httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1769588 [16/17] - in /httpd/httpd/branches/2.4.x-openssl-1.1.0-compat: ./ docs/conf/ docs/manual/ docs/manual/howto/ docs/manual/mod/ docs/manual/platform/ docs/manual/programs/ docs/manual/rewrite/ include/ modules/ modules/aaa/ modules/a...
Date Mon, 14 Nov 2016 10:26:34 GMT
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/http2/mod_proxy_http2.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/http2/mod_proxy_http2.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/http2/mod_proxy_http2.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/http2/mod_proxy_http2.c Mon Nov 14 10:26:31 2016
@@ -44,9 +44,10 @@ static apr_status_t (*req_engine_push)(c
                                        http2_req_engine_init *einit);
 static apr_status_t (*req_engine_pull)(h2_req_engine *engine, 
                                        apr_read_type_e block, 
-                                       apr_uint32_t capacity, 
+                                       int capacity, 
                                        request_rec **pr);
-static void (*req_engine_done)(h2_req_engine *engine, conn_rec *r_conn);
+static void (*req_engine_done)(h2_req_engine *engine, conn_rec *r_conn,
+                               apr_status_t status);
                                        
 typedef struct h2_proxy_ctx {
     conn_rec *owner;
@@ -63,9 +64,9 @@ typedef struct h2_proxy_ctx {
     const char *engine_id;
     const char *engine_type;
     apr_pool_t *engine_pool;    
-    apr_uint32_t req_buffer_size;
+    apr_size_t req_buffer_size;
     request_rec *next;
-    apr_size_t capacity;
+    int capacity;
     
     unsigned standalone : 1;
     unsigned is_ssl : 1;
@@ -168,7 +169,7 @@ static int proxy_http2_canon(request_rec
             path = url;   /* this is the raw path */
         }
         else {
-            path = ap_proxy_canonenc(r->pool, url, strlen(url),
+            path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
                                      enc_path, 0, r->proxyreq);
             search = r->args;
         }
@@ -210,7 +211,7 @@ static apr_status_t proxy_engine_init(h2
                                         const char *id, 
                                         const char *type,
                                         apr_pool_t *pool, 
-                                        apr_uint32_t req_buffer_size,
+                                        apr_size_t req_buffer_size,
                                         request_rec *r,
                                         http2_output_consumed **pconsumed,
                                         void **pctx)
@@ -270,46 +271,45 @@ static apr_status_t add_request(h2_proxy
 }
 
 static void request_done(h2_proxy_session *session, request_rec *r,
-                         int complete, int touched)
+                         apr_status_t status, int touched)
 {   
     h2_proxy_ctx *ctx = session->user_data;
     const char *task_id = apr_table_get(r->connection->notes, H2_TASK_ID_NOTE);
-    
-    if (!complete && !touched) {
-        /* untouched request, need rescheduling */
-        if (req_engine_push && is_h2 && is_h2(ctx->owner)) {
-            if (req_engine_push(ctx->engine_type, r, NULL) == APR_SUCCESS) {
-                /* push to engine */
-                ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection, 
-                              APLOGNO(03369)
-                              "h2_proxy_session(%s): rescheduled request %s",
-                              ctx->engine_id, task_id);
-                return;
+
+    if (status != APR_SUCCESS) {
+        if (!touched) {
+            /* untouched request, need rescheduling */
+            if (req_engine_push && is_h2 && is_h2(ctx->owner)) {
+                if (req_engine_push(ctx->engine_type, r, NULL) == APR_SUCCESS) {
+                    /* push to engine */
+                    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection, 
+                                  APLOGNO(03369)
+                                  "h2_proxy_session(%s): rescheduled request %s",
+                                  ctx->engine_id, task_id);
+                    return;
+                }
             }
         }
+        else {
+            const char *uri;
+            uri = apr_uri_unparse(r->pool, &r->parsed_uri, 0);
+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, r->connection, 
+                          APLOGNO(03471) "h2_proxy_session(%s): request %s -> %s "
+                          "not complete, was touched",
+                          ctx->engine_id, task_id, uri);
+        }
     }
     
-    if (r == ctx->rbase && complete) {
-        ctx->r_status = APR_SUCCESS;
+    if (r == ctx->rbase) {
+        ctx->r_status = (status == APR_SUCCESS)? APR_SUCCESS : HTTP_SERVICE_UNAVAILABLE;
     }
     
-    if (complete) {
-        if (req_engine_done && ctx->engine) {
-            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection, 
-                          APLOGNO(03370)
-                          "h2_proxy_session(%s): finished request %s",
-                          ctx->engine_id, task_id);
-            req_engine_done(ctx->engine, r->connection);
-        }
-    }
-    else {
-        if (req_engine_done && ctx->engine) {
-            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection, 
-                          APLOGNO(03371)
-                          "h2_proxy_session(%s): failed request %s",
-                          ctx->engine_id, task_id);
-            req_engine_done(ctx->engine, r->connection);
-        }
+    if (req_engine_done && ctx->engine) {
+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, r->connection, 
+                      APLOGNO(03370)
+                      "h2_proxy_session(%s): finished request %s",
+                      ctx->engine_id, task_id);
+        req_engine_done(ctx->engine, r->connection, status);
     }
 }    
 
@@ -323,7 +323,7 @@ static apr_status_t next_request(h2_prox
         status = req_engine_pull(ctx->engine, before_leave? 
                                  APR_BLOCK_READ: APR_NONBLOCK_READ, 
                                  ctx->capacity, &ctx->next);
-        ap_log_cerror(APLOG_MARK, APLOG_TRACE2, status, ctx->owner, 
+        ap_log_cerror(APLOG_MARK, APLOG_TRACE3, status, ctx->owner, 
                       "h2_proxy_engine(%s): pulled request (%s) %s", 
                       ctx->engine_id, 
                       before_leave? "before leave" : "regular", 
@@ -342,7 +342,7 @@ static apr_status_t proxy_engine_run(h2_
     ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctx->owner, 
                   "eng(%s): setup session", ctx->engine_id);
     ctx->session = h2_proxy_session_setup(ctx->engine_id, ctx->p_conn, ctx->conf, 
-                                          30, h2_log2(ctx->req_buffer_size), 
+                                          30, h2_proxy_log2((int)ctx->req_buffer_size), 
                                           request_done);
     if (!ctx->session) {
         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctx->owner, 
@@ -367,7 +367,7 @@ static apr_status_t proxy_engine_run(h2_
             /* ongoing processing, call again */
             if (ctx->session->remote_max_concurrent > 0
                 && ctx->session->remote_max_concurrent != ctx->capacity) {
-                ctx->capacity = ctx->session->remote_max_concurrent;
+                ctx->capacity = (int)ctx->session->remote_max_concurrent;
             }
             s2 = next_request(ctx, 0);
             if (s2 == APR_ECONNABORTED) {
@@ -375,10 +375,15 @@ static apr_status_t proxy_engine_run(h2_
                 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, s2, ctx->owner, 
                               APLOGNO(03374) "eng(%s): pull request", 
                               ctx->engine_id);
-                status = s2;
+                /* give notice that we're leaving and cancel all ongoing
+                 * streams. */
+                next_request(ctx, 1); 
+                h2_proxy_session_cancel_all(ctx->session);
+                h2_proxy_session_process(ctx->session);
+                status = ctx->r_status = APR_SUCCESS;
                 break;
             }
-            if (!ctx->next && h2_ihash_empty(ctx->session->streams)) {
+            if (!ctx->next && h2_proxy_ihash_empty(ctx->session->streams)) {
                 break;
             }
         }
@@ -561,7 +566,7 @@ run_connect:
      * backend->hostname. */
     if (ap_proxy_connect_backend(ctx->proxy_func, ctx->p_conn, ctx->worker, 
                                  ctx->server)) {
-        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctx->owner, APLOGNO(03352)
+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctx->owner, APLOGNO(03352)
                       "H2: failed to make connection to backend: %s",
                       ctx->p_conn->hostname);
         goto cleanup;
@@ -569,29 +574,27 @@ run_connect:
     
     /* Step Three: Create conn_rec for the socket we have open now. */
     if (!ctx->p_conn->connection) {
-        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, ctx->owner, APLOGNO(03353)
-                      "setup new connection: is_ssl=%d %s %s %s", 
-                      ctx->p_conn->is_ssl, ctx->p_conn->ssl_hostname, 
-                      locurl, ctx->p_conn->hostname);
         if ((status = ap_proxy_connection_create(ctx->proxy_func, ctx->p_conn,
                                                  ctx->owner, 
                                                  ctx->server)) != OK) {
+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, ctx->owner, APLOGNO(03353)
+                          "setup new connection: is_ssl=%d %s %s %s", 
+                          ctx->p_conn->is_ssl, ctx->p_conn->ssl_hostname, 
+                          locurl, ctx->p_conn->hostname);
             goto cleanup;
         }
         
-        /*
-         * On SSL connections set a note on the connection what CN is
-         * requested, such that mod_ssl can check if it is requested to do
-         * so.
-         */
-        if (ctx->p_conn->ssl_hostname) {
-            apr_table_setn(ctx->p_conn->connection->notes,
-                           "proxy-request-hostname", ctx->p_conn->ssl_hostname);
-        }
-        
-        if (ctx->is_ssl) {
-            apr_table_setn(ctx->p_conn->connection->notes,
-                           "proxy-request-alpn-protos", "h2");
+        if (!ctx->p_conn->data) {
+            /* New conection: set a note on the connection what CN is
+             * requested and what protocol we want */
+            if (ctx->p_conn->ssl_hostname) {
+                apr_table_setn(ctx->p_conn->connection->notes,
+                               "proxy-request-hostname", ctx->p_conn->ssl_hostname);
+            }
+            if (ctx->is_ssl) {
+                apr_table_setn(ctx->p_conn->connection->notes,
+                               "proxy-request-alpn-protos", "h2");
+            }
         }
     }
 

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ldap/util_ldap_cache_mgr.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ldap/util_ldap_cache_mgr.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ldap/util_ldap_cache_mgr.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ldap/util_ldap_cache_mgr.c Mon Nov 14 10:26:31 2016
@@ -497,7 +497,7 @@ void *util_ald_cache_insert(util_ald_cac
         }
     }
 
-    /* Take a copy of the payload before proceeeding. */
+    /* Take a copy of the payload before proceeding. */
     tmp_payload = (*cache->copy)(cache, payload);
     if (tmp_payload == NULL) {
         /*

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/loggers/mod_log_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/loggers/mod_log_config.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/loggers/mod_log_config.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/loggers/mod_log_config.c Mon Nov 14 10:26:31 2016
@@ -39,7 +39,7 @@
  * the request will be logged to the log file(s) defined outside
  * the virtual host section. If a TransferLog or CustomLog directive
  * appears in the VirtualHost section, the log files defined outside
- * the VirtualHost will _not_ be used. This makes this module compatable
+ * the VirtualHost will _not_ be used. This makes this module compatible
  * with the CLF and config log modules, where the use of TransferLog
  * inside the VirtualHost section overrides its use outside.
  *

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/lua/mod_lua.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/lua/mod_lua.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/lua/mod_lua.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/lua/mod_lua.c Mon Nov 14 10:26:31 2016
@@ -905,7 +905,7 @@ typedef struct cr_ctx
 } cr_ctx;
 
 
-/* Okay, this deserves a little explaination -- in order for the errors that lua
+/* Okay, this deserves a little explanation -- in order for the errors that lua
  * generates to be 'accuarate', including line numbers, we basically inject
  * N line number new lines into the 'top' of the chunk reader.....
  *

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_actions.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_actions.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_actions.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_actions.c Mon Nov 14 10:26:31 2016
@@ -118,7 +118,7 @@ static const char *set_script(cmd_parms
     }
     else {
         /* ap_method_register recognizes already registered methods,
-         * so don't bother to check its previous existence explicitely.
+         * so don't bother to check its previous existence explicitly.
          */
         methnum = ap_method_register(cmd->pool, method);
     }

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_negotiation.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_negotiation.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_negotiation.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_negotiation.c Mon Nov 14 10:26:31 2016
@@ -2252,7 +2252,7 @@ static int variant_has_language(var_rec
 }
 
 /* check for environment variables 'no-gzip' and
- * 'gzip-only-text/html' to get a behaviour similiar
+ * 'gzip-only-text/html' to get a behaviour similar
  * to mod_deflate
  */
 static int discard_variant_by_env(var_rec *variant, int discard)
@@ -2775,7 +2775,7 @@ static int setup_choice_response(request
      * see that Vary header yet at this point in the control flow.
      * This won't cause any cache consistency problems _unless_ the
      * CGI script also returns a Cache-Control header marking the
-     * response as cachable.  This needs to be fixed, also there are
+     * response as cacheable.  This needs to be fixed, also there are
      * problems if a CGI returns an Etag header which also need to be
      * fixed.
      */
@@ -3127,7 +3127,7 @@ static int handle_multi(request_rec *r)
     ap_internal_fast_redirect(sub_req, r);
 
     /* give no advise for time on this subrequest.  Perhaps we
-     * should tally the last mtime amoung all variants, and date
+     * should tally the last mtime among all variants, and date
      * the most recent, but that could confuse the proxies.
      */
     r->mtime = 0;

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_rewrite.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_rewrite.c Mon Nov 14 10:26:31 2016
@@ -4077,7 +4077,7 @@ static int apply_rewrite_rule(rewriterul
     /* Ok, we already know the pattern has matched, but we now
      * additionally have to check for all existing preconditions
      * (RewriteCond) which have to be also true. We do this at
-     * this very late stage to avoid unnessesary checks which
+     * this very late stage to avoid unnecessary checks which
      * would slow down the rewriting engine.
      */
     rewriteconds = p->rewriteconds;
@@ -4871,7 +4871,7 @@ static int hook_fixup(request_rec *r)
 
     /*
      *  Do the Options check after engine check, so
-     *  the user is able to explicitely turn RewriteEngine Off.
+     *  the user is able to explicitly turn RewriteEngine Off.
      */
     if (!(ap_allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
         /* FollowSymLinks is mandatory! */
@@ -4886,7 +4886,7 @@ static int hook_fixup(request_rec *r)
     /*
      *  remember the current filename before rewriting for later check
      *  to prevent deadlooping because of internal redirects
-     *  on final URL/filename which can be equal to the inital one.
+     *  on final URL/filename which can be equal to the initial one.
      *  also, we'll restore original r->filename if we decline this
      *  request
      */

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_env.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_env.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_env.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_env.c Mon Nov 14 10:26:31 2016
@@ -63,7 +63,7 @@ static void *merge_env_dir_configs(apr_p
      *     table_set( res->vars, $element.key, $element.val );
      *
      * add->unsetenv already removed the vars from add->vars,
-     * if they preceeded the UnsetEnv directive.
+     * if they preceded the UnsetEnv directive.
      */
     res->vars = apr_table_copy(p, base->vars);
     res->unsetenv = NULL;

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_mime_magic.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_mime_magic.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_mime_magic.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_mime_magic.c Mon Nov 14 10:26:31 2016
@@ -161,7 +161,7 @@ struct magic {
         unsigned char hl[4];   /* 2 bytes of a fixed-endian "long" */
     } value;                   /* either number or string */
     unsigned long mask;        /* mask before comparison with value */
-    char nospflag;             /* supress space character */
+    char nospflag;             /* suppress space character */
 
     /* NOTE: this string is suspected of overrunning - find it! */
     char desc[MAXDESC];        /* description */

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_remoteip.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_remoteip.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_remoteip.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_remoteip.c Mon Nov 14 10:26:31 2016
@@ -255,7 +255,7 @@ static int remoteip_modify_request(reque
     }
     remote = apr_pstrdup(r->pool, remote);
 
-    temp_sa = c->client_addr;
+    temp_sa = r->useragent_addr ? r->useragent_addr : c->client_addr;
 
     while (remote) {
 

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_version.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_version.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_version.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_version.c Mon Nov 14 10:26:31 2016
@@ -49,7 +49,7 @@
  * = / ==       match; regex must be surrounded by slashes
  * ~            match; regex MAY NOT be surrounded by slashes
  *
- * Note that all operators may be preceeded by an exclamation mark
+ * Note that all operators may be preceded by an exclamation mark
  * (without spaces) in order to reverse their meaning.
  *
  */

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/NWGNUproxy
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/NWGNUproxy?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/NWGNUproxy (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/NWGNUproxy Mon Nov 14 10:26:31 2016
@@ -256,6 +256,7 @@ $(OBJDIR)/mod_proxy.imp: NWGNUproxy
 	@echo $(DL)# Exports of mod_proxy$(DL)> $@
 	@echo $(DL) (AP$(VERSION_MAJMIN))$(DL)>> $@
 	@echo $(DL) proxy_module,$(DL)>> $@
+	@echo $(DL) proxy_hcmethods,$(DL)>> $@
 	@echo $(DL) proxy_hook_canon_handler,$(DL)>> $@
 	@echo $(DL) proxy_hook_get_canon_handler,$(DL)>> $@
 	@echo $(DL) proxy_hook_get_post_request,$(DL)>> $@
@@ -277,6 +278,7 @@ $(OBJDIR)/mod_proxy.imp: NWGNUproxy
 	@echo $(DL) ap_proxy_c2hex,$(DL)>> $@
 	@echo $(DL) ap_proxy_canon_netloc,$(DL)>> $@
 	@echo $(DL) ap_proxy_canonenc,$(DL)>> $@
+	@echo $(DL) ap_proxy_check_connection,$(DL)>> $@
 	@echo $(DL) ap_proxy_checkproxyblock,$(DL)>> $@
 	@echo $(DL) ap_proxy_checkproxyblock2,$(DL)>> $@
 	@echo $(DL) ap_proxy_conn_is_https,$(DL)>> $@
@@ -312,6 +314,7 @@ $(OBJDIR)/mod_proxy.imp: NWGNUproxy
 	@echo $(DL) ap_proxy_set_wstatus,$(DL)>> $@
 	@echo $(DL) ap_proxy_share_balancer,$(DL)>> $@
 	@echo $(DL) ap_proxy_share_worker,$(DL)>> $@
+	@echo $(DL) ap_proxy_show_hcmethod,$(DL)>> $@
 	@echo $(DL) ap_proxy_ssl_connection_cleanup,$(DL)>> $@
 	@echo $(DL) ap_proxy_ssl_disable,$(DL)>> $@
 	@echo $(DL) ap_proxy_ssl_enable,$(DL)>> $@

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.c Mon Nov 14 10:26:31 2016
@@ -649,9 +649,18 @@ PROXY_DECLARE(int) ap_proxy_trans_match(
         fake = ent->fake;
         real = ent->real;
     }
+
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, APLOGNO(03461)
+                  "attempting to match URI path '%s' against %s '%s' for "
+                  "proxying", r->uri, (ent->regex ? "pattern" : "prefix"),
+                  fake);
+
     if (ent->regex) {
         if (!ap_regexec(ent->regex, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
             if ((real[0] == '!') && (real[1] == '\0')) {
+                ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03462)
+                              "proxying is explicitly disabled for URI path "
+                              "'%s'; declining", r->uri);
                 return DECLINED;
             }
             /* test that we haven't reduced the URI */
@@ -695,6 +704,9 @@ PROXY_DECLARE(int) ap_proxy_trans_match(
 
         if (len != 0) {
             if ((real[0] == '!') && (real[1] == '\0')) {
+                ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03463)
+                              "proxying is explicitly disabled for URI path "
+                              "'%s'; declining", r->uri);
                 return DECLINED;
             }
             if (nocanon && len != alias_match(r->unparsed_uri, ent->fake)) {
@@ -723,6 +735,11 @@ PROXY_DECLARE(int) ap_proxy_trans_match(
         if (ent->flags & PROXYPASS_NOQUERY) {
             apr_table_setn(r->notes, "proxy-noquery", "1");
         }
+
+        ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03464)
+                      "URI path '%s' matches proxy handler '%s'", r->uri,
+                      found);
+
         return OK;
     }
 
@@ -1255,16 +1272,24 @@ cleanup:
      * the error page on the proxy or if the error was not generated by the
      * backend itself but by the proxy e.g. a bad gateway) in order to give
      * ap_proxy_post_request a chance to act correctly on the status code.
+     * But only do the above if access_status is not OK and not DONE, because
+     * in this case r->status might contain the true status and overwriting
+     * it with OK or DONE would be wrong.
      */
-    saved_status = r->status;
-    r->status = access_status;
-    ap_proxy_post_request(worker, balancer, r, conf);
-    /*
-     * Only restore r->status if it has not been changed by
-     * ap_proxy_post_request as we assume that this change was intentional.
-     */
-    if (r->status == access_status) {
-        r->status = saved_status;
+    if ((access_status != OK) && (access_status != DONE)) {
+        saved_status = r->status;
+        r->status = access_status;
+        ap_proxy_post_request(worker, balancer, r, conf);
+        /*
+         * Only restore r->status if it has not been changed by
+         * ap_proxy_post_request as we assume that this change was intentional.
+         */
+        if (r->status == access_status) {
+            r->status = saved_status;
+        }
+    }
+    else {
+        ap_proxy_post_request(worker, balancer, r, conf);
     }
 
     proxy_run_request_status(&access_status, r);

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.h?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.h (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.h Mon Nov 14 10:26:31 2016
@@ -271,6 +271,10 @@ typedef struct {
     unsigned int inreslist:1;  /* connection in apr_reslist? */
     const char   *uds_path;    /* Unix domain socket path */
     const char   *ssl_hostname;/* Hostname (SNI) in use by SSL connection */
+    apr_bucket_brigade *tmp_bb;/* Temporary brigade created with the connection
+                                * and its scpool/bucket_alloc (NULL before),
+                                * must be left cleaned when used (locally).
+                                */
 } proxy_conn_rec;
 
 typedef struct {
@@ -374,7 +378,7 @@ typedef struct {
     unsigned int fnv;
 } proxy_hashes ;
 
-/* Runtime worker status informations. Shared in scoreboard */
+/* Runtime worker status information. Shared in scoreboard */
 /* The addition of member uds_path in 2.4.7 was an incompatible API change. */
 typedef struct {
     char      name[PROXY_WORKER_MAX_NAME_SIZE];
@@ -580,7 +584,7 @@ APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY,
 /**
  * pre request hook.
  * It will return the most suitable worker at the moment
- * and coresponding balancer.
+ * and corresponding balancer.
  * The url is rewritten from balancer://cluster/uri to scheme://host:port/uri
  * and then the scheme_handler is called.
  *
@@ -632,6 +636,7 @@ PROXY_DECLARE(int) ap_proxy_checkproxybl
 PROXY_DECLARE(int) ap_proxy_pre_http_request(conn_rec *c, request_rec *r);
 /* DEPRECATED (will be replaced with ap_proxy_connect_backend */
 PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **, const char *, apr_sockaddr_t *, const char *, proxy_server_conf *, request_rec *);
+/* DEPRECATED (will be replaced with ap_proxy_check_connection */
 PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connection_cleanup(proxy_conn_rec *conn,
                                                             request_rec *r);
 PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c);
@@ -763,7 +768,7 @@ PROXY_DECLARE(char *) ap_proxy_update_ba
  * @param url    url containing balancer name
  * @param alias  alias/fake-path to this balancer
  * @param do_malloc true if shared struct should be malloced
- * @return       error message or NULL if successfull
+ * @return       error message or NULL if successful
  */
 PROXY_DECLARE(char *) ap_proxy_define_balancer(apr_pool_t *p,
                                                proxy_balancer **balancer,
@@ -916,6 +921,28 @@ PROXY_DECLARE(int) ap_proxy_acquire_conn
 PROXY_DECLARE(int) ap_proxy_release_connection(const char *proxy_function,
                                                proxy_conn_rec *conn,
                                                server_rec *s);
+
+#define PROXY_CHECK_CONN_EMPTY (1 << 0)
+/**
+ * Check a connection to the backend
+ * @param scheme calling proxy scheme (http, ajp, ...)
+ * @param conn   acquired connection
+ * @param server current server record
+ * @param max_blank_lines how many blank lines to consume,
+ *                        or zero for none (considered data)
+ * @param flags  PROXY_CHECK_* bitmask
+ * @return APR_SUCCESS: connection established,
+ *         APR_ENOTEMPTY: connection established with data,
+ *         APR_ENOSOCKET: not connected,
+ *         APR_EINVAL: worker in error state (unusable),
+ *         other: connection closed/aborted (remotely)
+ */
+PROXY_DECLARE(apr_status_t) ap_proxy_check_connection(const char *scheme,
+                                                      proxy_conn_rec *conn,
+                                                      server_rec *server,
+                                                      unsigned max_blank_lines,
+                                                      int flags);
+
 /**
  * Make a connection to the backend
  * @param proxy_function calling proxy scheme (http, ajp, ...)

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_ajp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_ajp.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_ajp.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_ajp.c Mon Nov 14 10:26:31 2016
@@ -141,7 +141,7 @@ static apr_off_t get_content_length(requ
  * XXX: AJP Auto Flushing
  *
  * When processing CMD_AJP13_SEND_BODY_CHUNK AJP messages we will do a poll
- * with FLUSH_WAIT miliseconds timeout to determine if more data is currently
+ * with FLUSH_WAIT milliseconds timeout to determine if more data is currently
  * available at the backend. If there is no more data available, we flush
  * the data to the client by adding a flush bucket to the brigade we pass
  * up the filter chain.
@@ -358,7 +358,7 @@ static int ap_proxy_ajp_request(apr_pool
         }
         return HTTP_INTERNAL_SERVER_ERROR;
     }
-    /* parse the reponse */
+    /* parse the response */
     result = ajp_parse_type(r, conn->data);
     output_brigade = apr_brigade_create(p, r->connection->bucket_alloc);
 
@@ -769,7 +769,10 @@ static int proxy_ajp_handler(request_rec
             break;
 
         /* Step Two: Make the Connection */
-        if (ap_proxy_connect_backend(scheme, backend, worker, r->server)) {
+        if (ap_proxy_check_connection(scheme, backend, r->server, 0,
+                                      PROXY_CHECK_CONN_EMPTY)
+                && ap_proxy_connect_backend(scheme, backend, worker,
+                                            r->server)) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00896)
                           "failed to make connection to backend: %s",
                           backend->hostname);

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_balancer.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_balancer.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_balancer.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_balancer.c Mon Nov 14 10:26:31 2016
@@ -212,7 +212,8 @@ static char *get_cookie_param(request_re
 /* Find the worker that has the 'route' defined
  */
 static proxy_worker *find_route_worker(proxy_balancer *balancer,
-                                       const char *route, request_rec *r)
+                                       const char *route, request_rec *r,
+                                       int recursion)
 {
     int i;
     int checking_standby;
@@ -249,10 +250,15 @@ static proxy_worker *find_route_worker(p
                          * This enables to safely remove the member from the
                          * balancer. Of course you will need some kind of
                          * session replication between those two remote.
+                         * Also check that we haven't gone thru all the
+                         * balancer members by means of redirects.
+                         * This should avoid redirect cycles.
                          */
-                        if (*worker->s->redirect) {
+                        if ((*worker->s->redirect)
+                            && (recursion < balancer->workers->nelts)) {
                             proxy_worker *rworker = NULL;
-                            rworker = find_route_worker(balancer, worker->s->redirect, r);
+                            rworker = find_route_worker(balancer, worker->s->redirect,
+                                                        r, recursion + 1);
                             /* Check if the redirect worker is usable */
                             if (rworker && !PROXY_WORKER_IS_USABLE(rworker)) {
                                 /*
@@ -315,7 +321,7 @@ static proxy_worker *find_session_route(
         /* We have a route in path or in cookie
          * Find the worker that has this route defined.
          */
-        worker = find_route_worker(balancer, *route, r);
+        worker = find_route_worker(balancer, *route, r, 1);
         if (worker && strcmp(*route, worker->s->route)) {
             /*
              * Notice that the route of the worker chosen is different from

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_connect.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_connect.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_connect.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_connect.c Mon Nov 14 10:26:31 2016
@@ -119,7 +119,7 @@ static int allowed_port(connect_conf *co
     int i;
     port_range *list = (port_range *) conf->allowed_connect_ports->elts;
 
-    if (apr_is_empty_array(conf->allowed_connect_ports)){
+    if (apr_is_empty_array(conf->allowed_connect_ports)) {
         return port == APR_URI_HTTPS_DEFAULT_PORT
                || port == APR_URI_SNEWS_DEFAULT_PORT;
     }
@@ -158,7 +158,7 @@ static int proxy_connect_handler(request
     conn_rec *backconn;
     int done = 0;
 
-    apr_bucket_brigade *bb_front = apr_brigade_create(p, c->bucket_alloc);
+    apr_bucket_brigade *bb_front;
     apr_bucket_brigade *bb_back;
     apr_status_t rv;
     apr_size_t nbytes;
@@ -227,9 +227,9 @@ static int proxy_connect_handler(request
                   connectname, connectport);
 
     /* Check if it is an allowed port */
-    if(!allowed_port(c_conf, uri.port)) {
-              return ap_proxyerror(r, HTTP_FORBIDDEN,
-                                   "Connect to remote machine blocked");
+    if (!allowed_port(c_conf, uri.port)) {
+        return ap_proxyerror(r, HTTP_FORBIDDEN,
+                             "Connect to remote machine blocked");
     }
 
     /*
@@ -315,6 +315,7 @@ static int proxy_connect_handler(request
                    backconn->local_addr->port));
 
 
+    bb_front = apr_brigade_create(p, c->bucket_alloc);
     bb_back = apr_brigade_create(p, backconn->bucket_alloc);
 
     /* If we are connecting through a remote proxy, we need to pass

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_fcgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_fcgi.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_fcgi.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_fcgi.c Mon Nov 14 10:26:31 2016
@@ -658,22 +658,32 @@ recv_again:
                                 rv = ap_pass_brigade(r->output_filters, ob);
                                 if (rv != APR_SUCCESS) {
                                     *err = "passing headers brigade to output filters";
+                                    break;
                                 }
-                                else if (status == HTTP_NOT_MODIFIED) {
-                                    /* The 304 response MUST NOT contain
-                                     * a message-body, ignore it. */
+                                else if (status == HTTP_NOT_MODIFIED
+                                         || status == HTTP_PRECONDITION_FAILED) {
+                                    /* Special 'status' cases handled:
+                                     * 1) HTTP 304 response MUST NOT contain
+                                     *    a message-body, ignore it.
+                                     * 2) HTTP 412 response.
+                                     * The break is not added since there might
+                                     * be more bytes to read from the FCGI
+                                     * connection. Even if the message-body is
+                                     * ignored (and the EOS bucket has already
+                                     * been sent) we want to avoid subsequent
+                                     * bogus reads. */
                                     ignore_body = 1;
                                 }
                                 else {
                                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070)
                                                     "Error parsing script headers");
                                     rv = APR_EINVAL;
+                                    break;
                                 }
-                                break;
                             }
 
-                            if (conf->error_override &&
-                                ap_is_HTTP_ERROR(r->status)) {
+                            if (conf->error_override
+                                && ap_is_HTTP_ERROR(r->status) && ap_is_initial_req(r)) {
                                 /*
                                  * set script_error_status to discard
                                  * everything after the headers
@@ -943,7 +953,10 @@ static int proxy_fcgi_handler(request_re
     }
 
     /* Step Two: Make the Connection */
-    if (ap_proxy_connect_backend(FCGI_SCHEME, backend, worker, r->server)) {
+    if (ap_proxy_check_connection(FCGI_SCHEME, backend, r->server, 0,
+                                  PROXY_CHECK_CONN_EMPTY)
+            && ap_proxy_connect_backend(FCGI_SCHEME, backend, worker,
+                                        r->server)) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01079)
                       "failed to make connection to backend: %s",
                       backend->hostname);

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_hcheck.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_hcheck.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_hcheck.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_hcheck.c Mon Nov 14 10:26:31 2016
@@ -426,6 +426,8 @@ static proxy_worker *hc_get_hcworker(sct
         PROXY_STRNCPY(hc->s->name,     wptr);
         PROXY_STRNCPY(hc->s->hostname, worker->s->hostname);
         PROXY_STRNCPY(hc->s->scheme,   worker->s->scheme);
+        PROXY_STRNCPY(hc->s->hcuri,    worker->s->hcuri);
+        PROXY_STRNCPY(hc->s->hcexpr,   worker->s->hcexpr);
         hc->hash.def = hc->s->hash.def = ap_proxy_hashfunc(hc->s->name, PROXY_HASHFUNC_DEFAULT);
         hc->hash.fnv = hc->s->hash.fnv = ap_proxy_hashfunc(hc->s->name, PROXY_HASHFUNC_FNV);
         hc->s->port = port;

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_http.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_http.c Mon Nov 14 10:26:31 2016
@@ -1188,7 +1188,7 @@ apr_status_t ap_proxy_http_process_respo
     const char *buf;
     char keepchar;
     apr_bucket *e;
-    apr_bucket_brigade *bb, *tmp_bb;
+    apr_bucket_brigade *bb;
     apr_bucket_brigade *pass_bb;
     int len, backasswards;
     int interim_response = 0; /* non-zero whilst interim 1xx responses
@@ -1244,16 +1244,17 @@ apr_status_t ap_proxy_http_process_respo
     backend->r->proxyreq = PROXYREQ_RESPONSE;
     apr_table_setn(r->notes, "proxy-source-port", apr_psprintf(r->pool, "%hu",
                    origin->local_addr->port));
-    tmp_bb = apr_brigade_create(p, c->bucket_alloc);
     do {
         apr_status_t rc;
 
         apr_brigade_cleanup(bb);
 
-        rc = ap_proxygetline(tmp_bb, buffer, sizeof(buffer), backend->r, 0, &len);
+        rc = ap_proxygetline(backend->tmp_bb, buffer, sizeof(buffer),
+                             backend->r, 0, &len);
         if (len == 0) {
             /* handle one potential stray CRLF */
-            rc = ap_proxygetline(tmp_bb, buffer, sizeof(buffer), backend->r, 0, &len);
+            rc = ap_proxygetline(backend->tmp_bb, buffer, sizeof(buffer),
+                                 backend->r, 0, &len);
         }
         if (len <= 0) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r, APLOGNO(01102)
@@ -1908,13 +1909,8 @@ static int proxy_http_handler(request_re
                                               worker, r->server)) != OK)
         goto cleanup;
 
-
     backend->is_ssl = is_ssl;
 
-    if (is_ssl) {
-        ap_proxy_ssl_connection_cleanup(backend, r);
-    }
-
     /*
      * In the case that we are handling a reverse proxy connection and this
      * is not a request that is coming over an already kept alive connection
@@ -1939,7 +1935,10 @@ static int proxy_http_handler(request_re
             break;
 
         /* Step Two: Make the Connection */
-        if (ap_proxy_connect_backend(proxy_function, backend, worker, r->server)) {
+        if (ap_proxy_check_connection(proxy_function, backend, r->server, 1,
+                                      PROXY_CHECK_CONN_EMPTY)
+                && ap_proxy_connect_backend(proxy_function, backend, worker,
+                                            r->server)) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01114)
                           "HTTP: failed to make connection to backend: %s",
                           backend->hostname);

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/proxy_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/proxy_util.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/proxy_util.c Mon Nov 14 10:26:31 2016
@@ -1305,6 +1305,7 @@ PROXY_DECLARE(apr_status_t) ap_proxy_ini
 static void socket_cleanup(proxy_conn_rec *conn)
 {
     conn->sock = NULL;
+    conn->tmp_bb = NULL;
     conn->connection = NULL;
     conn->ssl_hostname = NULL;
     apr_pool_clear(conn->scpool);
@@ -1405,10 +1406,10 @@ static apr_status_t connection_cleanup(v
     return APR_SUCCESS;
 }
 
+/* DEPRECATED */
 PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connection_cleanup(proxy_conn_rec *conn,
                                                             request_rec *r)
 {
-    apr_bucket_brigade *bb;
     apr_status_t rv;
 
     /*
@@ -1420,22 +1421,21 @@ PROXY_DECLARE(apr_status_t) ap_proxy_ssl
      * processed. We don't expect any data to be in the returned brigade.
      */
     if (conn->sock && conn->connection) {
-        bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
-        rv = ap_get_brigade(conn->connection->input_filters, bb,
+        rv = ap_get_brigade(conn->connection->input_filters, conn->tmp_bb,
                             AP_MODE_READBYTES, APR_NONBLOCK_READ,
                             HUGE_STRING_LEN);
-        if ((rv != APR_SUCCESS) && !APR_STATUS_IS_EAGAIN(rv)) {
-            socket_cleanup(conn);
-        }
-        if (!APR_BRIGADE_EMPTY(bb)) {
+        if (!APR_BRIGADE_EMPTY(conn->tmp_bb)) {
             apr_off_t len;
 
-            rv = apr_brigade_length(bb, 0, &len);
+            rv = apr_brigade_length(conn->tmp_bb, 0, &len);
             ap_log_rerror(APLOG_MARK, APLOG_TRACE3, rv, r,
                           "SSL cleanup brigade contained %"
                           APR_OFF_T_FMT " bytes of data.", len);
+            apr_brigade_cleanup(conn->tmp_bb);
+        }
+        if ((rv != APR_SUCCESS) && !APR_STATUS_IS_EAGAIN(rv)) {
+            socket_cleanup(conn);
         }
-        apr_brigade_destroy(bb);
     }
     return APR_SUCCESS;
 }
@@ -1798,13 +1798,13 @@ PROXY_DECLARE(apr_status_t) ap_proxy_ini
             if (worker->s->smax == -1 || worker->s->smax > worker->s->hmax) {
                 worker->s->smax = worker->s->hmax;
             }
-            /* Set min to be lower then smax */
+            /* Set min to be lower than smax */
             if (worker->s->min > worker->s->smax) {
                 worker->s->min = worker->s->smax;
             }
         }
         else {
-            /* This will supress the apr_reslist creation */
+            /* This will suppress the apr_reslist creation */
             worker->s->min = worker->s->smax = worker->s->hmax = 0;
         }
     }
@@ -2328,7 +2328,7 @@ ap_proxy_determine_connection(apr_pool_t
                 }
 
                 /*
-                 * Worker can have the single constant backend adress.
+                 * Worker can have the single constant backend address.
                  * The single DNS lookup is used once per worker.
                  * If dynamic change is needed then set the addr to NULL
                  * inside dynamic config to force the lookup.
@@ -2638,13 +2638,103 @@ PROXY_DECLARE(apr_status_t) ap_proxy_con
 #endif
 }
 
+PROXY_DECLARE(apr_status_t) ap_proxy_check_connection(const char *scheme,
+                                                      proxy_conn_rec *conn,
+                                                      server_rec *server,
+                                                      unsigned max_blank_lines,
+                                                      int flags)
+{
+    apr_status_t rv = APR_SUCCESS;
+    proxy_worker *worker = conn->worker;
+
+    if (!PROXY_WORKER_IS_USABLE(worker)) {
+        /*
+         * The worker is in error likely done by a different thread / process
+         * e.g. for a timeout or bad status. We should respect this and should
+         * not continue with a connection via this worker even if we got one.
+         */
+        rv = APR_EINVAL;
+    }
+    else if (conn->connection) {
+        /* We have a conn_rec, check the full filter stack for things like
+         * SSL alert/shutdown, filters aside data...
+         */
+        rv = ap_check_pipeline(conn->connection, conn->tmp_bb,
+                               max_blank_lines);
+        apr_brigade_cleanup(conn->tmp_bb);
+        if (rv == APR_SUCCESS) {
+            /* Some data available, the caller might not want them. */
+            if (flags & PROXY_CHECK_CONN_EMPTY) {
+                rv = APR_ENOTEMPTY;
+            }
+        }
+        else if (APR_STATUS_IS_EAGAIN(rv)) {
+            /* Filter chain is OK and empty, yet we can't determine from
+             * ap_check_pipeline (actually ap_core_input_filter) whether
+             * an empty non-blocking read is EAGAIN or EOF on the socket
+             * side (it's always SUCCESS), so check it explicitely here.
+             */
+            if (ap_proxy_is_socket_connected(conn->sock)) {
+                rv = APR_SUCCESS;
+            }
+            else {
+                rv = APR_EPIPE;
+            }
+        }
+    }
+    else if (conn->sock) {
+        /* For modules working with sockets directly, check it. */
+        if (!ap_proxy_is_socket_connected(conn->sock)) {
+            rv = APR_EPIPE;
+        }
+    }
+    else {
+        rv = APR_ENOSOCKET;
+    }
+
+    if (rv == APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, server,
+                     "%s: reusing backend connection %pI<>%pI",
+                     scheme, conn->connection->local_addr,
+                     conn->connection->client_addr);
+    }
+    else if (conn->sock) {
+        /* This clears conn->scpool (and associated data), so backup and
+         * restore any ssl_hostname for this connection set earlier by
+         * ap_proxy_determine_connection().
+         */
+        char ssl_hostname[PROXY_WORKER_RFC1035_NAME_SIZE];
+        if (rv == APR_EINVAL
+                || !conn->ssl_hostname
+                || PROXY_STRNCPY(ssl_hostname, conn->ssl_hostname)) {
+            ssl_hostname[0] = '\0';
+        }
+
+        socket_cleanup(conn);
+        if (rv != APR_ENOTEMPTY) {
+            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, server, APLOGNO(00951)
+                         "%s: backend socket is disconnected.", scheme);
+        }
+        else {
+            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, server, APLOGNO(03408)
+                         "%s: reusable backend connection is not empty: "
+                         "forcibly closed", scheme);
+        }
+
+        if (ssl_hostname[0]) {
+            conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
+        }
+    }
+
+    return rv;
+}
+
 PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
                                             proxy_conn_rec *conn,
                                             proxy_worker *worker,
                                             server_rec *s)
 {
     apr_status_t rv;
-    int connected = 0;
     int loglevel;
     apr_sockaddr_t *backend_addr = conn->addr;
     /* the local address to use for the outgoing connection */
@@ -2654,29 +2744,12 @@ PROXY_DECLARE(int) ap_proxy_connect_back
     proxy_server_conf *conf =
         (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
 
-    if (conn->sock) {
-        if (!(connected = ap_proxy_is_socket_connected(conn->sock))) {
-            /* This clears conn->scpool (and associated data), so backup and
-             * restore any ssl_hostname for this connection set earlier by
-             * ap_proxy_determine_connection().
-             */
-            char ssl_hostname[PROXY_WORKER_RFC1035_NAME_SIZE];
-            if (!conn->ssl_hostname || PROXY_STRNCPY(ssl_hostname,
-                                                     conn->ssl_hostname)) {
-                ssl_hostname[0] = '\0';
-            }
-
-            socket_cleanup(conn);
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951)
-                         "%s: backend socket is disconnected.",
-                         proxy_function);
-
-            if (ssl_hostname[0]) {
-                conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
-            }
-        }
+    rv = ap_proxy_check_connection(proxy_function, conn, s, 0, 0);
+    if (rv == APR_EINVAL) {
+        return DECLINED;
     }
-    while ((backend_addr || conn->uds_path) && !connected) {
+
+    while (rv != APR_SUCCESS && (backend_addr || conn->uds_path)) {
 #if APR_HAVE_SYS_UN_H
         if (conn->uds_path)
         {
@@ -2848,9 +2921,8 @@ PROXY_DECLARE(int) ap_proxy_connect_back
                 }
             }
         }
-
-        connected    = 1;
     }
+
     if (PROXY_WORKER_IS_USABLE(worker)) {
         /*
          * Put the entire worker to error state if
@@ -2858,7 +2930,7 @@ PROXY_DECLARE(int) ap_proxy_connect_back
          * Although some connections may be alive
          * no further connections to the worker could be made
          */
-        if (!connected) {
+        if (rv != APR_SUCCESS) {
             if (!(worker->s->status & PROXY_WORKER_IGNORE_ERRORS)) {
                 worker->s->error_time = apr_time_now();
                 worker->s->status |= PROXY_WORKER_IN_ERROR;
@@ -2879,7 +2951,6 @@ PROXY_DECLARE(int) ap_proxy_connect_back
             worker->s->error_time = 0;
             worker->s->retries = 0;
         }
-        return connected ? OK : DECLINED;
     }
     else {
         /*
@@ -2887,11 +2958,13 @@ PROXY_DECLARE(int) ap_proxy_connect_back
          * e.g. for a timeout or bad status. We should respect this and should
          * not continue with a connection via this worker even if we got one.
          */
-        if (connected) {
+        if (rv == APR_SUCCESS) {
             socket_cleanup(conn);
         }
-        return DECLINED;
+        rv = APR_EINVAL;
     }
+
+    return rv == APR_SUCCESS ? OK : DECLINED;
 }
 
 static apr_status_t connection_shutdown(void *theconn)
@@ -2936,6 +3009,7 @@ PROXY_DECLARE(int) ap_proxy_connection_c
     }
 
     bucket_alloc = apr_bucket_alloc_create(conn->scpool);
+    conn->tmp_bb = apr_brigade_create(conn->scpool, bucket_alloc);
     /*
      * The socket is now open, create a new backend server connection
      */
@@ -3469,7 +3543,7 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbr
      *
      * The HTTP/1.1 Via: header is designed for passing client
      * information through proxies to a server, and should be used in
-     * a forward proxy configuation instead of X-Forwarded-*. See the
+     * a forward proxy configuration instead of X-Forwarded-*. See the
      * ProxyVia option for details.
      */
     if (dconf->add_forwarded_headers) {

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/slotmem/mod_slotmem_shm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/slotmem/mod_slotmem_shm.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/slotmem/mod_slotmem_shm.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/slotmem/mod_slotmem_shm.c Mon Nov 14 10:26:31 2016
@@ -753,7 +753,7 @@ static const ap_slotmem_provider_t stora
     &slotmem_fgrab
 };
 
-/* make the storage usuable from outside */
+/* make the storage usable from outside */
 static const ap_slotmem_provider_t *slotmem_shm_getstorage(void)
 {
     return (&storage);

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/README
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/README?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/README (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/README Mon Nov 14 10:26:31 2016
@@ -59,7 +59,7 @@ DATA STRUCTURES
  For an overview how these are related and chained together have a look at the
  page in README.dsov.{fig,ps}. It contains overview diagrams for those data
  structures. It's designed for DIN A4 paper size, but you can easily generate
- a smaller version inside XFig by specifing a magnification on the Export
+ a smaller version inside XFig by specifying a magnification on the Export
  panel.
 
 INCOMPATIBILITIES
@@ -81,7 +81,7 @@ MAJOR CHANGES
  o The DBM based session cache is now based on APR's DBM API only.
  o The shared memory based session cache is now based on APR's APIs.
  o SSL I/O is now implemented in terms of filters rather than BUFF
- o Eliminated ap_global_ctx. Storing Persistant information in 
+ o Eliminated ap_global_ctx. Storing Persistent information in 
    process_rec->pool->user_data. The ssl_pphrase_Handle_CB() and 
    ssl_config_global_* () functions have an extra parameter now - 
    "server_rec *" -  which is used to retrieve the SSLModConfigRec.

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_init.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_init.c Mon Nov 14 10:26:31 2016
@@ -1005,7 +1005,7 @@ static apr_status_t ssl_init_ctx_cert_ch
      * SSLCACertificateFile and also use client authentication mod_ssl
      * would accept all clients also issued by this CA. Obviously this
      * isn't what we want in this situation. So this feature here exists
-     * to allow one to explicity configure CA certificates which are
+     * to allow one to explicitly configure CA certificates which are
      * used only for the server certificate chain.
      */
     if (!chain) {

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_io.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_io.c Mon Nov 14 10:26:31 2016
@@ -224,7 +224,7 @@ static int bio_filter_out_write(BIO *bio
      *
      * Historically, this flush call was performed only for an SSLv2
      * connection or for a proxy connection.  Calling _out_flush can
-     * be expensive in cases where requests/reponses are pipelined,
+     * be expensive in cases where requests/responses are pipelined,
      * so limit the performance impact to handshake time.
      */
 #if OPENSSL_VERSION_NUMBER < 0x0009080df

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_kernel.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_kernel.c Mon Nov 14 10:26:31 2016
@@ -1021,7 +1021,7 @@ int ssl_hook_Access(request_rec *r)
                 return HTTP_FORBIDDEN;
             }
 
-            /* Full renegotiation successfull, we now have handshaken with
+            /* Full renegotiation successful, we now have handshaken with
              * this server's parameters.
              */
             sslconn->server = r->server;
@@ -1163,7 +1163,7 @@ int ssl_hook_Access(request_rec *r)
  *  Fake a Basic authentication from the X509 client certificate.
  *
  *  This must be run fairly early on to prevent a real authentication from
- *  occuring, in particular it must be run before anything else that
+ *  occurring, in particular it must be run before anything else that
  *  authenticates a user.  This means that the Module statement for this
  *  module should be LAST in the Configuration file.
  */

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_vars.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_vars.c Mon Nov 14 10:26:31 2016
@@ -1090,7 +1090,7 @@ apr_array_header_t *ssl_ext_list(apr_poo
     }
 
     count = X509_get_ext_count(xs);
-    /* Create an array large enough to accomodate every extension. This is
+    /* Create an array large enough to accommodate every extension. This is
      * likely overkill, but safe.
      */
     array = apr_array_make(p, count, sizeof(char *));

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/bs2000/ebcdic.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/bs2000/ebcdic.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/bs2000/ebcdic.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/bs2000/ebcdic.c Mon Nov 14 10:26:31 2016
@@ -25,7 +25,7 @@ Within the POSIX subsystem, the same cha
 "native BS2000", namely EBCDIC.
 
 EBCDIC Table. (Yes, in EBCDIC, the letters 'a'..'z' are not contiguous!)
-This apr_table_t is bijective, i.e. there are no ambigous or duplicate characters
+This apr_table_t is bijective, i.e. there are no ambiguous or duplicate characters
 00    00 01 02 03 85 09 86 7f  87 8d 8e 0b 0c 0d 0e 0f  *................*
 10    10 11 12 13 8f 0a 08 97  18 19 9c 9d 1c 1d 1e 1f  *................*
 20    80 81 82 83 84 92 17 1b  88 89 8a 8b 8c 05 06 07  *................*

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/netware/pre_nw.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/netware/pre_nw.h?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/netware/pre_nw.h (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/netware/pre_nw.h Mon Nov 14 10:26:31 2016
@@ -55,7 +55,7 @@
 #endif
 #endif
 
-/* C9X defintion used by MSL C++ library */
+/* C9X definition used by MSL C++ library */
 #define DECIMAL_DIG 17
 
 /* some code may want to use the MS convention for long long */

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/win32/ap_regkey.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/win32/ap_regkey.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/win32/ap_regkey.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/win32/ap_regkey.c Mon Nov 14 10:26:31 2016
@@ -488,7 +488,7 @@ AP_DECLARE(apr_status_t) ap_regkey_value
 #if APR_HAS_ANSI_FS
     ELSE_WIN_OS_IS_ANSI
     {
-        /* Small possiblity the array is either unterminated
+        /* Small possibility the array is either unterminated
          * or single NULL terminated.  Avert.
          */
         buf = (char *)value;

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/config.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/config.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/config.c Mon Nov 14 10:26:31 2016
@@ -15,7 +15,7 @@
  */
 
 /*
- * http_config.c: once was auxillary functions for reading httpd's config
+ * http_config.c: once was auxiliary functions for reading httpd's config
  * file and converting filenames into a namespace
  *
  * Rob McCool
@@ -737,7 +737,7 @@ AP_DECLARE(void) ap_remove_loaded_module
      *
      *  Note: 1. We cannot determine if the module was successfully
      *           removed by ap_remove_module().
-     *        2. We have not to complain explicity when the module
+     *        2. We have not to complain explicitly when the module
      *           is not found because ap_remove_module() did it
      *           for us already.
      */
@@ -1326,7 +1326,7 @@ static const char *ap_walk_config_sub(co
         if (retval != NULL && strcmp(retval, DECLINE_CMD) != 0) {
             /* If the directive in error has already been set, don't
              * replace it.  Otherwise, an error inside a container
-             * will be reported as occuring on the first line of the
+             * will be reported as occurring on the first line of the
              * container.
              */
             if (!parms->err_directive) {

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/core.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/core.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/core.c Mon Nov 14 10:26:31 2016
@@ -453,6 +453,10 @@ static void *create_core_server_config(a
 #if APR_HAS_SO_ACCEPTFILTER
         apr_table_setn(conf->accf_map, "http", ACCEPT_FILTER_NAME);
         apr_table_setn(conf->accf_map, "https", "dataready");
+#elif defined(WIN32)
+        /* 'data' is disabled on Windows due to a DoS vuln (PR 59970) */
+        apr_table_setn(conf->accf_map, "http", "connect");
+        apr_table_setn(conf->accf_map, "https", "connect");
 #else
         apr_table_setn(conf->accf_map, "http", "data");
         apr_table_setn(conf->accf_map, "https", "data");

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/gen_test_char.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/gen_test_char.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/gen_test_char.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/gen_test_char.c Mon Nov 14 10:26:31 2016
@@ -90,7 +90,7 @@ int main(int argc, char *argv[])
          * since Win32/OS2 use carets or doubled-double quotes,
          * and neither lf nor cr can be escaped.  We escape unix
          * specific as well, to assure that cross-compiled unix
-         * applications behave similiarly when invoked on win32/os2.
+         * applications behave similarly when invoked on win32/os2.
          *
          * Rem please keep in-sync with apr's list in win32/filesys.c
          */

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/listen.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/listen.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/listen.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/listen.c Mon Nov 14 10:26:31 2016
@@ -763,7 +763,7 @@ AP_DECLARE(void) ap_listen_pre_config(vo
     /* Check once whether or not SO_REUSEPORT is supported. */
     if (ap_have_so_reuseport < 0) {
         /* This is limited to Linux with defined SO_REUSEPORT (ie. 3.9+) for
-         * now since the implementation evenly distributes connections accross
+         * now since the implementation evenly distributes connections across
          * all the listening threads/processes.
          *
          * *BSDs have SO_REUSEPORT too but with a different semantic: the first

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/event/event.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/event/event.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/event/event.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/event/event.c Mon Nov 14 10:26:31 2016
@@ -347,7 +347,7 @@ typedef struct event_retained_data {
 #endif
     int hold_off_on_exponential_spawning;
     /*
-     * Current number of listeners buckets and maximum reached accross
+     * Current number of listeners buckets and maximum reached across
      * restarts (to size retained data according to dynamic num_buckets,
      * eg. idle_spawn_rate).
      */
@@ -2065,7 +2065,7 @@ static void *APR_THREAD_FUNC start_threa
     }
 
     /* Create the main pollset */
-    for (i = 0; i < sizeof(good_methods) / sizeof(void*); i++) {
+    for (i = 0; i < sizeof(good_methods) / sizeof(good_methods[0]); i++) {
         rv = apr_pollset_create_ex(&event_pollset,
                             threads_per_child*2, /* XXX don't we need more, to handle
                                                 * connections in K-A or lingering
@@ -2830,7 +2830,7 @@ static int event_run(apr_pool_t * _pconf
     if (ap_daemons_to_start < num_buckets)
         ap_daemons_to_start = num_buckets;
     /* We want to create as much children at a time as the number of buckets,
-     * so to optimally accept connections (evenly distributed accross buckets).
+     * so to optimally accept connections (evenly distributed across buckets).
      * Thus min_spare_threads should at least maintain num_buckets children,
      * and max_spare_threads allow num_buckets more children w/o triggering
      * immediately (e.g. num_buckets idle threads margin, one per bucket).

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/prefork/prefork.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/prefork/prefork.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/prefork/prefork.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/prefork/prefork.c Mon Nov 14 10:26:31 2016
@@ -703,7 +703,7 @@ static void child_main(int child_num_arg
         SAFE_ACCEPT(accept_mutex_off());      /* unlock after "accept" */
 
         if (status == APR_EGENERAL) {
-            /* resource shortage or should-not-occur occured */
+            /* resource shortage or should-not-occur occurred */
             clean_child_exit(APEXIT_CHILDSICK);
         }
         else if (status != APR_SUCCESS) {

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/child.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/child.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/child.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/child.c Mon Nov 14 10:26:31 2016
@@ -136,10 +136,17 @@ static void mpm_recycle_completion_conte
      * state so -don't- close it.
      */
     if (context) {
+        HANDLE saved_event;
+
         apr_pool_clear(context->ptrans);
         context->ba = apr_bucket_alloc_create(context->ptrans);
         context->next = NULL;
+
+        saved_event = context->overlapped.hEvent;
+        memset(&context->overlapped, 0, sizeof(context->overlapped));
+        context->overlapped.hEvent = saved_event;
         ResetEvent(context->overlapped.hEvent);
+
         apr_thread_mutex_lock(qlock);
         if (qtail) {
             qtail->next = context;
@@ -323,8 +330,13 @@ static unsigned int __stdcall winnt_acce
                      "no known accept filter. Using 'none' instead",
                      lr->protocol);
     }
-    else if (strcmp(accf_name, "data") == 0)
-        accf = 2;
+    else if (strcmp(accf_name, "data") == 0) {
+        accf = 1;
+        accf_name = "connect";
+        ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf,
+                     APLOGNO(03458) "winnt_accept: 'data' accept filter is no "
+                     "longer supported. Using 'connect' instead");
+    }
     else if (strcmp(accf_name, "connect") == 0)
         accf = 1;
     else if (strcmp(accf_name, "none") == 0)
@@ -350,7 +362,7 @@ static unsigned int __stdcall winnt_acce
    }
 #endif
 
-    if (accf > 0) /* 'data' or 'connect' */
+    if (accf > 0) /* 'connect' */
     {
         if (WSAIoctl(nlsd, SIO_GET_EXTENSION_FUNCTION_POINTER,
                      &GuidAcceptEx, sizeof GuidAcceptEx, 
@@ -376,7 +388,7 @@ static unsigned int __stdcall winnt_acce
     }
     else /* accf == 0, 'none' */
     {
-reinit: /* target of data or connect upon too many AcceptEx failures */
+reinit: /* target of connect upon too many AcceptEx failures */
 
         /* last, low priority event is a not yet accepted connection */
         events[0] = exit_event;
@@ -421,9 +433,8 @@ reinit: /* target of data or connect upo
             }
         }
 
-        if (accf > 0) /* Either 'connect' or 'data' */
+        if (accf > 0) /* 'connect' */
         {
-            DWORD len;
             char *buf;
 
             /* Create and initialize the accept socket */
@@ -453,20 +464,12 @@ reinit: /* target of data or connect upo
                 continue;
             }
 
-            if (accf == 2) { /* 'data' */
-                len = APR_BUCKET_BUFF_SIZE;
-                buf = apr_bucket_alloc(len, context->ba);
-                len -= PADDED_ADDR_SIZE * 2;
-            }
-            else /* (accf == 1) 'connect' */ {
-                len = 0;
-                buf = context->buff;
-            }
+            buf = context->buff;
 
             /* AcceptEx on the completion context. The completion context will be
              * signaled when a connection is accepted.
              */
-            if (!lpfnAcceptEx(nlsd, context->accept_socket, buf, len,
+            if (!lpfnAcceptEx(nlsd, context->accept_socket, buf, 0,
                               PADDED_ADDR_SIZE, PADDED_ADDR_SIZE, &BytesRead,
                               &context->overlapped)) {
                 rv = apr_get_netos_error();
@@ -476,8 +479,6 @@ reinit: /* target of data or connect upo
                      * 1) the client disconnects early
                      * 2) handshake was incomplete
                      */
-                    if (accf == 2)
-                        apr_bucket_free(buf);
                     closesocket(context->accept_socket);
                     context->accept_socket = INVALID_SOCKET;
                     continue;
@@ -492,8 +493,6 @@ reinit: /* target of data or connect upo
                      * 3) the dynamic address / adapter has changed
                      * Give five chances, then fall back on AcceptFilter 'none'
                      */
-                    if (accf == 2)
-                        apr_bucket_free(buf);
                     closesocket(context->accept_socket);
                     context->accept_socket = INVALID_SOCKET;
                     ++err_count;
@@ -513,8 +512,6 @@ reinit: /* target of data or connect upo
                 }
                 else if ((rv != APR_FROM_OS_ERROR(ERROR_IO_PENDING)) &&
                          (rv != APR_FROM_OS_ERROR(WSA_IO_PENDING))) {
-                    if (accf == 2)
-                        apr_bucket_free(buf);
                     closesocket(context->accept_socket);
                     context->accept_socket = INVALID_SOCKET;
                     ++err_count;
@@ -555,14 +552,10 @@ reinit: /* target of data or connect upo
                     /* exit_event triggered or event handle was closed */
                     closesocket(context->accept_socket);
                     context->accept_socket = INVALID_SOCKET;
-                    if (accf == 2)
-                        apr_bucket_free(buf);
                     break;
                 }
 
                 if (context->accept_socket == INVALID_SOCKET) {
-                    if (accf == 2)
-                        apr_bucket_free(buf);
                     continue;
                 }
             }
@@ -585,28 +578,9 @@ reinit: /* target of data or connect upo
             /* Get the local & remote address
              * TODO; error check
              */
-            lpfnGetAcceptExSockaddrs(buf, len, PADDED_ADDR_SIZE, PADDED_ADDR_SIZE,
+            lpfnGetAcceptExSockaddrs(buf, 0, PADDED_ADDR_SIZE, PADDED_ADDR_SIZE,
                                      &context->sa_server, &context->sa_server_len,
                                      &context->sa_client, &context->sa_client_len);
-
-            /* For 'data', craft a bucket for our data result
-             * and pass to worker_main as context->overlapped.Pointer
-             */
-            if (accf == 2 && BytesRead)
-            {
-                apr_bucket *b;
-                b = apr_bucket_heap_create(buf, APR_BUCKET_BUFF_SIZE,
-                                           apr_bucket_free, context->ba);
-                /* Adjust the bucket to refer to the actual bytes read */
-                b->length = BytesRead;
-                context->overlapped.Pointer = b;
-            }
-            else {
-                if (accf == 2) {
-                    apr_bucket_free(buf);
-                }
-                context->overlapped.Pointer = NULL;
-            }
         }
         else /* (accf = 0)  e.g. 'none' */
         {
@@ -680,7 +654,6 @@ reinit: /* target of data or connect upo
              * os_sock_make and os_sock_put that it does not query).
              */
             WSAEventSelect(context->accept_socket, 0, 0);
-            context->overlapped.Pointer = NULL;
             err_count = 0;
 
             context->sa_server_len = sizeof(context->buff) / 2;
@@ -785,24 +758,6 @@ static winnt_conn_ctx_t *winnt_get_conne
     return context;
 }
 
-apr_status_t winnt_insert_network_bucket(conn_rec *c,
-                                         apr_bucket_brigade *bb,
-                                         apr_socket_t *socket)
-{
-    apr_bucket *e;
-    winnt_conn_ctx_t *context = ap_get_module_config(c->conn_config,
-                                                     &mpm_winnt_module);
-    if (context == NULL || (e = context->overlapped.Pointer) == NULL)
-        return AP_DECLINED;
-
-    /* seed the brigade with AcceptEx read heap bucket */
-    APR_BRIGADE_INSERT_HEAD(bb, e);
-    /* also seed the brigade with the client socket. */
-    e = apr_bucket_socket_create(socket, c->bucket_alloc);
-    APR_BRIGADE_INSERT_TAIL(bb, e);
-    return APR_SUCCESS;
-}
-
 /*
  * worker_main()
  * Main entry point for the worker threads. Worker threads block in
@@ -816,8 +771,6 @@ static DWORD __stdcall worker_main(void
     winnt_conn_ctx_t *context = NULL;
     int thread_num = (int)thread_num_val;
     ap_sb_handle_t *sbh;
-    apr_bucket *e;
-    int rc;
     conn_rec *c;
     apr_int32_t disconnected;
 
@@ -843,8 +796,6 @@ static DWORD __stdcall worker_main(void
             }
         }
 
-        e = context->overlapped.Pointer;
-
         ap_create_sb_handle(&sbh, context->ptrans, 0, thread_num);
         c = ap_run_create_connection(context->ptrans, ap_server_conf,
                                      context->sock, thread_num, sbh,
@@ -853,9 +804,6 @@ static DWORD __stdcall worker_main(void
         if (!c) {
             /* ap_run_create_connection closes the socket on failure */
             context->accept_socket = INVALID_SOCKET;
-            if (e) { 
-                apr_bucket_free(e);
-            }
             continue;
         }
 
@@ -863,26 +811,7 @@ static DWORD __stdcall worker_main(void
         apr_os_thread_put(&thd, &osthd, context->ptrans);
         c->current_thread = thd;
 
-        /* follow ap_process_connection(c, context->sock) logic
-         * as it left us no chance to reinject our first data bucket.
-         */
-        ap_update_vhost_given_ip(c);
-
-        rc = ap_run_pre_connection(c, context->sock);
-        if (rc != OK && rc != DONE) {
-            c->aborted = 1;
-        }
-
-        if (e && c->aborted) {
-            apr_bucket_free(e);
-        }
-        else {
-            ap_set_module_config(c->conn_config, &mpm_winnt_module, context);
-        }
-
-        if (!c->aborted) {
-            ap_run_process_connection(c);
-        }
+        ap_process_connection(c, context->sock);
 
         apr_socket_opt_get(context->sock, APR_SO_DISCONNECTED, &disconnected);
 

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.c Mon Nov 14 10:26:31 2016
@@ -1004,7 +1004,7 @@ static void winnt_rewrite_args(process_r
      *   -k config
      *   -k uninstall
      *   -k stop
-     *   -k shutdown (same as -k stop). Maintained for backward compatability.
+     *   -k shutdown (same as -k stop). Maintained for backward compatibility.
      *
      * We can't leave this phase until we know our identity
      * and modify the command arguments appropriately.
@@ -1050,7 +1050,7 @@ static void winnt_rewrite_args(process_r
         my_pid = GetCurrentProcessId();
         parent_pid = (DWORD) atol(pid);
 
-        /* Prevent holding open the (nonexistant) console */
+        /* Prevent holding open the (nonexistent) console */
         ap_real_exit_code = 0;
 
         /* The parent gave us stdin, we need to remember this
@@ -1769,8 +1769,6 @@ static void winnt_hooks(apr_pool_t *p)
     ap_hook_mpm(winnt_run, NULL, NULL, APR_HOOK_MIDDLE);
     ap_hook_mpm_query(winnt_query, NULL, NULL, APR_HOOK_MIDDLE);
     ap_hook_mpm_get_name(winnt_get_name, NULL, NULL, APR_HOOK_MIDDLE);
-    ap_hook_insert_network_bucket(winnt_insert_network_bucket, NULL, NULL,
-                                  APR_HOOK_MIDDLE);
 }
 
 AP_DECLARE_MODULE(mpm_winnt) = {

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.h?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.h (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.h Mon Nov 14 10:26:31 2016
@@ -91,9 +91,6 @@ void hold_console_open_on_error(void);
 
 /* From child.c: */
 void child_main(apr_pool_t *pconf, DWORD parent_pid);
-apr_status_t winnt_insert_network_bucket(conn_rec *c,
-                                         apr_bucket_brigade *bb,
-                                         apr_socket_t *socket);
 
 #endif /* APACHE_MPM_WINNT_H */
 /** @} */

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/service.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/service.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/service.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/service.c Mon Nov 14 10:26:31 2016
@@ -104,7 +104,7 @@ static APR_INLINE SC_HANDLE OpenSCManage
  *
  * If ap_real_exit_code is reset to 0, it will not be set or trigger this
  * behavior on exit.  All service and child processes are expected to
- * reset this flag to zero to avoid undesireable side effects.
+ * reset this flag to zero to avoid undesirable side effects.
  */
 AP_DECLARE_DATA int ap_real_exit_code = 1;
 

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/worker/worker.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/worker/worker.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/worker/worker.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/worker/worker.c Mon Nov 14 10:26:31 2016
@@ -168,7 +168,7 @@ typedef struct worker_retained_data {
 #endif
     int hold_off_on_exponential_spawning;
     /*
-     * Current number of listeners buckets and maximum reached accross
+     * Current number of listeners buckets and maximum reached across
      * restarts (to size retained data according to dynamic num_buckets,
      * eg. idle_spawn_rate).
      */
@@ -1837,7 +1837,7 @@ static int worker_run(apr_pool_t *_pconf
     if (ap_daemons_to_start < num_buckets)
         ap_daemons_to_start = num_buckets;
     /* We want to create as much children at a time as the number of buckets,
-     * so to optimally accept connections (evenly distributed accross buckets).
+     * so to optimally accept connections (evenly distributed across buckets).
      * Thus min_spare_threads should at least maintain num_buckets children,
      * and max_spare_threads allow num_buckets more children w/o triggering
      * immediately (e.g. num_buckets idle threads margin, one per bucket).

Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm_unix.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm_unix.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm_unix.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm_unix.c Mon Nov 14 10:26:31 2016
@@ -787,7 +787,10 @@ int ap_signal_server(int *exit_status, a
         status = "httpd (no pid file) not running";
     }
     else {
-        if (kill(otherpid, 0) == 0) {
+        /* With containerization, httpd may get the same PID at each startup,
+         * handle it as if it were not running (it obviously can't).
+         */
+        if (otherpid != getpid() && kill(otherpid, 0) == 0) {
             running = 1;
             status = apr_psprintf(pconf,
                                   "httpd (pid %" APR_PID_T_FMT ") already "




Mime
View raw message