Jeff Trawick wrote:
ranier wrote:
--- sdbm-old.c2003-07-08 19:55:04.0 -0300
+++ sdbm.c2003-07-08 19:57:52.0 -0300
@@ -495,7 +495,7 @@
while (dbit db-maxbno getdbit(db, dbit))
dbit = 2 * dbit + ((hash (1 hbit++)) ? 2 : 1);
-debug((dbit: %d...,
Aaron Bannert wrote:
On Thu, Dec 11, 2003 at 01:50:46PM -0600, William A. Rowe, Jr. wrote:
But the 2.0 architecture is entirely different. We need a poll but it's not entirely
obvious where to put one...
One suggestion raised in a poll bucket: when a connection level filter cannot
read anything
Dirk-Willem van Gulik wrote:
Unless I missed something we nicely issue a nonce during digest auth
(based on r-request_time) - but when the reply comes in with an
(Proxy-)Authenticate header we use the nonce provided by the client; and
do not check if it was any where near reasonably likely that
Dirk-Willem van Gulik wrote:
Right now we do not verify the nonce using in digest. This means that
an attacker can replay the response from another site or section
on the web site if
- the users username+password is the same across the site.
- the realm name is the same
Unfortunately that is
Dirk-Willem van Gulik wrote:
This doesn't appear to check that the timestamp is anywhere near now,
which would prevent same-site replays...
Correct - the trouble with timestap checks is that ?most/some? browsers
will NOT cache the password the user has entered; but the 'response' (i.e.
Dirk-Willem van Gulik wrote:
On Thu, 18 Dec 2003, Greg Marr wrote:
Couldn't the new member be placed at the end of the request rec so
that it's only a minor bump?
Sure - does that work across all compilers ?
Yes.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
* %{forensic-id}n in the custom log format, for example:
* CustomLog logs/custom %h %l %u %t \%r\ %s %b %{forensic-id}n
* Ben Laurie 29/12/2003
*/
#include httpd.h
#include http_config.h
#include http_log.h
#include assert.h
module MODULE_VAR_EXPORT log_forensic_module;
typedef struct fcfg
Jeff Trawick wrote:
Ben Laurie wrote:
One of the problems that crops up depressingly often is that someone
gets owned, and they can't find out why. This is generally because the
offending request didn't get logged, because the server died before it
logged it.
far more often than getting
Jeff Trawick wrote:
Ben Laurie wrote:
If it does nothing unless a file is specified, why not enable by default?
to avoid silent growth in the set of code built into somebody's
server... when does somebody have to add --disable-foo to create a
build compatible with what they had with the 1.3
Colm MacCarthaigh wrote:
On Mon, Dec 29, 2003 at 01:39:28PM +, Ben Laurie wrote:
So, I've written a forensic logging module. What this does is log the
request as soon as all the headers have been read, then log again when
its complete. Any request that doesn't complete should be viewed
David Reid wrote:
Colm MacCarthaigh wrote:
On Mon, Dec 29, 2003 at 01:39:28PM +, Ben Laurie wrote:
So, I've written a forensic logging module. What this does is log the
request as soon as all the headers have been read, then log again when
its complete. Any request that doesn't complete
to Tina Bird [EMAIL PROTECTED], whose
* idea this module was.
*
* Ben Laurie 29/12/2003
*/
#include httpd.h
#include http_config.h
#include http_log.h
#include assert.h
#include apr_strings.h
#include apr_atomic.h
#include unistd.h
#include http_protocol.h
module AP_MODULE_DECLARE_DATA
Bill Stoddard wrote:
Bill Stoddard wrote:
Ben Laurie wrote:
Bill Stoddard wrote:
Ben Laurie wrote:
If it does nothing unless a file is specified, why not enable by
default?
Like Jeff, I am more interested in this for debugging process
crashes that are not necessarily related to attacks
Colm MacCarthaigh wrote:
On Tue, Dec 30, 2003 at 11:49:37AM +, Ben Laurie wrote:
Could the forensic_id be tied in with mod_unique_id? It seems confusing
to have two different methods to generate unique id's for requests. Also
with unique_id, I can see it being useful to make CGI's aware
Sander Striker wrote:
On Tue, 2003-12-30 at 19:52, Ben Laurie wrote:
I realise that having the value of getpid() and time() to hand is useful
for forensic purposes, but a getpid():time():next_id++ will result in
duplicates accross even small clusters.
Ah, I see :-) does mod_unique_id handle
[EMAIL PROTECTED] wrote:
nd 2004/01/01 05:26:26
Log:
update license to 2004.
Why? Unless the file changes in 2004, the copyright doesn't. And, in any
case, the earliest date applies, so it gets us nowhere.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
[EMAIL PROTECTED] wrote:
nd 2004/01/02 15:35:59
Modified:modules/loggers mod_log_forensic.c
Log:
prevent module from segfaulting when not configured.
Ooops, forgot to bring that forward from 1.3. Thanks.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Joe Orton wrote:
On Sat, Jan 03, 2004 at 04:31:32PM -, [EMAIL PROTECTED] wrote:
ben 2004/01/03 08:31:32
Modified:server gen_test_char.c
Log:
Make forensic logging safe for POST data. The issue with strchr and NUL is
a red herring.
I don't think this is a safe change: 0
[EMAIL PROTECTED] wrote:
bnicholes2004/01/03 11:18:53
Modified:modules/loggers mod_log_forensic.c
Log:
Don't hardcode the location of the test_char.h header. The path should be added to
the INCLUDE path.
This patch is broken. Don't make me reverse it.
--
Brad Nicholes wrote:
Broken??? jorton already fixed up the INCLUDE path.
Ooops. Guess I screwed up, it didn't build for me. Try again. Sorry.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who
Jeff Trawick wrote:
See http://www.apache.org/~trawick/exception_hook_13.html
There is a small patch to Apache 1.3 required to make the sample modules
work. This is analogous to the toys using the Apache 2.1 exception hook
which are described at
Jeff Trawick wrote:
Ben Laurie wrote:
Jeff Trawick wrote:
See http://www.apache.org/~trawick/exception_hook_13.html
You should make the logged strings safe, like mod_log_forensic does,
and I think the format should be compatible (which means no space
after the colon).
Thanks for taking
Colm MacCarthaigh wrote:
On Mon, Jan 26, 2004 at 06:28:03PM +, Colm MacCarthaigh wrote:
I'd love to find out what's causing your worker failures. Are you using
any thread-unsafe modules or libraries?
Not to my knowledge, I wasn't planning to do this till later, but
I've bumped to 2.1, I'll
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
or Joshua's virtual keyword on Location , which I like better the
more I think about it.
ooops... s/Joshua/André/
but Joshua has excellent points about virtualness being a property of
the handler. Yes, the server-status handler should know
[EMAIL PROTECTED] wrote:
Ben Laurie wrote:
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
or Joshua's virtual keyword on Location , which I like better
the more I think about it.
ooops... s/Joshua/André/
but Joshua has excellent points about virtualness being a property
Jeff Trawick wrote:
Jim Jagielski wrote:
I'd like to float the idea of releasing 1.3.30 soonish.
Not only are there enough changes to warrant a release, but
also to coincide with the changeover to AL 2.0.
one question: who would support putting the 1.3 versions of
mod_backtrace and
Roy T. Fielding wrote:
However I completely disagree that Python (or Perl or PHP) is
a good choice for use in build systems.
As part of the configure process, I would agree with you, but as part of
buildconf, I disagree--not everyone needs to run buildconf--only
developers, and if you're
Ghanta, Bose wrote:
Dear Ben and OpenSSL Team members,
Could you kindly answer the following question from one of my group
members? I very much appreciate it.
I was working on what I originally thought was a bug in our FTP client.
Your ftp site has a very long banner (due to the crypto
[EMAIL PROTECTED] wrote:
jorton 2004/03/10 13:54:17
Modified:modules/ssl ssl_engine_log.c
Log:
* modules/ssl/ssl_engine_log.c (ssl_log_annotate, ssl_log_annotation,
ssl_log_ssl_error): const-ify annotation strings and simplify
ssl_log_annotation.
-static char
Justin Erenkrantz wrote:
--On Sunday, March 14, 2004 11:18 PM -0600 William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
as the GNU, ASF, and SF projects all discovered, full backups by third
parties are invaluable. What is the equivalent to rsync, and is it as
stable?
I think you mean cvsup not
Justin Erenkrantz wrote:
--On Monday, March 15, 2004 10:52 AM + Ben Laurie
[EMAIL PROTECTED] wrote:
It is? How? Unless the committer signs (which ISTR was rejected as an
option
when I suggested it, so I'm assuming that doesn't happen), then they
must be
signed by the server - a successful
Justin Erenkrantz wrote:
--On Tuesday, March 16, 2004 5:27 PM + Ben Laurie
[EMAIL PROTECTED] wrote:
I don't see how this defends against a malicious user that has owned the
server for long enough for his changes to have been rsynced to the
secure
server?
Because it'd be read-only
William A. Rowe, Jr. wrote:
At 11:27 AM 3/16/2004, Ben Laurie wrote:
Justin Erenkrantz wrote:
--On Monday, March 15, 2004 10:52 AM + Ben Laurie [EMAIL PROTECTED] wrote:
It is? How? Unless the committer signs (which ISTR was rejected as an option
when I suggested it, so I'm assuming
Justin Erenkrantz wrote:
--On Tuesday, March 16, 2004 8:19 PM + Ben Laurie
[EMAIL PROTECTED] wrote:
c) You appear to be assuming daily snapshots maintained forever in your
story - if so, how do you deal with network problems and the like? How
can you tell a commit that didn't make
Mathihalli, Madhusudan wrote:
Somehow the message just went to Sander !
-Madhu
-Original Message-
From: Mathihalli, Madhusudan
Sent: Friday, March 19, 2004 11:01 AM
To: 'Sander Striker'
Subject: RE: SEGV in allocator_free
-Original Message-
From: Sander Striker
Bojan Smojver wrote:
On Thu, 2004-03-18 at 06:35, Greg Stein wrote:
hehe... it's probably because I sympathize. Back in '96, when I went to
work for Microsoft, I caught some heat from some random guy in the Python
community. When Guido replied with, effectively, oh, shut the hell up.
Greg's
Jeff Trawick wrote:
2) Get approval to commit to stable branch
(no attempt made IIRC; typical action is to propose a vote in STATUS
file of stable branch and await comments or votes)
Done! Votes please...
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to
Jeff Trawick wrote:
André Malo wrote:
* Jeff Trawick [EMAIL PROTECTED] wrote:
André Malo wrote:
* Jeff Trawick [EMAIL PROTECTED] wrote:
somehow I doubt there will be any problems at all getting it
approved, but
nobody acted as a champion thus far and asked for approval themselves
In
Jim Jagielski wrote:
On Apr 13, 2004, at 11:13 AM, Jim Jagielski wrote:
static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char
*name)
{
@@ -3395,6 +3446,9 @@
An HTTP authorization type (e.g., \Basic\) },
{ AuthName, set_authname, NULL, OR_AUTHCFG, TAKE1,
The
Jeff Trawick wrote:
pid_t is long on Solaris
+1
Index: src/modules/standard/mod_log_forensic.c
===
RCS file:
Nick Kew wrote:
We have grown accustomed to two separate trust mechanisms
on the 'net; server certs signed by some authority, or the PGP
web of trust.
I would like to be able to use PGP trust over the web. That would
mean (something like) installing a certificate on the server, and
William A. Rowe, Jr. wrote:
[EMAIL PROTECTED] wrote:
Author: ben
Date: Sat Jul 22 07:27:43 2006
New Revision: 424584
URL: http://svn.apache.org/viewvc?rev=424584view=rev
Log:
Add PKCS#7 support.
Modified:
httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c
Joe Orton wrote:
On Sat, Jul 22, 2006 at 02:27:44PM -, [EMAIL PROTECTED] wrote:
Author: ben
Date: Sat Jul 22 07:27:43 2006
New Revision: 424584
URL: http://svn.apache.org/viewvc?rev=424584view=rev
Log:
Add PKCS#7 support.
-1. We've had an RTC policy on the stable branch for many
Ruediger Pluem wrote:
On 07/23/2006 02:10 PM, Ben Laurie wrote:
Joe Orton wrote:
- use APR apr_file_* not ANSI C fopen,
I need a FILE *.
Maybe you could use BIO_new_file / PEM_read_bio_PKCS7 as it is done in similar
situations in other places of mod_ssl.
Why?
- the server doesn't
William A. Rowe, Jr. wrote:
Ben Laurie wrote:
Ruediger Pluem wrote:
On 07/23/2006 02:10 PM, Ben Laurie wrote:
[Sun Jul 23 10:25:14 2006] [info] Loading certificate private key
of SSL-aware server
[Sun Jul 23 10:25:14 2006] [error] Can't open \x80\x94|
Hmmm. Can't reproduce
Will it be OK to do this?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
Plüm wrote:
Please add it to the STATUS file of 2.2.x for voting.
Done.
Regards
Rüdiger
-Ursprüngliche Nachricht-
Von: Ben Laurie
Gesendet: Montag, 31. Juli 2006 16:13
An: Apache List
Betreff: Backport PCKS#7 patch to 2.2?
Will it be OK to do this?
Cheers,
Ben
Justin Erenkrantz wrote:
On Sat, 11 Dec 2004, Dirk-Willem van Gulik wrote:
Sounds a lot more feasible than travelling to .us for a hack.
But I'm wondering what this actually achieves? Sure, it gets people
to focus on Getting Things Done, but a *scheduled* IRC+pastebin-based
hackathon could do
William A. Rowe, Jr. wrote:
At 06:19 AM 12/11/2004, Dirk-Willem van Gulik wrote:
On Fri, 10 Dec 2004, Justin Erenkrantz wrote:
During ApacheCon, a number of us had talked about holding more frequent
face-to-face meetings (or summits or whatever). Fred is willing to find a
place for us at Apple
Enrico Weigelt wrote:
* William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
snip
http://www.ietf.org/rfc/rfc2817.txt
spells out methods that the server can -insist- that an upgraded
connection is used, and the client can instigate an upgraded
connection as well even if the server doesn't require it.
But
Jim Jagielski wrote:
I'm currently working on code that extended the lb method
within the 2.1/2.2 proxy from what is basically a
weighted request count to also be a weighted
traffic count (as measured by bytes transferred)
and a weighted load count (as measured by response
time). The former is
Justin Erenkrantz wrote:
--On Saturday, January 8, 2005 10:43 PM + Ben Laurie
[EMAIL PROTECTED] wrote:
Errr... mod_backhand?
mod_backhand doesn't support Apache 2.x:
http://www.backhand.org/mod_backhand/FAQ.shtml#question0
Port it?
--
http://www.apache-ssl.org/ben.html http
Joe Orton wrote:
On Wed, Feb 02, 2005 at 11:09:47AM +, David Reid wrote:
Joe Orton wrote:
On Wed, Feb 02, 2005 at 10:17:04AM +, David Reid wrote:
Basically this allows us to gain access to the actual cert structure.
I don't like the idea of exposing the X509 * directly especially not
Sarat S wrote:
Hi,
I apologize if this topic is not relevant to this forum. Please direct
me to the suitable list.
I'm working on a project that aims at augmenting the Apache Web Server
with Audit capability compatible with an audit-enabled operating
system(Mac OS X,Free BSD etc).
What is an
William A. Rowe, Jr. wrote:
Fascinating reading (see the bottom two tables of these pages:
http://www.securityspace.com/s_survey/data/man.200501/srvch.html?server=Apacherevision=Apache%2F1.3.33
http://www.securityspace.com/s_survey/data/man.200501/srvch.html?server=Apacherevision=Apache%2F2.0.52
Greg Stein wrote:
Euh... don't we need one of those for proper operation? Or do they all
have defaults, so a .conf isn't really needed?
Dude, one of my biggest complaints with the whole httpd.conf we ship is
that we have defaults for _everything_. None of it is needed. And I find
it a major PITA
Greg Stein wrote:
On Mon, Apr 04, 2005 at 01:03:27PM -0500, William A. Rowe, Jr. wrote:
At 09:37 AM 4/4/2005, Brad Nicholes wrote:
+1 to Greg's comment, I also think that for a new users, having a bunch of little .conf files will be more confusing. For experienced users, they will split up the
Stephane Bailliez wrote:
Hi,
I'm facing an annoying issue during a PKI deployment and integration
within an organization.
The CA is created with the authority key identifier set as a critical
extension.
OpenSSL (including 0.9.7g) chokes (voluntarily) on critical extensions
and as a default
Paul Querna wrote:
So, here is my short-list-made-up-this-afternoon of things I would like
to look at doing after 2.2 is branched/released as GA. I welcome
additions too.
1) Eliminate the HTTP in HTTPD. I would like to be able to compile
httpd with --disable-http. Currently the 'http core' is
Joe Orton wrote:
On Thu, Jun 09, 2005 at 02:57:37PM -, [EMAIL PROTECTED] wrote:
Author: ben
Date: Thu Jun 9 07:57:36 2005
New Revision: 189761
URL: http://svn.apache.org/viewcvs?rev=189761view=rev
Log:
Die properly when path is bollocks.
Did you mean to commit this to the branch?
Akins, Brian wrote:
On 6/21/05 5:29 PM, Nick Kew [EMAIL PROTECTED] wrote:
(2) http://www.apachecon.com/ - come to our module developers tutorial
and other talks.
When will there be another apachecon US?
December.
--
ApacheCon Europe http://www.apachecon.com/
Rian Hunter wrote:
Hi,
Currently there are two approaches we are looking at for mod_smtpd. We
can use the existing request_rec structure, and store smtp specific data
in a structure stucture in the r-request conf vector. With this we can
reuse some of the existing core hooks that make sense
David Reid wrote:
Joe Orton wrote:
On Fri, Aug 05, 2005 at 08:00:01PM +0200, Martin Kraemer wrote:
On Tue, Aug 02, 2005 at 07:14:10PM +0200, Martin Kraemer wrote:
I wanted something like
SSLRequire committers in SSLPeerExtList(1.3.6.1.4.1.18060.1);
to mean at least one extension with
[EMAIL PROTECTED] wrote:
jerenkrantz2002/12/11 13:09:16
Modified:server Makefile.in
Log:
Take a stab at fixing the brokenness in our tree (grr!).
ls -1 is bound to be more portable than find -maxdepth, but I suspect it may
not be as portable as it really should.
man ls
Jeff Trawick wrote:
While this is probably a bad idea, I bet that if you could trick
ap_lingering_close() not to close your socket when the connection is
closed, you might be able to get away with this.
The relevent line in server/connection.c:214 is:
apr_socket_t *csd =
[EMAIL PROTECTED] wrote:
Marc M. Adkins wrote:
The ap_hook_handler() call
does not specify the handler key from the corresponding AddHandler
configuration directive. As a consequence, the specified handler
function
must look at and accept or decline each request.
yes, you are
Aaron Bannert wrote:
Who are the developers who could answer my is this a race condition
questions?
Anyone on this list (or on the [EMAIL PROTECTED] list). If you think
you've found a race condition, please just post it to the appropriate
list so that we can all discuss it. Any help you
objectworlds wrote:
Does Apache have a postal address in the UK ?
No.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
William A. Rowe, Jr. wrote:
All this shows that running UDP in Apache can make sense, and I tried
to get some attention about it one year ago.. But somehow everybody
thought that UDP inside Apache can be used only for HTTP-over-UDP,
which is indeed controversial.. I hope that full UDP-support will
Thom May wrote:
Hi folks,
so it seems that ProxyPass operation has been broken since at least 1.3.9;
we're currently firefighting our way through the list of debian bugs and
found http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=57316 - ProxyPass to
ftp urls causes apache to segfault.
The
Joe Orton wrote:
This adds an optional hook so that modules can put their own status
information in the server-status page when mod_status is loaded.
(mod_ssl has code which can use this to output session cache status).
Any objections?
* mod_status.h: New file.
* mod_status.c:
William A. Rowe, Jr. wrote:
At 10:44 PM 7/31/2003, Mahadevan R wrote:
While trying to write an Apache2 module in C++, I found that in the command table,
AP_INIT_TAKE1 has to be used like this:
AP_INIT_TAKE1( Directive, (cmd_func) drctv_handler, NULL, OR_ALL, help string)
The compiler I'm
Ranier Vilela wrote:
Sorry, the mpm_common.c.diff was empty.
--- mpm_common.c 2003-08-31 06:06:25.0 -0300
+++ mpm_common_old.c 2003-08-31 05:57:14.0 -0300
@@ -808,7 +808,7 @@
if
[EMAIL PROTECTED] wrote:
martin 2003/09/08 04:03:40
Modified:.KEYS
Log:
Add my 768/FDE534D1 key
That's a little weak, isn't it?
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
Cliff Woolley wrote:
Noel and I had a little discussion just now on IRC about hook ordering and
the fact that in 2.0 we have made the admin's life a little harder by
hard-coding the ordering of certain modules (eg mod_dav vs mod_jk2).
Basically the problem is that a completely automatic
Cliff Woolley wrote:
On Fri, 17 Oct 2003, Ben Laurie wrote:
For this one, it looks like we might need a way to keep track at a
global scope what hooks there are. Right now, the only list of hooks is
static to the file the hooks were declared in (a static struct called
_hooks in that file
Greg Stein wrote:
On Fri, Oct 31, 2003 at 10:12:56PM +0100, Sander Striker wrote:
From: Brad Nicholes [mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003 9:53 PM
So what is the best way to resolve this? Currently NetWare won't
build. It throws a compiler error in Metrowerks. I can
Jeff Trawick wrote:
Piras Velandai Thiyagarajan wrote:
To better serve the Apache user community for easy integration, it
would be nice if during configure compilation option,
--with-mod-sun-plugin, that way just be simple effect of compilation,
the customers get what they want.
I'd
Astrid Keßler wrote:
I was just asked again by a user about the load order of modules.
While it seems that it is now with Apache2 less important, and also
ClearModuleList and AddModule are removed now with Apache2, I think it
is at least still important for auth modules. So I searched the manual
Would anyone object to me committing this?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
Hi Ben,
I have a patch to httpd-2_0_18-alpha that does what I'm looking for.
To be completely accurate, the request is:
OPTIONS /svn HTTP/1.1
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
This patch removes some magic in request.c. I wrote it coz 2.0.28 didn't
actually work at all for me, coz the magic failed.
Somehow the magic was OK again in the snapshot I tried, but I consider
it a bad thing that it exists at all (btw, the whole directory walk I
find completely unreadable, I
[EMAIL PROTECTED] wrote:
brianp 02/01/06 00:01:34
Modified:modules/loggers mod_log_config.c
Log:
Bypass a strdup and an 8KB local variable in the common case where
the logger is using the default time format
Does that really stop the stack space from being allocated? It
[EMAIL PROTECTED] wrote:
jim 02/05/02 06:28:46
Modified:src/os/unix os.c
Log:
OK. This is admittedly anal. But the whole idea behind cpp macros
is to avoid things like we know NSLINKMODULE_OPTION_NONE is 0
and making such shortcuts as this. This makes it clear what
[EMAIL PROTECTED] wrote:
jerenkrantz02/05/15 16:10:34
Modified:modules/ssl mod_ssl.c mod_ssl.h ssl_engine_init.c
ssl_engine_io.c ssl_engine_kernel.c
ssl_engine_log.c ssl_engine_pphrase.c
Log:
Stop using SSL_ADD_SSLERR option
Cliff Woolley wrote:
On 23 May 2002, Jeff Trawick wrote:
Existing apachectl keywords are still supported for now (except for
some alternate spellings of startssl -- whats up with that stuff?).
I always assumed it was for Apache-SSL compatibility. Ben?
Apache-SSL always has SSL
Ryan Bloom wrote:
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Bill Stoddard wrote:
This is a variation of the problem Aaron and I were interested in
with
CGI scripts (and
directly related to an open PR against 2.0.36). Unfortunately, I
think
filters need some
more work to
Jeff Trawick wrote:
Ben Laurie [EMAIL PROTECTED] writes:
Seems to me that you really want a apr_poll equivalent that works on
bucket brigades - that would make this clean, and could be quite
elegant (IMO).
What seems useful (to me) is for apr_poll() to operate on a generic
I/O handle
[EMAIL PROTECTED] wrote:
jwoolley2002/05/31 00:43:22
Modified:modules/test mod_bucketeer.c
Log:
we should be copying over all metadata buckets we don't understand, not
just error buckets.
Revision ChangesPath
1.12 +5 -4
Cliff Woolley wrote:
On Mon, 3 Jun 2002, Ryan Bloom wrote:
I was actually just about to look at this problem if you are busy.
Go for it... I'm working on something else.
Perhaps its just me, but I'm amused this is considered a bug.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Ryan Bloom wrote:
From: Ben Laurie [mailto:[EMAIL PROTECTED]]
Cliff Woolley wrote:
On Mon, 3 Jun 2002, Ryan Bloom wrote:
I was actually just about to look at this problem if you are busy.
Go for it... I'm working on something else.
Perhaps its just me, but I'm amused this is considered
[EMAIL PROTECTED] wrote:
jim 2002/06/17 19:07:00
Modified:src/ap ap_strtol.c
Log:
Just in case, handle LONG_* if limits doesn't have 'em
Revision ChangesPath
1.4 +6 -0 apache-1.3/src/ap/ap_strtol.c
Index: ap_strtol.c
Jim Jagielski wrote:
[EMAIL PROTECTED] wrote:
I will make one exception to that statement. If it lands inside of
APR-util, under the XML directory, and it is made to work with the XML
parser, I can accept that landing spot. As it fits in closer with our
goals (I think). Jim, I can't decide
On Sun, Jan 8, 2012 at 4:20 PM, Jim Jagielski j...@jagunet.com wrote:
How much is entirely?
Do the 80char lines in ap_listen.h, ap_mmn.h, ap_mpm.h, ap_provider.h,
ap_regex.h, ap_regkey.h, ap_slotmem.h, http_core.h, http_protocol,h,
etc etc etc etc also constitute a rating of entirely?
I'd
On Thu, Apr 5, 2012 at 8:34 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote:
On 4/5/2012 1:14 PM, Claudio Caldato wrote:
Hi William,
We need more details in order to be able to figure out what is going on. Any
chance that you guys have an isolated repo we can use to investigate this
Would anyone object to the NPN patch (r1332643) being backported to 2.2 and 2.4?
On Wed, May 9, 2012 at 6:26 AM, Paul Querna p...@querna.org wrote:
Heya,
A friend of mine is helping organizing the first C Conf:
http://www.cconf.org/
I think it could be a very interesting conference for those of us that
still enjoy coding C :-)
Not sure I can make it, but your friend
On Wed, Jun 20, 2012 at 1:25 PM, Nick Edwards nick.z.edwa...@gmail.com wrote:
Hello,
I posted this to users list last week but no-one bit, so I'm trying here.
With md5crypt no longer recommended for use by its author, will Apache
soon support sha256/sha512 in basic authentication via MySQL.
On Thu, Jun 21, 2012 at 10:53 AM, Issac Goldstand mar...@beamartyr.net wrote:
On 21/06/2012 12:40, Ben Laurie wrote:
4. Use something that is hard to optimise in hardware (ideally).
And what about massive sites that need the crypto HW to manage the
concurrent logins?
I have never come across
I'm working on Certificate Transparency
(http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf).
TL;DNR: CAs are a mess, and we need to do something about it.
RFC 5878 adds a TLS extension which permits a server to send extra
authorisation information along with the
1 - 100 of 125 matches
Mail list logo