|
[-]
[+]
|
Changed |
apache2.changes
|
|
|
|
[-]
[+]
|
Changed |
apache2.spec
^
|
|
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/CHANGES
^
|
| @@ -1,6 +1,38 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.2.26
+
+ *) mod_dav: dav_resource->uri treated as unencoded. This was an
+ unnecessary ABI changed introduced in 2.2.25 PR 55397. [Ben Reser]
+
+ *) mod_dav: Do not validate locks against parent collection of COPY
+ source URI. PR 55304. [Ben Reser]
+
+ *) mod_ssl: Check SNI hostname against Host header case-insensitively.
+ PR 49491. [Mayank Agrawal <magrawal.08 gmail.com>]
+
+ *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
+ OpenSSL 1.0.0b3. [Vipul Gupta vipul.gupta sun.com, Sander Temme,
+ Stefan Fritsch]
+
+ *) mod_ssl: Change default for SSLCompression to off, as compression
+ causes security issues in most setups. (The so called "CRIME" attack).
+ [Stefan Fritsch]
+
+ *) mod_ssl: Fix compilation error when OpenSSL does not contain
+ support for SSLv2. Problem was introduced in 2.2.25. PR 55194.
+ [Rainer Jung, Kaspar Brand]
+
+ *) mod_dav: Fix double encoding of URIs in XML and Location header (caused
+ by unintential ABI change in 2.2.25). PR 55397. [Ben Reser]
+
Changes with Apache 2.2.25
+ *) SECURITY: CVE-2013-1896 (cve.mitre.org)
+ mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
+ the source href (sent as part of the request body as XML) pointing to a
+ URI that is not configured for DAV will trigger a segfault. [Ben Reser
+ <ben reser.org>]
+
*) SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
@@ -41,11 +73,6 @@
*) htdigest: Fix buffer overflow when reading digest password file
with very long lines. PR 54893. [Rainer Jung]
- *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
- the source href (sent as part of the request body as XML) pointing to a
- URI that is not configured for DAV will trigger a segfault. [Ben Reser
- <ben reser.org>]
-
*) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
[Timothy Wood <tjw omnigroup.com>]
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/man/htpasswd.1
^
|
| @@ -19,7 +19,7 @@
.el .ne 3
.IP "\\$1" \\$2
..
-.TH "HTPASSWD" 1 "2011-06-19" "Apache HTTP Server" "htpasswd"
+.TH "HTPASSWD" 1 "2013-07-06" "Apache HTTP Server" "htpasswd"
.SH NAME
htpasswd \- Manage user files for basic authentication
@@ -68,10 +68,10 @@
Display the results on standard output rather than updating a file\&. This is useful for generating password records acceptable to Apache for inclusion in non-text data stores\&. This option changes the syntax of the command line, since the \fIpasswdfile\fR argument (usually the first one) is omitted\&. It cannot be combined with the -c option\&.
.TP
-m
-Use MD5 encryption for passwords\&. This is the default\&.
+Use MD5 encryption for passwords\&. This is the default (since version 2\&.2\&.18)\&.
.TP
-d
-Use crypt() encryption for passwords\&. This is not supported by the httpd server on Windows and Netware and TPF\&.
+Use crypt() encryption for passwords\&. This is not supported by the httpd server on Windows and Netware and TPF\&. This algorithm limits the password length to 8 characters\&. This algorithm is \fBinsecure\fR by today's standards\&. It used to be the default algorithm until version 2\&.2\&.17\&.
.TP
-s
Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&.
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/man/tr/htpasswd.1
^
|
| @@ -19,7 +19,7 @@
.el .ne 3
.IP "\\$1" \\$2
..
-.TH "HTPASSWD" 1 "2012-02-11" "Apache HTTP Sunucusu" "htpasswd"
+.TH "HTPASSWD" 1 "2013-08-16" "Apache HTTP Sunucusu" "htpasswd"
.nh
.SH İSİM
htpasswd \- Temel kimlik doğrulama dosyalarını yönetir
@@ -68,10 +68,10 @@
Sonuçları veritabanında güncellemek yerine standart çıktıya gönderir\&. Bu seçenek, Apache'nin metin veriler içermeyen veri depolarına dahil edilebilecek parolaları üretmekte yararlıdır\&. \fIparola-dosyası\fR belirtilmediğinden, bu seçenek komut satırı sözdizimini değiştirir\&. Bu seçenek \fB-c\fR seçeneği ile birlikte kullanılamaz\&.
.TP
\fB-m\fR
-Parolalar için MD5 şifrelemesi kullanılır ve bu öntanımlıdır\&.
+Parolalar için MD5 şifrelemesi kullanılır ve bu 2\&.2\&.18 sürümünden beri öntanımlıdır\&.
.TP
\fB-d\fR
-Parolaları şifrelemek için crypt() kullanılır\&. Windows, Netware ve TPF üzerinde httpd sunucusu tarafından desteklenmez\&.
+Parolaları şifrelemek için crypt() kullanılır\&. Windows, Netware ve TPF üzerinde httpd sunucusu tarafından desteklenmez\&. Bu algoritma parola uzuluğunu 8 karakterle sınırlar\&. Bugünün standatlarında bu algoritma \fBgüvenilmez\fR kabul edilmektedir\&. 2\&.2\&.17 sürümüne kadar öntanımlı algoritma olarak kullanılmıştır\&.
.TP
\fB-s\fR
Parolalar için SHA şifrelemesi kullanılır\&. LDAP Dizin değişim biçemini (ldif) kullanarak Netscape sunucularına/sunucularından göçü kolaylaştırır\&.
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/filter.html.fr
^
|
| @@ -45,7 +45,8 @@
et permet aux applications de traiter les données en entrée et en sortie
d'une manière hautement flexible et configurable, quelle que soit la
provenance de ces données. Il est possible de pré-traiter les données
-en entrée, et post-traiter les données en sortie, comme souhaité.
+en entrée, et post-traiter les données en sortie, selon vos
+souhaits.
Ces traitements sont tout à fait indépendants des traditionnelles phases
de traitement des requêtes.</p>
<p class="figure">
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/core.html.fr
^
|
| @@ -213,7 +213,7 @@
déterminé par le <a href="../handler.html">gestionnaire</a> responsable de la requête.
Le gestionnaire de base pour les fichiers normaux rejette par défaut
les requêtes avec <code>PATH_INFO</code>. Les gestionnaires qui
- servent des scripts, comme<a href="mod_cgi.html">cgi-script</a> et <a href="mod_isapi.html">isapi-handler</a>, acceptent en général par
+ servent des scripts, comme <a href="mod_cgi.html">cgi-script</a> et <a href="mod_isapi.html">isapi-handler</a>, acceptent en général par
défaut les requêtes avec <code>PATH_INFO</code>.</dd>
</dl>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_authnz_ldap.html.en
^
|
| @@ -720,6 +720,21 @@
properly protected. You should only use the <code class="directive"><a href="#authldapbinddn">AuthLDAPBindDN</a></code> and <code class="directive"><a href="#authldapbindpassword">AuthLDAPBindPassword</a></code> if you
absolutely need them to search the directory.</p>
+ <p>If the value begins with exec: the resulting command will be
+ executed and the first line returned to standard output by the
+ program will be used as the password.</p>
+<div class="example"><pre>
+#Password used as-is
+AuthLDAPBindPassword secret
+
+#Run /path/to/program to get my password
+AuthLDAPBindPassword exec:/path/to/program
+
+#Run /path/to/otherProgram and provide arguments
+AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"
+</pre></div>
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPCharsetConfig" id="AuthLDAPCharsetConfig">AuthLDAPCharsetConfig</a> <a name="authldapcharsetconfig" id="authldapcharsetconfig">Directive</a></h2>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_authnz_ldap.html.fr
^
|
| @@ -787,6 +787,22 @@
vous en avez vraiment besoin pour effectuer une recherche dans
l'annuaire.</p>
+ <p>Si la chaîne spécifiée comme mot de passe commence par exec: , la
+ commande correspondante est exécutée, et c'est la première ligne qui
+ sera renvoyée par la commande sur la sortie standard qui sera
+ utilisée comme mot de passe.</p>
+<div class="example"><pre>
+# Mot de passe spécifié directement
+AuthLDAPBindPassword secret
+
+# Exécution de /path/to/program pour obtenir le mot de passe
+AuthLDAPBindPassword exec:/path/to/program
+
+# Exécution de /path/to/program avec un argument pour obtenir le mot de passe
+AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"
+</pre></div>
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPCharsetConfig" id="AuthLDAPCharsetConfig">AuthLDAPCharsetConfig</a> <a name="authldapcharsetconfig" id="authldapcharsetconfig">Directive</a></h2>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_dir.html.tr.utf8
^
|
| @@ -29,7 +29,6 @@
<a href="../ko/mod/mod_dir.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/mod/mod_dir.html" title="Türkçe"> tr </a></p>
</div>
-<div class="outofdate">Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Bölü çizgisiyle biten yönlendirmeleri yapar ve dizin içeriği dosyalarını sunar.</td></tr>
<tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Temel</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Modül Betimleyici:</a></th><td>dir_module</td></tr>
@@ -228,7 +227,7 @@
<span class="indent">
FallbackResource /blog/index.php<br />
</span>
- </Directory>
+ </Directory><br />
<Directory /web/example.com/htdocs/blog/images><br />
<span class="indent">
FallbackResource disabled<br />
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_env.html.en
^
|
| @@ -39,8 +39,8 @@
<p>This module allows for control of internal environment variables that
are used by various Apache HTTP Server modules. These variables are also
provided to CGI scripts as native system environment variables, and available
- for use in SSI pages. Environment variables may be passed from the shell
- which invoked the <code class="program"><a href="../programs/httpd.html">httpd</a></code> process. Alternatively,
+ for use in SSI pages. Environment variables may be passed from the shell
+ which invoked the <code class="program"><a href="../programs/httpd.html">httpd</a></code> process. Alternatively,
environment variables may be set or unset within the configuration process.</p>
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
@@ -68,8 +68,8 @@
</table>
<p>Specifies one or more native system environment variables to make available
as internal environment variables, which are available to Apache HTTP Server modules
- as well as propagated to CGI scripts and SSI pages. Values come from the
- native OS environment of the shell which invoked the
+ as well as propagated to CGI scripts and SSI pages. Values come from the
+ native OS environment of the shell which invoked the
<code class="program"><a href="../programs/httpd.html">httpd</a></code> process.</p>
<div class="example"><h3>Example</h3><p><code>
@@ -81,28 +81,33 @@
<div class="directive-section"><h2><a name="SetEnv" id="SetEnv">SetEnv</a> <a name="setenv" id="setenv">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets environment variables</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SetEnv <var>env-variable</var> <var>value</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SetEnv <var>env-variable</var> [<var>value</var>]</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_env</td></tr>
</table>
- <p>Sets an internal environment variable, which is then available to Apache
+ <p>Sets an internal environment variable, which is then available to Apache
HTTP Server modules, and passed on to CGI scripts and SSI pages.</p>
<div class="example"><h3>Example</h3><p><code>
SetEnv SPECIAL_PATH /foo/bin
</code></p></div>
+ <p> If you omit the <var>value</var> argument, the variable is set to
+ an empty string.</p>
+
<div class="note"><p>The internal environment variables set by this directive are set
<em>after</em> most early request processing directives are run, such as access
control and URI-to-filename mapping. If the environment variable you're
setting is meant as input into this early phase of processing such as the
- <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive, you should
+ <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive, you should
instead set the environment variable with
- <code class="directive"><a href="../mod/mod_setenvif.html# setenvif"> SetEnvIf</a></code>.</p>
+ <code class="directive"><a href="../mod/mod_setenvif.html#setenvif">SetEnvIf</a></code>.</p>
+ </div>
+ <div class="note"><p>On 2.2, the PATH environment variable cannot be set using Setenv.</p>
</div>
-
+
<h3>See also</h3>
<ul>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_env.html.tr.utf8
^
|
| @@ -79,7 +79,7 @@
<div class="directive-section"><h2><a name="SetEnv" id="SetEnv">SetEnv</a> <a name="setenv" id="setenv">Yönergesi</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Açıklama:</a></th><td>Ortam değişkenlerini tanımlar.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Sözdizimi:</a></th><td><code>SetEnv <var>ortam-değişkeni</var> <var>değer</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Sözdizimi:</a></th><td><code>SetEnv <var>ortam-değişkeni</var> [<var>değer</var>]</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Bağlam:</a></th><td>sunucu geneli, sanal konak, dizin, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Geçersizleştirme:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Durum:</a></th><td>Temel</td></tr>
@@ -93,6 +93,8 @@
SetEnv SPECIAL_PATH /foo/bin
</code></p></div>
+ <p>Bir <var>değer</var> belirtilmezse, değişkene boş dizgi atanır.</p>
+
<div class="note"><p>Bu yönerge ile atanan dahili ortam değişkenleri, erişim denetimi ve
URI'leri dosya isimleri ile eşleştirme gibi daha önceki istek işleme
yönergelerinden <em>sonra</em> atanır. Eğer atayacağınız ortam
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_proxy.html.en
^
|
| @@ -1161,6 +1161,13 @@
in the list. Worker recovery behaves the same as other worker errors.
Available with Apache HTTP Server 2.2.17 and later.
</td></tr>
+ <tr><td>failontimeout</td>
+ <td>Off</td>
+ <td>If set, an IO read timeout after a request is sent to the backend will
+ force the worker into error state. Worker recovery behaves the same as other
+ worker errors.
+ Available with Apache HTTP Server 2.2.25 and later.
+ </td></tr>
<tr><td>forcerecovery</td>
<td>On</td>
<td>Force the immediate recovery of all workers without considering the
@@ -1210,15 +1217,6 @@
removes the normal limited protection against URL-based attacks
provided by the proxy.</p>
- <p>The optional <var>interpolate</var> keyword (available in
- httpd 2.2.9 and later), in combination with
- <code class="directive">ProxyPassInterpolateEnv</code> causes the ProxyPass
- to interpolate environment variables, using the syntax
- <var>${VARNAME}</var>. Note that many of the standard CGI-derived
- environment variables will not exist when this interpolation happens,
- so you may still have to resort to <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
- for complex rules.</p>
-
<p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>. The same will occur inside a
<code class="directive"><a href="../mod/core.html#locationmatch"><LocationMatch></a></code> section,
@@ -1231,6 +1229,31 @@
<code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive with the
<code>[P]</code> flag.</p>
+ <p>The optional <var>interpolate</var> keyword (available in
+ httpd 2.2.9 and later), in combination with
+ <code class="directive">ProxyPassInterpolateEnv</code> causes the ProxyPass
+ to interpolate environment variables, using the syntax
+ <var>${VARNAME}</var>. Note that many of the standard CGI-derived
+ environment variables will not exist when this interpolation happens,
+ so you may still have to resort to <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+ for complex rules. Also note that interpolation is not supported
+ within the scheme portion of a URL. Dynamic determination of the
+ scheme can be accomplished with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> as in the
+ following example.</p>
+
+ <pre class="prettyprint lang-config">
+RewriteEngine On
+
+RewriteCond %{HTTPS} =off
+RewriteRule . - [E=protocol:http]
+RewriteCond %{HTTPS} =on
+RewriteRule . - [E=protocol:https]
+
+RewriteRule ^/mirror/foo/(.*) %{ENV:protocol}://backend.example.com/$1 [P]
+ProxyPassReverse /mirror/foo/ http://backend.example.com/
+ProxyPassReverse /mirror/foo/ https://backend.example.com/
+ </pre>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -1383,7 +1406,8 @@
httpd 2.2.9 and later), used together with
<code class="directive">ProxyPassInterpolateEnv</code>, enables interpolation
of environment variables specified using the format <var>${VARNAME}</var>.
- </p>
+ Note that interpolation is not supported within the scheme portion of a
+ URL.</p>
<p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>. The same occurs inside a <code class="directive"><a href="../mod/core.html#locationmatch"><LocationMatch></a></code> section, but will probably not work as
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_proxy.html.fr
^
|
| @@ -1298,6 +1298,15 @@
est le même qu'avec les autres erreurs de worker.
Disponible à partir de la version 2.2.17 du serveur HTTP Apache.
</td></tr>
+ <tr><td>failontimeout</td>
+ <td>Off</td>
+ <td>Si ce paramètre est défini à "On", un délai d'attente
+ dépassé en entrée/sortie après envoi d'une requête au serveur
+ d'arrière-plan va mettre le processus en état d'erreur. La
+ sortie de cet état d'erreur se passe de la même façon que pour
+ les autres erreurs. Disponible à partir de la version 2.2.25 du
+ serveur HTTP Apache.
+ </td></tr>
<tr><td>forcerecovery</td>
<td>On</td>
<td>Force la récupération immédiate de tous les membres du
@@ -1351,16 +1360,6 @@
car la protection limitée contre les attaques à base d'URL que
fournit le mandataire est alors supprimée.</p>
- <p>Le mot-clé optionnel <var>interpolate</var> (disponible depuis
- httpd 2.2.9), en combinaison avec la directive
- <code class="directive">ProxyPassInterpolateEnv</code>, permet à ProxyPass
- d'interpoler les variables d'environnement à l'aide de la syntaxe
- <var>${VARNAME}</var>. Notez que de nombreuses variables
- d'environnement standard dérivées de CGI n'existeront pas lorsque
- l'interpolation se produit ; vous devrez alors encore avoir avoir
- recours à <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> pour des règles
- complexes.</p>
-
<p>Lorsque la directive ProxyPass est utilisée à l'intérieur d'une
section <code class="directive"><a href="../mod/core.html#location"><Location></a></code>, le premier argument est omis et le répertoire
local est obtenu à partir de la section <code class="directive"><a href="../mod/core.html#location"><Location></a></code>. Il en est de
@@ -1379,6 +1378,33 @@
souple, reportez-vous à la documentaion de la directive <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> et son drapeau
<code>[P]</code>.</p>
+ <p>Le mot-clé optionnel <var>interpolate</var> (disponible depuis
+ httpd 2.2.9), en combinaison avec la directive
+ <code class="directive">ProxyPassInterpolateEnv</code>, permet à ProxyPass
+ d'interpoler les variables d'environnement à l'aide de la syntaxe
+ <var>${VARNAME}</var>. Notez que de nombreuses variables
+ d'environnement standard dérivées de CGI n'existeront pas lorsque
+ l'interpolation se produit ; vous devrez alors encore avoir avoir
+ recours à <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> pour des règles
+ complexes. Notez aussi que l'interpolation n'est pas supportée dans
+ la partie protocole d'une URL. La détermination dynamique du
+ protocole peut être effectuée à l'aide de
+ <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> comme dans l'exemple suivant :</p>
+
+ <pre class="prettyprint lang-config">
+RewriteEngine On
+
+RewriteCond %{HTTPS} =off
+RewriteRule . - [E=protocol:http]
+RewriteCond %{HTTPS} =on
+RewriteRule . - [E=protocol:https]
+
+RewriteRule ^/mirror/foo/(.*) %{ENV:protocol}://backend.example.com/$1 [P]
+ProxyPassReverse /mirror/foo/ http://backend.example.com/
+ProxyPassReverse /mirror/foo/ https://backend.example.com/
+ </pre>
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -1552,7 +1578,8 @@
httpd 2.2.9), utilisé en combinaison avec la directive
<code class="directive">ProxyPassInterpolateEnv</code>, permet
l'interpolation des variables d'environnement spécifiées en
- utilisant le format <var>${VARNAME}</var>.
+ utilisant le format <var>${VARNAME}</var> Notez que l'interpolation
+ n'est pas supportée dans la partie protocole d'une URL.
</p>
<p>Lorsque cette directive est utilisée dans une section <code class="directive"><a href="../mod/core.html#location"><Location></a></code>, le premier
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_proxy_http.html.en
^
|
| @@ -69,7 +69,8 @@
<p>In addition to the configuration directives that control the
behaviour of <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>, there are a number of
<dfn>environment variables</dfn> that control the HTTP protocol
- provider:</p>
+ provider. Environment variables below that don't specify specific values
+ are enabled when set to any value.</p>
<dl>
<dt>proxy-sendextracrlf</dt>
<dd>Causes proxy to send an extra CR-LF newline on the end of a
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_proxy_http.html.fr
^
|
| @@ -70,7 +70,9 @@
<p>Outre les directives de configuration qui contrôlent le
comportement de <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>, plusieurs <dfn>variables
d'environnement</dfn> permettent de contrôler le fournisseur du
- protocole HTTP :</p>
+ protocole HTTP. Parmi les variables suivantes, celle qui ne
+ nécessitent pas de valeur particulière sont définies quelle que soit
+ la valeur qu'on leur affecte.</p>
<dl>
<dt>proxy-sendextracrlf</dt>
<dd>Provoque l'envoi par le mandataire d'une nouvelle ligne
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_proxy_http.html.ja.utf8
^
|
| @@ -28,6 +28,10 @@
<a href="../fr/mod/mod_proxy_http.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="../ja/mod/mod_proxy_http.html" title="Japanese"> ja </a></p>
</div>
+<div class="outofdate">この日本語訳はすでに古くなっている
+ 可能性があります。
+ 最近更新された内容を見るには英語版をご覧下さい。
+ </div>
<table class="module"><tr><th><a href="module-dict.html#Description">説明:</a></th><td><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> のための HTTP サポートモジュール</td></tr>
<tr><th><a href="module-dict.html#Status">ステータス:</a></th><td>Extension</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">モジュール識別子:</a></th><td>proxy_http_module</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/mod_ssl.html.en
^
|
| @@ -589,16 +589,21 @@
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCompression" id="SSLCompression">SSLCompression</a> <a name="sslcompression" id="sslcompression">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Disallow compression on the SSL level</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable compression on the SSL level</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLCompression on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLCompression on</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLCompression off</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.2.24 and later, if using OpenSSL 0.9.8 or later;
-virtual host scope available if using OpenSSL 1.0.0 or later</td></tr>
+virtual host scope available if using OpenSSL 1.0.0 or later.
+The default used to be <code>on</code> in versions 2.2.24 to 2.2.25.</td></tr>
</table>
-<p>This directive allows to disable compression on the SSL level.</p>
+<p>This directive allows to enable compression on the SSL level.</p>
+<div class="warning">
+<p>Enabling compression causes security issues in most setups (the so called
+CRIME attack).</p>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -1247,7 +1252,7 @@
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.2.22 and later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.2.23 and later</td></tr>
</table>
<p>
This directive sets the all-in-one file where you keep the certificate chain
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/quickreference.html.de
^
|
| @@ -685,7 +685,7 @@
Dokumenten</td></tr>
<tr class="odd"><td><a href="core.html#servertokens">ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</a></td><td> Full </td><td>s</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Konfiguriert den HTTP-Response-Header
<code>Server</code></td></tr>
-<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> <var>value</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
+<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> [<var>value</var>]</a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
<tr class="odd"><td><a href="mod_setenvif.html#setenvif">SetEnvIf <em>attribute
regex [!]env-variable</em>[=<em>value</em>]
[[!]<em>env-variable</em>[=<em>value</em>]] ...</a></td><td></td><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets environment variables based on attributes of the request
@@ -727,7 +727,7 @@
<tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Disallow compression on the SSL level</td></tr>
+<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/quickreference.html.en
^
|
| @@ -664,7 +664,7 @@
<tr><td><a href="core.html#serversignature">ServerSignature On|Off|EMail</a></td><td> Off </td><td>svdh</td><td>C</td></tr><tr><td class="descr" colspan="4">Configures the footer on server-generated documents</td></tr>
<tr class="odd"><td><a href="core.html#servertokens">ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</a></td><td> Full </td><td>s</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Configures the <code>Server</code> HTTP response
header</td></tr>
-<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> <var>value</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
+<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> [<var>value</var>]</a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
<tr class="odd"><td><a href="mod_setenvif.html#setenvif">SetEnvIf <em>attribute
regex [!]env-variable</em>[=<em>value</em>]
[[!]<em>env-variable</em>[=<em>value</em>]] ...</a></td><td></td><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets environment variables based on attributes of the request
@@ -707,7 +707,7 @@
<tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Disallow compression on the SSL level</td></tr>
+<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/quickreference.html.es
^
|
| @@ -671,7 +671,7 @@
<tr><td><a href="core.html#serversignature">ServerSignature On|Off|EMail</a></td><td> Off </td><td>svdh</td><td>C</td></tr><tr><td class="descr" colspan="4">Configures the footer on server-generated documents</td></tr>
<tr class="odd"><td><a href="core.html#servertokens">ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</a></td><td> Full </td><td>s</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Configures the <code>Server</code> HTTP response
header</td></tr>
-<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> <var>value</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
+<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> [<var>value</var>]</a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
<tr class="odd"><td><a href="mod_setenvif.html#setenvif">SetEnvIf <em>attribute
regex [!]env-variable</em>[=<em>value</em>]
[[!]<em>env-variable</em>[=<em>value</em>]] ...</a></td><td></td><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets environment variables based on attributes of the request
@@ -714,7 +714,7 @@
<tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Disallow compression on the SSL level</td></tr>
+<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/quickreference.html.ja.utf8
^
|
| @@ -643,7 +643,7 @@
<tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Disallow compression on the SSL level</td></tr>
+<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/quickreference.html.ko.euc-kr
^
|
| @@ -657,7 +657,7 @@
<tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Disallow compression on the SSL level</td></tr>
+<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/quickreference.html.ru.koi8-r
^
|
| @@ -669,7 +669,7 @@
<tr><td><a href="core.html#serversignature">ServerSignature On|Off|EMail</a></td><td> Off </td><td>svdh</td><td>C</td></tr><tr><td class="descr" colspan="4">Configures the footer on server-generated documents</td></tr>
<tr class="odd"><td><a href="core.html#servertokens">ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</a></td><td> Full </td><td>s</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Configures the <code>Server</code> HTTP response
header</td></tr>
-<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> <var>value</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
+<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> [<var>value</var>]</a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
<tr class="odd"><td><a href="mod_setenvif.html#setenvif">SetEnvIf <em>attribute
regex [!]env-variable</em>[=<em>value</em>]
[[!]<em>env-variable</em>[=<em>value</em>]] ...</a></td><td></td><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets environment variables based on attributes of the request
@@ -712,7 +712,7 @@
<tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Disallow compression on the SSL level</td></tr>
+<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/quickreference.html.tr.utf8
^
|
| @@ -675,7 +675,7 @@
</td></tr>
<tr class="odd"><td><a href="core.html#servertokens">ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</a></td><td> Full </td><td>s</td><td>Ç</td></tr><tr class="odd"><td class="descr" colspan="4"><code>Server</code> HTTP yanıt başlığını yapılandırır.
</td></tr>
-<tr><td><a href="mod_env.html#setenv">SetEnv <var>ortam-değişkeni</var> <var>değer</var></a></td><td></td><td>skdh</td><td>T</td></tr><tr><td class="descr" colspan="4">Ortam değişkenlerini tanımlar.</td></tr>
+<tr><td><a href="mod_env.html#setenv">SetEnv <var>ortam-değişkeni</var> [<var>değer</var>]</a></td><td></td><td>skdh</td><td>T</td></tr><tr><td class="descr" colspan="4">Ortam değişkenlerini tanımlar.</td></tr>
<tr class="odd"><td><a href="mod_setenvif.html#setenvif">SetEnvIf <em>öznitelik
düzifd [!]ort-değişkeni</em>[=<em>değer</em>]
[[!]<em>ort-değişkeni</em>[=<em>değer</em>]] ...</a></td><td></td><td>skdh</td><td>T</td></tr><tr class="odd"><td class="descr" colspan="4">Ortam değişkenlerini isteğin özniteliklerine göre atar.
@@ -717,7 +717,7 @@
<tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>skdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> on </td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">Disallow compression on the SSL level</td></tr>
+<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/mod/quickreference.html.zh-cn
^
|
| @@ -659,7 +659,7 @@
<tr><td><a href="core.html#serversignature">ServerSignature On|Off|EMail</a></td><td> Off </td><td>svdh</td><td>C</td></tr><tr><td class="descr" colspan="4">Configures the footer on server-generated documents</td></tr>
<tr class="odd"><td><a href="core.html#servertokens">ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</a></td><td> Full </td><td>s</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Configures the <code>Server</code> HTTP response
header</td></tr>
-<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> <var>value</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
+<tr><td><a href="mod_env.html#setenv">SetEnv <var>env-variable</var> [<var>value</var>]</a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets environment variables</td></tr>
<tr class="odd"><td><a href="mod_setenvif.html#setenvif">SetEnvIf <em>attribute
regex [!]env-variable</em>[=<em>value</em>]
[[!]<em>env-variable</em>[=<em>value</em>]] ...</a></td><td></td><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets environment variables based on attributes of the request
@@ -702,7 +702,7 @@
<tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded Private Key file</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
handshake</td></tr>
-<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Disallow compression on the SSL level</td></tr>
+<tr><td><a href="mod_ssl.html#sslcompression">SSLCompression on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable compression on the SSL level</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslcryptodevice">SSLCryptoDevice <em>engine</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable use of a cryptographic hardware accelerator</td></tr>
<tr><td><a href="mod_ssl.html#sslengine">SSLEngine on|off|optional</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Engine Operation Switch</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslfips">SSLFIPS on|off</a></td><td> off </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">SSL FIPS mode Switch</td></tr>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/programs/htpasswd.html.en
^
|
| @@ -108,12 +108,15 @@
one) is omitted. It cannot be combined with the <code>-c</code> option.</dd>
<dt><code>-m</code></dt>
- <dd>Use MD5 encryption for passwords. This is the default.</dd>
+ <dd>Use MD5 encryption for passwords. This is the default (since version
+ 2.2.18).</dd>
<dt><code>-d</code></dt>
<dd>Use <code>crypt()</code> encryption for passwords. This is not
supported by the <code class="program"><a href="../programs/httpd.html">httpd</a></code> server on Windows and
- Netware and TPF.</dd>
+ Netware and TPF. This algorithm limits the password length to 8
+ characters. This algorithm is <strong>insecure</strong> by today's
+ standards. It used to be the default algorithm until version 2.2.17.</dd>
<dt><code>-s</code></dt>
<dd>Use SHA encryption for passwords. Facilitates migration from/to Netscape
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/programs/htpasswd.html.tr.utf8
^
|
| @@ -114,12 +114,16 @@
<code><strong>-c</strong></code> seçeneği ile birlikte kullanılamaz.</dd>
<dt><code><strong>-m</strong></code></dt>
- <dd>Parolalar için MD5 şifrelemesi kullanılır ve bu öntanımlıdır.</dd>
+ <dd>Parolalar için MD5 şifrelemesi kullanılır ve bu 2.2.18 sürümünden beri
+ öntanımlıdır.</dd>
<dt><code><strong>-d</strong></code></dt>
<dd>Parolaları şifrelemek için <code>crypt()</code> kullanılır. Windows,
Netware ve TPF üzerinde <code class="program"><a href="../programs/httpd.html">httpd</a></code> sunucusu tarafından
- desteklenmez.</dd>
+ desteklenmez. Bu algoritma parola uzuluğunu 8 karakterle sınırlar.
+ Bugünün standatlarında bu algoritma <strong>güvenilmez</strong> kabul
+ edilmektedir. 2.2.17 sürümüne kadar öntanımlı algoritma olarak
+ kullanılmıştır. </dd>
<dt><code><strong>-s</strong></code></dt>
<dd>Parolalar için SHA şifrelemesi kullanılır. LDAP Dizin değişim
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/stopping.html.fr
^
|
| @@ -147,7 +147,8 @@
<em>tableau</em> utilisé pour garder la trace de tous les processus
enfants au cours des différentes générations.</p>
- <p>Le module status utilise aussi un <code>G</code> afin d'indiquer
+ <p>Dans son état des processus,
+ le module status utilise aussi un <code>G</code> afin d'indiquer
quels processus enfants ont encore des traitements de requêtes en cours
débutés avant que l'ordre graceful restart ne soit donné.</p>
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/docs/manual/style/version.ent
^
|
| @@ -19,6 +19,6 @@
<!ENTITY httpd.major "2">
<!ENTITY httpd.minor "2">
-<!ENTITY httpd.patch "25">
+<!ENTITY httpd.patch "26">
<!ENTITY httpd.docs "2.2">
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/httpd.spec
^
|
| @@ -5,7 +5,7 @@
Summary: Apache HTTP Server
Name: httpd
-Version: 2.2.25
+Version: 2.2.26
Release: 1
URL: http://httpd.apache.org/
Vendor: Apache Software Foundation
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/include/ap_release.h
^
|
| @@ -22,8 +22,6 @@
#ifndef AP_RELEASE_H
#define AP_RELEASE_H
-#include "apr_general.h" /* stringify */
-
#define AP_SERVER_COPYRIGHT \
"Copyright 2013 The Apache Software Foundation."
@@ -45,7 +43,7 @@
#define AP_SERVER_MAJORVERSION_NUMBER 2
#define AP_SERVER_MINORVERSION_NUMBER 2
-#define AP_SERVER_PATCHLEVEL_NUMBER 25
+#define AP_SERVER_PATCHLEVEL_NUMBER 26
#define AP_SERVER_DEVBUILD_BOOLEAN 0
/* Synchronize the above with docs/manual/style/version.ent */
@@ -56,6 +54,14 @@
#define AP_SERVER_ADD_STRING ""
#endif
+/* APR_STRINGIFY is defined here, and also in apr_general.h, so wrap it */
+#ifndef APR_STRINGIFY
+/** Properly quote a value as a string in the C preprocessor */
+#define APR_STRINGIFY(n) APR_STRINGIFY_HELPER(n)
+/** Helper macro for APR_STRINGIFY */
+#define APR_STRINGIFY_HELPER(n) #n
+#endif
+
/* keep old macros as well */
#define AP_SERVER_MAJORVERSION APR_STRINGIFY(AP_SERVER_MAJORVERSION_NUMBER)
#define AP_SERVER_MINORVERSION APR_STRINGIFY(AP_SERVER_MINORVERSION_NUMBER)
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/dav/fs/repos.c
^
|
| @@ -683,14 +683,13 @@
resource->pool = r->pool;
/* make sure the URI does not have a trailing "/" */
- len = strlen(r->uri);
- if (len > 1 && r->uri[len - 1] == '/') {
- s = apr_pstrdup(r->pool, r->uri);
- s[len - 1] = '\0';
+ len = strlen(r->unparsed_uri);
+ if (len > 1 && r->unparsed_uri[len - 1] == '/') {
+ s = apr_pstrmemdup(r->pool, r->unparsed_uri, len-1);
resource->uri = s;
}
else {
- resource->uri = r->uri;
+ resource->uri = r->unparsed_uri;
}
if (r->finfo.filetype != 0) {
@@ -1407,6 +1406,18 @@
return dav_fs_deleteset(info->pool, resource);
}
+/* Take an unescaped path component and escape it and append it onto a
+ * dav_buffer for a URI */
+static apr_size_t dav_fs_append_uri(apr_pool_t *p, dav_buffer *pbuf,
+ const char *path, apr_size_t pad)
+{
+ const char *epath = ap_escape_uri(p, path);
+ apr_size_t epath_len = strlen(epath);
+
+ dav_buffer_place_mem(p, pbuf, epath, epath_len + 1, pad);
+ return epath_len;
+}
+
/* ### move this to dav_util? */
/* Walk recursively down through directories, *
* including lock-null resources as we go. */
@@ -1461,6 +1472,7 @@
}
while ((apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp)) == APR_SUCCESS) {
apr_size_t len;
+ apr_size_t escaped_len;
apr_status_t status;
len = strlen(dirent.name);
@@ -1500,7 +1512,7 @@
/* copy the file to the URI, too. NOTE: we will pad an extra byte
for the trailing slash later. */
- dav_buffer_place_mem(pool, &fsctx->uri_buf, dirent.name, len + 1, 1);
+ escaped_len = dav_fs_append_uri(pool, &fsctx->uri_buf, dirent.name, 1);
/* if there is a secondary path, then do that, too */
if (fsctx->path2.buf != NULL) {
@@ -1533,7 +1545,7 @@
fsctx->path2.cur_len += len;
/* adjust URI length to incorporate subdir and a slash */
- fsctx->uri_buf.cur_len += len + 1;
+ fsctx->uri_buf.cur_len += escaped_len + 1;
fsctx->uri_buf.buf[fsctx->uri_buf.cur_len - 1] = '/';
fsctx->uri_buf.buf[fsctx->uri_buf.cur_len] = '\0';
@@ -1599,8 +1611,8 @@
*/
dav_buffer_place_mem(pool, &fsctx->path1,
fsctx->locknull_buf.buf + offset, len + 1, 0);
- dav_buffer_place_mem(pool, &fsctx->uri_buf,
- fsctx->locknull_buf.buf + offset, len + 1, 0);
+ dav_fs_append_uri(pool, &fsctx->uri_buf,
+ fsctx->locknull_buf.buf + offset, 0);
if (fsctx->path2.buf != NULL) {
dav_buffer_place_mem(pool, &fsctx->path2,
fsctx->locknull_buf.buf + offset,
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/dav/main/mod_dav.c
^
|
| @@ -400,11 +400,9 @@
*/
static const char *dav_xml_escape_uri(apr_pool_t *p, const char *uri)
{
- const char *e_uri = ap_escape_uri(p, uri);
-
/* check the easy case... */
- if (ap_strchr_c(e_uri, '&') == NULL)
- return e_uri;
+ if (ap_strchr_c(uri, '&') == NULL)
+ return uri;
/* there was a '&', so more work is needed... sigh. */
@@ -412,7 +410,7 @@
* Note: this is a teeny bit of overkill since we know there are no
* '<' or '>' characters, but who cares.
*/
- return apr_xml_quote_string(p, e_uri, 0);
+ return apr_xml_quote_string(p, uri, 0);
}
@@ -616,7 +614,8 @@
return DONE;
}
-/* handy function for return values of methods that (may) create things */
+/* handy function for return values of methods that (may) create things.
+ * locn if provided is assumed to be escaped. */
static int dav_created(request_rec *r, const char *locn, const char *what,
int replaced)
{
@@ -624,8 +623,6 @@
if (locn == NULL) {
locn = r->unparsed_uri;
- } else {
- locn = ap_escape_uri(r->pool, locn);
}
/* did the target resource already exist? */
@@ -2724,7 +2721,7 @@
* The multistatus responses will contain the information about any
* resource that fails the validation.
*
- * We check the parent resource, too, since this is a MOVE. Moving the
+ * We check the parent resource, too, if this is a MOVE. Moving the
* resource effectively removes it from the parent collection, so we
* must ensure that we have met the appropriate conditions.
*
@@ -2733,7 +2730,9 @@
*/
if ((err = dav_validate_request(r, resource, depth, NULL,
&multi_response,
- DAV_VALIDATE_PARENT
+ (is_move ? DAV_VALIDATE_PARENT
+ : DAV_VALIDATE_RESOURCE
+ | DAV_VALIDATE_NO_MODIFY)
| DAV_VALIDATE_USE_424,
NULL)) != NULL) {
err = dav_push_error(r->pool, err->status, 0,
@@ -2970,7 +2969,7 @@
}
/* return an appropriate response (HTTP_CREATED or HTTP_NO_CONTENT) */
- return dav_created(r, lookup.rnew->uri, "Destination",
+ return dav_created(r, lookup.rnew->unparsed_uri, "Destination",
resnew_state == DAV_RESOURCE_EXISTS);
}
@@ -4560,7 +4559,7 @@
/* return an appropriate response (HTTP_CREATED) */
/* ### spec doesn't say what happens when destination was replaced */
- return dav_created(r, lookup.rnew->uri, "Binding", 0);
+ return dav_created(r, lookup.rnew->unparsed_uri, "Binding", 0);
}
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/dav/main/mod_dav.h
^
|
| @@ -370,7 +370,7 @@
* REGULAR and WORKSPACE resources,
* and is always 1 for WORKING */
- const char *uri; /* the URI for this resource */
+ const char *uri; /* the escaped URI for this resource */
dav_resource_private *info; /* the provider's private info */
@@ -1281,6 +1281,9 @@
the 424 DAV:response */
#define DAV_VALIDATE_USE_424 0x0080 /* return 424 status, not 207 */
#define DAV_VALIDATE_IS_PARENT 0x0100 /* for internal use */
+#define DAV_VALIDATE_NO_MODIFY 0x0200 /* resource is not being modified
+ so allow even if lock token
+ is not provided */
/* Lock-null related public lock functions */
DAV_DECLARE(int) dav_get_resource_state(request_rec *r,
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/dav/main/util.c
^
|
| @@ -929,13 +929,16 @@
/*
** For methods other than LOCK:
**
- ** If we have no locks, then <seen_locktoken> can be set to true --
+ ** If we have no locks or if the resource is not being modified
+ ** (per RFC 4918 the lock token is not required on resources
+ ** we are not changing), then <seen_locktoken> can be set to true --
** pretending that we've already met the requirement of seeing one
** of the resource's locks in the If: header.
**
** Otherwise, it must be cleared and we'll look for one.
*/
- seen_locktoken = (lock_list == NULL);
+ seen_locktoken = (lock_list == NULL
+ || flags & DAV_VALIDATE_NO_MODIFY);
}
/*
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/ssl/mod_ssl.c
^
|
| @@ -441,6 +441,9 @@
*/
SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
SSL_set_tmp_dh_callback(ssl, ssl_callback_TmpDH);
+#ifndef OPENSSL_NO_EC
+ SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
+#endif
SSL_set_verify_result(ssl, X509_V_OK);
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/ssl/ssl_engine_config.c
^
|
| @@ -636,7 +636,7 @@
if (!strcasecmp(arg, "On")) {
sc->enabled = SSL_ENABLED_TRUE;
- return NULL;
+ return NULL;
}
else if (!strcasecmp(arg, "Off")) {
sc->enabled = SSL_ENABLED_FALSE;
@@ -1272,12 +1272,14 @@
const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg)
{
SSLDirConfigRec *dc = dcfg;
-
- dc->nRenegBufferSize = atoi(arg);
- if (dc->nRenegBufferSize < 0) {
+ int val;
+
+ val = atoi(arg);
+ if (val < 0) {
return apr_pstrcat(cmd->pool, "Invalid size for SSLRenegBufferSize: ",
arg, NULL);
}
+ dc->nRenegBufferSize = val;
return NULL;
}
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/ssl/ssl_engine_init.c
^
|
| @@ -72,6 +72,9 @@
MODSSL_TMP_KEYS_FREE(mc, RSA);
MODSSL_TMP_KEYS_FREE(mc, DH);
+#ifndef OPENSSL_NO_EC
+ MODSSL_TMP_KEY_FREE(mc, EC_KEY, SSL_TMP_KEY_EC_256);
+#endif
}
static int ssl_tmp_key_init_rsa(server_rec *s,
@@ -133,6 +136,40 @@
return OK;
}
+#ifndef OPENSSL_NO_EC
+static int ssl_tmp_key_init_ec(server_rec *s,
+ int bits, int idx)
+{
+ SSLModConfigRec *mc = myModConfig(s);
+ EC_KEY *ecdh = NULL;
+
+ /* XXX: Are there any FIPS constraints we should enforce? */
+
+ if (bits != 256) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Init: Failed to generate temporary "
+ "%d bit EC parameters, only 256 bits supported", bits);
+ return !OK;
+ }
+
+ if ((ecdh = EC_KEY_new()) == NULL ||
+ EC_KEY_set_group(ecdh, EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 1)
+ {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Init: Failed to generate temporary "
+ "%d bit EC parameters", bits);
+ return !OK;
+ }
+
+ mc->pTmpKeys[idx] = ecdh;
+ return OK;
+}
+
+#define MODSSL_TMP_KEY_INIT_EC(s, bits) \
+ ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits)
+
+#endif
+
#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \
ssl_tmp_key_init_rsa(s, bits, SSL_TMP_KEY_RSA_##bits)
@@ -157,6 +194,15 @@
return !OK;
}
+#ifndef OPENSSL_NO_EC
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "Init: Generating temporary EC parameters (256 bits)");
+
+ if (MODSSL_TMP_KEY_INIT_EC(s, 256)) {
+ return !OK;
+ }
+#endif
+
return OK;
}
@@ -399,7 +445,11 @@
* Check for problematic re-initializations
*/
if (mctx->pks->certs[SSL_AIDX_RSA] ||
- mctx->pks->certs[SSL_AIDX_DSA])
+ mctx->pks->certs[SSL_AIDX_DSA]
+#ifndef OPENSSL_NO_EC
+ || mctx->pks->certs[SSL_AIDX_ECC]
+#endif
+ )
{
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Illegal attempt to re-initialise SSL for server "
@@ -535,7 +585,7 @@
#ifndef OPENSSL_NO_COMP
- if (sc->compression == FALSE) {
+ if (sc->compression != TRUE) {
#ifdef SSL_OP_NO_COMPRESSION
/* OpenSSL >= 1.0 only */
SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
@@ -599,6 +649,9 @@
SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
+#ifndef OPENSSL_NO_EC
+ SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
+#endif
SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
}
@@ -866,9 +919,16 @@
ssl_asn1_t *asn1;
MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
const char *type = ssl_asn1_keystr(idx);
- int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
+ int pkey_type;
EVP_PKEY *pkey;
+#ifndef OPENSSL_NO_EC
+ if (idx == SSL_AIDX_ECC)
+ pkey_type = EVP_PKEY_EC;
+ else
+#endif
+ pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
+
if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
return FALSE;
}
@@ -979,19 +1039,39 @@
modssl_ctx_t *mctx)
{
const char *rsa_id, *dsa_id;
+#ifndef OPENSSL_NO_EC
+ const char *ecc_id;
+#endif
const char *vhost_id = mctx->sc->vhost_id;
int i;
int have_rsa, have_dsa;
+#ifndef OPENSSL_NO_EC
+ int have_ecc;
+#endif
rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
+#ifndef OPENSSL_NO_EC
+ ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
+#endif
have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
+#ifndef OPENSSL_NO_EC
+ have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
+#endif
- if (!(have_rsa || have_dsa)) {
+ if (!(have_rsa || have_dsa
+#ifndef OPENSSL_NO_EC
+ || have_ecc
+#endif
+)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+#ifndef OPENSSL_NO_EC
+ "Oops, no RSA, DSA or ECC server certificate found "
+#else
"Oops, no RSA or DSA server certificate found "
+#endif
"for '%s:%d'?!", s->server_hostname, s->port);
ssl_die();
}
@@ -1002,10 +1082,21 @@
have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
+#ifndef OPENSSL_NO_EC
+ have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
+#endif
- if (!(have_rsa || have_dsa)) {
+ if (!(have_rsa || have_dsa
+#ifndef OPENSSL_NO_EC
+ || have_ecc
+#endif
+ )) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+#ifndef OPENSSL_NO_EC
+ "Oops, no RSA, DSA or ECC server private key found?!");
+#else
"Oops, no RSA or DSA server private key found?!");
+#endif
ssl_die();
}
}
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/ssl/ssl_engine_io.c
^
|
| @@ -1073,13 +1073,16 @@
#ifndef OPENSSL_NO_TLSEXT
/*
* Enable SNI for backend requests. Make sure we don't do it for
- * pure SSLv2 or SSLv3 connections, and also prevent IP addresses
+ * pure SSLv3 connections, and also prevent IP addresses
* from being included in the SNI extension. (OpenSSL would simply
* pass them on, but RFC 6066 is quite clear on this: "Literal
* IPv4 and IPv6 addresses are not permitted".)
+ * We can omit the check for SSL_PROTOCOL_SSLV2 as there is
+ * no way for OpenSSL to screw up things in this case (it's
+ * impossible to include extensions in a pure SSLv2 ClientHello,
+ * protocol-wise).
*/
if (hostname_note &&
- sc->proxy->protocol != SSL_PROTOCOL_SSLV2 &&
sc->proxy->protocol != SSL_PROTOCOL_SSLV3 &&
apr_ipsubnet_create(&ip, hostname_note, NULL,
c->pool) != APR_SUCCESS) {
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/ssl/ssl_engine_kernel.c
^
|
| @@ -115,7 +115,7 @@
if (rv != APR_SUCCESS || scope_id) {
return HTTP_BAD_REQUEST;
}
- if (strcmp(host, servername)) {
+ if (strcasecmp(host, servername)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Hostname %s provided via SNI and hostname %s provided"
" via HTTP are different", servername, host);
@@ -1267,6 +1267,27 @@
return (DH *)mc->pTmpKeys[idx];
}
+#ifndef OPENSSL_NO_EC
+EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
+{
+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
+ SSLModConfigRec *mc = myModConfigFromConn(c);
+ int idx;
+
+ /* XXX Uses 256-bit key for now. TODO: support other sizes. */
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ "handing out temporary 256 bit ECC key");
+
+ switch (keylen) {
+ case 256:
+ default:
+ idx = SSL_TMP_KEY_EC_256;
+ }
+
+ return (EC_KEY *)mc->pTmpKeys[idx];
+}
+#endif
+
/*
* This OpenSSL callback function is called when OpenSSL
* does client authentication and verifies the certificate chain.
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/ssl/ssl_private.h
^
|
| @@ -191,11 +191,21 @@
#define SSL_ALGO_UNKNOWN (0)
#define SSL_ALGO_RSA (1<<0)
#define SSL_ALGO_DSA (1<<1)
+#ifndef OPENSSL_NO_EC
+#define SSL_ALGO_ECC (1<<2)
+#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)
+#else
#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA)
+#endif
#define SSL_AIDX_RSA (0)
#define SSL_AIDX_DSA (1)
+#ifndef OPENSSL_NO_EC
+#define SSL_AIDX_ECC (2)
+#define SSL_AIDX_MAX (3)
+#else
#define SSL_AIDX_MAX (2)
+#endif
/**
@@ -206,7 +216,12 @@
#define SSL_TMP_KEY_RSA_1024 (1)
#define SSL_TMP_KEY_DH_512 (2)
#define SSL_TMP_KEY_DH_1024 (3)
+#ifndef OPENSSL_NO_EC
+#define SSL_TMP_KEY_EC_256 (4)
+#define SSL_TMP_KEY_MAX (5)
+#else
#define SSL_TMP_KEY_MAX (4)
+#endif
/**
* Define the SSL options
@@ -276,7 +291,7 @@
SSL_PPTYPE_UNSET = UNSET,
SSL_PPTYPE_BUILTIN = 0,
SSL_PPTYPE_FILTER = 1,
- SSL_PPTYPE_PIPE = 2
+ SSL_PPTYPE_PIPE = 2
} ssl_pphrase_t;
/**
@@ -316,7 +331,7 @@
SSL_ENABLED_UNSET = UNSET,
SSL_ENABLED_FALSE = 0,
SSL_ENABLED_TRUE = 1,
- SSL_ENABLED_OPTIONAL = 3
+ SSL_ENABLED_OPTIONAL = 3
} ssl_enabled_t;
/**
@@ -625,6 +640,9 @@
/** OpenSSL callbacks */
RSA *ssl_callback_TmpRSA(SSL *, int, int);
DH *ssl_callback_TmpDH(SSL *, int, int);
+#ifndef OPENSSL_NO_EC
+EC_KEY *ssl_callback_TmpECDH(SSL *, int, int);
+#endif
int ssl_callback_SSLVerify(int, X509_STORE_CTX *);
int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/ssl/ssl_toolkit_compat.h
^
|
| @@ -38,6 +38,12 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/x509v3.h>
+
+/* ECC support came along in OpenSSL 1.0.0 */
+#if (OPENSSL_VERSION_NUMBER < 0x10000000)
+#define OPENSSL_NO_EC
+#endif
+
/** Avoid tripping over an engine build installed globally and detected
* when the user points at an explicit non-engine flavor of OpenSSL
*/
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/modules/ssl/ssl_util.c
^
|
| @@ -150,6 +150,11 @@
case EVP_PKEY_DSA:
t = SSL_ALGO_DSA;
break;
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ t = SSL_ALGO_ECC;
+ break;
+#endif
default:
break;
}
@@ -174,6 +179,11 @@
case SSL_ALGO_DSA:
cp = "DSA";
break;
+#ifndef OPENSSL_NO_EC
+ case SSL_ALGO_ECC:
+ cp = "ECC";
+ break;
+#endif
default:
break;
}
@@ -245,7 +255,11 @@
apr_hash_set(table, key, klen, NULL);
}
+#ifndef OPENSSL_NO_EC
+static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
+#else
static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
+#endif
const char *ssl_asn1_keystr(int keytype)
{
|
|
[-]
[+]
|
Changed |
httpd-2.2.26.tar.bz2/server/util.c
^
|
| @@ -1845,16 +1845,33 @@
char *ret;
unsigned char *d;
const unsigned char *s;
+ apr_size_t length, escapes = 0;
if (!str) {
return NULL;
}
- ret = apr_palloc(p, 4 * strlen(str) + 1); /* Be safe */
+ /* Compute how many characters need to be escaped */
+ s = (const unsigned char *)str;
+ for (; *s; ++s) {
+ if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
+ escapes++;
+ }
+ }
+
+ /* Compute the length of the input string, including NULL */
+ length = s - (const unsigned char *)str + 1;
+
+ /* Fast path: nothing to escape */
+ if (escapes == 0) {
+ return apr_pmemdup(p, str, length);
+ }
+
+ /* Each escaped character needs up to 3 extra bytes (0 --> \x00) */
+ ret = apr_palloc(p, length + 3 * escapes);
d = (unsigned char *)ret;
s = (const unsigned char *)str;
for (; *s; ++s) {
-
if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
*d++ = '\\';
switch(*s) {
|
