Re: Confusion about SSLProxyCheckPeerName/CN

2016-06-02 Thread William A Rowe Jr 
This looks like the resulting patch.  Wordsmithing the docs changes today...

On Wed, Jun 1, 2016 at 1:50 PM, Ruediger Pluem  wrote:

>
> On 06/01/2016 05:45 PM, William A Rowe Jr wrote:
> >
> >   CheckPeerName  CheckPeerCN
> >on {ignored}CheckPeerName verification
> >unset unset CheckPeerName verification
> >unset onCheckPeerName verification?
> >unset off   no verification
> >off   on*CheckPeerCN* verification
> >off   unset | off   no verification
> >
> > Because CheckPeerName is a superset of the CheckPeerCN functionality,
> > I don't think there is any harm is using CheckPeerName in this case.
> >
>
> I think CheckPeerName is ok in this case.
>
> Regards
>
> Rüdiger
>

 Index: ssl_engine_io.c
===
--- ssl_engine_io.c (revision 1746587)
+++ ssl_engine_io.c (working copy)
@@ -1189,6 +1189,8 @@
 }
 }
 if ((sc->proxy_ssl_check_peer_name != SSL_ENABLED_FALSE) &&
+((sc->proxy_ssl_check_peer_cn != SSL_ENABLED_FALSE) ||
+ (sc->proxy_ssl_check_peer_name == SSL_ENABLED_TRUE)) &&
 hostname_note) {
 apr_table_unset(c->notes, "proxy-request-hostname");
 if (!cert
@@ -1200,7 +1202,7 @@
   "for hostname %s", hostname_note);
 }
 }
-else if ((sc->proxy_ssl_check_peer_cn != SSL_ENABLED_FALSE) &&
+else if ((sc->proxy_ssl_check_peer_cn == SSL_ENABLED_TRUE) &&
 hostname_note) {
 const char *hostname;
 int match = 0;

Re: mod_fcgid: Immediate HTTP error 503 if the max total process count is reached

2016-06-02 Thread Ivan Zahariev 

Hi Nick,

Thanks for the info.

I've followed your instructions and submitted an enhancement request: 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59656


Cheers.
--Ivan


On 31.5.2016 г. 13:45 ч., Nick Kew wrote:

On Tue, 2016-05-31 at 11:15 +0300, Ivan Zahariev wrote:

Hello,

I got no feedback. Am I posting this suggestion at the right mailing
list?

Sorry, I see your original post marked for attention in my mail
folder, but languishing hitherto unattended.  Just now opened your
link in a browser to take a look.  There could be others who
have done something similar.

As a general reply to this question, yes, this is the best
available mailinglist.  The other place to post it would be
as an enhancement request in bugzilla (issues.apache.org).
The keyword "PatchAvailable" there may help by marking it as
low-hanging fruit.