unbreak mod_ssl build following removal of chil engine in LibreSSL

2015-04-14 Thread Stefan Sperling
I'm trying to update OpenBSD's port of Apache HTTPD to the 2.4 series. This is the first in a small series of diffs from the OpenBSD ports tree. I hope OpenBSD will eventually be able to drop its custom patches. If you're at ApacheCon in Austin this week please feel free to talk to me in person.

Re: trunk and FreeBSD 10.1

2015-04-24 Thread Stefan Sperling
On Thu, Apr 23, 2015 at 12:28:33PM -0400, Jim Jagielski wrote: I tried that, but gmake totally barfed... I have the same issue on OpenBSD. I think the GNU-BSD Makefile style transformation implemented by build/bsd_makefile is too simplistic. All it does it putting a dot in front of include

Re: trunk and FreeBSD 10.1

2015-04-24 Thread Stefan Sperling
On Fri, Apr 24, 2015 at 07:20:01AM -0400, Jim Jagielski wrote: There is also the magic that configure does at well, in altering the directives (#ifdef - .ifdef, for example). I think what I'll do is, if running under *BSD, see not only if 'make' itself is really GNUmake, but also check for

Re: svn commit: r1674542 - in /httpd/httpd/trunk: acinclude.m4 modules/ssl/ssl_engine_rand.c

2015-04-22 Thread Stefan Sperling
On Wed, Apr 22, 2015 at 09:29:49AM +0200, Kaspar Brand wrote: Sorry for having missed this in my previous review: we should also #ifdef the SSL_RSSRC_EGD case in ssl_engine_config.c:ssl_cmd_SSLRandomSeed(), to make sure that egd:... settings are not silently ignored when mod_ssl is compiled

mod_ssl: inline SSL_X509_INFO_load_path(); please review

2015-05-01 Thread Stefan Sperling
I believe SSL_X509_INFO_load_path() should be inlined into its only caller. I'd like some eyes on this change since it's not just mechanical. The desired behaviour seems to be load as many certs as possible from a directory, looping over its file entries. Ignore errors, e.g. in case the file is

Re: mod_ssl namespacing: app_data2

2015-05-01 Thread Stefan Sperling
On Fri, May 01, 2015 at 09:39:14AM -0400, Eric Covener wrote: On Fri, May 1, 2015 at 9:33 AM, Stefan Sperling s...@apache.org wrote: This moves symbols related to '2nd application data' into the ssl_ namespace. File-level static symbols have no external linkage so don't need a namespace

Re: svn commit: r1677149 - in /httpd/httpd/trunk/modules/ssl: ssl_util_ssl.c ssl_util_ssl.h

2015-05-02 Thread Stefan Sperling
On Sat, May 02, 2015 at 11:10:50AM +0200, Kaspar Brand wrote: On 01.05.2015 16:29, s...@apache.org wrote: Author: stsp Date: Fri May 1 14:28:59 2015 New Revision: 1677149 URL: http://svn.apache.org/r1677149 Log: mod_ssl namespacing: Make SSL_ASN1_STRING_to_utf8 a static function

Re: mod_ssl namespacing: app_data2

2015-05-01 Thread Stefan Sperling
On Sat, Apr 18, 2015 at 07:22:06PM +0200, Stefan Sperling wrote: This moves symbols related to '2nd application data' into the ssl_ namespace. File-level static symbols have no external linkage so don't need a namespace. Same patch as before, but moving into modssl_ function namespace, instead

namespacing in mod_ssl

2015-04-15 Thread Stefan Sperling
A few months ago, OpenBSD's LibreSSL added a new function called SSL_CTX_use_certificate_chain(). This unexpectedly broke the build of Apache's mod_ssl which defines a function of the same name. In OpenBSD this was worked around by patching mod_ssl, renaming the clashing function. Since then

check for RAND_egd at configure time

2015-04-15 Thread Stefan Sperling
LibreSSL does not provide the RAND_egd() function. This patch adds a configure check to allow building mod_ssl with LibreSSL. Index: modules/ssl/config.m4 === --- modules/ssl/config.m4 (revision 1673798) +++

Re: check for RAND_egd at configure time

2015-04-16 Thread Stefan Sperling
On Wed, Apr 15, 2015 at 08:43:04PM +0200, Stefan Sperling wrote: LibreSSL does not provide the RAND_egd() function. This patch adds a configure check to allow building mod_ssl with LibreSSL. Updated version following Kaspar Brand's suggestion to move into acinclude.m4. Index: acinclude.m4

Re: namespacing in mod_ssl

2015-04-18 Thread Stefan Sperling
On Wed, Apr 15, 2015 at 06:36:13PM +0200, Stefan Sperling wrote: However, the actual issue here is that mod_ssl is squatting the SSL_ namespace. Historically this may have made sense (it seems mod_ssl and OpenSSL have shared history/authors). Bill Rowe suggested to try moving mod_ssl's

Re: check for RAND_egd at configure time

2015-04-17 Thread Stefan Sperling
On Fri, Apr 17, 2015 at 07:02:21AM +0200, Kaspar Brand wrote: I was actually thinking about Index: acinclude.m4 === --- acinclude.m4(revision 1673835) +++ acinclude.m4(working copy) @@ -594,7 +594,7 @@

mod_ssl namespacing: app_data2

2015-04-18 Thread Stefan Sperling
This moves symbols related to '2nd application data' into the ssl_ namespace. File-level static symbols have no external linkage so don't need a namespace. Index: modules/ssl/README.dsov.fig === --- modules/ssl/README.dsov.fig

Re: patch (mod_ssl/ab) to support OPENSSL_NO_SSL3 builds

2015-09-10 Thread Stefan Sperling
On Thu, Sep 10, 2015 at 10:37:44AM +, Stuart Henderson wrote: > I've opened a ticket for this already (bz 58349) but it was suggested > that I send mail here as well. > > Currently httpd builds fail with libressl as SSLv3 has been disabled > (OPENSSL_NO_SSL3); ab.c and mod_ssl unconditionally

Re: Alternate versioning proposal: patch line releases

2017-01-19 Thread Stefan Sperling
On Thu, Jan 19, 2017 at 03:49:14PM -0800, Jacob Champion wrote: > We branch off from the 2.4.25 tag. I am not sure you mean this literally, but anyway: While basing a branch off of a tag (svn copy ^/tags/foo ^/branches/newbranch) works, I would recommend to always create a branch first, and then

Re: httpd and letsencrypt

2016-08-27 Thread Stefan Sperling
On Fri, Aug 26, 2016 at 09:44:37AM -0700, Jacob Champion wrote: > On 08/26/2016 07:47 AM, Rich Bowen wrote: > >At LinuxCon I spoke with the director of the LetsEncrypt project - whose > >business card I haven't yet found in unpacking - and he asked whether > >the httpd project would be interested

Re: mod_lets-encrypt

2017-01-14 Thread Stefan Sperling
On Sat, Jan 14, 2017 at 07:15:29PM +0100, Dirk-Willem van Gulik wrote: > In fact - that may be a nice feature - an, essential, empheral port. Would that work for web servers behind firewalls?

win32: disable shared LDAP cache by default

2017-08-03 Thread Stefan Sperling
There are numerous reports of Apache HTTPD looping forever on Windows unless the LDAPSharedCacheSize option is set to zero. See for instance: https://svn.haxx.se/users/archive-2014-05/.shtml https://subversion.open.collab.net/ds/viewMessage.do?dsMessageId=564176=3

httpd 2.2 does not build without APR_HAS_THREADS

2018-01-10 Thread Stefan Sperling
r1750836 broke the httpd 2.2 build if APR_HAS_THREADS is not defined. I suppose this won't be fixed because 2.2 is EOL. I just wanted to mention it in case somebody cares. modules/proxy/proxy_util.c:1705: undefined reference to `socket_cleanup' modules/proxy/.libs/libmod_proxy.a(proxy_util.o):

Re: Licensing claims (pcreposix)

2018-02-21 Thread Stefan Sperling
On Tue, Feb 20, 2018 at 03:27:57PM -0600, William A Rowe Jr wrote: > I ran into the same headache with my complete rewrite of > the fnmatch.c logic of BSD that we ship in APR, and delivered > my rewrite of the file under both licenses. For which OpenBSD is still grateful, by the way :)

Re: Using APR pools "better"

2018-09-27 Thread Stefan Sperling
On Wed, Sep 26, 2018 at 04:15:19PM -0500, Greg Stein wrote: > iterpool, scratch_pool, and result_pool are the KEY three concepts that we > learned while working on Subversion. Here's a recent example of where and why we added an iterpool (which should have been added when this loop was written in

Re: Apache 0-day / apache-uaf / use after free bugs

2019-01-22 Thread Stefan Sperling
On Tue, Jan 22, 2019 at 01:31:43PM +0100, Rainer Jung wrote: > Here's the response we have compiled from Daniel, Stefan and others: > > https://bz.apache.org/bugzilla/show_bug.cgi?id=63098 FYI, I have disabled pool debugging in OpenBSD's port of APR. We are now using Yann's patch to force the

Re: [PATCH] mod_proxy: fix build without APR threads

2019-01-22 Thread Stefan Sperling
On Tue, Jan 08, 2019 at 03:46:48PM +0100, Stefan Sperling wrote: > mod_proxy fails to compile when APR doesn't have thread support. > I don't know if this is supposed to be a supported configuration, > but this problem did not exist with HTTPD 2.2; it showed up in 2.4. > > The p

Re: [PATCH] mod_proxy: fix build without APR threads

2019-01-22 Thread Stefan Sperling
On Tue, Jan 22, 2019 at 10:49:27AM -0600, William A Rowe Jr wrote: > On Tue, Jan 22, 2019 at 10:30 AM Stefan Sperling wrote: > > > On Tue, Jan 08, 2019 at 03:46:48PM +0100, Stefan Sperling wrote: > > > mod_proxy fails to compile when APR doesn't have thread suppor

Re: [PATCH] mod_deflate: hardcoded "%ld" -> APR_OFF_T_FMT

2018-12-23 Thread Stefan Sperling
On Wed, Dec 19, 2018 at 07:03:39PM +0100, Stefan Sperling wrote: > On Wed, Dec 19, 2018 at 02:58:28PM +0100, Yann Ylavic wrote: > > On Wed, Dec 19, 2018 at 9:53 AM Stefan Sperling wrote: > > > > > > On Tue, Dec 18, 2018 at 12:29:18AM +0100, Yann Ylavic wrote: > &

Re: [PATCH] mod_deflate: hardcoded "%ld" -> APR_OFF_T_FMT

2018-12-23 Thread Stefan Sperling
On Sun, Dec 23, 2018 at 02:32:30PM +0100, Yann Ylavic wrote: > Thanks Stefan, I didn't notice before in your proposed patch, but it > looks like uint64_t casts should be apr_uint64_t too. > > Regards, > Yann. Right. I went ahead and fixed it in r1849630. Thanks, Stefan

[PATCH] mod_deflate: hardcoded "%ld" -> APR_OFF_T_FMT

2018-12-16 Thread Stefan Sperling
mod_deflates hard-codes some off_t format directives to "%ld". It seems to me this code should use the macro provided by APR instead. Looking for another pair of eyes. Does this patch look good to commit? Index: modules/filters/mod_deflate.c

Re: [PATCH] mod_deflate: hardcoded "%ld" -> APR_OFF_T_FMT

2018-12-16 Thread Stefan Sperling
On Sun, Dec 16, 2018 at 02:03:45PM +0100, Yann Ylavic wrote: > On Sun, Dec 16, 2018 at 1:28 PM Stefan Sperling wrote: > > > > mod_deflates hard-codes some off_t format directives to "%ld". > > It seems to me this code should use the macro provided by APR instead. &

Re: [PATCH] mod_deflate: hardcoded "%ld" -> APR_OFF_T_FMT

2018-12-19 Thread Stefan Sperling
On Wed, Dec 19, 2018 at 02:58:28PM +0100, Yann Ylavic wrote: > On Wed, Dec 19, 2018 at 9:53 AM Stefan Sperling wrote: > > > > On Tue, Dec 18, 2018 at 12:29:18AM +0100, Yann Ylavic wrote: > > > But yes, upcast is better, while at it I'd go for uint64_t... > &g

[PATCH] mod_proxy: fix build without APR threads

2019-01-08 Thread Stefan Sperling
mod_proxy fails to compile when APR doesn't have thread support. I don't know if this is supposed to be a supported configuration, but this problem did not exist with HTTPD 2.2; it showed up in 2.4. The patch below adds checks for APR_HAS_THREADS and passes test builds with both threaded and

[PATCH] fix test/mod_dialup.c for non-threaded APR

2019-01-08 Thread Stefan Sperling
See https://svn.apache.org/r1663375 for a related fix by covener. Which, by the way, should probably be backported to 2.4; I see a failure on a buildbot which deliberately builds with non-threaded APR to ensure that this configuration remains in SVN's test matrix:

Re: [PATCH] mod_deflate: hardcoded "%ld" -> APR_OFF_T_FMT

2018-12-19 Thread Stefan Sperling
On Tue, Dec 18, 2018 at 12:29:18AM +0100, Yann Ylavic wrote: > But yes, upcast is better, while at it I'd go for uint64_t... Like this? I've noticed that the same problem seems to exist in some other modules. I'll send separate patches for those once this patch has settled. Index: