On 06/26/2014 09:22 AM, Ruediger Pluem wrote:
Joe Orton wrote:
I've had a user hit this: with FakeBasicAuth the client DN gets
translated into a Basic auth blob of base64(username:password), which
then fails when the username part contains a : colon character.
At minimum mod_ssl could/should
please check r1641381
On Sun, Nov 23, 2014 at 9:59 PM, Eric Covener cove...@gmail.com wrote:
On Sun, Nov 23, 2014 at 9:57 PM, Eric Covener cove...@gmail.com wrote:
On Fri, Jul 11, 2014 at 6:36 AM, jkal...@apache.org wrote:
static int ap_proxy_strcmp_ematch(const char *str, const char
On Sun, Nov 23, 2014 at 12:11 AM, Eric Covener cove...@gmail.com wrote:
On Thu, Nov 20, 2014 at 9:57 AM, Yann Ylavic ylavic@gmail.com wrote:
On Wed, Nov 19, 2014 at 1:13 PM, Eric Covener cove...@gmail.com wrote:
On Wed, Nov 19, 2014 at 4:47 AM, Yann Ylavic ylavic@gmail.com wrote:
Errr,
On 11/24/2014 03:59 AM, Eric Covener wrote:
On Sun, Nov 23, 2014 at 9:57 PM, Eric Covener cove...@gmail.com wrote:
On Fri, Jul 11, 2014 at 6:36 AM, jkal...@apache.org wrote:
static int ap_proxy_strcmp_ematch(const char *str, const char *expected)
+{
+apr_size_t x, y;
+
+for (x = 0, y
Hmmm let me try to recreate.
On Nov 23, 2014, at 7:47 PM, Eric Covener cove...@gmail.com wrote:
On Fri, Nov 8, 2013 at 9:30 AM, j...@apache.org wrote:
URL: http://svn.apache.org/r1540052
Log:
UDS urls need to be desockified when configuring...
Modified:
On Mon, Nov 24, 2014 at 7:54 AM, Jim Jagielski j...@jagunet.com wrote:
Hmmm let me try to recreate.
I am really confused about how it required both, but focused on the
ematch thing and have a fix in for that.
--
Eric Covener
cove...@gmail.com
Mark, can you allocate a CVE for this? It is already public.
-- Forwarded message --
From: Eric Covener cove...@gmail.com
Date: Wed, Nov 19, 2014 at 7:16 PM
Subject: Fwd: [Bug 57204] New: LuaAuthzProvider mixes up parsed
require arguments when used multiple times
To: Apache HTTP
On Thu, Aug 21, 2014 at 8:42 AM, Jeff Trawick traw...@gmail.com wrote:
CGIPassHeader could be allowed in htaccess if the httpd admin has specified
AllowOverride ... AuthConfig ...* or AllowOverrideList CGIPassHeader in
the main config.
Make sense?
*Only auth headers are currently