil-1.so.0 = /usr/local/apache2/lib/libaprutil-1.so.0 (0xb775c000)
libexpat.so.1 = /lib/i386-linux-gnu/libexpat.so.1 (0xb7733000)
libapr-1.so.0 = /usr/local/apache2/lib/libapr-1.so.0 (0xb76ff000)
librt.so.1 = /lib/i386-linux-gnu/i686/cmov/librt.so.1 (0xb76f6000)
libcrypt.so.1 = /lib/i386-linux-gnu/i686/cmov/libcrypt.so.1 (0xb76c4000)
libpthread.so.0 = /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0xb76ab000)
libdl.so.2 = /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb76a6000)
libc.so.6 = /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb7542000)
/lib/ld-linux.so.2 (0xb77aa000)

I checked this before.  It looks like libssl is being dropped due to
the conflicting libraries.

I've tried addind LD_LIBRARY_PATH=/usr/local/ssl/lib:$LD_LIBRARY_PATH
to my /usr/local/apache2/bin/envvars file bu that didn't work.

My config log shows apr and apr-util getting the new libssl, but the
server doesn't.

Does the server need an rpath statement in its link line?  I don't see one.

-Tom

Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Thu, Feb 20, 2014 at 1:04 PM, Tom Browder tom.brow...@gmail.com wrote:
 On Thu, Feb 20, 2014 at 11:45 AM, William A. Rowe Jr. wmr...@gmail.com 
 wrote:
 Output from ldd /user/local/bin/httpd ?

My system is up and running and serving https using the system openssl library.

I would like to use my compiled version of openssl if anyone can tell
me how to do it.

I'll probably come back to this issue later but I have to move on for
the moment.

Thanks so much for your patience!

Best regards,

-Tom

Re: 2.4.8 This Month

[Tom Browder]

On Wed, Feb 19, 2014 at 8:08 AM, Jim Jagielski j...@jagunet.com wrote:
 I'd like to shoot for a TR sometime next week...
 I'd like to TR and release 2.4.8 this month... Let's all take
 some time to:

  1. See what in trunk should really be backported
  2. Test and vote in STATUS backports

I hope it fixes this (reported on users list):

I configured httpd-2.4.7 successfully to use mod_ssl:

  ...
  --with-ssl=/usr/local/ssl/fips-2.0

and, during the build, it stops here:

/usr/local/src/httpd-2.4.7/support/ab.c:509: undefined reference to
`FIPS_rand_seed'
/usr/local/src/httpd-2.4.7/support/ab.c:516: undefined reference to
`FIPS_rand_seed'
/usr/local/src/httpd-2.4.7/support/ab.c:522: undefined reference to
`FIPS_rand_seed'

Best regards,

-Tom

Re: 2.4.8 This Month

[Tom Browder]

On Wed, Feb 19, 2014 at 10:53 AM, Dr Stephen Henson
shen...@opensslfoundation.com wrote:
 On 19/02/2014 15:08, Tom Browder wrote:
 I configured httpd-2.4.7 successfully to use mod_ssl:

   ...
 That could be user error. The path /usr/local/ssl/fips-2.0 is the default
 install location of the FIPS module which isn't a complete version of OpenSSL.
 It should point to the location the FIPS capable OpenSSL is installed instead.

Hm, I thought I tried that but I'll recheck and configure with:

  --with-ssl=/usr/local/ssl

Thanks, Dr. Henson.

-Tom

Re: 2.4.8 This Month

[Tom Browder]

On Wed, Feb 19, 2014 at 11:21 AM, Tom Browder tom.brow...@gmail.com wrote:
 On Wed, Feb 19, 2014 at 10:53 AM, Dr Stephen Henson
 shen...@opensslfoundation.com wrote:
 On 19/02/2014 15:08, Tom Browder wrote:
 I configured httpd-2.4.7 successfully to use mod_ssl:

   ...
 That could be user error. The path /usr/local/ssl/fips-2.0 is the default
 install location of the FIPS module which isn't a complete version of 
 OpenSSL.
 It should point to the location the FIPS capable OpenSSL is installed 
 instead.

 Hm, I thought I tried that but I'll recheck and configure with:

   --with-ssl=/usr/local/ssl

Bummer!

When I did that, I get this:

checking for OpenSSL... checking for user-provided OpenSSL base
directory... /usr/local/ssl
  adding -I/usr/local/ssl/include to CPPFLAGS
  setting MOD_CFLAGS to -I/usr/local/ssl/include
  setting ab_CFLAGS to -I/usr/local/ssl/include
  adding -L/usr/local/ssl/lib to LDFLAGS
  setting MOD_LDFLAGS to -L/usr/local/ssl/lib
checking for OpenSSL version = 0.9.7... OK
  adding -lssl to MOD_LDFLAGS
  adding -lcrypto to MOD_LDFLAGS
  adding -lrt to MOD_LDFLAGS
  adding -lcrypt to MOD_LDFLAGS
  adding -lpthread to MOD_LDFLAGS
  adding -ldl to MOD_LDFLAGS
  setting LIBS to -lssl -lcrypto  -lrt -lcrypt  -lpthread -ldl
  forcing ab_LDFLAGS to -L/usr/local/ssl/lib -lssl -lcrypto -lrt
-lcrypt -lpthread -ldl
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... no
checking for SSL_CTX_new... no
checking for ENGINE_init... no
checking for ENGINE_load_builtin_engines... no
configure: WARNING: OpenSSL libraries are unusable
yes
  setting MOD_SSL_LDADD to -export-symbols-regex ssl_module
checking whether to enable mod_ssl... shared (reallyall)
  adding -I$(top_srcdir)/modules/ssl to INCLUDES

So, is that a bad build for using mod_ssl or not?

I will try the build now and report back.

-Tom

SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Wed, Feb 19, 2014 at 7:09 PM, Dr Stephen Henson
shen...@opensslfoundation.com wrote:
 On 19/02/2014 23:54, Tom Browder wrote:
 On Wed, Feb 19, 2014 at 11:21 AM, Tom Browder tom.brow...@gmail.com wrote:
 On Wed, Feb 19, 2014 at 10:53 AM, Dr Stephen Henson
 shen...@opensslfoundation.com wrote:
 On 19/02/2014 15:08, Tom Browder wrote:
 I configured httpd-2.4.7 successfully to use mod_ssl:

   ...
 That could be user error. The path /usr/local/ssl/fips-2.0 is the default
 install location of the FIPS module which isn't a complete version of 
 OpenSSL.
 It should point to the location the FIPS capable OpenSSL is installed 
 instead.

 Hm, I thought I tried that but I'll recheck and configure with:

   --with-ssl=/usr/local/ssl

 Bummer!

 When I did that, I get this:

 checking for OpenSSL... checking for user-provided OpenSSL base
..
 checking for OpenSSL version = 0.9.7... OK

 Well something is wrong there with it indicating OpenSSL version 0.9.7. If you
 intend to use the FIPS 2.0 module you must use OpenSSL 1.0.1.

That doesn't mean its using 0.9.7.  As a matter of fact my Debian
installed OpenSSL is 1.0.1e, and Im trying to use 1.0.1.f FIPS.

But now I get a failure to build Apache:

/usr/local/ssl/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_free':
c_zlib.c:(.text+0x4d): undefined reference to `inflateEnd'
c_zlib.c:(.text+0x69): undefined reference to `deflateEnd'
/usr/local/ssl/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_ctrl':
c_zlib.c:(.text+0x24e): undefined reference to `deflate'
c_zlib.c:(.text+0x338): undefined reference to `zError'

So should I just kiss off Open SSL FIPS and Apache?

-Tom

Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Wed, Feb 19, 2014 at 7:37 PM, William A. Rowe Jr. wmr...@gmail.com wrote:
 Odd, there is something going on here.  I am wondering if this fails to

I'm sorry for muddying the water.

I originally used the option 'zlib' for configuring openssl-fips and
open ssl.  I'm in the process of rebuilding without the zlib option.

-Tom

Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Wed, Feb 19, 2014 at 8:39 PM, William A. Rowe Jr. wmr...@gmail.com wrote:
 I've noticed that openssl default builds do not necessarily add -lz to the
 lib/pkgconfig/openssl.pc when they might be needed.  In any case I'm going
 to guess you perhaps hadn't installed the zlib1g-dev package?

No, it's installed.

-Tom

Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Wed, Feb 19, 2014 at 9:11 PM, William A. Rowe Jr. wmr...@gmail.com wrote:
 You could try tweaking the deployed /usr/local/lib/pkgconfig/openssl.pc file
 to include -lz in Libs: (just after -ldl), and then re-./configure

I'll first see if I can get a good SSL to work.  So far no build
problems after I took out the zlib configure options with
openssl/openssl-fips.  I'll try my shiny new apache 2.4.7 and SSL
tomorrow morning.

The zlib is not that important to me at the moment--it just seemed a
reasonable option when I first started this venture.

Thanks for the advice.

-Tom

Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]

[Tom Browder]

On Wed, Feb 19, 2014 at 9:40 PM, William A. Rowe Jr. wmr...@gmail.com wrote:
 First insight, did you ./config openssl, or ./config shared?  It seems near

No option which I think means static.

 impossible to use static openssl.  apr-util configure will fail since
 pkgconfig isn't consulted properly.  httpd configure would also likely fail
 for redundant symbols.

 Second insight - apr-util version 1.5 includes openssl libs.  Once you are
 linking against both apr-util and openssl, you can't choose a different
 openssl. You will need to build apr-util against the -same- openssl.

I used the embedded apr, apr-util so its built with apache.

 Third insight - apr-util links to ldap, as does mod_authnz_ldap.
 libldap/liblber link to openssl.  Again, quite likely the system library.
 So, rebuild the openldap project as well against your newly built openssl.

 Or you can configure apr-util --without-ldap and httpd sans
 --enable-[authnz-]ldap
I didn't select ldap, but I'll add --without-ldap


 FTR I am betting dollars to donuts you are trying to use a static, not
 shared build of openssl.  Please, don't do that :)

Okay!

Thanks!

-Tom

Re: mod_cgid and accept

[Tom Browder]

On Sun, Jul 15, 2012 at 5:04 AM, Christophe JAILLET
christophe.jail...@wanadoo.fr wrote:
 Hi,

 looking around for static analysis tools, I arrived on a commercial software
 that states that is has already found some mistakes in httpd.

Christophe brings up a good point.  Has the httpd project ever had its
code analyzed by Coverity?  If not, it should be eligible for a free
scan.  See the bottom of this page for a free scan request:

  http://www.coverity.com/products/static-analysis.html

Best regards,

-Tom

Errors Building Docs from Trunk (Apparently Solved)

[Tom Browder]

I'm trying to build the docs from the trunk following instructions here:

  http://httpd.apache.org/docs-project/docsformat.html

(Note the first heading on the page is Module Format and
Transformation which I believe would better read Document Format and
Transformation or something similar.)

I tried the target:

  $ ./build.sh latex-en

and got these errors:

latex-en:
 [xslt] Processing
/usr/local/src/apache-trunk-svn/docs/manual/misc/perf-scaling.xml to
/usr/local/src/apache-trunk-svn/docs/manual/misc/perf-scaling.tex
 [xslt] Loading stylesheet
/usr/local/src/apache-trunk-svn/docs/manual/style/latex/latex.xsl
 [xslt] : Fatal Error! org.xml.sax.SAXException: Attempt to output
character of integral value 8220 that is not represented in specified
output encoding of ISO-8859-1. Cause: org.xml.sax.SAXException:
Attempt to output character of integral value 8220 that is not
represented in specified output encoding of ISO-8859-1.
 [xslt] Failed to process
/usr/local/src/apache-trunk-svn/docs/manual/misc/perf-scaling.xml

BUILD FAILED
/usr/local/src/apache-trunk-svn/docs/manual/style/lang-targets.xml:106:
The following error occurred while executing this line:
/usr/local/src/apache-trunk-svn/docs/manual/build/build.xml:805: The
following error occurred while executing this line:
/usr/local/src/apache-trunk-svn/docs/manual/build/build.xml:820: Fatal
error during transformation

I looked at file docs/manual/style/latex/latex.xsl and noticed this
code chunk:

xsl:output
  method=text
  encoding=ISO-8859-1
  indent=no
/

I also noticed other style sheets with the same chunk.  Is there any
reason not to use 'encoding=utf-8' instead of ISO-8859-1 in all
such chunks?

If that is correct and intended, can anyone help with that error?

In the meantime I changed all the xsl files with the ISO encoding and
changed them to utf-8 and got an apparent good build.  However,
there are still charsets and other encoding references to ISO-8858-1,
so someone knowledgeable of the doc direction needs to comment.

Thanks.

Best regards,

-Tom

Re: Errors Building Docs from Trunk (Apparently Solved) [NOT]

[Tom Browder]

On Thu, Jul 5, 2012 at 3:48 PM, Tom Browder tom.brow...@gmail.com wrote:
 I'm trying to build the docs from the trunk following instructions here:

   http://httpd.apache.org/docs-project/docsformat.html
...
 In the meantime I changed all the xsl files with the ISO encoding and
 changed them to utf-8 and got an apparent good build.  However,
 there are still charsets and other encoding references to ISO-8858-1,
 so someone knowledgeable of the doc direction needs to comment.

Hm, the sitemap.tex was built but it failed when running it though pdflatex.

Has there been any discussion of converting the inputs to DocBook?

Best,

-Tom