bug with SSLVerifyClient?

2016-11-21 Thread Helmut K. C. Tessarek 
Hello,

According to the documentation SSLVerifyClient can be used in a
directory context.
But I noticed that it is completely ignored (it always asks for a
user/password, no matter, if I have the client cert installed or not).

Here are the config directives (ignore the external provider):


Options Indexes FollowSymLinks

SSLVerifyClient optional
SSLVerifyDepth  2

AuthType Basic
AuthName "Restricted Section server"
AuthBasicProvider   ibmdb2

AuthIBMDB2User  user
AuthIBMDB2Password  password
AuthIBMDB2Database  dbname
AuthIBMDB2UserProc  mod_authnz.getpassword
AuthIBMDB2GroupProc mod_authnz.getgroups


   Include /etc/httpd/extra/file_with_require_expr.conf
   Require user my_user




Please note that it works perfectly, if I create a virtual host and move
the following out of the directory section and put it in the  virtual
host context:

SSLVerifyClient optional
SSLVerifyDepth  2

So either I am mnissing something, or the documention is wrong, or
there's a bug somewhere.

Can someone please shed some light on this?

Cheers,
  K. C.

-- 
regards Helmut K. C. Tessarek
lookup http://sks.pkqs.net for KeyID 0xC11F128D

/*
   Thou shalt not follow the NULL pointer for chaos and madness
   await thee at its end.
*/

Time for 2.4.24!

2016-11-21 Thread Jim Jagielski 
We have a few items in STATUS that, imo, should be tested, voted-on
and the committed to the httpd-2.4 branch in anticipation of a new
release SOON! I'd like to have a T the end of next week, if
possible so we can start off December (or be close to "starting
it off") with a new release for the community.

I'll RM.

Re: svn commit: r1768245 - /httpd/httpd/trunk/modules/cache/mod_socache_memcache.c

2016-11-21 Thread Jim Jagielski 
IMO, if you use and compute something 2x or more, it should
be a var. YMMV

> On Nov 18, 2016, at 4:04 PM, Christophe JAILLET 
>  wrote:
> 
> Le 05/11/2016 à 17:47, j...@apache.org a écrit :
>> Author: jim
>> Date: Sat Nov  5 16:47:43 2016
>> New Revision: 1768245
>> 
>> URL: http://svn.apache.org/viewvc?rev=1768245=rev
>> Log:
>> heh... bring memcache up to redis :)
>> mod_status info
>> 
>> Modified:
>> httpd/httpd/trunk/modules/cache/mod_socache_memcache.c
>> 
>> Modified: httpd/httpd/trunk/modules/cache/mod_socache_memcache.c
>> URL: 
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_socache_memcache.c?rev=1768245=1768244=1768245=diff
>> ==
>> --- httpd/httpd/trunk/modules/cache/mod_socache_memcache.c (original)
>> +++ httpd/httpd/trunk/modules/cache/mod_socache_memcache.c Sat Nov  5 
>> 16:47:43 2016
>> @@ -17,6 +17,7 @@
>>#include "httpd.h"
>>  #include "http_config.h"
>> +#include "http_protocol.h"
>>#include "apr.h"
>>  #include "apu_version.h"
>> @@ -33,6 +34,8 @@
>>  #include "ap_mpm.h"
>>  #include "http_log.h"
>>  #include "apr_memcache.h"
>> +#include "apr_strings.h"
>> +#include "mod_status.h"
>>/* The underlying apr_memcache system is thread safe.. */
>>  #define MC_KEY_LEN 254
>> @@ -293,7 +296,58 @@ static apr_status_t socache_mc_remove(ap
>>static void socache_mc_status(ap_socache_instance_t *ctx, request_rec *r, 
>> int flags)
>>  {
>> -/* TODO: Make a mod_status handler. meh. */
>> +apr_memcache_t *rc = ctx->mc;
>> +int i;
>> +
>> +for (i = 0; i < rc->ntotal; i++) {
>> +apr_memcache_server_t *ms;
>> +apr_memcache_stats_t *stats;
>> +apr_status_t rv;
>> +char *br = (!(flags & AP_STATUS_SHORT) ? "" : "");
> Is there reaaly a need for the 'br'...
>> +
>> +ms = rc->live_servers[i];
>> +
>> +ap_rprintf(r, "Memcached server: %s:%d [%s]%s\n", ms->host, 
>> (int)ms->port,
>> +(ms->status == APR_MC_SERVER_LIVE) ? "Up" : "Down",
>> +br);
> ... which could be inlined here and...
>> +rv = apr_memcache_stats(ms, r->pool, );
>> +if (rv != APR_SUCCESS)
>> +continue;
>> +if (!(flags & AP_STATUS_SHORT)) {
>> +ap_rprintf(r, "Version: %s [%u bits], PID: 
>> %u, Uptime: %u hrs \n",
>> +stats->version , stats->pointer_size, stats->pid, 
>> stats->uptime/3600);
>> +ap_rprintf(r, "Clients:: Structures: %u, Total: 
>> %u, Current: %u \n",
>> +stats->connection_structures, stats->total_connections, 
>> stats->curr_connections);
>> +ap_rprintf(r, "Storage:: Total Items: %u, Current 
>> Items: %u, Bytes: %lu \n",
>> +stats->total_items, stats->curr_items, stats->bytes);
>> +ap_rprintf(r, "CPU:: System: %u, User: %u 
>> \n",
>> +(unsigned)stats->rusage_system, 
>> (unsigned)stats->rusage_user );
>> +ap_rprintf(r, "Cache:: Gets: %u, Sets: %u, 
>> Hits: %u, Misses: %u \n",
>> +stats->cmd_get, stats->cmd_set, stats->get_hits, 
>> stats->get_misses);
>> +ap_rprintf(r, "Net:: Input bytes: %lu, Output 
>> bytes: %lu \n",
>> +stats->bytes_read, stats->bytes_written);
>> +ap_rprintf(r, "Misc:: Evictions: %lu, MaxMem: 
>> %u, Threads: %u \n",
>> +stats->evictions, stats->limit_maxbytes, 
>> stats->threads);
>> +ap_rputs("\n", r);
>> +}
>> +else {
>> +ap_rprintf(r, "Version: %s [%u bits], PID: %u, Uptime: %u hrs 
>> %s\n",
>> +stats->version , stats->pointer_size, stats->pid, 
>> stats->uptime/3600, br);
>> +ap_rprintf(r, "Clients:: Structures: %d, Total: %d, Current: %u 
>> %s\n",
>> +stats->connection_structures, stats->total_connections, 
>> stats->curr_connections, br);
>> +ap_rprintf(r, "Storage:: Total Items: %u, Current Items: %u, 
>> Bytes: %lu %s\n",
>> +stats->total_items, stats->curr_items, stats->bytes, 
>> br);
>> +ap_rprintf(r, "CPU:: System: %u, User: %u %s\n",
>> +(unsigned)stats->rusage_system, 
>> (unsigned)stats->rusage_user , br);
>> +ap_rprintf(r, "Cache:: Gets: %u, Sets: %u, Hits: %u, Misses: %u 
>> %s\n",
>> +stats->cmd_get, stats->cmd_set, stats->get_hits, 
>> stats->get_misses, br);
>> +ap_rprintf(r, "Net:: Input bytes: %lu, Output bytes: %lu %s\n",
>> +stats->bytes_read, stats->bytes_written, br);
>> +ap_rprintf(r, "Misc:: Evictions: %lu, MaxMem: %u, Threads: %u 
>> %s\n",
>> +stats->evictions, stats->limit_maxbytes, 
>> stats->threads, br);
> ... which is mostly used to append nothing here ?
> 
>> +}
>> +}
>> +
>>  }
>>static apr_status_t