Changeset 2aaf4f5 in mod_gnutls for src/mod_gnutls.c


Ignore:
Timestamp:
Feb 23, 2014, 1:05:31 PM (6 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
765cac2
Parents:
999cdec
Message:

implement GnuTLSExportCertificates control over max exported cert size

This patchset implements the proposed modification to
GnuTLSExportCertificates, allowing server administrators to choose the
maximum size of the exported certs.

Some advantages:

  • avoids large buffers on the stack
  • more configurable for server admins who expect to use larger certs
  • better visibilty for users when a too-large-cert is encountered

This also increases the default maximum exported size from 10KiB to
16KiB.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/mod_gnutls.c

    r999cdec r2aaf4f5  
    181181    "Whether this server has GnuTLS Enabled. Default: Off"),
    182182    AP_INIT_TAKE1("GnuTLSExportCertificates",
    183     mgs_set_export_certificates_enabled,
     183    mgs_set_export_certificates_size,
    184184    NULL,
    185185    RSRC_CONF,
    186     "Whether to export PEM encoded certificates to CGIs. Default: Off"),
     186    "Max size to export PEM encoded certificates to CGIs (or off to disable). Default: off"),
    187187    { NULL },
    188188};
Note: See TracChangeset for help on using the changeset viewer.