Re: [PATCH] don't corrupt heap upon empty response from OCSP server

Hi Jim, On Thu, Jul 05, 2012 at 01:49:25PM +0200, Jim Meyering wrote: This is my first httpd patch/report. If you'd prefer that it go to a BZ or a different list, just let me know. This is fine! I found this by inspection: it appears that line[-1] (the heap) can be corrupted. Is it

Re: [PATCH] don't corrupt heap upon empty response from OCSP server

Joe Orton wrote: Hi Jim, On Thu, Jul 05, 2012 at 01:49:25PM +0200, Jim Meyering wrote: This is my first httpd patch/report. If you'd prefer that it go to a BZ or a different list, just let me know. This is fine! I found this by inspection: it appears that line[-1] (the heap) can be

Re: Need feedback for Apache 2.4.2

Hi Pravesh, Have realized that Apache 2.4.2 don't have Win32 source available on download page (http://httpd.apache.org/download.cgi#apache24). Can you please let us know, whether the same will be available in near future? there is no need to have an extra package for windows. You can use

Comment system, take three

As Professor Farnsworth would say; Great news everyone! Some time ago, I proposed we use a comment system for our trunk branch, that I had been developing for our site. This system has been tested during the entire month of June, and received 11 actual comments (not counting the 110 test comments

Re: Need feedback for Apache 2.4.2

Am 06.07.2012 11:30, schrieb Mario Brandt: Have realized that Apache 2.4.2 don't have Win32 source available on download page (http://httpd.apache.org/download.cgi#apache24). Can you please let us know, whether the same will be available in near future? there is no need to have an extra

Why RFC 5878 matters...

I'm working on Certificate Transparency (http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf). TL;DNR: CAs are a mess, and we need to do something about it. RFC 5878 adds a TLS extension which permits a server to send extra authorisation information along with the

Re: [PATCH] don't access(r/w) uri[-1] when validating resource w/empty uri string

Nick Kew wrote: On Thu, 05 Jul 2012 19:33:18 +0200 Jim Meyering j...@meyering.net wrote: Thanks for the patch, but can you clarify? At first I thought there must be code to guarantee that a URI (resource-uri) has length 0, In principle it must be for an HTTP request to exist. Have you

Comments requested on proposed 2.2 patch - keep or nyx

All; I've had the patch for SSLProxyMachineCertificateChainFile added to the 2.2 STATUS for a while. There hasn't been much movement so I wanted to reach out to see if some fellow committers could spare the time to help push it along. Or - on the flip side - if folks do not think it is worth