# # ChangeLog for / in mod_gnutls # # Generated by Trac 1.2 # Jan 22, 2021, 2:21:32 AM Sun, 19 Feb 2017 21:58:07 GMT Thomas Klute [0b83b21] * include/mod_gnutls.h.in (modified) Remove two left-over function declarations for Lua auth handling ... Sun, 19 Feb 2017 18:04:07 GMT Thomas Klute [b0e4ce6] * configure.ac (modified) configure.ac: Log values of CFLAGS and LDFLAGS for GnuTLS ... Sun, 19 Feb 2017 17:57:56 GMT Thomas Klute [6135393] * configure.ac (modified) Do not treat warnings about deprecated declarations as errors ... Sun, 12 Feb 2017 12:24:54 GMT Thomas Klute [37beb92] * configure.ac (modified) * test/apache-conf/netns.conf.in (modified) Test suite: Do not explicitly set the mutex type to "default" The ... Sat, 11 Feb 2017 14:58:38 GMT Thomas Klute [fb4da99] * test/runtests (modified) Test suite: Log the HTTPD build configuration if VERBOSE is enabled Wed, 08 Feb 2017 12:27:17 GMT Thomas Klute [4ae5b82] * configure.ac (modified) * test/proxy_backend.bash (modified) * test/runtests (modified) Check if flock supports --verbose Some old versions of flock do not ... Mon, 06 Feb 2017 17:05:25 GMT Thomas Klute [6c030c1] * configure.ac (modified) * test/Makefile.am (modified) * test/README (modified) * test/runtests (modified) Test suite: Make timeouts for server locks and HTTPS requests ... Mon, 06 Feb 2017 16:11:47 GMT Thomas Klute [bbfcbb5] * test/runtests (modified) Test suite: Log if a process to be stopped by PID file is not running ... Mon, 06 Feb 2017 14:49:50 GMT Thomas Klute [8184ad0] * test/proxy_backend.bash (modified) * test/runtests (modified) Test suite: Run flock with "--verbose" to log timeouts Mon, 06 Feb 2017 12:49:47 GMT Thomas Klute [26ae700] * test/tests/06_verify_sni_a/apache.conf (modified) * test/tests/07_verify_sni_b/apache.conf (modified) * test/tests/08_verify_no_sni_fallback_to_first_vhost/apache.conf (modified) * test/tests/09_verify_no_sni_fails_with_wrong_order/apache.conf (modified) Test suite: Remove NameVirtualHost directives According to the ... Sun, 22 Jan 2017 17:45:57 GMT Thomas Klute [d39ea18] * test/runtests (modified) Test suite: Do not continue test case if Apache instance fails to ... Sun, 08 Jan 2017 14:14:59 GMT Thomas Klute [0202d6b] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.2 Sun, 08 Jan 2017 14:00:28 GMT Thomas Klute [10d9053] * test/gen_ocsp_index.c (modified) * test/server.template.in (modified) * test/test-27_OCSP_server.bash (modified) Test suite, gen_ocsp_index.c: Handle serial as fixed order byte array ... Thu, 22 Dec 2016 21:10:07 GMT Thomas Klute [0a12ff8] * test/runtests (modified) Test suite: Ensure CRLF line ends in HTTP headers Debian Sid ... Tue, 20 Dec 2016 22:06:32 GMT Thomas Klute [154db29] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.1 Tue, 20 Dec 2016 21:37:33 GMT Thomas Klute [5ac4bbe] * src/gnutls_cache.c (modified) * src/gnutls_util.c (modified) Use APR_SIZE_T_FMT macro for portable apr_size_t formatting The ... Sun, 11 Dec 2016 22:13:25 GMT Thomas Klute [677754f] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.0 Fri, 09 Dec 2016 23:51:35 GMT Thomas Klute [c22af3a] * doc/mod_gnutls_manual.mdwn (modified) Handbook: List Berkeley DB and GDBM as equal options for DBM caches ... Thu, 08 Dec 2016 07:06:05 GMT Thomas Klute [251edfe] * README (modified) Mention Doxygen documentation in README Tue, 06 Dec 2016 22:46:44 GMT Thomas Klute [08b821a] * src/gnutls_io.c (modified) gnutls_io.c: API documentation Tue, 06 Dec 2016 21:18:20 GMT Thomas Klute [e0e0b0f] * doc/doxygen.conf.in (modified) Include memcached cache functions in Doxygen documentation, if enabled Tue, 06 Dec 2016 07:13:55 GMT Thomas Klute [104e881] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/gnutls_util.c (modified) * src/gnutls_util.h (modified) * src/mod_gnutls.c (modified) General comment updates for Doxygen compatibility Mostly /* */ vs. ... Mon, 05 Dec 2016 21:02:30 GMT Thomas Klute [14548b9] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Update comments in gnutls_cache.(c|h) to work with Doxygen Mon, 05 Dec 2016 20:58:26 GMT Thomas Klute [d4d066f] * doc/doxygen.conf.in (modified) Enable automatic brief descriptions in Doxygen documentation Mon, 05 Dec 2016 19:30:06 GMT Thomas Klute [9a18e30] * Makefile.am (modified) * configure.ac (modified) * doc/.gitignore (modified) * doc/doxygen.conf.in (added) * m4/ax_prog_doxygen.m4 (added) Support basic Doxygen calls Doxygen targets are included in the ... Mon, 14 Nov 2016 19:12:53 GMT Thomas Klute [e1c094c] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) * test/tests/27_OCSP_server/apache.conf (modified) Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring ... Tue, 01 Nov 2016 12:26:04 GMT Thomas Klute [b26a792] * CHANGELOG (modified) * configure.ac (modified) Beta release version 0.8.0-beta Tue, 01 Nov 2016 11:20:42 GMT Thomas Klute [b888e8b] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces ... Tue, 01 Nov 2016 11:20:26 GMT Thomas Klute [b34a67e] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Add example ocsptool command for response file creation Mon, 31 Oct 2016 22:30:14 GMT Thomas Klute [3475e62] * include/mod_gnutls.h.in (modified) * src/mod_gnutls.c (modified) Remove EXPERIMENTAL mark for OCSP from internal documentation Sun, 30 Oct 2016 21:43:03 GMT Thomas Klute [c39ae1a] * src/Makefile.am (modified) * src/gnutls_cache.c (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (added) * src/gnutls_ocsp.c (modified) Initialize OCSP timeouts with an "unset" value The configuration ... Sun, 30 Oct 2016 21:01:42 GMT Thomas Klute [0cd8f3d] * doc/mod_gnutls_manual.mdwn (modified) Update OCSP stapling documentation Sat, 29 Oct 2016 23:00:04 GMT Thomas Klute [444e6ed] * doc/mod_gnutls_manual.mdwn (modified) Fix documentation of GnuTLSCacheTimeout GnuTLSCacheTimeout has ... Sat, 29 Oct 2016 17:40:03 GMT Thomas Klute [ef107fd] * src/gnutls_ocsp.c (modified) Remove TODO for OCSP requests without nonces Ideally all OCSP ... Thu, 27 Oct 2016 22:21:05 GMT Thomas Klute [0a02378] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.h (modified) Style fixes for OCSP related time differences * Consistently use ... Thu, 27 Oct 2016 21:50:18 GMT Thomas Klute [333bbc7] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) Configurable OCSP socket timeout Stalled OCSP requests must time ... Fri, 21 Oct 2016 22:40:02 GMT Thomas Klute [c6dda6d] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Rate limit OCSP requests Retries after failed OCSP requests must be ... Fri, 21 Oct 2016 05:47:12 GMT Thomas Klute [d26fa55] * src/gnutls_config.c (modified) Allow GnuTLSOCSPGraceTime in virtual host context mgs_set_timeout ... Thu, 13 Oct 2016 19:23:21 GMT Thomas Klute [3f0b470] * src/gnutls_ocsp.c (modified) Macro for the OCSP socket timeout Tue, 21 Jun 2016 17:50:30 GMT Thomas Klute [4bc17ae] * CHANGELOG (modified) * configure.ac (modified) Alpha release version 0.8.0-alpha Mon, 20 Jun 2016 19:57:43 GMT Thomas Klute [8a0da86] * src/gnutls_ocsp.c (modified) Adjust log levels for OCSP cache updates Mon, 20 Jun 2016 19:50:22 GMT Thomas Klute [9c456a9] * src/gnutls_cache.c (modified) Clean up cache logging * Demote ordinary cache store/fetch ... Mon, 20 Jun 2016 19:23:21 GMT Thomas Klute [df49a2d] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Sort options into subsections Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [c3c96ca] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Update and simplify description of GnuTLSPriorities The ... Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [fc124e9] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Update configuration examples * Replaced old example ... Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [743e31f] * doc/mod_gnutls_manual.mdwn (modified) Documentation: Use "TLS" as the generic term instead of "SSL" Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [e9ef72c] * doc/mod_gnutls_manual.mdwn (modified) * src/gnutls_hooks.c (modified) Disable GnuTLSSessionTickets by default as described in handbook ... Mon, 20 Jun 2016 18:50:50 GMT Thomas Klute [5a5032f] * doc/mod_gnutls_manual.mdwn (modified) Documentation for OCSP stapling options Sat, 18 Jun 2016 22:13:27 GMT Thomas Klute [4c529de] * README (modified) * configure.ac (modified) Update Apache and GnuTLS version dependencies Sat, 18 Jun 2016 21:30:05 GMT Thomas Klute [3725f2d] * configure.ac (modified) Disable OCSP test for GnuTLS 3.5.0 Since 3.5.1 has been released, ... Sat, 18 Jun 2016 21:21:07 GMT Thomas Klute [f1147b6] * src/gnutls_ocsp.c (modified) OCSP post config: Ensure OCSP URI or response file are set If the ... Sat, 18 Jun 2016 19:18:36 GMT Thomas Klute [ef06c74] * src/gnutls_ocsp.c (modified) * src/gnutls_util.c (modified) Compatibility code for GCC version < 5 The __builtin_add_overflow() ... Sat, 18 Jun 2016 18:58:28 GMT Thomas Klute [ac3f500] * src/gnutls_cache.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is ... Fri, 17 Jun 2016 11:13:57 GMT Thomas Klute [87d507b] * src/gnutls_hooks.c (modified) Overwrite session ticket key before releasing it Private key ... Thu, 16 Jun 2016 22:49:25 GMT Thomas Klute [78b75b3] * include/mod_gnutls.h.in (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Restore GnuTLSOCSPResponseFile option Using an externally updated ... Thu, 16 Jun 2016 22:47:53 GMT Thomas Klute [a784735] * test/test-27_OCSP_server.bash (modified) Test 27_OCSP_server: Check if gnutls-cli received a stapled OCSP response Thu, 16 Jun 2016 22:47:09 GMT Thomas Klute [4d4a406] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) * test/tests/27_OCSP_server/apache.conf (modified) New config option: GnuTLSOCSPStapling This flag option ... Thu, 16 Jun 2016 19:37:30 GMT Thomas Klute [70d014b] * src/gnutls_config.c (modified) Remove FIXME comment about releasing config structures: Done! Thu, 16 Jun 2016 18:32:02 GMT Thomas Klute [b8700b0] * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Deinit proxy credentials on config pool cleanup Thu, 16 Jun 2016 18:28:40 GMT Thomas Klute [02eabe7] * src/gnutls_hooks.c (modified) TLS Proxy: Fix memory leak while logging certificate status The ... Thu, 16 Jun 2016 08:36:12 GMT Thomas Klute [f265001] * src/gnutls_hooks.c (modified) Bind temporary pool in load_proxy_x509_credentials() to ptemp scope ... Wed, 15 Jun 2016 23:32:50 GMT Thomas Klute [7e7d328] * src/gnutls_config.c (modified) Deinit PGP certificate on config pool cleanup Wed, 15 Jun 2016 23:27:39 GMT Thomas Klute [44e8944] * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Allocate memory for X.509 and PGP certificates only when needed Wed, 15 Jun 2016 22:12:50 GMT Thomas Klute [eee1432] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' ... Wed, 15 Jun 2016 22:02:00 GMT Thomas Klute [45b7b83] * src/gnutls_config.c (modified) Deinit PGP private key and keyring on config pool cleanup Wed, 15 Jun 2016 18:20:43 GMT Thomas Klute [db9ef68] * src/gnutls_config.c (modified) Deinit client CA list on config pool cleanup Wed, 15 Jun 2016 17:32:14 GMT Thomas Klute [81433f1] * src/gnutls_config.c (modified) Reformat mgs_load_files() This commit changes only whitespace and ... Wed, 15 Jun 2016 17:32:14 GMT Thomas Klute [e2ba939] * src/gnutls_config.c (modified) Prevent memory leaks in post_conf hook Valgrind indicated memory ... Tue, 14 Jun 2016 22:41:53 GMT Thomas Klute [317b569] * test/data/ocsp.cgi (modified) Make the response validity period of the test responder configurable Tue, 14 Jun 2016 20:57:36 GMT Thomas Klute [894efd0] * src/gnutls_ocsp.c (modified) Check OCSP response nonce Tue, 14 Jun 2016 19:38:18 GMT Thomas Klute [82745d1] * src/gnutls_ocsp.c (modified) Fix memory usage issues * Use-after-free of the OCSP request in ... Tue, 14 Jun 2016 18:40:13 GMT Thomas Klute [16ad0eb] * src/Makefile.am (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_util.c (added) * src/gnutls_util.h (added) Perform OCSP request over HTTP Finally the whole stack is there! ... Mon, 13 Jun 2016 05:32:44 GMT Thomas Klute [04addef] * test/test_ca.mk (modified) Test suite: Always lock authority PGP keyring I've occasionally ... Sat, 11 Jun 2016 23:03:01 GMT Thomas Klute [0831437] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro ... Sat, 11 Jun 2016 20:44:52 GMT Thomas Klute [47a909e] * src/gnutls_ocsp.c (modified) Create OCSP requests when updating the cached response Actually ... Sat, 11 Jun 2016 12:20:27 GMT Thomas Klute [6c44ed2] * test/Makefile.am (modified) Test suite: Explicitly link gen_ocsp_index against libgnutls This ... Sat, 11 Jun 2016 00:26:50 GMT Thomas Klute [a372379] * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Store server certificate fingerprint in OCSP config It's not like ... Sat, 11 Jun 2016 00:19:20 GMT Thomas Klute [cc74801e] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Move generated vhost-wide OCSP config into a private structure Sat, 11 Jun 2016 00:06:49 GMT Thomas Klute [6b89353] * include/mod_gnutls.h.in (modified) Remove Lua bytecode variables from directory config structure The ... Fri, 10 Jun 2016 23:39:34 GMT Thomas Klute [5559aa6] * src/gnutls_ocsp.c (modified) Rely on cache for OCSP response expiration With fixed DBM cache ... Fri, 10 Jun 2016 23:30:12 GMT Thomas Klute [11e6205] * src/gnutls_cache.c (modified) dbm_cache_fetch(): Clear data size on allocation failure Memory ... Fri, 10 Jun 2016 19:14:51 GMT Thomas Klute [b2e6406] * src/gnutls_io.c (modified) Safe integer type conversion in mgs_filter_input() Read sizes ... Fri, 10 Jun 2016 16:46:02 GMT Thomas Klute [15b22cb] * src/mod_gnutls.c (modified) Allow compiling with clang Needs just a minimal workaround for an ... Fri, 10 Jun 2016 13:34:08 GMT Thomas Klute [d6834e0] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) OCSP refresh mutex: Prevent parallel requests Add a global mutex ... Fri, 10 Jun 2016 08:16:48 GMT Thomas Klute [aa68232] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Move global cache mutex into the private cache struct Thu, 09 Jun 2016 23:52:23 GMT Thomas Klute [e809fb3] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) Use generic cache functions for OCSP response caching With this, ... Thu, 09 Jun 2016 23:09:22 GMT Thomas Klute [3e22b82] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Add generic store/fetch support to the memcached cache Required to ... Thu, 09 Jun 2016 21:08:30 GMT Thomas Klute [70a1e5a] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Introduce OCSP caching grace time A cached OCSP response must be ... Thu, 09 Jun 2016 18:50:43 GMT Thomas Klute [f450ac9] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_hooks.c (modified) Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no ... Thu, 09 Jun 2016 16:33:30 GMT Thomas Klute [d18afb8] * src/gnutls_cache.c (modified) * src/gnutls_ocsp.c (modified) Ensure that dbm_cache_fetch() does not return expired data The ... Wed, 08 Jun 2016 21:58:24 GMT Thomas Klute [c6572ec] * src/gnutls_ocsp.c (modified) Apply default cache timeout to OCSP responses without nextUpdate Wed, 08 Jun 2016 21:24:15 GMT Thomas Klute [c55902b] * src/gnutls_cache.c (modified) Trigger cache expiration on fetch, small restructuring In a ... Wed, 08 Jun 2016 19:31:29 GMT Thomas Klute [c005645] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Mutex for DBM cache access I noticed that with a DBM cache enabled ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [eb63377] * src/gnutls_ocsp.c (modified) Check only expiration time for OCSP responses from cache Responses ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [366d1a1] * src/gnutls_ocsp.c (modified) Use nextUpdate field of OCSP response to set cache lifetime Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [08817d0] * src/gnutls_ocsp.c (modified) Check OCSP response before caching Only verified responses should ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [368e581] * src/gnutls_ocsp.c (modified) Update OCSP response cache only if response is missing or invalid ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [4bf4ce2] * README (modified) * src/gnutls_ocsp.c (modified) Use GCC builtins to catch overflows with mixed integer types ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [6b4136c] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_ocsp.c (modified) Store OCSP responses in DBM cache before use This is not proper ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [2f932fa] * src/gnutls_cache.c (modified) Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR ...