Commit Graph

564 Commits

Author SHA1 Message Date
Joe Orton
bb57b96635 build and load mod_brotli 2018-01-02 09:10:32 +00:00
Yevhenii Shapovalov
7d5e373bce add tests with standart test interface 2018-01-02 09:10:32 +00:00
Joe Orton
95a0c9518b build and load mod_brotli 2017-11-23 11:11:28 +00:00
Yevhenii Shapovalov
4533b4fe58 add tests with standart test interface 2017-11-16 12:27:52 +02:00
Joe Orton
8f673b3da2 Merge branch 'master' into f27 2017-11-03 16:54:24 +00:00
Joe Orton
9c91812414 Add docs on using socket activation. 2017-11-03 16:52:50 +00:00
Luboš Uhliarik
317bdd7eb8 new version 2.4.29 2017-10-25 14:31:34 +02:00
Luboš Uhliarik
16b03b20d8 Removed patches, which are already included in upstream source 2017-10-25 14:28:47 +02:00
Luboš Uhliarik
082f3536aa new version 2.4.29 2017-10-25 14:20:19 +02:00
Joe Orton
d2370fbd7d Merge branch 'master' into f27 2017-10-10 15:44:20 +01:00
Joe Orton
596b5fc517 drop obsolete Obsoletes
update docs, Summary
trim %changelog
2017-10-10 15:23:11 +01:00
Patrick Uiterwijk
6ebb5a2203 Backport patch for fixing ticket key usage
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2017-10-10 13:31:46 +02:00
Luboš Uhliarik
01bcbc5642 new version 2.4.28 2017-10-06 18:14:03 +02:00
Luboš Uhliarik
a69b9e522a new version 2.4.28 2017-10-06 18:09:25 +02:00
Joe Orton
783f274da8 Fix mismerge. 2017-10-03 10:05:44 +01:00
Joe Orton
9c5d9117f5 Fix mismerge. 2017-10-03 10:05:16 +01:00
Joe Orton
6fa38dce2f add notes on enabling httpd_graceful_shutdown boolean for prefork 2017-10-03 10:04:03 +01:00
Joe Orton
cb3d7379b1 drop Requires(post) for mod_ssl 2017-10-03 10:04:03 +01:00
Joe Orton
10e930c744 better error handling in httpd-ssl-gencerts (#1494556)
Resolves: rhbz#1494556
2017-10-03 10:04:03 +01:00
Stephen Gallagher
2038991f8c Handle edge-cases in gencerts
Make sure that we exit with success if the files already exist and
that we exit with failure and a message if only one or the other
is present.
2017-10-03 10:04:03 +01:00
Joe Orton
140992d5b1 Fix conditional. 2017-10-03 10:04:03 +01:00
Joe Orton
1f4f47bb29 Ignore more. 2017-10-03 10:04:03 +01:00
Joe Orton
41a6265259 Remove condition on localhost-ca.crt, tweak description. 2017-10-03 10:04:03 +01:00
Joe Orton
74a4babeac Fix MPM defaults if building on RHEL, fix touch -r for 00-mpm.conf. 2017-10-03 10:04:03 +01:00
Stephen Gallagher
76ede692d8 Require sscg 2.2.0 for creating service and CA certificates together
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-10-03 10:04:03 +01:00
Jeroen van Meeuwen (Ergo Project)
b20eb97391 Address CVE-2017-9798 by applying upstream patch
Reference RHBZ #1490344
2017-10-03 10:04:03 +01:00
Joe Orton
45393c8877 use sscg defaults; append CA cert to generated cert
document httpd-init.service in httpd-init.service(8)
2017-10-03 10:04:03 +01:00
Stephen Gallagher
f0c4143d98 Generate SSL keys on service start
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:

* Waiting until the first boot will help avoid some issues with
  limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
  are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
  limited-trust CA alongside it that can be safely imported by a
  client.

For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-10-03 10:04:03 +01:00
Joe Orton
e5ce62e7b4 httpd.service(5) update: show how to ungracefully stop/restart 2017-10-03 10:03:22 +01:00
Joe Orton
5c1fc79a5a Update links to Fedora home page. 2017-10-03 10:03:22 +01:00
Joe Orton
8b3e8259a7 move httpd.service.d, httpd.socket.d dirs to -filesystem 2017-10-03 10:03:22 +01:00
Joe Orton
abf387add2 move httpd.service.d, httpd.socket.d dirs to -filesystem 2017-10-03 10:03:22 +01:00
Joe Orton
6d96e6a193 add notes on enabling httpd_graceful_shutdown boolean for prefork 2017-10-03 09:16:29 +01:00
Joe Orton
d31ea66d9d drop Requires(post) for mod_ssl 2017-09-22 16:20:54 +01:00
Joe Orton
962c800331 better error handling in httpd-ssl-gencerts (#1494556)
Resolves: rhbz#1494556
2017-09-22 15:48:42 +01:00
Stephen Gallagher
eec4cf442f
Handle edge-cases in gencerts
Make sure that we exit with success if the files already exist and
that we exit with failure and a message if only one or the other
is present.
2017-09-22 10:37:53 -04:00
Joe Orton
c094ba4827 Fix conditional. 2017-09-22 08:06:39 +01:00
Joe Orton
5ec11c5a4f Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/httpd 2017-09-22 08:05:04 +01:00
Joe Orton
ad89c85e8b Ignore more. 2017-09-22 08:04:57 +01:00
Joe Orton
87cc93ad96 Remove condition on localhost-ca.crt, tweak description. 2017-09-22 08:04:10 +01:00
Joe Orton
ccd2dc5050 Fix MPM defaults if building on RHEL, fix touch -r for 00-mpm.conf. 2017-09-22 08:03:13 +01:00
Stephen Gallagher
d614e8aa11
Require sscg 2.2.0 for creating service and CA certificates together
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-09-21 14:55:16 -04:00
Jeroen van Meeuwen (Ergo Project)
fd03d5ee37 Address CVE-2017-9798 by applying upstream patch
Reference RHBZ #1490344
2017-09-21 19:32:53 +02:00
Jeroen van Meeuwen (Ergo Project)
10a87792e5 Address CVE-2017-9798 by applying upstream patch
Reference RHBZ #1490344
2017-09-21 19:28:15 +02:00
Joe Orton
6a77761740 use sscg defaults; append CA cert to generated cert
document httpd-init.service in httpd-init.service(8)
2017-09-21 16:41:20 +01:00
Stephen Gallagher
180ad320f4
Generate SSL keys on service start
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:

* Waiting until the first boot will help avoid some issues with
  limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
  are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
  limited-trust CA alongside it that can be safely imported by a
  client.

For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-09-20 15:00:20 -04:00
Joe Orton
870b71c4f0 httpd.service(5) update: show how to ungracefully stop/restart 2017-09-19 12:46:35 +01:00
Joe Orton
d5e6805c26 Update links to Fedora home page. 2017-09-19 12:36:38 +01:00
Joe Orton
e2185159ed move httpd.service.d, httpd.socket.d dirs to -filesystem 2017-09-19 10:08:07 +01:00
Joe Orton
a7a88382f7 move httpd.service.d, httpd.socket.d dirs to -filesystem 2017-09-19 10:02:32 +01:00