Sync
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2@1705681 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES b/CHANGES
index 0581df3..95adda0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
*) mod_h2: added donated http/2 implementation to build system. Similar
configuration options to mod_ssl. [Stefan Eissing]
+ *) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
+ an SSL connection. PR 58454.
+ [Konstantin J. Chernov <k.j.chernov gmail.com>]
+
*) mod_cache: r->err_headers_out is not merged into
r->headers when mod_cache is enabled and the response
is cached for the first time. [Edward Lu]
diff --git a/STATUS b/STATUS
index 0534994..7ced6de 100644
--- a/STATUS
+++ b/STATUS
@@ -98,6 +98,7 @@
then merge into branches/2.4.x, as applicable.
* Current exceptions for RTC for this branch:
+ . http/2 - mod_h2
. mod_lua
. documentation
. non-Unix build
@@ -109,7 +110,12 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
-
+ *) mod_h2: add HTTP/2 support to httpd, depends on core/mod_ssl changes above
+ 2.4.x branch for this and core/mod_ssl: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2
+ See diff and merged changelists via:
+ svn diff ^/httpd/httpd/branches/2.4.x ^/httpd/httpd/branches/2.4.17-protocols-http2
+ +1: icing, jim, ylavic
+
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
@@ -176,42 +182,6 @@
ylavic: updated to v5 including r1697013 and r1697015, the diff to v4 is:
http://people.apache.org/~ylavic/httpd-2.4.x-SubstituteInheritBefore-v4_vs_v5.diff
- *) core/mod_ssl: add Protocols/ProtocolsHonorOrder directives and new
- protocols hooks to control Upgrade: and ALPN protocol switching.
- HTTP_MISDIRECTED_REQUEST addition and handling in mod_ssl
- trunk patch: http://svn.apache.org/r1697855
- http://svn.apache.org/r1697339
- http://svn.apache.org/r1696428
- http://svn.apache.org/r1696266
- http://svn.apache.org/r1696264
- http://svn.apache.org/r1695874
- http://svn.apache.org/r1695727
- http://svn.apache.org/r1692516
- http://svn.apache.org/r1692486
- http://svn.apache.org/r1610674
- http://svn.apache.org/r1685069
- http://svn.apache.org/r1693918
- http://svn.apache.org/r1698116
- http://svn.apache.org/r1698133
- http://svn.apache.org/r1694950
- http://svn.apache.org/r1700968
- http://svn.apache.org/r1701005
- http://svn.apache.org/r1701145
- http://svn.apache.org/r1701178
- All changes to files in modules/http2 need to be ignored.
- v2: added r1698116, r1693918 to patch
- v3: added changes to ap_array_index and ap_array_contains
- 2.4.x patch: https://raw.githubusercontent.com/icing/mod_h2/master/sandbox/httpd/patches/core-protocols-v4.patch
- +1: icing, jim
- minfrin: +1 with proposed MMN bump at https://people.apache.org/~minfrin/core-protocols-mmn.patch
- +1: jim
-
- *) mod_h2: add HTTP/2 support to httpd, depends on core/mod_ssl changes above
- 2.4.x branch for this and core/mod_ssl: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2
- See diff and merged changelists via:
- svn diff ^/httpd/httpd/branches/2.4.x ^/httpd/httpd/branches/2.4.17-protocols-http2
- +1: icing, jim
-
*) mod_proxy: don't recyle backend announced "Connection: close" connections
to avoid reusing it should the close be effective after some new request
is ready to be sent.
@@ -228,19 +198,6 @@
2.4.x patch: trunk works (module CHANGES)
+1: ylavic, minfrin
- *) mod_logio: Fix %^FB on initial request on SSL connection by not counting
- handshake writes as first byte. Also fix processing per Yann's observations
- about potential problems with e.g. write completion.
- trunk patch: http://svn.apache.org/r1705099
- http://svn.apache.org/r1705134
- 2.4.x patch: trunk works
- +1: covener, minfrin
-
- *) mod_xml2enc: fix spurious (and harmless) test
- trunk patch: http://svn.apache.org/r1704099
- 2.4.x patch: trunk works
- +1: jailletc36, minfrin
-
*) mod_ssl: namespacing changes from May 2015
trunk patches: https://svn.apache.org/r1674538
https://svn.apache.org/r1677143
@@ -260,20 +217,20 @@
https://svn.apache.org/r1677834
https://svn.apache.org/r1677835
2.4.x patch: https://people.apache.org/~kbrand/mod_ssl-2.4.x-namespacing.diff
- +1: kbrand
+ +1: kbrand, ylavic
*) mod_ssl: add support for msUPN and dnsSRV otherName form entries
in the subjectAltName extension. PR 58020.
trunk patch: https://svn.apache.org/r1693792
2.4.x patch: trunk works (modulo CHANGES),
but depends on the namespacing backport (see above)
- +1: kbrand
+ +1: kbrand, ylavic
*) mod_ssl: support SUITEB* cipher strings with OpenSSL 1.0.2 and later.
PR 58213.
trunk patch: https://svn.apache.org/r1702643
2.4.x patch: trunk works (modulo CHANGES)
- +1: kbrand
+ +1: kbrand, ylavic
*) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3".
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 03fd555..fc4e253 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -3589,6 +3589,8 @@
</directivesynopsis>
+>
+
<directivesynopsis>
<name>Protocols</name>
<description>Protocols available for a server/virtual host</description>
@@ -3634,7 +3636,7 @@
<directivesynopsis>
<name>ProtocolsHonorOrder</name>
- <description>Determines if order of Protocols determines precedence during negotiation</description>
+ <description>Protocols available for a server/virtual host</description>
<syntax>ProtocolsHonorOrder On|Off</syntax>
<default>ProtocolsHonorOrder On</default>
<contextlist><context>server config</context><context>virtual host</context></contextlist>
diff --git a/modules/filters/mod_xml2enc.c b/modules/filters/mod_xml2enc.c
index d28c97d..7b34c71 100644
--- a/modules/filters/mod_xml2enc.c
+++ b/modules/filters/mod_xml2enc.c
@@ -127,7 +127,7 @@
{
apr_status_t rv;
xml2cfg* cfg = ap_get_module_config(r->per_dir_config, &xml2enc_module);
- if ((cfg->skipto != NULL) && (ctx->flags | ENC_SKIPTO)) {
+ if ((cfg->skipto != NULL) && (ctx->flags & ENC_SKIPTO)) {
int found = 0;
char* p = ap_strchr(ctx->buf, '<');
tattr* starts = (tattr*) cfg->skipto->elts;
diff --git a/modules/loggers/mod_logio.c b/modules/loggers/mod_logio.c
index ab922e3..58aa92c 100644
--- a/modules/loggers/mod_logio.c
+++ b/modules/loggers/mod_logio.c
@@ -38,6 +38,7 @@
module AP_MODULE_DECLARE_DATA logio_module;
static const char logio_filter_name[] = "LOG_INPUT_OUTPUT";
+static const char logio_ttfb_filter_name[] = "LOGIO_TTFB_OUT";
/*
* Logging of input and output config...
@@ -47,15 +48,18 @@
apr_off_t bytes_in;
apr_off_t bytes_out;
apr_off_t bytes_last_request;
- apr_time_t ttfb;
- request_rec *r; /* Use for TTFB only */
- unsigned int first_byte_seen:1;
} logio_config_t;
typedef struct logio_dirconf_t {
unsigned int track_ttfb:1;
} logio_dirconf_t;
+typedef struct logio_req_t {
+ apr_time_t ttfb;
+} logio_req_t;
+
+
+
/*
* Optional function for the core to add to bytes_out
*/
@@ -64,19 +68,6 @@
{
logio_config_t *cf = ap_get_module_config(c->conn_config, &logio_module);
cf->bytes_out += bytes;
-
- if (!cf->first_byte_seen) {
- /* cleared during log_transaction, after mod_log_config */
- cf->first_byte_seen = 1;
-
- if (cf->r) {
- logio_dirconf_t *conf = (logio_dirconf_t*)
- ap_get_module_config(cf->r->per_dir_config, &logio_module);
- if (conf && conf->track_ttfb) {
- cf->ttfb = apr_time_now() - cf->r->request_time;
- }
- }
- }
}
/*
@@ -132,14 +123,14 @@
static const char *log_ttfb(request_rec *r, char *a)
{
- logio_config_t *cf = ap_get_module_config(r->connection->conn_config,
- &logio_module);
+ logio_req_t *rconf = ap_get_module_config(r->request_config,
+ &logio_module);
- if (!cf->first_byte_seen || !cf->ttfb) {
+ if (!rconf || !rconf->ttfb) {
return "-";
}
- return apr_psprintf(r->pool, "%" APR_TIME_T_FMT, cf->ttfb);
+ return apr_psprintf(r->pool, "%" APR_TIME_T_FMT, rconf->ttfb);
}
/*
* Reset counters after logging...
@@ -154,20 +145,6 @@
cf->bytes_last_request = cf->bytes_in + cf->bytes_out;
cf->bytes_in = cf->bytes_out = 0;
- cf->r = NULL;
- cf->ttfb = 0;
- cf->first_byte_seen = 0;
-
- return OK;
-}
-
-static int logio_post_read_request(request_rec *r)
-{
- logio_config_t *cf = ap_get_module_config(r->connection->conn_config,
- &logio_module);
- if (cf) {
- cf->r = r;
- }
return OK;
}
@@ -226,6 +203,34 @@
return OK;
}
+static apr_status_t logio_ttfb_filter(ap_filter_t *f, apr_bucket_brigade *b)
+{
+ request_rec *r = f->r;
+ logio_dirconf_t *conf = ap_get_module_config(r->per_dir_config,
+ &logio_module);
+ if (conf && conf->track_ttfb) {
+ logio_req_t *rconf = ap_get_module_config(r->request_config,
+ &logio_module);
+ if (rconf == NULL) {
+ rconf = apr_pcalloc(r->pool, sizeof(logio_req_t));
+ rconf->ttfb = apr_time_now() - r->request_time;
+ ap_set_module_config(r->request_config, &logio_module, rconf);
+ }
+ }
+ ap_remove_output_filter(f);
+ return ap_pass_brigade(f->next, b);
+}
+
+static void logio_insert_filter(request_rec * r)
+{
+ logio_dirconf_t *conf = ap_get_module_config(r->per_dir_config,
+ &logio_module);
+ if (conf->track_ttfb) {
+ ap_add_output_filter(logio_ttfb_filter_name, NULL, r, r->connection);
+ }
+ return;
+}
+
static const char *logio_track_ttfb(cmd_parms *cmd, void *in_dir_config, int arg)
{
logio_dirconf_t *dir_config = in_dir_config;
@@ -254,12 +259,15 @@
ap_hook_pre_connection(logio_pre_conn, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_pre_config(logio_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
- ap_hook_post_read_request(logio_post_read_request, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_log_transaction(logio_transaction, pre, NULL, APR_HOOK_MIDDLE);
ap_register_input_filter(logio_filter_name, logio_in_filter, NULL,
AP_FTYPE_NETWORK - 1);
+ ap_hook_insert_filter(logio_insert_filter, NULL, NULL, APR_HOOK_LAST);
+ ap_register_output_filter(logio_ttfb_filter_name, logio_ttfb_filter, NULL,
+ AP_FTYPE_RESOURCE);
+
APR_REGISTER_OPTIONAL_FN(ap_logio_add_bytes_out);
APR_REGISTER_OPTIONAL_FN(ap_logio_add_bytes_in);
APR_REGISTER_OPTIONAL_FN(ap_logio_get_last_bytes);
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 5ea76c6..cbbb8f8 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -28,6 +28,7 @@
core keeps dumping.''
-- Unknown */
#include "ssl_private.h"
+#include "mod_ssl.h"
#include "apr_date.h"
/* _________________________________________________________________
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index aef6b46..ac0c670 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -29,6 +29,7 @@
time I was too famous.''
-- Unknown */
#include "ssl_private.h"
+#include "mod_ssl.h"
#include "util_md5.h"
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
@@ -201,10 +202,12 @@
* selected by the SNI.
*/
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032)
- "Hostname %s provided via SNI and hostname %s provided"
- " via HTTP select a different server",
- servername, r->hostname);
- return HTTP_MISDIRECTED_REQUEST;
+ "Hostname %s provided via SNI and hostname %s provided"
+ " via HTTP are different", servername, host);
+ if (r->connection->keepalives > 0) {
+ return HTTP_MISDIRECTED_REQUEST;
+ }
+ return HTTP_BAD_REQUEST;
}
}
else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
diff --git a/server/core.c b/server/core.c
index 37484b6..de54dc5 100644
--- a/server/core.c
+++ b/server/core.c
@@ -423,6 +423,7 @@
static void *create_core_server_config(apr_pool_t *a, server_rec *s)
{
core_server_config *conf;
+ const char **np;
int is_virtual = s->is_virtual;
conf = (core_server_config *)apr_pcalloc(a, sizeof(core_server_config));
diff --git a/server/util.c b/server/util.c
index 916213c..b56926a 100644
--- a/server/util.c
+++ b/server/util.c
@@ -1451,6 +1451,7 @@
return find_list_item(p, line, tok, AP_ETAG_WEAK);
}
+
/* Grab a list of tokens of the format 1#token (from RFC7230) */
AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p,
const char *str_in,
