# # ChangeLog for / in mod_gnutls # # Generated by Trac 1.2 # Mar 5, 2021, 6:01:57 PM Tue, 14 Jun 2016 18:40:13 GMT Thomas Klute [16ad0eb] * src/Makefile.am (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_util.c (added) * src/gnutls_util.h (added) Perform OCSP request over HTTP Finally the whole stack is there! ... Mon, 13 Jun 2016 05:32:44 GMT Thomas Klute [04addef] * test/test_ca.mk (modified) Test suite: Always lock authority PGP keyring I've occasionally ... Sat, 11 Jun 2016 23:03:01 GMT Thomas Klute [0831437] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro ... Sat, 11 Jun 2016 20:44:52 GMT Thomas Klute [47a909e] * src/gnutls_ocsp.c (modified) Create OCSP requests when updating the cached response Actually ... Sat, 11 Jun 2016 12:20:27 GMT Thomas Klute [6c44ed2] * test/Makefile.am (modified) Test suite: Explicitly link gen_ocsp_index against libgnutls This ... Sat, 11 Jun 2016 00:26:50 GMT Thomas Klute [a372379] * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Store server certificate fingerprint in OCSP config It's not like ... Sat, 11 Jun 2016 00:19:20 GMT Thomas Klute [cc74801e] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Move generated vhost-wide OCSP config into a private structure Sat, 11 Jun 2016 00:06:49 GMT Thomas Klute [6b89353] * include/mod_gnutls.h.in (modified) Remove Lua bytecode variables from directory config structure The ... Fri, 10 Jun 2016 23:39:34 GMT Thomas Klute [5559aa6] * src/gnutls_ocsp.c (modified) Rely on cache for OCSP response expiration With fixed DBM cache ... Fri, 10 Jun 2016 23:30:12 GMT Thomas Klute [11e6205] * src/gnutls_cache.c (modified) dbm_cache_fetch(): Clear data size on allocation failure Memory ... Fri, 10 Jun 2016 19:14:51 GMT Thomas Klute [b2e6406] * src/gnutls_io.c (modified) Safe integer type conversion in mgs_filter_input() Read sizes ... Fri, 10 Jun 2016 16:46:02 GMT Thomas Klute [15b22cb] * src/mod_gnutls.c (modified) Allow compiling with clang Needs just a minimal workaround for an ... Fri, 10 Jun 2016 13:34:08 GMT Thomas Klute [d6834e0] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) OCSP refresh mutex: Prevent parallel requests Add a global mutex ... Fri, 10 Jun 2016 08:16:48 GMT Thomas Klute [aa68232] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Move global cache mutex into the private cache struct Thu, 09 Jun 2016 23:52:23 GMT Thomas Klute [e809fb3] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) Use generic cache functions for OCSP response caching With this, ... Thu, 09 Jun 2016 23:09:22 GMT Thomas Klute [3e22b82] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Add generic store/fetch support to the memcached cache Required to ... Thu, 09 Jun 2016 21:08:30 GMT Thomas Klute [70a1e5a] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Introduce OCSP caching grace time A cached OCSP response must be ... Thu, 09 Jun 2016 18:50:43 GMT Thomas Klute [f450ac9] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_hooks.c (modified) Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no ... Thu, 09 Jun 2016 16:33:30 GMT Thomas Klute [d18afb8] * src/gnutls_cache.c (modified) * src/gnutls_ocsp.c (modified) Ensure that dbm_cache_fetch() does not return expired data The ... Wed, 08 Jun 2016 21:58:24 GMT Thomas Klute [c6572ec] * src/gnutls_ocsp.c (modified) Apply default cache timeout to OCSP responses without nextUpdate Wed, 08 Jun 2016 21:24:15 GMT Thomas Klute [c55902b] * src/gnutls_cache.c (modified) Trigger cache expiration on fetch, small restructuring In a ... Wed, 08 Jun 2016 19:31:29 GMT Thomas Klute [c005645] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Mutex for DBM cache access I noticed that with a DBM cache enabled ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [eb63377] * src/gnutls_ocsp.c (modified) Check only expiration time for OCSP responses from cache Responses ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [366d1a1] * src/gnutls_ocsp.c (modified) Use nextUpdate field of OCSP response to set cache lifetime Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [08817d0] * src/gnutls_ocsp.c (modified) Check OCSP response before caching Only verified responses should ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [368e581] * src/gnutls_ocsp.c (modified) Update OCSP response cache only if response is missing or invalid ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [4bf4ce2] * README (modified) * src/gnutls_ocsp.c (modified) Use GCC builtins to catch overflows with mixed integer types ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [6b4136c] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_ocsp.c (modified) Store OCSP responses in DBM cache before use This is not proper ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [2f932fa] * src/gnutls_cache.c (modified) Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [6814e48] * src/gnutls_cache.c (modified) Explain the different signatures of the dbm_cache functions Sun, 05 Jun 2016 19:42:31 GMT Thomas Klute [15245bf] * src/gnutls_cache.c (modified) Split dbm_cache_fetch() in generic and GnuTLS session specific parts ... Sun, 05 Jun 2016 19:42:31 GMT Thomas Klute [1d1361f] * src/gnutls_cache.c (modified) Make dbm_cache_store() work outside connection context Sun, 05 Jun 2016 19:42:31 GMT Thomas Klute [ae08186] * src/gnutls_cache.c (modified) DBM cache: Separate session caching and generic store operation Sun, 05 Jun 2016 19:42:31 GMT Thomas Klute [f785704] * src/gnutls_cache.c (modified) Make dbm_cache_expire() work outside connection context DBM cache ... Fri, 03 Jun 2016 22:49:21 GMT Thomas Klute [04e6e65] * include/mod_gnutls.h.in (modified) * src/Makefile.am (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (added) * src/gnutls_hooks.c (modified) Move declarations of cache-related functions to a dedicated header ... Fri, 03 Jun 2016 19:33:46 GMT Thomas Klute [379a297] * include/mod_gnutls.h.in (modified) Remove code used only with GnuTLS 2.x Fri, 03 Jun 2016 19:09:41 GMT Thomas Klute [7511bfa] * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Use ap_log_cerror() instead of ap_log_error() where reasonable ... Fri, 03 Jun 2016 19:01:26 GMT Thomas Klute [8913410] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_config.c (modified) * src/gnutls_io.c (modified) * src/mod_gnutls.c (modified) Update copyright headers Fri, 03 Jun 2016 18:31:56 GMT Thomas Klute [c3ad933] * include/mod_gnutls.h.in (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) * src/mod_gnutls.c (modified) Remove stale support code for Apache versions before 2.2 Fri, 03 Jun 2016 14:08:29 GMT Thomas Klute [fd6bb19] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Extract OCSP access URI from the server certificate Wed, 01 Jun 2016 17:01:20 GMT Thomas Klute [4ae7810] * src/gnutls_ocsp.c (modified) Log port along with hostname if OCSP trust list initialization fails Wed, 01 Jun 2016 16:41:29 GMT Thomas Klute [68ce93c] * src/gnutls_ocsp.c (modified) Rearrange mgs_get_ocsp_response() for readability Wed, 01 Jun 2016 16:20:12 GMT Thomas Klute [fad7695] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Store OCSP trust list in server config This avoids recreating the ... Tue, 31 May 2016 22:00:31 GMT Thomas Klute [64856fd] * include/mod_gnutls.h.in (modified) * src/gnutls_hooks.c (modified) Get rid of exit(-1) calls in mgs_hook_post_config() This allows the ... Tue, 31 May 2016 17:12:53 GMT Thomas Klute [2a1ffd6] * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Move trust list generation for OCSP to a separate function The new ... Mon, 30 May 2016 21:21:21 GMT Thomas Klute [d35b98e] * src/gnutls_ocsp.c (modified) Check OCSP response and staple it only if good Mon, 30 May 2016 20:18:32 GMT Thomas Klute [c05780e] * test/test-27_OCSP_server.bash (modified) Proper runtests integration Test fails if runtests failed, avoid ... Mon, 30 May 2016 20:06:12 GMT Thomas Klute [4cc1edc] * test/tests/27_OCSP_server/apache.conf (modified) Remove pointless from test server config Apparently is ... Mon, 30 May 2016 20:03:29 GMT Thomas Klute [20f8e99] * test/Makefile.am (modified) * test/tests/27_OCSP_server/apache.conf (modified) Provide full certificate chain to the server The server will need ... Sun, 29 May 2016 22:06:59 GMT Thomas Klute [94cb972] * include/mod_gnutls.h.in (modified) * src/Makefile.am (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (added) * src/gnutls_ocsp.h (added) * src/mod_gnutls.c (modified) * test/runtests (modified) * test/test-27_OCSP_server.bash (modified) * test/tests/27_OCSP_server/apache.conf (modified) Minimal OCSP stapling implementation using externally provided ... Sun, 29 May 2016 19:38:07 GMT Thomas Klute [b674e95] * CHANGELOG (modified) * Makefile.am (modified) * configure.ac (modified) * m4/apache.m4 (modified) * src/Makefile.am (modified) * src/gnutls_io.c (modified) * test/.gitignore (modified) * test/Makefile.am (modified) * test/base_apache.conf (modified) * test/pgpcrc.c (added) * test/test_ca.mk (modified) Merge version 0.7.5 into ocsp branch Sat, 28 May 2016 12:05:53 GMT Thomas Klute [086cea9] * CHANGELOG (modified) * configure.ac (modified) Release version 0.7.5 Sat, 28 May 2016 00:33:01 GMT Thomas Klute [2b80754] * test/test_ca.mk (modified) Delete target files before exporting PGP certificates GnuPG promts ... Sat, 28 May 2016 00:12:59 GMT Thomas Klute [9e56602] * test/pgpcrc.c (modified) Check for write errors in pgpcrc.c to get rid of build warning Sat, 28 May 2016 00:12:43 GMT Thomas Klute [42829ae] * test/.gitignore (modified) * test/Makefile.am (modified) * test/test_ca.mk (modified) Build pgpcrc through Automake, clean new GnuPG privkey files & ... Sat, 28 May 2016 00:12:05 GMT Thomas Klute [298dc66] * test/test_ca.mk (modified) use --outfile instead of stdio redirection This way, when a command ... Sat, 28 May 2016 00:12:04 GMT Thomas Klute [d70dd6e] * test/Makefile.am (modified) * test/pgpcrc.c (added) * test/test_ca.mk (modified) ensure cleanup of gpg v2.1 keyrings as well depending on the ... Fri, 27 May 2016 20:07:24 GMT Thomas Klute [0bda20f] * Makefile.am (modified) * configure.ac (modified) * m4/apache.m4 (modified) * src/Makefile.am (modified) * test/Makefile.am (modified) Make "make distcheck" work This requires strict DIST/DISTCLEAN ... Fri, 27 May 2016 18:56:21 GMT Thomas Klute [eb34ac4] * src/Makefile.am (modified) * test/base_apache.conf (modified) Let Automake handle module installation Using a custom pkglib ... Fri, 27 May 2016 17:03:46 GMT Thomas Klute [eda8686] * configure.ac (modified) Disable building static libraries Only the dynamic library is used ... Fri, 27 May 2016 16:26:15 GMT Thomas Klute [19f2719] * src/gnutls_io.c (modified) Update comments and formating in push/pull functions Fri, 27 May 2016 16:11:32 GMT Thomas Klute [a9fa300] * src/gnutls_io.c (modified) Set GnuTLS session errno on all error paths in mgs_transport_read() Thu, 26 May 2016 22:00:16 GMT Thomas Klute [6868585] * src/gnutls_io.c (modified) Remove unnecessary session pointer check The transport functions ... Thu, 26 May 2016 21:09:31 GMT Thomas Klute [be41ee4] * src/gnutls_io.c (modified) Set GnuTLS session errno on errors in mgs_transport_write() Sunil ... Mon, 23 May 2016 21:08:25 GMT Thomas Klute [efe884e] * configure.ac (modified) Skip OCSP test with incompatible GnuTLS versions Please see the ... Mon, 23 May 2016 21:08:12 GMT Thomas Klute [c4d6e77] * test/Makefile.am (modified) * test/ocsp-responder.template (modified) * test/ocsp_server.conf (modified) * test/runtests (modified) * test/test-27_OCSP_server.bash (added) * test/tests/27_OCSP_server/apache.conf (added) * test/tests/27_OCSP_server/gnutls-cli.args (added) * test/tests/27_OCSP_server/input (added) * test/tests/27_OCSP_server/output (added) * test/tests/Makefile.am (modified) Test suite: New test case for simple HTTPS access with OCSP status check Mon, 23 May 2016 06:02:29 GMT Thomas Klute [9e309ae] * CHANGELOG (modified) * configure.ac (modified) Merge version 0.7.4 into ocsp Wed, 13 Apr 2016 17:23:41 GMT Thomas Klute [c6cfe6e] * CHANGELOG (modified) * configure.ac (modified) Release version 0.7.4 Mon, 14 Mar 2016 20:19:47 GMT Thomas Klute [a0161fe] * test/client.template.in (modified) * test/server.template.in (modified) * test/test_ca.mk (modified) Test suite: Include OCSP URI in server & client certificates if enabled Mon, 14 Mar 2016 20:05:13 GMT Thomas Klute [21181b2] * configure.ac (modified) * test/Makefile.am (modified) * test/ocsp_server.conf (modified) Test suite: Enable OCSP if OpenSSL is available, provide port for ... Mon, 14 Mar 2016 19:42:50 GMT Thomas Klute [c0c4106] * test/data/ocsp.cgi (added) * test/ocsp_server.conf (added) Test suite: Minimal OCSP responder (CGI script and Apache config snippet) Mon, 14 Mar 2016 18:58:07 GMT Thomas Klute [ea99ffe] * test/Makefile.am (modified) Test suite: Build OCSP database Sun, 13 Mar 2016 21:53:03 GMT Thomas Klute [a03f94e] * test/.gitignore (modified) * test/Makefile.am (modified) * test/ocsp-responder.template (added) Test suite: Build OCSP responder certificate Sat, 12 Mar 2016 00:21:56 GMT Thomas Klute [42bee37] * configure.ac (modified) * test/.gitignore (modified) * test/Makefile.am (modified) * test/cert_helper.c (added) * test/cert_helper.h (added) * test/gen_ocsp_index.c (added) Test suite: OCSP index generation tool gen_ocsp_index creates an ... Fri, 11 Mar 2016 20:25:27 GMT Thomas Klute [28fc74b] * test/runtests (modified) Capture full gnutls-cli output in test logs Copying instead of ... Thu, 10 Mar 2016 20:15:20 GMT Thomas Klute [5725dca] * test/Makefile.am (modified) * test/test_ca.mk (modified) Test suite: Consistent use of @VAR@ vs. $(VAR) Makefile.am will ... Thu, 10 Mar 2016 11:32:34 GMT Thomas Klute [aeaf28b] * configure.ac (modified) * test/Makefile.am (modified) * test/softhsm.bash (modified) Allow user to set SoftHSM PKCS #11 module Users may want to use a ... Sat, 13 Feb 2016 02:20:46 GMT Thomas Klute [b0e5dae] * configure.ac (modified) * test/Makefile.am (modified) * test/test-24_pkcs11_cert.bash (modified) * test/test_ca.mk (modified) Test suite: Add support for SoftHSM 2 ./configure now detects ... Sat, 13 Feb 2016 01:40:37 GMT Thomas Klute [6f644fa] * test/Makefile.am (modified) * test/server-softhsm.conf (deleted) * test/test_ca.mk (modified) Test suite: Generate SoftHSM config for initialization as needed Sat, 13 Feb 2016 01:24:35 GMT Thomas Klute [74772b2] * configure.ac (modified) * test/Makefile.am (modified) Define autoconf/automake variables to handle different SoftHSM versions Sat, 13 Feb 2016 01:09:19 GMT Thomas Klute [5eb4544] * configure.ac (modified) * test/Makefile.am (modified) * test/softhsm.bash (modified) * test/test_ca.mk (modified) * test/tests/24_pkcs11_cert/apache.conf (modified) Test suite: Search SoftHSM during ./configure, detect module for v1 ... Fri, 12 Feb 2016 20:45:29 GMT Thomas Klute [d84f0f7] * test/test-26_redirect_HTTP_to_HTTPS.bash (modified) Test 26_redirect_HTTP_to_HTTPS: Add --verbose option when using curl ... Fri, 12 Feb 2016 12:00:23 GMT Thomas Klute [f0923c4] * CHANGELOG (modified) * configure.ac (modified) Release version 0.7.3 Fri, 12 Feb 2016 00:15:39 GMT Thomas Klute [67f2f58] * configure.ac (modified) * test/Makefile.am (modified) * test/test-26_redirect_HTTP_to_HTTPS.bash (modified) Support curl or Wget for test case "26_redirect_HTTP_to_HTTPS" Thu, 11 Feb 2016 23:42:18 GMT Thomas Klute [5aae10e] * configure.ac (modified) configure.ac: Better wording for network and user namespace creation ... Thu, 11 Feb 2016 20:22:15 GMT Thomas Klute [7c0ccaf] * test/Makefile.am (modified) * test/test-26_redirect_HTTP_to_HTTPS.bash (moved) * test/tests/26_redirect_HTTP_to_HTTPS/apache.conf (moved) * test/tests/Makefile.am (modified) Rename test "26_HTTPS_server_var" to "redirect_HTTP_to_HTTPS" The ... Thu, 11 Feb 2016 19:55:48 GMT Thomas Klute [a038290] * test/test-26_HTTPS_server_var.bash (modified) Set the correct PID file in test-26_HTTPS_server_var.bash Thu, 11 Feb 2016 19:48:07 GMT Thomas Klute [8ac7c0d] * configure.ac (modified) * src/mod_gnutls.c (modified) * test/Makefile.am (modified) * test/README (modified) * test/test-26_HTTPS_server_var.bash (added) * test/tests/26_HTTPS_server_var/apache.conf (added) * test/tests/Makefile.am (modified) Register "ssl_is_https" function for compatibility with mod_rewrite ... Thu, 11 Feb 2016 17:20:12 GMT Thomas Klute [7aeabcb] * test/Makefile.am (modified) * test/README (modified) Update documentation for test certificate generation Add hint about ... Tue, 02 Feb 2016 22:23:23 GMT Thomas Klute [06f8005] * test/Makefile.am (modified) * test/tests/Makefile.am (modified) Test suite: Fix file lists for distribution archive creation Tue, 02 Feb 2016 22:11:14 GMT Thomas Klute [db6bac4] * test/test-24_pkcs11_cert.bash (modified) * test/tests/24_pkcs11_cert/softhsm.conf.in (deleted) * test/tests/Makefile.am (modified) PKCS #11 test case: Generate temporary SoftHSM config from here- ... Tue, 02 Feb 2016 07:28:43 GMT Thomas Klute [5d9f34e] * configure.ac (modified) * test/README (modified) configure: Check if flock supports --timeout This builds on the ... Tue, 02 Feb 2016 07:15:01 GMT Thomas Klute [1bb6b1c] * configure.ac (modified) configure: Fix "not available" case in check for unshare The ... Tue, 02 Feb 2016 06:31:12 GMT Thomas Klute [d7c2508] * configure.ac (modified) configure: Run "ip addr show" only if network could be started ... Sat, 30 Jan 2016 22:44:19 GMT Thomas Klute [dc55c77] * test/tests/16_view-status/gnutls-cli.args (modified) * test/tests/16_view-status/output (modified) Test suite: Update priorities in status test for GnuTLS 3.4 ... Sat, 30 Jan 2016 21:45:41 GMT Thomas Klute [c0bb823] * test/.gitignore (modified) * test/Makefile.am (modified) * test/rogueclient.template.in (added) * test/test_ca.mk (modified) * test/tests/18_client_verification_wrong_cert/gnutls-cli.args (modified) Test suite: Create rogue client certificate for client auth test ... Thu, 28 Jan 2016 20:03:36 GMT Thomas Klute [4d2d182] * test/common.bash (modified) Test suite: Switch to non-root user namespace before running Apache ... Thu, 28 Jan 2016 19:46:58 GMT Thomas Klute [b21bf4f] * configure.ac (modified) * test/README (modified) configure: Check if creating namespaces is possible Some Linux ... Thu, 28 Jan 2016 00:13:12 GMT Thomas Klute [29d3311] * test/Makefile.am (modified) * test/test-25_Disable_TLS_1.0.bash (added) * test/tests/25_Disable_TLS_1.0/apache.conf (added) * test/tests/25_Disable_TLS_1.0/fail.client (added) * test/tests/25_Disable_TLS_1.0/gnutls-cli.args (added) * test/tests/25_Disable_TLS_1.0/input (added) New test case regarding priorities: Disable TLS 1.0 This test case ... Wed, 27 Jan 2016 17:30:40 GMT Thomas Klute [bc539d5] * src/gnutls_hooks.c (modified) * test/tests/16_view-status/output (modified) Implement short message for mod_status reports Until now the flags ...