Re: [PATCH] make test TEST_VERBOSE=1
On Wed, 18 Sep 2002, Geoffrey Young wrote: I think the attached patch behaves as suggested. perfectly, thanks.
Re: [PATCH] make test TEST_VERBOSE=1
On Wed, 18 Sep 2002, Doug MacEachern wrote: On Wed, 18 Sep 2002, Geoffrey Young wrote: I think the attached patch behaves as suggested. perfectly, thanks. with 5.8.0 that is. with 5.6.1, dies with: Error in option spec: verbose:1
Re: newbie question on perl-framework...
On Tue, 17 Sep 2002, David Hill wrote: Tried that (twice) and it did not help. Thanks for the pointer to the config blocks, missed that in my RTFM-ing. If I hand hack a conf file based on your pointer, things run much better, but what a pain t/TEST -clean t/TEST -trace=debug will give you some more info. I am beginning to think that the problem is related to the path to the libraries created by apxs. The DSO is created as ./c-modules/foo/.libs/libmod_foo.so I am trying to understand the perl code but have not found anything that deals with this stuff. that path is expected. if the .so isn't found, then it shouldn't be added to httpd.conf and tests skipped that depend on that module. you might want to look at the generated file: t/conf/apache_test_config.pm contains most of the collected info, including a list of cmodules from the c-modules directory.
Re: POST with no data
i think lwp does the right thing, but TestRequest.pm does not. patch below should fix (untested). --- Apache-Test/lib/Apache/TestRequest.pm 4 Apr 2002 00:54:26 - 1.71 +++ Apache-Test/lib/Apache/TestRequest.pm 17 Sep 2002 20:22:38 - @@ -251,7 +251,7 @@ $credentials{$keep-{realm} || '__ALL__'} = [$keep-{username}, $keep-{password}]; } -if (my $content = $keep-{content}) { +if (defined(my $content = $keep-{content})) { if ($content eq '-') { $content = join '', STDIN; }
Re: minor change needed in mod_test_apr_uri.c
On Mon, 16 Sep 2002, Dave Hill wrote: Hi, Just starting to use the test framework on Tru64. Bumped into a compiler issue... Our compiler does not like multiline implicite strings. You can do muliline strings, you just need to end them with '\n\'. Attached is a diff -c of my change. I belive that the the change should work with other compilers. thanks, applied to cvs. p.s. if possible, diff -u is the prefered format for patches.
auth stuff still broken
a fresh build/install of .42-dev: Cannot load /.../modules/mod_authn_file.so into server: /.../modules/mod_authn_file.so: undefined symbol: authn_register_provider stock httpd.conf is installed (by 'make install') with modules in this order: LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so
--with-mpm=worker on freebsd
why is it on freebsd --with-mpm=worker actually compiles the prefork mpm? i just tried building on icarus with the 2.0.37 tarball, same thang with 2.0.36 % cat config.nice #! /bin/sh # # Created by configure CFLAGS=-g; export CFLAGS ./configure \ --prefix=/home/dougm/apache2-worker \ --with-mpm=worker \ $ % ~/apache2-worker/bin/httpd -V Server version: Apache/2.0.37 Server built: Jun 11 2002 10:18:20 Server's Module Magic Number: 20020602:1 Architecture: 32-bit Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork ... % ~/apache2-worker/bin/httpd -l | grep prefork prefork.c
Re: --with-mpm=worker on freebsd
On Tue, 11 Jun 2002, Cliff Woolley wrote: Because threads are forced to be disabled on FreeBSD. I believe there's a warning message about this in the ./configure output... you might just not have noticed it as it scrolled by. that's odd, why not just abort with a message sorry only prefork supported. anyhow, if threads are always disabled on freebsd, then APR_HAS_THREADS should always be 0, right? a guy on the modperl list compiled --with-mpm=worker on freebsd, his apr.h has: #define APR_HAS_THREADS 1 he's running freebsd 4.5-release also, aren't the thread issues solved in newer freebsd's? icarus is running FreeBSD 4.6-RC #11: Mon Jun 3 17:17:13 PDT 2002
Re: cvs commit: httpd-2.0 CHANGES
just a note on this, SSLOptions +OptRengotiate simulates what s3_srvr.c:ssl3_get_client_certificate would do when calling ssl_verify_cert_chain() with the certs presented by the client. for whatever reason, when the cert chain is saved to the session cache, the peer cert is removed from the chain: s-session-peer=sk_X509_shift(sk); ... s-session-sess_cert-cert_chain=sk; /* Inconsistency alert: cert_chain does *not* include the * peer's own certificate, while we do include it in s3_clnt.c */ so this workaround simply pushes the peer cert from the session cache back into the chain. i'd be surprised if 'SSLOptions +OptRengotiate' actually ever worked for anybody before this change, including the 1.3 based modssl which still has this issue. On 11 Jun 2002 [EMAIL PROTECTED] wrote: dougm 2002/06/10 20:12:34 Modified:modules/ssl ssl_engine_kernel.c .CHANGES Log: 'SSLOptions +OptRengotiate' will use client cert in from the ssl session cache when there is no cert chain in the cache. prior to the fix this situation would result in a FORBIDDEN response and error message Cannot find peer certificate chain Revision ChangesPath 1.73 +15 -0 httpd-2.0/modules/ssl/ssl_engine_kernel.c Index: ssl_engine_kernel.c === RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v retrieving revision 1.72 retrieving revision 1.73 diff -u -r1.72 -r1.73 --- ssl_engine_kernel.c 4 Jun 2002 07:12:26 - 1.72 +++ ssl_engine_kernel.c 11 Jun 2002 03:12:33 - 1.73 @@ -709,6 +709,16 @@ cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl); +if (!cert_stack (cert = SSL_get_peer_certificate(ssl))) { +/* client cert is in the session cache, but there is + * no chain, since ssl3_get_client_certificate() + * sk_X509_shift-ed the peer cert out of the chain. + * we put it back here for the purpose of quick_renegotiation. + */ +cert_stack = sk_new_null(); +sk_X509_push(cert_stack, cert); +} + if (!cert_stack || (sk_X509_num(cert_stack) == 0)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r-server, Cannot find peer certificate chain); @@ -745,6 +755,11 @@ SSL_set_verify_result(ssl, cert_store_ctx.error); X509_STORE_CTX_cleanup(cert_store_ctx); + +if (cert_stack != SSL_get_peer_cert_chain(ssl)) { +/* we created this ourselves, so free it */ +sk_X509_pop_free(cert_stack, X509_free); +} } else { request_rec *id = r-main ? r-main : r; 1.819 +6 -0 httpd-2.0/CHANGES Index: CHANGES === RCS file: /home/cvs/httpd-2.0/CHANGES,v retrieving revision 1.818 retrieving revision 1.819 diff -u -r1.818 -r1.819 --- CHANGES 10 Jun 2002 18:51:37 - 1.818 +++ CHANGES 11 Jun 2002 03:12:33 - 1.819 @@ -1,5 +1,11 @@ Changes with Apache 2.0.37 + *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl + session cache when there is no cert chain in the cache. prior to + the fix this situation would result in a FORBIDDEN response and + error message Cannot find peer certificate chain + [Doug MacEachern] + *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if one was already sent. PR 9644 [Jeff Trawick]
Re: cvs commit: httpd-2.0 CHANGES
On Mon, 10 Jun 2002, Doug MacEachern wrote: i'd be surprised if 'SSLOptions +OptRengotiate' actually ever worked for anybody before this change, including the 1.3 based modssl which still has this issue. i take that back a bit, i'd be surprised if it worked for anybody using netscape 4.xx where you can see: - click on the security lock icon - click on Navigator there is an option here Certificate to identify you to a website the default is [Ask Every Time] it is only an issue in that case, where the first request prompts for client cert, any request after that with SSLSessionCache results in FORBIDDEN with the Cannot find peer certificate chain error_log message. this is not a problem when the netscape option is changed to [Select Automatically] which i think newer versions do by default, same with IE and likely other clients.
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestConfig.pm
this change is wrong. please revert and explain what you need so we can find the right solution. On 3 Jun 2002 [EMAIL PROTECTED] wrote: jerenkrantz2002/06/03 11:03:42 Modified:perl-framework/Apache-Test/lib/Apache TestConfig.pm Log: Only start one server instance until we need the other one for the proxy tests. Revision ChangesPath 1.137 +1 -1 httpd-test/perl-framework/Apache-Test/lib/Apache/TestConfig.pm Index: TestConfig.pm === RCS file: /home/cvs/httpd-test/perl-framework/Apache-Test/lib/Apache/TestConfig.pm,v retrieving revision 1.136 retrieving revision 1.137 diff -u -r1.136 -r1.137 --- TestConfig.pm 20 May 2002 22:25:34 - 1.136 +++ TestConfig.pm 3 Jun 2002 18:03:42 - 1.137 @@ -1553,7 +1553,7 @@ /IfModule IfModule prefork.c -StartServers @MaxClients@ +StartServers 1 MaxClients @MaxClients@ MaxRequestsPerChild 0 /IfModule
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestConfig.pm
On Mon, 3 Jun 2002, Aaron Bannert wrote: Cliff is always mentioning something like t/TEST -d gdb or something like that. Won't that run in -X mode automatically? yes.
Re: cvs commit: httpd-test/perl-framework README
On 3 Jun 2002 [EMAIL PROTECTED] wrote: aaron 2002/06/03 11:31:00 Modified:perl-framework README Log: Add a note about envoking gdb. note that this and heaps of other stuff is in httpd-test/perl-framework/Apache-Test/README which is where it belongs, since Apache-Test is the self-contained part that is used to build other test suites, such as modperl-2.0
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestConfig.pm
On Mon, 3 Jun 2002, Justin Erenkrantz wrote: The reason I don't like that is because if I need to restart the server I have to quit my gdb. I want my gdb to last longer than the process (so my breakpoints et al remain the same). you can use the -maxclients option or edit httpd.conf by hand before you start to debug. I'm confused why this commit is an issue. None of the other MPMs start multiple processes - why should prefork? it breaks any sort of proxy tests, various modperl test, etc. your change is just plain wrong, back it out. And, it's not like it won't start multiple processes when it needs to. -- justin umm, not with MaxClients 1 it won't
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestConfig.pm
On Mon, 3 Jun 2002, Justin Erenkrantz wrote: Um, as I pointed out, none of the other MPMs are configured like this. Only prefork would start multiple servers. The others always run under a single process. -- justin yeah, cos threaded mpms can handle concurrent requests with one process, prefork cannot.
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestConfig.pm
On Mon, 3 Jun 2002, Doug MacEachern wrote: umm, not with MaxClients 1 it won't oh wait, you changed StartServers not MaxClients, maybe that isn't a problem.
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestConfig.pm
On Mon, 3 Jun 2002, Justin Erenkrantz wrote: Um, I think you misread my commit. All I changed was StartServers. totally, i only read - @MaxClients@ + 1, never even saw StartServers. disregard my comments, they were meant for MaxClients, your change is fine with me.
rewritemap breakage
seems that the test suite now requires httpd-2.0-cvs from HEAD? server does not start with 1.3.x or 2.0.36: Syntax error on line 139 of .../t/conf/extra.conf RewriteMap: map file or program not found:/.../t/htdocs/modules/rewrite/append.pl foo
Re: cvs commit: httpd-2.0/modules/http http_protocol.c
On Fri, 31 May 2002, Justin Erenkrantz wrote: httpd-test has no tests for input filtering. mod_input_body_filter.c at least, no? the protocol/ tests also hit input filters. If I knew how to get perl to send bogus requests, I would. But, my perl-fu is severely lacking. -- justin see t/protocol/echo,nntp-like.t, you can send a request in any my $module = 'default'; #normally connects to port 8529 my $sock = Apache::TestRequest::vhost_socket($module); print $socket SET \ ppp/2.2 ...
Re: httpd-2.0 STATUS
i see value the old modules/ssl/README. it has been very handy in the past, and i would expect it to be for anybody coming from mod_ssl 1.3 based sources to contribute to 2.0 or even just being brand new to the 2.0 source. now they have lost the source roadmap, summary of major changes, incompatibilities, etc. todo items being in modules/ssl or in the top-level STATUS, i don't really care. but why blow away the rest of the useful info that was in there?
Re: httpd-2.0 STATUS
On Thu, 30 May 2002, William A. Rowe, Jr. wrote: Perhaps we could resurrect the porting history [although I believe it's horribly incomplete] as modules/ssl/HISTORY? OTOH, those parts that are correct aught to have been committed to CHANGES if they were not in the first place. they are in CHANGES, but it is HUGE. a summary is nice rather than having to sift through that file. the httpd CHANGES file is not very useful imho. too much info for users, to little for developers. i like what Perl and PHP do, Changes is generated from the perforce/cvs logs, has filenames, dates, submitter, committer, etc., handy for developers. then perldelta.pod contains a brief summary of the Changes that is useful and easy for users to understand. PHP has something similar, but calls it NEWS i think.
Re: httpd-2.0 STATUS
On Thu, 30 May 2002, William A. Rowe, Jr. wrote: is modules/ssl/README even valuable anymore? yes. fine to remove the stale stuff, but not the whole damn thing. there was a useful roadmap of the source in there and everything that was in the TODO section is still valid: o SSL renegotiations in combination with POST request o Port all remaining code (code inside #if 0...#endif blocks) o Do we need SSL_set_read_ahead()? o the ssl_expr api is NOT THREAD SAFE. race conditions exist: -in ssl_expr_comp() if SSLRequire is used in .htaccess (ssl_expr_info is global) -is ssl_expr_eval() if there is an error (ssl_expr_error is global) o SSLRequire directive (parsing of) leaks memory o Diffie-Hellman-Parameters for temporary keys are hardcoded in ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says: it is suggested that keys be changed daily or every 500 transactions, and more often if possible. o ssl_var_lookup could be rewritten to be MUCH faster o CRL callback should be pluggable o session cache store should be pluggable o init functions should return status code rather than ssl_die() o ssl_engine_pphrase.c needs to be reworked so it is generic enough to also decrypt proxy keys o the shmcb code should just align its memory segment rather than jumping through all the safe memcpy and memset hoops
ap_os_escape_pathn ?
ap_os_escape_path currently requires a pool argument to allocate the string and does a strlen on it. wondering if we could do something like the concept patch below, adding ap_os_escape_pathn which does not require a pool and the path arg would be assumed to be allocated to the correct size. would be a nice optimzation for perl land where string lengths are always known and where the current ap_os_escape_path requires two copies, the pool alloc and perl dup of the returned string. with something like ap_os_escape_pathn we can avoid the strlen and the additional pool alloc. could be useful elsewhere too i'm sure. Index: server/util.c === RCS file: /home/cvs/httpd-2.0/server/util.c,v retrieving revision 1.128 diff -u -r1.128 util.c --- server/util.c 17 May 2002 11:11:37 - 1.128 +++ server/util.c 24 May 2002 16:33:40 - -1632,6 +1632,12 AP_DECLARE(char *) ap_os_escape_path(apr_pool_t *p, const char *path, int partial) { char *copy = apr_palloc(p, 3 * strlen(path) + 3); +return ap_os_escape_pathn(copy, partial); +} + +AP_DECLARE(char *) ap_os_escape_pathn(char *copy, int partial) +{ +char *path = copy; const unsigned char *s = (const unsigned char *)path; unsigned char *d = (unsigned char *)copy; unsigned c;
Re: libexpat
On Wed, 22 May 2002, Greg Ames wrote: Which release of httpd? 1.3 has a Configure rule to turn off expat. right. i'm asking about 2.0 (my original message specified)
Re: libexpat
On Tue, 21 May 2002, Greg Stein wrote: Euh... we switched over to a shared library to specifically fix this problem. Are you saying that that didn't work? I'm not buying it... :-) sooo, i guess the answer to my question on how to disable expat is you can't ? i haven't see the problem first hand, it was reported by a user who's running winnt, the server crashes using the XML::LibXML extension within modperl. might not be related to expat at all, but if there were a way to disable it, i would ask the user to try that first.
libexpat
how does one disable linking httpd against libexpat in 2.0? and on win32? i thought the nightmare was over where the expat linked with httpd cause segfaults with perl expat extensions. looks like i was wrong.
Re: libexpat
On Mon, 20 May 2002, William A. Rowe, Jr. wrote: Context? httpd links in expat, perl extension links against a different version of expat. both have the same symbol names, and they are not binary compatible. perl extension resolves symbols to the httpd version. kaboom. its been an issue for years with 1.3, you'll find plenty in the modperl archives on it.
Re: cvs commit: httpd-test/perl-framework/Apache-Test README
On 19 May 2002 [EMAIL PROTECTED] wrote: stas02/05/19 00:56:32 Modified:perl-framework/Apache-Test/lib/Apache TestConfig.pm perl-framework/Apache-Test README Log: make the APACHE_TEST_COLOR env setting work when running from script if running as batch, simply make sure that it's not set updating the docs ... -use constant COLOR = ($ENV{APACHE_TEST_COLOR} -t STDOUT) ? 1 : 0; +use constant COLOR = $ENV{APACHE_TEST_COLOR} ? 1 : 0; ... +When running in the batch mode and redirecting STDOUT to a file, make +sure that the environment variable CAPACHE_TEST_COLOR is set to 0 or +not set at all. why this change? from perlfunc.pod: -t Filehandle is opened to a tty. color should always be turned off if that is not true. i have APACHE_TEST_COLOR turned on in my shell rc file, but now i have to unset it by hand when i do: t/TEST -v test.log with the -t test, that hassle does not exist.
Re: cvs commit: httpd-test/perl-framework/Apache-Test README
On Mon, 20 May 2002, Stas Bekman wrote: Because the color setting doesn't have any effect if you build using the script. e.g. before my change this script won't work with colors: #!/bin/sh make clean APACHE_TEST_COLOR=1; export APACHE_TEST_COLOR /home/stas/perl/ithread/bin/perl Makefile.PL ... ... make make test that works fine (colorized as expected) for me with the old code, tested modperl-2.0 with: #!/bin/sh make clean APACHE_TEST_COLOR=1; export APACHE_TEST_COLOR $HOME/perl/farm/bin/perl-current-debug-ithreads Makefile.PL \ MP_AP_PREFIX=$HOME/apache/farm/install/worker-debug-shared-all-exp make make test -t is the right check. what do you see with the test script below? % sh test.sh STDOUT is a tty % sh test.sh test.log % cat test.log STDOUT is not a tty #!/bin/sh cat EOF make.test all: @perl -e 'printf STDOUT is%s a tty\n, -t STDOUT ? : not' EOF make -f make.test rm make.test
Re: inherit_documentroot breakage
On Tue, 14 May 2002, Cliff Woolley wrote: Thanks. I had noticed that commit, but thought maybe there would be some way to fix it by just adjusting extra.conf.in rather than reverting. Oh well, whatever works. :) it broke other stuff too. i have the functionality i was after now with the new should_load_module stuff, which is much more generic/useful than the original change that broke stuff.
Re: inherit_documentroot breakage
On Tue, 14 May 2002, Cliff Woolley wrote: Anybody know why this just started happening within the last few days? i just backed out the change from yesterday that caused it, should be ok now.
Re: Apache History Project - Call for comments
On Wed, 15 May 2002, Thomas Eibner wrote: Full list of posters with more than 10 posts can be found at: http://stderr.net/history/topposters cool, now i am tied with ben hyde.
Re: Apache History Project - Call for comments
On Tue, 14 May 2002, Doug MacEachern wrote: On Wed, 15 May 2002, Thomas Eibner wrote: Full list of posters with more than 10 posts can be found at: http://stderr.net/history/topposters cool, now i am tied with ben hyde. haha, now i am 1 ahead of ben hyde, i'm #32 woohoo!
Re: perl-framework: make test recompiles everything all the time
On Tue, 16 Apr 2002, Stas Bekman wrote: one last question. Should the ssl certificates be recreated on t/TEST -clean (or 'make test')? yup. if you don't want them to be, there are several ways to keep t/conf/ssl/ca from being deleted/regenerated. careful though, since new ssl tests come along from time-to-time that require ssl/ca to be regenerated.
Re: perl-framework: make test recompiles everything all the time
On Fri, 12 Apr 2002, Stas Bekman wrote: Any idea why 'make test' in perl-framework is recompiling everything on each invocation without sources getting changed? Including rebuilding ssl certs. because 'make test' always does a t/TEST -clean after itself.
Re: perl-framework: make test recompiles everything all the time
On Sat, 13 Apr 2002, Stas Bekman wrote: but why 't/TEST -clean' removes the compiled modules? Shouldn't this be the job of 'make clean' and its variants? i don't really care. i never use 'make test' or even 'make' here. i have several checkouts of httpd-test/perl-framework that point to different servers, i only ever run Makefile.PL and t/TEST i think i did it that way, for one because 'make test' is only supposed to be run once, and t/TEST -conf/-clean is part of the 'test' really. if this is an issue for you, just run t/TEST instead of 'make test'.
Re: perl-framework: make test recompiles everything all the time
yup, t/TEST -conf will 'make' the c-modules, you can also just do 'make cmodules' if you only want to compile the changed c-modules.
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestServer.pm
it is a nice feature when it works, so i've re-enabled for linux only. for the other platforms in the current state, its better to wait 60 seconds if the server fails to start than to throw and error and die when it has successfully started.
Re: Bug report for Apache httpd-2.0 [2002/04/07]
coupla dumb questions: - how do i get a login for the bugdb? - just fixed bug #7802, do i close it or mark as fixed and somebody else verifies and closes?
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestConfig.pm
On Fri, 5 Apr 2002, Cliff Woolley wrote: Doug. DOOD. You're working too hard. GO PARTY! ;) well, i am drinking a beer at least. wasn't expecting this GA push today, so i'm scrambling to get a modperl release together. then i will party like never before!
RE: I WANT A GA release
+1 on GA. 2 issues on HEAD i'd like to see resolved first: - proxy not sending content-length - httpd.conf not installed with vpath builds (issue does not exist with current .34 tag)
httpd.conf no longer installed
with httpd-2.0-HEAD, installing into a directory where no conf/ already exists, no httpd.conf is installed, only: % ls -1 conf/ highperformance.conf highperformance-std.conf httpd.conf.in httpd-std.conf.in magic mime.types ssl.conf ssl-std.conf problem does not exist with the APACHE_2_0_34 tag.
Re: httpd.conf no longer installed
On Thu, 4 Apr 2002, Pier Fumagalli wrote: Did you run ./buildconf? yup, always. i probably just need blow away my cvs tree and start from scratch. has cured similar trouble in the past. i'll report back if the problem is still there.
Re: httpd.conf no longer installed
nope, still isn't there. % uname -a Linux mako.covalent.net 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown % autoconf --version Autoconf version 2.13 % cat config.nice #! /bin/sh # # Created by configure CFLAGS=-Wall -g; export CFLAGS /home/dougm/apache/farm/src/httpd-2.0-cvs/configure \ --prefix=/home/dougm/apache/farm/install/prefork-debug-shared-all-exp \ --with-mpm=prefork \ --srcdir=/home/dougm/apache/farm/src/httpd-2.0-cvs \ --enable-maintainer-mode \ --enable-mods-shared=all \ --enable-modules=all \ --enable-example \ --enable-case_filter \ --enable-case_filter_in \ --enable-cache \ --enable-echo \ --enable-deflate \ --enable-ssl \ --with-ssl=/home/dougm/openssl \ $
Re: httpd.conf no longer installed
On Thu, 4 Apr 2002, Pier Fumagalli wrote: What do your last lines of configure.in look like? And when you run ./configure. what's the output of the last (let's say) 50 lines? mkdir: cannot create directory `docs/conf': No such file or directory creating docs/conf/httpd-std.conf ./config.status: docs/conf/httpd-std.conf: No such file or directory problem is likely related to VPATH builds. the build tree does not have a docs/ directory: % ls build/config.nice*Makefile os/ support/ config.cache config.status* modules/ server/ config.loginclude/modules.c srclib/
cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c (fwd)
dear RM, please consider bumping for .34, else users with the typical ssl proxy config: SSLProxyEngine On ProxyPass/ https://foo/ ProxyPassReverse / https://foo/ will get this ugly error message on every request: [error] mod_ssl: Certificate Verification: Error ... even though when SSLProxyVerify is not configured it defaults to none. in the server context we never see this because the callback never happens unless SSLVerifyClient is configured to something other than none. the 1.3 based mod_ssl:ssl_engine_ext.c:ssl_ext_mp_verify_cb does the equiv of the patch here: /* * Unless stated otherwise by the configuration, we really don't * care if the verification was okay or not, so lets return now * before we do anything involving memory or time. */ if (sc-bProxyVerify == FALSE) return ok; -- Forwarded message -- Date: 5 Apr 2002 02:31:04 - From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c dougm 02/04/04 18:31:04 Modified:modules/ssl ssl_engine_kernel.c Log: avoid the error_log message: [error] mod_ssl: Certificate Verification: Error ... if SSLProxyVerify is not configured or set to none. the verify callback does not happen in the server context when SSLVerify is not configured or set to none. Revision ChangesPath 1.67 +9 -0 httpd-2.0/modules/ssl/ssl_engine_kernel.c Index: ssl_engine_kernel.c === RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v retrieving revision 1.66 retrieving revision 1.67 diff -u -r1.66 -r1.67 --- ssl_engine_kernel.c 30 Mar 2002 08:11:44 - 1.66 +++ ssl_engine_kernel.c 5 Apr 2002 02:31:04 - 1.67 @@ -1305,6 +1305,15 @@ verify = mctx-auth.verify_mode; } +if (verify == SSL_CVERIFY_NONE) { +/* + * SSLProxyVerify is either not configured or set to none. + * (this callback doesn't happen in the server context if SSLVerify + * is not configured or set to none) + */ +return TRUE; +} + if (ssl_verify_error_is_optional(errnum) (verify == SSL_CVERIFY_OPTIONAL_NO_CA)) {
proxy not sending Content-Length
mod_proxy does not send a Content-Length header, seems because of the flush bucket inserted by ap_proxy_http_process_response() if i break in ap_content_length_filter, when a request is handled by default_handler, brigade looks like so: (gdb) dump_brigade b dump of brigade 0x8235318 0: bucket=FILE(0x8238c28), length=26, data=0x8238c78 1: bucket=EOS(0x822e998), length=0, data=0x0 here's what it currently looks like when handled by the proxy: (gdb) dump_brigade b dump of brigade 0x82310a8 0: bucket=HEAP(0x822e998), length=26, data=0x8238c28 1: bucket=FLUSH(0x8218ea8), length=0, data=0x0 (gdb) dump_brigade b dump of brigade 0x82310a8 0: bucket=EOS(0x8238c28), length=0, data=0x0 if i remove the flush bucket (patch below), then proxy requests do get a Content-Length header. doesn't seem like proxy should be flushing to begin with. thoughts? Index: modules/proxy/proxy_http.c === RCS file: /home/cvs/httpd-2.0/modules/proxy/proxy_http.c,v retrieving revision 1.143 diff -u -r1.143 proxy_http.c --- modules/proxy/proxy_http.c 2 Apr 2002 04:30:49 - 1.143 +++ modules/proxy/proxy_http.c 5 Apr 2002 04:17:09 - -841,7 +841,6 if ( (conf-error_override ==0) || r-status 400 ) { /* read the body, pass it to the output filters */ -apr_bucket *e; int finish = FALSE; while (ap_get_brigade(rp-input_filters, bb, -873,12 +872,6 ap_proxy_http_cleanup(r, p_conn, backend); /* signal that we must leave */ finish = TRUE; -} - -/* if no EOS yet, then we must flush */ -if (FALSE == finish) { -e = apr_bucket_flush_create(c-bucket_alloc); -APR_BRIGADE_INSERT_TAIL(bb, e); } /* try send what we read */
RE: proxy not sending Content-Length
On Thu, 4 Apr 2002, Ryan Bloom wrote: The proxy should flush, because otherwise the data won't stream to the client. doesn't the core flush once it has max-something bytes or eos? The problem that I see, is that the proxy shouldn't be removing the C-L from the response that the origin server provided. other filters may have modified the content, so it is possible content length could end up different from what the downstream server sent.
Re: fix t/ssl/http.t
On Wed, 3 Apr 2002, Cliff Woolley wrote: On Tue, 2 Apr 2002, Doug MacEachern wrote: apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \ - sizeof(HTTP_ON_HTTPS_PORT) - 1, \ + sizeof(HTTP_ON_HTTPS_PORT), \ Mmmm... no. I don't know how that makes it work its way through, but it's not right. That null character should never be allowed in. like i said, this is strange, never suggested the patch was correct. The correct solution is this: cool, +1
Re: fix t/ssl/http.t
On Wed, 3 Apr 2002, Cliff Woolley wrote: Only one other thing I'm concerned about with it: It's only correct if we're in AP_MODE_GETLINE at the time of the error. Which we are in this case, but will it always be that way? i think so, assuming AP_MODE_GETLINE always happens first. on the first call SSL_R_HTTP_REQUEST is detected and ssl filters are disabled. so any get_brigade calls after that with same or different mode will happen with ssl filters disabled.
Re: cvs commit: httpd-test/perl-framework/t/ssl http.t
On Tue, 2 Apr 2002, Cliff Woolley wrote: The old version for me was giving a res-code of 200, not 500, because it was sending the http request to port 8529, not 8530. Maybe it's related to the version of LWP I'm using? strange. i don't think it is lwp related. probably not worth spending time on, the new version is fine.
Re: cvs commit: httpd-test/perl-framework/t/ssl http.t
On 2 Apr 2002 [EMAIL PROTECTED] wrote: jwoolley02/04/01 23:20:34 Modified:perl-framework/t/ssl http.t Log: Okay, well the test works now, but it still fails at the moment because mod_ssl really is broken. :) this patch does not change anything that i can see, both the old version and new do this: #lwp request: #GET http://localhost:8530/index.html HTTP/1.0 #User-Agent: libwww-perl/5.64 # #server response: #500 (Internal Server Error) unexpected EOF before status line seen please explain?
fix t/ssl/http.t
the test started failing at some point due to filter changes. i think i heard it is not longer possible for a filter to remove itself? in any case, mod_ssl already checks in the output filter already passes if its ssl pointer is NULL (normally due to error). the input filter should probably do the same too. and with that it is simple to disable the ssl filters in the case of 'HTTP spoken on HTTPS port' if there's a better way, that'd be great, but the patch below passes all httpd-tests for me. Index: modules/ssl/ssl_engine_io.c === RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v retrieving revision 1.70 diff -u -r1.70 ssl_engine_io.c --- modules/ssl/ssl_engine_io.c 30 Mar 2002 05:16:55 - 1.70 +++ modules/ssl/ssl_engine_io.c 2 Apr 2002 16:05:32 - -743,6 +743,13 sizeof(HTTP_ON_HTTPS_PORT) - 1, \ alloc) +static void ssl_io_filter_disable(ap_filter_t *f) +{ +ssl_io_input_ctx_t *ctx = f-ctx; +ctx-inbio.ssl = NULL; +ctx-frec-pssl = NULL; +} + static apr_status_t ssl_io_filter_error(ap_filter_t *f, apr_bucket_brigade *bb, apr_status_t status) -758,6 +765,7 /* fake the request line */ bucket = HTTP_ON_HTTPS_PORT_BUCKET(f-c-bucket_alloc); +ssl_io_filter_disable(f); break; default: -780,6 +788,10 apr_size_t len = sizeof(ctx-buffer); int is_init = (mode == AP_MODE_INIT); + +if (!ctx-inbio.ssl) { +return ap_get_brigade(f-next, bb, mode, block, readbytes); +} /* XXX: we don't currently support anything other than these modes. */ if (mode != AP_MODE_READBYTES mode != AP_MODE_GETLINE
RE: fix t/ssl/http.t
On Tue, 2 Apr 2002, Ryan Bloom wrote: It is perfectly possible for a filter to remove itself. In fact, the byterange filter relies on that ability to work correctly. While I would be interested to know what happened to make that case fail, if the patch below works, then +1. i was thinking of this comment from justin: Date: Thu, 7 Mar 2002 01:42:27 -0800 From: Justin Erenkrantz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: httpd-test + cvs head Message-ID: [EMAIL PROTECTED] ... However, mod_ssl is bogus. The ssl/http.t test is interesting since it causes mod_ssl to remove itself via ap_remove_output_filter() (mod_ssl.c:358). Since mod_ssl is a connection filter, our new strategy is that it can never be removed. Ooops. Since it doesn't have access to the request_rec, it can't destroy its predecessor's reference to itself. Perhaps this means we *do* need the -prev. ... is this still true? (note: mod_ssl.c:358 is now 421)
RE: fix t/ssl/http.t
On Tue, 2 Apr 2002, Ryan Bloom wrote: Nope, I fixed this. The problem was that we couldn't remove the first filter in any of the three lists, because the previous filter structure wouldn't be updated. The solution was to walk the filter list each time we tried to remove a filter. This allows us to find the correct filter entry and set the pointers appropriately. there is still a problem. ssl is removed from c-output_filters, but not r-output_filters. mod_ssl does not have access to r-output_filters.
ssl proxy fixes for .34
if the following tags in modules/ssl could be pushed: /ssl_engine_config.c/1.66/Tue Apr 2 21:49:09 2002// /ssl_engine_init.c/1.94/Tue Apr 2 21:46:22 2002// /ssl_util_ssl.c/1.20/Tue Apr 2 22:04:16 2002// minor fixes to get SSLProxyMachineCertificatePath working.
Re: fix t/ssl/http.t
this is not quite fixed. currently does return 400 Bad Request, but reports: Your browser sent a request that this server could not understand. Request header field is missing colon separator. with the patch below it properly reports: Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://localhost:8530/; this is strange. --- modules/ssl/ssl_engine_io.c 2 Apr 2002 17:30:08 - 1.71 +++ modules/ssl/ssl_engine_io.c 3 Apr 2002 04:19:23 - -740,7 +740,7 #define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \ apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \ - sizeof(HTTP_ON_HTTPS_PORT) - 1, \ + sizeof(HTTP_ON_HTTPS_PORT), \ alloc) static void ssl_io_filter_disable(ap_filter_t *f)
cvs commit: httpd-2.0/modules/proxy mod_proxy.h proxy_http.cproxy_util.c (fwd)
RM can you bump the .34 tag on these files? thanks. -- Forwarded message -- Date: 2 Apr 2002 04:30:49 - From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: cvs commit: httpd-2.0/modules/proxy mod_proxy.h proxy_http.c proxy_util.c dougm 02/04/01 20:30:49 Modified:modules/proxy mod_proxy.h proxy_http.c proxy_util.c Log: Reviewed by: Ryan Bloom remove call to ap_proxy_reset_output_filters() and the function itself. this call breaks ssl proxy when the client is using keepalives. this function is also no longer needed with recent-ish filter changes. Revision ChangesPath 1.78 +0 -1 httpd-2.0/modules/proxy/mod_proxy.h Index: mod_proxy.h === RCS file: /home/cvs/httpd-2.0/modules/proxy/mod_proxy.h,v retrieving revision 1.77 retrieving revision 1.78 diff -u -r1.77 -r1.78 --- mod_proxy.h 29 Mar 2002 07:29:11 - 1.77 +++ mod_proxy.h 2 Apr 2002 04:30:49 - 1.78 @@ -271,7 +271,6 @@ PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *conf, apr_sockaddr_t *uri_addr); PROXY_DECLARE(int) ap_proxy_pre_http_request(conn_rec *c, request_rec *r); PROXY_DECLARE(apr_status_t) ap_proxy_string_read(conn_rec *c, apr_bucket_brigade *bb, char *buff, size_t bufflen, int *eos); -PROXY_DECLARE(void) ap_proxy_reset_output_filters(conn_rec *c); PROXY_DECLARE(void) ap_proxy_table_unmerge(apr_pool_t *p, apr_table_t *t, char *key); PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **, const char *, apr_sockaddr_t *, const char *, proxy_server_conf *, server_rec *, apr_pool_t *); PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c); 1.143 +0 -3 httpd-2.0/modules/proxy/proxy_http.c Index: proxy_http.c === RCS file: /home/cvs/httpd-2.0/modules/proxy/proxy_http.c,v retrieving revision 1.142 retrieving revision 1.143 diff -u -r1.142 -r1.143 --- proxy_http.c 30 Mar 2002 06:19:14 - 1.142 +++ proxy_http.c 2 Apr 2002 04:30:49 - 1.143 @@ -326,9 +326,6 @@ p_conn-sock = client_socket; new = 0; -/* reset the connection filters */ -ap_proxy_reset_output_filters(*origin); - /* save timeout */ apr_getsocketopt(p_conn-sock, APR_SO_TIMEOUT, current_timeout); /* set no timeout */ 1.88 +0 -19 httpd-2.0/modules/proxy/proxy_util.c Index: proxy_util.c === RCS file: /home/cvs/httpd-2.0/modules/proxy/proxy_util.c,v retrieving revision 1.87 retrieving revision 1.88 diff -u -r1.87 -r1.88 --- proxy_util.c 22 Mar 2002 21:41:14 - 1.87 +++ proxy_util.c 2 Apr 2002 04:30:49 - 1.88 @@ -1062,25 +1062,6 @@ return APR_SUCCESS; } -/* remove other filters (like DECHUNK) from filter stack */ -PROXY_DECLARE(void) ap_proxy_reset_output_filters(conn_rec *c) -{ -ap_filter_t *f = c-output_filters; - -while (f) { -if (!strcasecmp(f-frec-name, CORE) || -!strcasecmp(f-frec-name, CONTENT_LENGTH) || -!strcasecmp(f-frec-name, HTTP_HEADER)) { -f = f-next; -continue; -} -else { -ap_remove_output_filter(f); -f = f-next; -} -} -} - /* unmerge an element in the table */ PROXY_DECLARE(void) ap_proxy_table_unmerge(apr_pool_t *p, apr_table_t *t, char *key) {
Re: bio_bucket_in_read bug [was Re: Bump a few more tags. :-)]
your grep pattern missed this one: ctx-inbio.block = block;
Re: Bump a few more tags. :-)
On Mon, 1 Apr 2002, William A. Rowe, Jr. wrote: Sounds like that could be Doug's latest changes he asked to incorporate. Doug, was there an additional file to bump, beyond the three you cited? nope. sounds specific to perchild, cliff does the proxy test pass for you with prefork and/or worker? i can take a look in the morning.
Re: cvs commit: httpd-2.0 CHANGES
On Sun, 31 Mar 2002, Brian Pane wrote: Should that be in the 2.0.34 section, or the 2.0.35 one? wrowe has moved HEAD to the 2.0.34 tag, which includes the ssl proxy changes.
Re: cvs commit: httpd-2.0/server/mpm/worker worker.c
not sure if this is related to the bucket list change or mod_includes changes or what, but i just checked in a test adapted from modperl that dumps core. stacktrace below from t/TEST t/modules/include2.t #0 0x0815a897 in ?? () at eval.c:41 41 eval.c: No such file or directory. in eval.c #1 0x4001dbe3 in apr_brigade_cleanup (data=0x81c77a0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/srclib/apr-util/buckets/apr_brigade.c:86 #2 0x4001dc3c in apr_brigade_destroy (b=0x81c77a0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/srclib/apr-util/buckets/apr_brigade.c:97 #3 0x0807f731 in core_output_filter (f=0x81c7548, b=0x81c77a0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/core.c:3758 #4 0x08075bc0 in ap_pass_brigade (next=0x81c7548, bb=0x81cc418) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/util_filter.c:534 #5 0x08063bce in ap_http_header_filter (f=0x81cfb40, b=0x81cc418) at /home/dougm/apache/farm/src/httpd-2.0-cvs/modules/http/http_protocol.c:1472 #6 0x08075bc0 in ap_pass_brigade (next=0x81cfb40, bb=0x81cc418) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/util_filter.c:534 #7 0x08078a0a in ap_content_length_filter (f=0x81cfb28, b=0x81cc418) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/protocol.c:1263 #8 0x08075bc0 in ap_pass_brigade (next=0x81cfb28, bb=0x81cc498) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/util_filter.c:534 #9 0x4031692f in send_parsed_content (bb=0xb344, r=0x81cf1c0, f=0x81cbad8) at /home/dougm/apache/farm/src/httpd-2.0-cvs/modules/filters/mod_include.c:3186 #11 0x08075bc0 in ap_pass_brigade (next=0x81cbad8, bb=0x81cbbf0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/util_filter.c:534 #12 0x0807e723 in default_handler (r=0x81cf1c0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/core.c:3247 #13 0x0806950f in ap_run_handler (r=0x81cf1c0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/config.c:193 #14 0x08069b8d in ap_invoke_handler (r=0x81cf1c0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/config.c:373 #15 0x080665dd in ap_process_request (r=0x81cf1c0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/modules/http/http_request.c:261 #16 0x08061355 in ap_process_http_connection (c=0x81c7270) at /home/dougm/apache/farm/src/httpd-2.0-cvs/modules/http/http_core.c:291 #17 0x0807379b in ap_run_process_connection (c=0x81c7270) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/connection.c:85 #18 0x08073b42 in ap_process_connection (c=0x81c7270, csd=0x81c71a0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/connection.c:207 #19 0x08067d6f in child_main (child_num_arg=0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/mpm/prefork/prefork.c:675 #20 0x08067ef8 in make_child (s=0x80a5f10, slot=0) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/mpm/prefork/prefork.c:770 #21 0x08067f6d in startup_children (number_to_start=1) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/mpm/prefork/prefork.c:793 #22 0x080683a0 in ap_mpm_run (_pconf=0x80a41c0, plog=0x80ce268, s=0x80a5f10) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/mpm/prefork/prefork.c:1016 #23 0x0806e644 in main (argc=6, argv=0xb654) at /home/dougm/apache/farm/src/httpd-2.0-cvs/server/main.c:618 #24 0x401d9507 in __libc_start_main (main=0x806de50 main, argc=6, ubp_av=0xb654, init=0x805eb14 _init, fini=0x808cd10 _fini, rtld_fini=0x4000dc14 _dl_fini, stack_end=0xb64c) at ../sysdeps/generic/libc-start.c:129
Re: cvs commit: httpd-2.0/server/mpm/worker worker.c
another problem after fixing the httpd-test c-modules to compile: t/apache/passbrigade eats all cpu. have not looked into it.
Re: cvs commit: httpd-2.0/server/mpm/worker worker.c
On Fri, 29 Mar 2002, Doug MacEachern wrote: another problem after fixing the httpd-test c-modules to compile: t/apache/passbrigade eats all cpu. have not looked into it. nevermind. i didn't notice the modules had been updated and my cvs commit up-to-date check failed. this test is working fine for me now.
Re: cvs commit: httpd-2.0/server/mpm/worker worker.c
On Fri, 29 Mar 2002, Doug MacEachern wrote: not sure if this is related to the bucket list change or mod_includes changes or what, but i just checked in a test adapted from modperl that dumps core. stacktrace below from t/TEST t/modules/include2.t fyi: t/php/virtual produces the same stacktrace i have php checked out like so: % cvs -d ... co -rphp_4_1_2 php4 % cd php4 % cvs co -rphp_4_1_2 Zend TSRM % cd sapi/apache2filter % cvs up -A *.[ch] % cd ../../.. % ./buildconf ./configure --with-apxs2=... make
Re: cvs commit: httpd-2.0/server/mpm/worker worker.c
On Fri, 29 Mar 2002, Cliff Woolley wrote: On Fri, 29 Mar 2002, Doug MacEachern wrote: fyi: t/php/virtual produces the same stacktrace I'll look into this this afternoon. great. probably easier to work with t/modules/include2.t, stacktrace looks like they suffer the same problem. Has PHP really been updated for the new buckets API already?? yup and modperl-2.0 too.
bucket free list breakage (was Re: cvs commit: httpd-2.0/server/mpm/workerworker.c)
just looked a bit more, the problem is related to heap buckets and the free functions. something is broken for sure. i could probably bandaid, but cliff if you take a look, i'm assuming the right fix would be obvious to you. #1 0x4001cf76 in heap_destroy (data=0x824f758) at /home/dougm/apache/farm/src/httpd-2.0-cvs/srclib/apr-util/buckets/apr_buckets_heap.c:74 74 (*h-free_func)(h-base); (gdb) p f-free_func No symbol f in current context. (gdb) p h-free_func $1 = (void (*)()) 0
Re: bucket free list breakage (was Re: cvs commit: httpd-2.0/server/mpm/workerworker.c)
On Fri, 29 Mar 2002, Brian Pane wrote: Does the rest of *h look valid? (That could help us differentiate memory corruption from some code path that just forgot to set h-free_func.) (gdb) p *h $1 = {refcount = {refcount = 0}, base = 0x824f568 mod_include test(\026/\021, alloc_len = 16, free_func = 0} (gdb) p h $2 = (apr_bucket_heap *) 0x824f5f0 i checked in a test early this morning that triggers the bug, t/modules/include2.t t/php/virtual.t also has the same problem.
Re: bucket free list breakage (was Re: cvs commit:httpd-2.0/server/mpm/workerworker.c)
On Fri, 29 Mar 2002, Cliff Woolley wrote: Okay, fixed. excellent, thanks. PS: I now pass all httpd-test tests except these: http.t fails for me too, has for a while. proxy.t passes for me, but this is new stuff. anything interesting in the error_log?
Re: bucket free list breakage (was Re: cvs commit:httpd-2.0/server/mpm/workerworker.c)
On Fri, 29 Mar 2002, Cliff Woolley wrote: Yes. The SSLProxyEngine on directive is missing from the config file. I added it manually and it works. I expect something like this would do the trick: oh duh, i had made the change but didn't commit. glad to hear it works.
Re: cvs commit: httpd-2.0/modules/ssl ssl_engine_init.c
On Wed, 27 Mar 2002, Greg Stein wrote: Maybe this could return a status, rather than just calling ssl_die()? (and have the caller do the die...) Personally, I'd rather see an eventual case where you bubble up the death, and let Apache core do the exiting, rather than having the module just go bell-up. Adding return codes where possible can help to move towards that long term goal. planning on that and getting rid of ssl_die() everywhere. i'll be making a few passes during this reorg, all these new functions are going to tweaked a few more times. main focus is supporting proxy, but will be cleaning up things like this along the way.
Re: [PATCH] SSL Session Caching stuff
looks good to me madhu. haven't tested, but it compiles, so i've committed the patch and remaining issues can be worked out later. only have one question at the moment, what is this for? +void *data; +const char *userdata_key = ssl_scache_init; + +apr_pool_userdata_get(data, userdata_key, s-process-pool); +if (!data) { +apr_pool_userdata_setn((const void *)1, userdata_key, + apr_pool_cleanup_null, s-process-pool); +return; +}
RE: [PATCH] SSL Session Caching stuff
On Thu, 14 Mar 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: if (Pass-1) { ... } else if (Pass-2) { i don't know how to fix it, but we should't assume anything based pass-1, pass-2, etc. otherwise it isn't possible to add mod_ssl to a server that was started without it, consider: 1) apachectl start (no mod_ssl in httpd.conf) 2) add mod_ssl to httpd.conf and configure SSLSharedCache 3) apachectl graceful the session cache will never be initialized. and consider re-configuring the session cache parameters and then doing a graceful restart. ok if it's just a temporary workaround though.
Re: [PATCH] ssl_engine_vars.c
On Wed, 13 Mar 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: 'just did a cvs update and found that SSL_SESSION_id2sz in ssl_engine_vars.c has fewer parameters than required. whoops, my bad. thanks, applied.
Re: putting mod_scoreboard_send in core?
a few notes on this.. the purpose of mod_scoreboard_send was to download the scoreboard image on a remote machine. the scoreboard image was then used on the client machine to generate fancy graphical images to make our boss feel like he knew what was going on. sorta like a graphical mod_status, but could also combine stats of a server farm into one browser window. anyhoo, the module should not go in as-is, it was designed to incur as little overhead as possible, pretty much sends the binary data as-is. and hence isn't portable since it uses native byte order rather than network order. which was ok for us since the client machine was the same architecture as the servers. and the concept might not apply at all to the 2.0 scoreboard, i haven't looked at it. in general, the concept is to serialize the scoreboard in such a way that it can transfered over the network via http and thawed on another machine. i'm sure there's a better way to do this than the mod_scoreboard_send thinger.
Re: [BUG] Limit test 10 is failing
On Tue, 12 Mar 2002, Sander Striker wrote: #User-Agent: libwww-perl/5.53 could be a bug in the client. try 5.64 you can also grab: http://httpd.apache.org/~dougm/httpd-test-bundle-0.02.tar.gz unpack and run: % echo | perl Makefile.PL make install (the 'echo |' trick makes all prompts use the default) ignore warnings about prerequisites, they are probably complaining missing modules which are about to be installed.
[patch] better mod_ssl restart handling
mod_ssl is hardwired only to initialize certain things on the first module init during startup. the only reason i can see is because the builtin SSLPassPhraseDialog can only read the passphrase from the tty before detach. but if SSLPassPhraseDialog is exec: or the server key is not passphrase encrypted, there is no reason not to do a full startup/teardown of these things each time on restart. currently it is not possible to add LoadModule mod_ssl.so to an already running server (core dumps), nor is it possible to change the server cert/key on restart (continues to use the cert/key read at initial startup). patch below makes both possible by removing the init counter and doing a full startup/teardown on restarts. adds a special case when SSLPassPhraseDialog is builtin and server has detached, to reuse the existing private key for a vhost if the key source file/mtime have not changed. Index: modules/ssl/mod_ssl.h === RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v retrieving revision 1.55 diff -u -r1.55 mod_ssl.h --- modules/ssl/mod_ssl.h 18 Jan 2002 23:26:46 - 1.55 +++ modules/ssl/mod_ssl.h 22 Feb 2002 03:58:00 - @@ -462,6 +462,8 @@ typedef struct { long int nData; unsigned char *cpData; +char *source_file; +apr_time_t source_mtime; } ssl_asn1_t; /* @@ -501,7 +503,6 @@ pid_t pid; apr_pool_t *pPool; BOOLbFixed; -int nInitCount; int nSessionCacheMode; char *szSessionCacheDataFile; int nSessionCacheDataSize; Index: modules/ssl/ssl_engine_config.c === RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v retrieving revision 1.20 diff -u -r1.20 ssl_engine_config.c --- modules/ssl/ssl_engine_config.c 29 Nov 2001 06:15:01 - 1.20 +++ modules/ssl/ssl_engine_config.c 22 Feb 2002 03:58:00 - @@ -90,7 +90,6 @@ /* * initialize per-module configuration */ -mc-nInitCount = 0; mc-nSessionCacheMode = SSL_SCMODE_UNSET; mc-szSessionCacheDataFile = NULL; mc-nSessionCacheDataSize = 0; Index: modules/ssl/ssl_engine_init.c === RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v retrieving revision 1.25 diff -u -r1.25 ssl_engine_init.c --- modules/ssl/ssl_engine_init.c 16 Feb 2002 18:35:21 - 1.25 +++ modules/ssl/ssl_engine_init.c 22 Feb 2002 03:58:01 - @@ -89,8 +89,6 @@ ssl_config_global_create(s); /* just to avoid problems */ ssl_config_global_fix(mc); -mc-nInitCount++; - /* * try to fix the configuration and open the dedicated SSL * logfile as early as possible @@ -121,78 +119,22 @@ /* * Identification */ -if (mc-nInitCount == 1) { -ssl_log(s, SSL_LOG_INFO, Server: %s, Interface: %s, Library: %s, -AP_SERVER_BASEVERSION, -ssl_var_lookup(p, s, NULL, NULL, SSL_VERSION_INTERFACE), -ssl_var_lookup(p, s, NULL, NULL, SSL_VERSION_LIBRARY)); -} - -/* - * Initialization round information - */ -if (mc-nInitCount == 1) -ssl_log(s, SSL_LOG_INFO, Init: 1st startup round (still not detached)); -else if (mc-nInitCount == 2) -ssl_log(s, SSL_LOG_INFO, Init: 2nd startup round (already detached)); -else -ssl_log(s, SSL_LOG_INFO, Init: %d%s restart round (already detached), -mc-nInitCount-2, (mc-nInitCount-2) == 1 ? st : nd); +ssl_log(s, SSL_LOG_INFO, Server: %s, Interface: %s, Library: %s, +AP_SERVER_BASEVERSION, +ssl_var_lookup(p, s, NULL, NULL, SSL_VERSION_INTERFACE), +ssl_var_lookup(p, s, NULL, NULL, SSL_VERSION_LIBRARY)); -/* - * The initialization phase inside the Apache API is totally bogus. - * We actually have three non-trivial problems: - * - * 1. Under Unix the API does a 2-round initialization of modules while - * under Win32 it doesn't. This means we have to make sure that at - * least the pass phrase dialog doesn't occur twice. We overcome this - * problem by using a counter (mc-nInitCount) which has to - * survive the init rounds. - * - * 2. Between the first and the second round Apache detaches from - * the terminal under Unix. This means that our pass phrase dialog - * _has_ to be done in the first round and _cannot_ be done in the - * second round. - * - * 3. When Dynamic Shared Object (DSO) mechanism is used under Unix the - * module segment (code data) gets unloaded and re-loaded between - * the first and the second round. This means no global data survives - *
Re: APR_BRIGADE_NORMALIZE
i thought it was added as a workaround during one of the mod_ssl filter rewrites. during the last one i tried removing APR_BRIGADE_NORMALIZE from core.c and all tests in httpd-test passed except for protocol/echo and protocol/nntp_like (which are the same code in the place where the problem shows up). so you might want to try debugging with one of those tests to find the culprit.
Re: perl-framework: Lower-grade ciphers and mod_ssl port broken
On Fri, 18 Jan 2002, Justin Erenkrantz wrote: Failed Test Status Wstat Total Fail Failed List of Failed ssl/varlookup.t 723 4.17% 34, 36-37 34, 36, and 37 are related to the ciphers in use. It seems my ciphers are different than expected. # testing : SSL_CIPHER # expected: 'EDH-RSA-DES-CBC3-SHA' # received: 'IDEA-CBC-SHA' not ok 34 # testing : SSL_CIPHER_ALGKEYSIZE # expected: '168' # received: '128' not ok 36 # testing : SSL_CIPHER_USEKEYSIZE # expected: '168' # received: '128' not ok 37 i can fix those. Also, port configuration of mod_ssl vhost is broken. I had to hack the config files (ssl/ssl.conf.in and apache_test_config.pm) to configure the mod_ssl server and get perl-framework to recognize it. -- justin working fine here. did you get errors or was it just ignored? is mod_ssl built static or shared? if shared, what file does the LoadModule ssl_module live in?
Re: [PATCH] Re: PHP Apache2Filter
On Sun, 20 Jan 2002, Justin Erenkrantz wrote: Also, be aware that the *readbytes may change to readbytes. I don't know who has commit access to PHP, but it'd be nice if someone over there applied the following for now. =) -- justin i've adjusted modperl and php (with the same fix as your patch) just a few minutes ago. nice work btw, makes things much cleaner.
Re: What makes the server die with 255?
On Wed, 16 Jan 2002, Sander Temme wrote: Hi all, Built and ran HEAD on Darwin 5.2, and ran the httpd-test perl-framework. This dies with the following protest: server has died with status 255 (please examine t/logs/error_log) Terminated The log says: [batmobile:perl-framework] sctemme$cat t/logs/error_log [Wed Jan 16 15:44:04 2002] [notice] Digest: generating secret for digest authentication ... [Wed Jan 16 15:44:04 2002] [notice] Digest: done sounds like mod_auth_digest is broken. trying building httpd with --disable-auth_digest and see if things are happier.
Re: [patch] new mod_ssl input filter
On Wed, 16 Jan 2002, Justin Erenkrantz wrote: Perhaps you *could* read all of the brigade in the getline case in bio_bucket_io_read, but that's not a sticking point (as I see your point - ap_getline *should* be able to pick up on an incomplete line). i was just trying to avoid blocking forever if all available data had already been read. probably could be done a better way. i was sorta hoping core_input_filter could be split to avoid the getline duplication, but that is another topic. Assuming that you've run this through httpd-test. -- justin yes. apache/limit 9,10 fail with t/TEST -ssl, but that was also the case before the patch. i debugged a bit and might be an issue on the client side. i will look into it later.
Re: cvs commit: httpd-test/perl-framework/t/apache etags.t
On Thu, 10 Jan 2002, Rodent of Unusual Size wrote: Um, but it's going to work with 2.0. Please revert your patch because it's broken. The test for a 500 return allows the test to skip on versions of Apache that don't have the directive (like 1.3.22). Your change will cause the skip to be a failure instead. well, i said it was incomplete, MMN need to be checked too. and once its supported in 2.0 the condition can be updated to reflect that. skipping a test based on a 500 response code is bogus if you ask me. but isn't worth fussing over, so i just backed it out. The real issue is: why doesn't an invalid .htaccess file cause a 500 on 2.0? *That's* what needs to be solved. maybe because there is no .htaccess file that applies to /etags/test.txt
detach note?
wondering if we could have a mechanism where MPMs set some sort of note after calling apr_proc_detach()? reason is, mod_ssl is hardwired only to initialize certain things on the first module init during startup. but the only reason i can see is because the builtin SSLPassPhraseDialog can only read the passphrase from the tty before detach. but if SSLPassPhraseDialog is exec: or the server key is not passphrase encrypted, there is no reason not to do a full startup/teardown of these things each time on restart. if mod_ssl could know httpd is already detached, things could be handled properly without the existing hardwired counter. currently it is not possible to add LoadModule mod_ssl.so to an already running server, nor is it possible to change the server key on restart.
RE: cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_pphrase.c ssl_util.c
On Wed, 9 Jan 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: mod_ssl build is broken because of the new argument introduced in ssl_util_ppopen().. [build breaks for ssl_engine_rand.c] compiles again and works now too.
Re: [PATCH - 2] cleaning up mod_ssl
On Wed, 9 Jan 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: Hi, Here comes a more complete patch..Any suggestions, comments are appreciated. looks great to me, applied to cvs. might be worth submitting those macros back to OpenSSL and put #ifndefs or similar around the current ones.
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestServer.pm
On Sun, 6 Jan 2002, Stas Bekman wrote: I've done with this: -eval 'END { +eval 'my $parent_pid = $$; + END { + return unless $$ == $parent_pid; # because of fork ok. i thought is_parent() could be useful elsewhere, but i guess we could worry about that later if needed.
Digest::MD5 in TestSmoke?
perl-framework does not work with 5.6.1 due to Digest::MD5 requirement. i don't see any reason why this: my $digest = Digest::MD5::md5_hex(join '', @$ra_tests); cannot just be this: my $digest = join '', @$ra_tests; ??
Re: cvs commit: httpd-test/perl-framework/Apache-Test/lib/Apache TestServer.pm
On Mon, 7 Jan 2002, Stas Bekman wrote: I needed it TestRun, whereas the fork was happening in TestServer. So it was definitely easier to do it locally. are you saying the following patch would not work? Index: Apache-Test/lib/Apache/TestRun.pm === RCS file: /home/cvs/httpd-test/perl-framework/Apache-Test/lib/Apache/TestRun.pm,v retrieving revision 1.82 diff -u -r1.82 TestRun.pm --- Apache-Test/lib/Apache/TestRun.pm 6 Jan 2002 07:08:05 - 1.82 +++ Apache-Test/lib/Apache/TestRun.pm 6 Jan 2002 18:45:46 - @@ -248,6 +248,9 @@ $opts-{'run-tests'} ||= @$tests; } +my $parent_pid = $$; +sub is_parent { $$ == $parent_pid } + my $caught_sig_int = 0; sub install_sighandlers { @@ -276,9 +279,8 @@ #must eval to install this END block, otherwise it will #always run, a subclass might not want that -eval 'my $parent_pid = $$; - END { - return unless $$ == $parent_pid; # because of fork +eval 'END { + return unless is_parent(); # because of fork local $?; # preserve the exit status eval { Apache::TestRun-new(test_config =
Re: Digest::MD5 in TestSmoke?
On Mon, 7 Jan 2002, Stas Bekman wrote: Sorry, can we put it into the Bundle? that's fine, but we cannot 'use Digest::MD5' the way it was before. else 'perl Makefile.PL' doesn't work without it. Because there can be hundreds of tests in @$ra_tests; Remember that the first run by default does 10 * #tests. In case of httpd-test it's 910 strings, at the average of 10 char/string it's about 10K chars, now add many iterations and the memory demands are growing fast. Not talking about lookups of the 10k keys in the hash. ok, that makes sense. Any alternatives under 5.6.1? dunno. if you want to require Digest::MD5 just for running t/SMOKE that's ok, but not for t/TEST.
trouble with httpd-2.0 HEAD
updating for the first time in 2 weeks, blowing up here: /bin/sh /usr/local/apache/build/prefork-debug-shared-all-exp/srclib/apr/libtool --silent --mode=compile gcc -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -pthread -Wall -g -DHAVE_CONFIG_H -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE -I/usr/local/apache/build/prefork-debug-shared-all-exp/srclib/apr-util/include -I/usr/local/apache/src/httpd-2.0-cvs/srclib/apr-util/include @APR_INCLUDES@ -c /usr/local/apache/src/httpd-2.0-cvs/srclib/apr-util/buckets/apr_buckets_file.c touch apr_buckets_file.lo gcc: cannot specify -o with -c or -S and multiple compilations make[4]: *** [apr_buckets_file.lo] Error 1 same configure args were working fine back then, other than mod_auth_digest not building. i think that was related to using --srcdir, maybe this problem is too? % cat config.nice #! /bin/sh # # Created by configure CFLAGS=-Wall -g; export CFLAGS /usr/local/apache/src/httpd-2.0-cvs/configure \ --prefix=/usr/local/apache/install/prefork-debug-shared-all-exp \ --with-mpm=prefork \ --srcdir=/usr/local/apache/src/httpd-2.0-cvs \ --enable-maintainer-mode \ --enable-mods-shared=all \ --enable-modules=all \ --enable-example \ --enable-case_filter \ --enable-case_filter_in \ --enable-cache \ --enable-echo \ --enable-deflate \ --disable-auth_dbm \ --disable-auth_db \ --disable-auth_digest \ --enable-ssl=static \ --with-ssl=/usr/local/ssl \ $@
Re: trouble with httpd-2.0 HEAD
On Sat, 5 Jan 2002, Justin Erenkrantz wrote: @APR_INCLUDES@ is not being substituted properly. You reran buildconf and configure? yeah, the script i use always blows away the old build tree and re-runs buildconf and configure.
Re: trouble with httpd-2.0 HEAD
On Sat, 5 Jan 2002, Justin Erenkrantz wrote: How is APR-util's configure script getting the --with-apr option (see config.nice)? -- justin % cat srclib/apr-util/config.nice #! /bin/sh # # Created by configure CFLAGS=-Wall -g; export CFLAGS /usr/local/apache/src/httpd-2.0-cvs/srclib/apr-util/configure \ --prefix=/usr/local/apache/install/prefork-debug-shared-all-exp \ --with-mpm=prefork \ --srcdir=/usr/local/apache/src/httpd-2.0-cvs \ --enable-maintainer-mode \ --enable-mods-shared=all \ --enable-modules=all \ --enable-example \ --enable-case_filter \ --enable-case_filter_in \ --enable-cache \ --enable-echo \ --enable-deflate \ --disable-auth_dbm \ --disable-auth_db \ --disable-auth_digest \ --enable-ssl=static \ --with-ssl=/usr/local/ssl \ --cache-file=../.././config.cache \ --srcdir=/usr/local/apache/src/httpd-2.0-cvs/srclib/apr-util \ --with-apr=../apr \ --prefix=/usr/local/apache/install/prefork-debug-shared-all-exp \ $@ % cat srclib/apr/config.nice #! /bin/sh # # Created by configure CFLAGS=-Wall -g; export CFLAGS /usr/local/apache/src/httpd-2.0-cvs/srclib/apr/configure \ --prefix=/usr/local/apache/install/prefork-debug-shared-all-exp \ --with-mpm=prefork \ --srcdir=/usr/local/apache/src/httpd-2.0-cvs \ --enable-maintainer-mode \ --enable-mods-shared=all \ --enable-modules=all \ --enable-example \ --enable-case_filter \ --enable-case_filter_in \ --enable-cache \ --enable-echo \ --enable-deflate \ --disable-auth_dbm \ --disable-auth_db \ --disable-auth_digest \ --enable-ssl=static \ --with-ssl=/usr/local/ssl \ --cache-file=../.././config.cache \ --srcdir=/usr/local/apache/src/httpd-2.0-cvs/srclib/apr \ --prefix=/usr/local/apache/install/prefork-debug-shared-all-exp \ $@
Re: trouble with httpd-2.0 HEAD
On Sat, 5 Jan 2002, Justin Erenkrantz wrote: Huh. That's what I have and it works. What does config.status say for APR_INCLUDES: nada. there's no reference to APR_INCLUDES in there at all. are you using a --srcdir? that's my main suspect, though i haven't tried without it yet. It looks like it isn't getting substituted for you. It's working here in VPATH and non-VPATH builds. You could try blowing away your config.cache. -- justin it was already blown away before buildconf and configure were run.
Re: trouble with httpd-2.0 HEAD
everything is ok now after blowing away the cvs tree and checking out from scratch. either something stale in the cvs tree, or a bug in my build script. sorry for the hassle.
Re: More basics on the perl-framework stuff..
On Sun, 23 Dec 2001, Stas Bekman wrote: That means two different ways to add configuration. yup. because we're doing different things. and for the record: there are already more than 2 ways to add configuration. tho only one to run the CONFIGURE routine. Why cannot we make the .pm scanner more generic? because it was designed to be specific to modperl and it will stay that way. in fact, it might become even more specific to modperl in the future. The magic is not mod_perl specific. most of configure_pm_tests is mod_perl specific. The __DATA__ section can work for non-modperl, so does APACHE_TEST_CONFIGURE. right, which is why i pointed out that we should just run add_module_config() and run_apache_test_config() on these other files, which are generic routines.
Re: [patch] don't complain about old core files
On Mon, 24 Dec 2001, Stas Bekman wrote: this patch: - s/scan/scan_core/ for consistency with warn_core - don't complain aload when an old core from some old run is found (i'm tired of remembering to remove old core files) nice, +1
Re: cvs commit: httpd-test/perl-framework/t/apache getfile.t
On Fri, 21 Dec 2001, Stas Bekman wrote: OK, here it is: I've finally called it skip_all() as it's a standalone function now. cool, +1. but would rather it still be called skip_unless()
Re: [patch] autogeneration of TEST/SMOKE/REPORT
On Fri, 21 Dec 2001, Stas Bekman wrote: This patch removes the need for t/TEST.PL, t/SMOKE.PL, build/bugreport.pl and implements in each set of the classes used by these scripts a generate_script() method, which generates these scripts. nice. Issues: - should it generate t/REPORT or just as before build/bug_report.pl? t/REPORT - If you look at ModPerl-Registry/t/TEST.PL, it cannot reuse autogeneration, since it adds some more stuff that's ok. - If you try to generate t/SMOKE for ModPerl-Registry it'll need a different 'use lib' adjustments. you could pass a [EMAIL PROTECTED] arg to the generate methods that are added to the 'use lib ...' So it's not than much re-usable after all. Are you sure that we really want this to be done in the way this patch does and not just to stick with .PL scripts? I really prefer a the .PL scripts because of their easy customizability. i mainly wanted to see the bugreport stuff be re-usable in a module, rather than having to copy a .pl script around to each project. having the methods to generate t/{TEST,SMOKE,REPORT} are just a bonus. if a project needs to customize more, then they just don't use the generation methods.
Re: More basics on the perl-framework stuff..
On Fri, 21 Dec 2001, Stas Bekman wrote: I was thinking some more about this issue and came to a conclusion that there is nothing we should add, since we have already a working solution: close, but the current .pm scanner a bit too specific to mod_perl in terms of location (where the .pm's have to live) and magic performed. how about scanning for *.t.conf (or whatever extension), that just does the $self-add_module_config and $self-run_apache_test_config parts? then we could have: t/modules/access.t t/modules/access.t.conf