source: mod_gnutls/CHANGELOG

Last change on this file was 17b2836, checked in by Fiona Klute <fiona.klute@…>, 5 weeks ago

Note CVE ID in changelog for 0.12.1

The CVE ID was assigned a little after publishing the release, add it
for clarity.

  • Property mode set to 100644
File size: 17.7 KB
1** Version 0.12.1 (2023-02-23)
3- Security fix (CVE-2023-25824): Remove an infinite loop in blocking
4  read on transport timeout. Mod_gnutls versions from 0.9.0 to 0.12.0
5  (including) did not properly fail blocking read operations on TLS
6  connections when the transport hit timeouts. Instead it entered an
7  endless loop retrying the read operation, consuming CPU
8  resources. This could be exploited for denial of service attacks. If
9  trace level logging was enabled, it would also produce an excessive
10  amount of log output during the loop, consuming disk space.
12- Replace obsolete Autoconf macros. Generating ./configure now
13  requires Autoconf 2.69 (present in Debian Bullseye).
15** Version 0.12.0 (2021-08-14)
17- Three fixes that make mod_gnutls compatible with the Let's Encrypt
18  OCSP responder for OCSP stapling:
20  1. Support OCSP responses that are signed directly with the private
21     key of the CA and do not embed a signer certificate.
23  2. If the path part of OCSP URI provided in the certificate is
24     empty, use "/".
26  3. Use SHA1 for issuer name hash and issuer key hash in OCSP
27     requests. Support for that is required by RFC 5019 and referenced
28     in CAB Forum Baseline Requirements, too. This particular hash
29     doesn't need to be cryptographically secure.
31- Remove insecure algorithms that are still included in the GnuTLS
32  priority set "NORMAL" from the default priorities: plain RSA key
33  exchange, TLS 1.0, TLS 1.1
35- Fix virtual host references when retrieving OCSP responses for
36  stapling.
38- Share server instances for tests where reasonably possible with the
39  same server configuration. Starting/stopping server instances is the
40  slowest part of the tests, so this is a nice performance
41  improvement. The Automake test harness now reports fewer tests, but
42  some include a lot more client connections and requests to keep
43  coverage at least as good as before.
45- Various improvements to tests and logging infrastructure.
47** Version 0.11.0 (2020-06-27)
49- Change default for GnuTLSOCSPCheckNonce to "off", and send OCSP
50  nonces only if it has been enabled. The reason for this change is
51  that in practice most public CAs do not support OCSP nonces, which
52  is permitted by both RFC 6960 and the CA/Browser Forum baseline
53  requirements (as of version 1.6.9). In this situation enforcing
54  correct nonces by default makes the automatic OCSP stapling support
55  mostly useless.
57- Add a test for correct nonce handling with "GnuTLSOCSPCheckNonce
58  on", thanks to Krista Karppinen for that and a rewrite of the OCSP
59  responder script in Python!
61- Support session resumption using session tickets for proxy
62  connections (TLS 1.3 connections only). Requires a suitable
63  GnuTLSCache configuration.
65- Disable session tickets by default. The GnuTLS built-in key rotation
66  for session tickets never actually changes the primary key, just
67  derives keys from it, so it does not provide forward secrecy in case
68  an attacker learns the primary key (by gaining access to server
69  RAM). A reload of the server is enough to generate a new key, so
70  consider enabling session tickets and reloading the server every few
71  hours, at least until a forward-secret rotation can be implemented.
73- Fix a bug that mostly prevented searching ServerAliases when
74  selecting the virtual host from SNI.
76- Add ./configure option to disable building PDF documentation
78- Deprecate SRP and disable it by default.
80- Add support for building coverage reports using clang's source-based
81  code coverage.
83- Make ./configure check if both [::1] and are available,
84  disable either if not. This makes the build work out-of-the-box in
85  Docker containers, which by default use IPv4 only.
87** Version 0.10.0 (2020-02-03)
89- Added support for stapling multiple OCSP responses (TLS 1.3
90  only). mod_gnutls will staple for as many consecutive certificates
91  in the certificate chain as possible.
93- Added support for TLS 1.3 post-handshake authentication, used if TLS
94  client authentication is required only for some resources on the
95  server. Rehandshake (for older TLS versions) is not supported, the
96  existing but broken code has been removed.
98- The test infrastructure has been mostly rewritten in Python, note
99  the new dependencies (Python 3, Pyyaml). Tests can run multiple TLS
100  connections and HTTP(S) requests as well as custom hooks now, see
101  test/ for details.
103- Server certificates are checked for the must-staple TLS feature
104  extension, stapling must be enabled if it is present.
106- Compatibility fix for GnuTLS 3.6.11 in the test suite: Handle
107  peer certificate type in TLS session information strings.
109- The test system will automatically detect if it needs to load
110  critical modules (e.g. mod_logio) that are built-in with the Debian
111  packages. This makes the tests work on Fedora without modifications,
112  and likely on similar distributions too.
114- Tests can optionally run with Valgrind for the primary HTTPD
115  instance by running ./configure with --enable-valgrind-test, see
116  test/ for details.
118- Known issue: When using MSVA client certificate validation the
119  Valgrind tests indicate memory leaks from libcurl, which is used by
120  libmsv to send requests to the MSVA. For details see the bug report:
123** Version 0.9.1 (2019-11-29)
124- Fix possible segfault (NULL pointer dereference) on failed TLS
125  handshake. Calling ssl_var_lookup() after a failed handshake could
126  lead to GnuTLS session information functions being called on a NULL
127  session pointer, leading to segfault.
128- Remove URLs from expected error responses in the test suite. Apache
129  HTTPD removed request URLs from canned error messages to prevent
130  misleading text/links being displayed via crafted links
131  (CVE-2019-10092). Adjust the expected error responses in our tests
132  so they can pass again.
133- Test suite: Ignore "Content-Length" header of responses. Thanks to
134  Krista Karppinen!
135- Add a section about module dependencies on socache to the handbook
136- Restructure the manpage build and move it to section 5 (config
137  files)
138- Test suite: Restructure certificate directories
140** Version 0.9.0 (2019-01-23)
141- Security fix: Refuse to send or receive any data over a failed TLS
142  connection (commit 72b669eae8c45dda1850e8e5b30a97c918357b51). The
143  previous behavior could lead to requests on reverse proxy TLS
144  connections being sent in plain text, and might have allowed faking
145  requests in plain text.
146- Security fix: Reject HTTP requests if they try to access virtual
147  hosts that do not match their TLS connections (commit
148  de3fad3c12f53cdbf082ad675e4b10f521a02811). Additionally check if SNI
149  and Host header match. Thanks to Krista Karppinen for contributing
150  tests!
151- OCSP stapling is now enabled by default, if possible. OCSP responses
152  are updated regularly and stored in a cache separate from the
153  session cache. The OCSP cache uses mod_socache_shmcb by default
154  (if the module is loaded, no other configuration required).
155- Session tickets are now enabled by default if using GnuTLS 3.6.4 or
156  newer. GnuTLS 3.6.4 introduced automatic rotation for the used key,
157  and TLS 1.3 takes care of other reasons not to use tickets while
158  requiring them for session resumption. Note that there is currently
159  no mechanism to synchronize ticket keys across a cluster of servers.
160- The internal cache implementation has been replaced with
161  mod_socache. Users may need to update their GnuTLSCache settings and
162  load the appropriate socache modules.
163- ALPN (required for HTTP/2) now works correctly with different
164  "Protocols" directives between virtual hosts if building with GnuTLS
165  3.6.3 or newer. Older versions require identical "Protocols"
166  directives for overlapping virtual hosts. Thanks to Vincent Tamet
167  for the bug report!
168- ALPN is now supported for proxy connections, making HTTP/2 proxy
169  connections using mod_proxy_http2 possible.
170- GnuTLSPriorities is optional now and defaults to "NORMAL" if
171  missing. The same applies to GnuTLSProxyPriorities (if TLS proxy is
172  enabled).
173- The manual is now built as a manual page, too, if pandoc is
174  available.
175- OpenPGP support has been removed.
176- Don't require pem2openpgp for tests when building without MSVA
177  support.
179** Version 0.8.4 (2018-04-13)
180- Support Apache HTTPD 2.4.33 API for proxy TLS connections
181- Support TLS for HTTP/2 connections with mod_http2
182- Fix configuration of OCSP stapling callback
184** Version 0.8.3 (2017-10-20)
185- Use GnuTLS' default DH parameters by default
186- Handle long Server Name Indication data and gracefully ignore
187  unknown SNI types
188- Send SNI for proxy connections
189- Deprecate OpenPGP support like GnuTLS did (will be removed
190  completely in a future release)
191- Do not announce session ticket support for proxy connections
192- Minor documentation updates (SSL_CLIENT_I_DN, reference for SNI)
193- Test suite: Simplify handling of proxy backend servers and OCSP
194  responders
195- Test suite: stability/compatibility fixes
197** Version 0.8.2 (2017-01-08)
198- Test suite: Ensure CRLF line ends in HTTP headers
199- Test suite, gen_ocsp_index.c: Handle serial as fixed order byte array
201** Version 0.8.1 (2016-12-20)
202- Bugfix: Use APR_SIZE_T_FMT for portable apr_size_t formatting
204** Version 0.8.0 (2016-12-11)
205- New: Support for OCSP stapling
206- Bugfix: Access to DBM cache is locked using global mutex
207  "gnutls-cache"
208- Bugfix: GnuTLSSessionTickets is now disabled by default as described
209  in the handbook
210- Fixed memory leak while checking proxy backend certificate
211- Fixed memory leaks in post_config
212- Safely delete session ticket key (requires GnuTLS >= 3.4)
213- Improved error handling in post_config hook
214- Various handbook updates
215- Internal API documentation can be generated using Doxygen
216- Unused code has been removed (conditionals for GnuTLS 2.x and Apache
217  versions before 2.2, internal Lua bytecode structure last used in
218  2011).
219- Test suite: Fixed locking for access to the PGP keyring of the test
220  certificate authority
221- mod_gnutls can be built using Clang (unsupported)
223** Version 0.7.5 (2016-05-28)
224- Sunil Mohan Adapa reported retry loops during session shutdown in
225  cleanup_gnutls_session() due to gnutls_bye() incorrectly returning
226  GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN. Setting the GnuTLS session
227  errno in mgs_transport_write() fixes the problem.
228- Import Daniel Kahn Gillmor's patches for GnuPG v2 support from the
229  Debian package.
230- Build system improvements that allow VPATH builds and get "make
231  distcheck" to work
233** Version 0.7.4 (2016-04-13)
234- Support SoftHSM 2 for PKCS #11 testing
235- Increase verbosity of test logs
237** Version 0.7.3 (2016-01-12)
238- Update test suite for compatibility with GnuTLS 3.4, which has
239  stricter key usage checks and priorities than 3.3.
240- Write non-HTML output to mod_status reports if AP_STATUS_SHORT is
241  set (mod_status sets it for requests with the "auto" parameter, e.g.
242  https://localhost/server-status?auto).
243- Register "ssl_is_https" function so the special mod_rewrite variable
244  %{HTTPS} works correctly with mod_gnutls. The new test case for this
245  requires Wget or curl. Fixes Debian bug #514005.
246- Test suite servers listen on IPv4 *and* IPv6 loopback addresses by
247  default (other addresses configurable), which should fix failures
248  due to localhost randomly resolving to either on some distributions.
249- Isolate tests using network namespaces, if possible. This avoids
250  port conflicts with other test cases (so they can run in parallel)
251  and host services.
252- Support for local Apache drop-in config files in the test suite
253  (e.g. to load additional modules needed on Fedora).
254- Try to use markdown to build HTML documentation if pandoc is not
255  available.
256- Disable use of flock if it is unavailable or does not support
257  timeouts (the latter caused the build to fail on Debian Hurd).
258- New test: Disable TLS 1.0 (regression test for Debian bug #754960).
260** Version 0.7.2 (2015-11-21)
261- Bugfix: Non-blocking reads in the input filter could lead to a busy
262  wait in the gnutls_io_input_read function, causing high load on
263  Keep-Alive connections waiting for data, until either more data
264  could be received or the connection was closed. The fix is to pass
265  EAGAIN/EINTR results up to the input filter so they can be handled
266  properly.
267- Close TLS session if the input filter receives EOF (mostly relevant
268  for proper termination of proxy connections).
269- Remove dependency on APR Memcache, which is replaced by the newer
270  version included in the APR Utility Library (libaprutil).
271- Remove dependency on bc. It was used for floating point arithmetic
272  in the test suite, the calculations have been changed to use
273  integers and pure bash code.
275** Version 0.7.1 (2015-10-18)
276- Improved handling of PKCS #11 modules: mod_gnutls now loads either
277  modules specified using GnuTLSP11Module, or the system defaults, but
278  not both. Thanks to Nikos Mavrogiannopoulos for the report and
279  initial patch!
280- Initialize variables to safe defaults during client certificate
281  verification. Certain error code paths did not set them, but they
282  should never be hit due to config validation. This adds another line
283  of defense.
284- Enable C99 support via autoconf
285- Test suite improvements. Most importantly, automake now handles
286  environment setup without any external make calls. Rules to build
287  the certificates are included from the old test makefile. Note that
288  the dependency on GNU make is not new (the test makefile always used
289  GNU make syntax), it just wasn't listed explicitly.
291** Version 0.7 (2015-07-12)
292- Security fix for TLS client authentication (CVE-2015-2091)
293- Bug fixes that enable support for reverse proxy operation
294- Various test suite improvements. Tests are configured through autoconf,
295  so the test suite now works for builds without Monkeysphere support.
296- Add support for TLS connections to back end servers when operating as a
297  reverse proxy (X.509 authentication only at the moment).
298- PKCS #11 support for server keys and certificates
299- Use strict compiler arguments by default (-Wall -Werror -Wextra)
300- Allow limiting the size of certificates exported as SSL_SERVER_CERT
301  and SSL_CLIENT_CERT through the GnuTLSExportCertificates directive
303** Version 0.6 (2014-02-17)
304- Generating DH Params instead of using static ones.
305- Now considering ServerAlias Directives.
306- Major Legacy Code Cleanup.
307- html and pdf and manual documentation generated from markdown sources
308- support monkeysphere validation agent (MSVA) client-certificate verification
309- wider test suite
310- GnuTLSExportCertificates off by default
312** Version 0.5.10 (2011-07-12)
313- Patched a bug responsible for excessive memory consumption by mod_gnutls.
314- Support for proxying from SSL to plain HTTP was added (ie. proxy termination).
316** Version 0.5.9 (2010-09-24)
317- GnuTLSCache none is now an allowed option.
318- Corrected behavior in Keep-Alive connections (do not
319  terminate the connection prematurely)
320- The GnuTLSCache variable now can be given the specific
321  option "gdbm" instead of "dbm". "dbm" will use the berkeley
322  db type of libapr while gdbm will force gdbm to be used.
323  sdbm is no longer being used due to serious limitations.
325** Version 0.5.8 (2010-08-18)
326- Session tickets are enabled by default.
327- Fixes some segmentation faults noticed in some
328  configurations.
330** Version 0.5.7 (2010-07-01)
331- Force usage of SDBM. For some reason the default in
332  my system had issues after reaching a limit of entries.
333  SDBM seems stable so force it.
334- Optimizations in session caching.
335- Added support for session tickets. This allows a
336  server to avoid using a session cache and still support
337  session resumption. This is at the cost of transporting
338  session data during handshake. New option
339  GnuTLSSessionTickets [on|off]
340- Depend on gnutls 2.10.0 to force support for safe
341  renegotiation.
343** Version 0.5.6 (2010-03-24)
344- Corrected issue with firefox and long POST data (by
345  handling EINTR and EAGAIN errors in read).
346- Added support for chained client certificates
347- Corrected more issues related to double frees
350** Version 0.5.5 (2009-06-13)
351- Removed limits on CA certificate loading. Reported by
352  Sander Marechal and Jack Bates.
353- Do not allow sending empty TLS packets even when instructed to.
354  This had the side effect of clients closing connection.
356** Version 0.5.4 (2009-01-04)
357- mod_gnutls.h: modified definition to extern to avoid compilation
358  errors in darwin.
359- Added patch to fix issue with mod_proxy. Investigation and patch by Alain
360  Knaff.
361- libgnutls detection uses pkg-config.
363** Version 0.5.3 (2008-10-16)
364- Corrected bug to allow having an OpenPGP-only web site.
365- Increased Max handshake tries due to interrupted system calls.
367** Version 0.5.2 (2008-06-29)
368- Depend on gnutls 2.4 which has openpgp support in main library.
370** Version 0.5.1 (2008-03-05)
371- Added --disable-srp configure option
372- Better check for memcache (patch by Guillaume Rousse)
373- Corrected possible memory leak in DBM support for resuming sessions.
375** Version 0.5.0-alpha (2008-01-24)
376- Added support for OpenPGP keys. The new directives are:
377  GnuTLSPGPKeyringFile, GnuTLSPGPCertificateFile, GnuTLSPGPKeyFile
379** Version 0.4.2 (2007-12-10)
380- Added support for sending a certificate chain.
381- Corrected bug which did not allow the TLS session cache to be used.
382- Do not allow resuming sessions on different servers.
384** Version 0.4.1 (2007-12-03)
385- Added support for subject alternative names in certificates.
386Only one per certificate is supported.
387- New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%,
389- The compatibility mode can now be enabled explicitely with the
390%COMPAT keyword at the GnuTLSPriorities string. It is no longer the default.
391- Check for GnuTLSPriorities directive. This corrects a segfault. Thanks
392to David Hrbáč.
393- Better handling of GnuTLSDHFile and GnuTLSRSAFile.
394- No longer default paths for RSA and DH parameter files.
Note: See TracBrowser for help on using the repository browser.