# # ChangeLog for / in mod_gnutls # # Generated by Trac 1.2 # Apr 20, 2021, 6:39:18 PM Thu, 19 Apr 2018 19:23:24 GMT Fiona Klute [3d30543] * src/gnutls_ocsp.c (modified) Write failure cache entries from asynchronous OCSP updates This ... Thu, 19 Apr 2018 19:22:11 GMT Fiona Klute [61e802c] * src/gnutls_ocsp.c (modified) Simplify mgs_async_ocsp_update Always use OCSP mutex for updates, ... Thu, 19 Apr 2018 19:20:16 GMT Fiona Klute [3c475e0] * src/mod_gnutls.c (modified) Ensure that mod_gnutls child_init runs before mod_watchdog's Our ... Thu, 19 Apr 2018 19:09:31 GMT Fiona Klute [103cafa] * src/gnutls_ocsp.c (modified) Remove extra "OCSP failed" log entry while writing failure to cache ... Thu, 19 Apr 2018 19:09:04 GMT Fiona Klute [a85de63] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_ocsp.c (modified) Make cache_fetch_func work without a connection context This is ... Thu, 19 Apr 2018 18:50:49 GMT Fiona Klute [c34a68b] * src/gnutls_cache.c (modified) dbm_cache_fetch: Prepare for signature without connection context ... Thu, 19 Apr 2018 18:49:53 GMT Fiona Klute [3656df0] * src/gnutls_ocsp.c (modified) mgs_cache_ocsp_failure: Make expiry timeout an argument A failure ... Thu, 19 Apr 2018 18:47:40 GMT Fiona Klute [6945efb] * src/gnutls_cache.c (modified) mc_cache_fetch: Don't require a connection context Thu, 19 Apr 2018 18:46:25 GMT Fiona Klute [3381559] * src/gnutls_ocsp.c (modified) Adjust intervals for async OCSP updates based on cache expiry or failure Thu, 19 Apr 2018 18:45:18 GMT Fiona Klute [0cdfb19] * src/gnutls_watchdog.h (modified) Documentation for mgs_new_singleton_watchdog Thu, 19 Apr 2018 18:44:26 GMT Fiona Klute [a467635] * src/gnutls_ocsp.c (modified) Enable asynchronous OCSP updates Asynchronous updates are always ... Thu, 19 Apr 2018 18:13:09 GMT Fiona Klute [506e64a] * src/gnutls_ocsp.c (modified) Optionally return cache expiry time when caching an OCSP response ... Thu, 19 Apr 2018 18:11:52 GMT Fiona Klute [0e3f8c6] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Create module-wide singleton watchdog during post_config Thu, 19 Apr 2018 18:09:17 GMT Fiona Klute [5c62a6a] * include/mod_gnutls.h.in (modified) mod_gnutls.h.in: Remove outdated comment Thu, 19 Apr 2018 18:08:30 GMT Fiona Klute [4aa63a4] * src/Makefile.am (modified) * src/gnutls_watchdog.c (added) * src/gnutls_watchdog.h (added) * src/mod_gnutls.c (modified) Infrastructure for mod_watchdog support Asynchronous OCSP cache ... Fri, 13 Apr 2018 20:43:52 GMT Fiona Klute [e00a037] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.4 Wed, 11 Apr 2018 19:50:49 GMT Fiona Klute [d60ff7b] * README (modified) * configure.ac (modified) Require Apache HTTPD 2.4.17 or newer In older versions ... Wed, 11 Apr 2018 17:59:41 GMT Fiona Klute [e9e89b4] * test/test-26_redirect_HTTP_to_HTTPS.bash (modified) Clean up outdated comment/naming in test- 26_redirect_HTTP_to_HTTPS.bash Wed, 11 Apr 2018 17:16:04 GMT Fiona Klute [3c123cd] * CHANGELOG (modified) * README (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/gnutls_util.c (modified) * src/gnutls_util.h (modified) * src/mod_gnutls.c (modified) * test/README (modified) * test/cert_helper.c (modified) * test/cert_helper.h (modified) * test/data/ocsp.cgi (modified) * test/gen_ocsp_index.c (modified) * test/gnutls_openpgp_support.c (modified) * test/runtests (modified) * test/test_ca.mk (modified) Update my name, prepare changelog for the next release Wed, 11 Apr 2018 16:50:37 GMT Fiona Klute [d50dac5] * test/Makefile.am (modified) * test/test-28_HTTP2_support.bash (added) * test/tests/28_HTTP2_support/apache.conf (added) * test/tests/Makefile.am (modified) New test case for HTTP/2 support Wed, 11 Apr 2018 05:41:07 GMT Fiona Klute [9cee2e9] * src/gnutls_hooks.c (modified) Support ALPN (required for secure HTTP/2) Tue, 10 Apr 2018 16:48:05 GMT Fiona Klute [2f10643] * src/gnutls_hooks.c (modified) Consider secondary connections (like mod_http2 streams) in hooks ... Tue, 10 Apr 2018 16:18:26 GMT Fiona Klute [e7cf823] * include/mod_gnutls.h.in (modified) * src/gnutls_hooks.c (modified) * src/mod_gnutls.c (modified) Add process_connection hook, adjust hook order for mod_http2 ... Tue, 10 Apr 2018 06:30:52 GMT Fiona Klute [4cdd4fd] * include/mod_gnutls.h.in (modified) * src/mod_gnutls.c (modified) Implement ssl_var_lookup function (subset of mod_ssl implementation) ... Mon, 09 Apr 2018 06:52:27 GMT Fiona Klute [23e98b3] * include/mod_gnutls.h.in (modified) * src/mod_gnutls.c (modified) Implement ssl_engine_set as introduced by mod_ssl in Apache 2.4.33 Mon, 09 Apr 2018 06:24:59 GMT Fiona Klute [235e109] * src/gnutls_hooks.c (modified) * src/gnutls_util.c (modified) * src/gnutls_util.h (modified) * src/mod_gnutls.c (modified) Unify initialization of mod_gnutls connection context Wed, 13 Dec 2017 06:25:00 GMT Thomas Klute [fe21671] * src/mod_gnutls.c (modified) ssl_engine_disable(): Remove mod_gnutls filters, not first in chain Tue, 05 Dec 2017 18:18:49 GMT Thomas Klute [1de1026] * src/gnutls_ocsp.c (modified) mgs_get_ocsp_response(): Separate mgs_srvconf_rec* variable for ... Tue, 05 Dec 2017 07:57:35 GMT Thomas Klute [994a5fb] * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) Do not reconfigure OCSP status callback on each connection The ... Fri, 20 Oct 2017 11:58:26 GMT Thomas Klute [2a912c3] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.3 Fri, 20 Oct 2017 11:55:41 GMT Thomas Klute [54d07a1] * src/gnutls_hooks.c (modified) Do not announce (unused) session ticket support on proxy connections ... Tue, 17 Oct 2017 18:49:17 GMT Thomas Klute [265159d] * include/mod_gnutls.h.in (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Send SNI for proxy connections Mon, 16 Oct 2017 05:53:37 GMT Thomas Klute [321912b] * test/runtests (modified) * test/test-27_OCSP_server.bash (modified) Test suite: Start OCSP responder from runtests if config exists Thu, 12 Oct 2017 16:54:14 GMT Thomas Klute [ee94de5] * test/Makefile.am (modified) * test/test_ca.mk (modified) Test suite: Clean up for current GnuPG versions Newer GnuPG ... Wed, 11 Oct 2017 17:20:05 GMT Thomas Klute [acea635] * test/Makefile.am (modified) Test suite: Wait for Apache shutdown before "distclean" check Wed, 11 Oct 2017 16:35:37 GMT Thomas Klute [1872744] * test/Makefile.am (modified) * test/apache_service.bash (moved) * test/runtests (modified) * test/test-26_redirect_HTTP_to_HTTPS.bash (modified) * test/test-27_OCSP_server.bash (modified) Test suite: Rename bash function backend_apache to apache_service Wed, 11 Oct 2017 06:25:39 GMT Thomas Klute [b28158c] * test/runtests (modified) * test/test-19_TLS_reverse_proxy.bash (modified) * test/test-20_TLS_reverse_proxy_client_auth.bash (modified) * test/test-21_TLS_reverse_proxy_wrong_cert.bash (modified) * test/test-22_TLS_reverse_proxy_crl_revoke.bash (modified) * test/test-23_TLS_reverse_proxy_mismatched_priorities.bash (modified) Test suite: Start proxy backend server from runtests if config exists ... Wed, 11 Oct 2017 05:46:30 GMT Thomas Klute [c9e4709] * test/proxy_backend.bash (modified) Test suite: Use dir argument instead of "testdir" env in backend_apache Tue, 10 Oct 2017 18:34:18 GMT Thomas Klute [967bf9b] * configure.ac (modified) Test suite: Prevent duplicate "Listen" on OCSP_PORT Tue, 10 Oct 2017 17:37:04 GMT Thomas Klute [97d7c63] * test/Makefile.am (modified) * test/proxy_backend.bash (modified) * test/proxy_backend.conf.in (modified) * test/tests/19_TLS_reverse_proxy/backend.conf (modified) * test/tests/20_TLS_reverse_proxy_client_auth/backend.conf (modified) * test/tests/21_TLS_reverse_proxy_wrong_cert/backend.conf (modified) * test/tests/22_TLS_reverse_proxy_crl_revoke/backend.conf (modified) * test/tests/23_TLS_reverse_proxy_mismatched_priorities/backend.conf (modified) Test suite: Port config for proxy backend in Makefile and Apache ... Tue, 10 Oct 2017 16:41:18 GMT Thomas Klute [e00d91a] * test/runtests (modified) Test suite: Use TEST_LOCK instead of constant TEST_PID in runtests ... Tue, 10 Oct 2017 16:32:13 GMT Thomas Klute [94430e6] * configure.ac (modified) * test/.gitignore (modified) * test/Makefile.am (modified) * test/ocsp_server.conf.in (moved) * test/proxy_backend.bash (modified) * test/test-26_redirect_HTTP_to_HTTPS.bash (modified) * test/test-27_OCSP_server.bash (modified) * test/tests/27_OCSP_server/apache.conf (modified) * test/tests/27_OCSP_server/ocsp.conf (added) * test/tests/Makefile.am (modified) Test suite: Run a separate Apache instance for the OCSP responder ... Sun, 01 Oct 2017 16:24:01 GMT Thomas Klute [a09df8c] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Update RFC reference for SNI Sun, 17 Sep 2017 17:11:32 GMT Thomas Klute [2ae1c3c] * CHANGELOG (modified) Update changelog with changes since 0.8.2 Sun, 17 Sep 2017 17:01:23 GMT Thomas Klute [98cf33f] * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Rewrite SNI handler to accept long names and ignore unknown name ... Sun, 17 Sep 2017 15:06:44 GMT Thomas Klute [017ef2d] * src/gnutls_hooks.c (modified) Cleanup of post client hello and SNI handling functions * Get ... Sat, 16 Sep 2017 21:12:54 GMT Thomas Klute [cebb74a] * src/gnutls_io.c (modified) Remove broken SNI/session resumption workaround By specification, ... Thu, 14 Sep 2017 21:09:11 GMT Thomas Klute [e389b85] * src/gnutls_hooks.c (modified) Remove obsolete global GnuTLS (de)init calls These calls have been ... Mon, 11 Sep 2017 20:53:37 GMT Thomas Klute [732c5733] * doc/mod_gnutls_manual.mdwn (modified) Fix description of environment variable "SSL_CLIENT_I_DN" (issuer DN) Mon, 11 Sep 2017 06:29:42 GMT Thomas Klute [cdc6e4a] * test/proxy_backend.bash (modified) * test/runtests (modified) Choose flock or PID wait based on availability, not file parameter ... Wed, 05 Jul 2017 20:31:34 GMT Thomas Klute [b8b1990] * test/Makefile.am (modified) * test/ffdhe3072.pem (added) * test/tests/12_cgi_variables/apache.conf (modified) * test/tests/12_cgi_variables/output (modified) * test/tests/17_cgi_vars_large_cert/apache.conf (modified) * test/tests/17_cgi_vars_large_cert/output (modified) Use fixed DH parameters for tests that log DH prime length in CGI ... Wed, 05 Jul 2017 17:16:09 GMT Thomas Klute [f4deac5] * doc/mod_gnutls_manual.mdwn (modified) * src/gnutls_hooks.c (modified) Warn users about OpenPGP deprecation OpenPGP support has been ... Wed, 05 Jul 2017 16:48:44 GMT Thomas Klute [bd6591f] * doc/mod_gnutls_manual.mdwn (modified) Update documentation of the GnuTLSDHFile option Wed, 05 Jul 2017 05:47:32 GMT Thomas Klute [a2b4ab6] * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Use GnuTLS known DH parameters If the user does not configure the ... Tue, 27 Jun 2017 17:02:55 GMT Thomas Klute [92ac36e] * src/gnutls_hooks.c (modified) Remove dead code in DH parameters setup The dh_params variable in ... Sat, 08 Apr 2017 11:17:47 GMT Thomas Klute [439005a] * test/.gitignore (modified) * test/Makefile.am (modified) * test/gnutls_openpgp_support.c (added) * test/test-14_basic_openpgp.bash (modified) Skip OpenPGP test if GnuTLS was compiled without OpenPGP support Wed, 22 Mar 2017 18:52:03 GMT Thomas Klute [4f7edd5] * src/gnutls_hooks.c (modified) Remove log for mutex creation errors (core logs them at emergency level) Tue, 14 Mar 2017 17:50:11 GMT Thomas Klute [f2a44d1] * test/base_apache.conf (modified) Test suite: Set DefaultRuntimeDir for all Apache instances ... Mon, 13 Mar 2017 18:53:15 GMT Thomas Klute [342e11d] * test/proxy_backend.bash (modified) Test suite: Remove unnecessary TEST_IP handling for proxy back-end ... Sun, 05 Mar 2017 17:48:56 GMT Thomas Klute [339a49d] * test/Makefile.am (modified) Test suite: List .bash in TEST_EXTENSIONS This way the test harness ... Sun, 05 Mar 2017 16:55:51 GMT Thomas Klute [4fb510d] * test/Makefile.am (modified) * test/common.bash (modified) * test/runtests (modified) Test suite: Add generic function to wait for a command to succeed ... Sun, 05 Mar 2017 14:22:29 GMT Thomas Klute [5f3222b] * test/runtests (modified) Test suite: Use "caller" builtin and BASH_COMMAND for error traces Sun, 19 Feb 2017 21:58:07 GMT Thomas Klute [0b83b21] * include/mod_gnutls.h.in (modified) Remove two left-over function declarations for Lua auth handling ... Sun, 19 Feb 2017 18:04:07 GMT Thomas Klute [b0e4ce6] * configure.ac (modified) configure.ac: Log values of CFLAGS and LDFLAGS for GnuTLS ... Sun, 19 Feb 2017 17:57:56 GMT Thomas Klute [6135393] * configure.ac (modified) Do not treat warnings about deprecated declarations as errors ... Sun, 12 Feb 2017 12:24:54 GMT Thomas Klute [37beb92] * configure.ac (modified) * test/apache-conf/netns.conf.in (modified) Test suite: Do not explicitly set the mutex type to "default" The ... Sat, 11 Feb 2017 14:58:38 GMT Thomas Klute [fb4da99] * test/runtests (modified) Test suite: Log the HTTPD build configuration if VERBOSE is enabled Wed, 08 Feb 2017 12:27:17 GMT Thomas Klute [4ae5b82] * configure.ac (modified) * test/proxy_backend.bash (modified) * test/runtests (modified) Check if flock supports --verbose Some old versions of flock do not ... Mon, 06 Feb 2017 17:05:25 GMT Thomas Klute [6c030c1] * configure.ac (modified) * test/Makefile.am (modified) * test/README (modified) * test/runtests (modified) Test suite: Make timeouts for server locks and HTTPS requests ... Mon, 06 Feb 2017 16:11:47 GMT Thomas Klute [bbfcbb5] * test/runtests (modified) Test suite: Log if a process to be stopped by PID file is not running ... Mon, 06 Feb 2017 14:49:50 GMT Thomas Klute [8184ad0] * test/proxy_backend.bash (modified) * test/runtests (modified) Test suite: Run flock with "--verbose" to log timeouts Mon, 06 Feb 2017 12:49:47 GMT Thomas Klute [26ae700] * test/tests/06_verify_sni_a/apache.conf (modified) * test/tests/07_verify_sni_b/apache.conf (modified) * test/tests/08_verify_no_sni_fallback_to_first_vhost/apache.conf (modified) * test/tests/09_verify_no_sni_fails_with_wrong_order/apache.conf (modified) Test suite: Remove NameVirtualHost directives According to the ... Sun, 22 Jan 2017 17:45:57 GMT Thomas Klute [d39ea18] * test/runtests (modified) Test suite: Do not continue test case if Apache instance fails to ... Sun, 08 Jan 2017 14:14:59 GMT Thomas Klute [0202d6b] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.2 Sun, 08 Jan 2017 14:00:28 GMT Thomas Klute [10d9053] * test/gen_ocsp_index.c (modified) * test/server.template.in (modified) * test/test-27_OCSP_server.bash (modified) Test suite, gen_ocsp_index.c: Handle serial as fixed order byte array ... Thu, 22 Dec 2016 21:10:07 GMT Thomas Klute [0a12ff8] * test/runtests (modified) Test suite: Ensure CRLF line ends in HTTP headers Debian Sid ... Tue, 20 Dec 2016 22:06:32 GMT Thomas Klute [154db29] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.1 Tue, 20 Dec 2016 21:37:33 GMT Thomas Klute [5ac4bbe] * src/gnutls_cache.c (modified) * src/gnutls_util.c (modified) Use APR_SIZE_T_FMT macro for portable apr_size_t formatting The ... Sun, 11 Dec 2016 22:13:25 GMT Thomas Klute [677754f] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.0 Fri, 09 Dec 2016 23:51:35 GMT Thomas Klute [c22af3a] * doc/mod_gnutls_manual.mdwn (modified) Handbook: List Berkeley DB and GDBM as equal options for DBM caches ... Thu, 08 Dec 2016 07:06:05 GMT Thomas Klute [251edfe] * README (modified) Mention Doxygen documentation in README Tue, 06 Dec 2016 22:46:44 GMT Thomas Klute [08b821a] * src/gnutls_io.c (modified) gnutls_io.c: API documentation Tue, 06 Dec 2016 21:18:20 GMT Thomas Klute [e0e0b0f] * doc/doxygen.conf.in (modified) Include memcached cache functions in Doxygen documentation, if enabled Tue, 06 Dec 2016 07:13:55 GMT Thomas Klute [104e881] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/gnutls_util.c (modified) * src/gnutls_util.h (modified) * src/mod_gnutls.c (modified) General comment updates for Doxygen compatibility Mostly /* */ vs. ... Mon, 05 Dec 2016 21:02:30 GMT Thomas Klute [14548b9] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Update comments in gnutls_cache.(c|h) to work with Doxygen Mon, 05 Dec 2016 20:58:26 GMT Thomas Klute [d4d066f] * doc/doxygen.conf.in (modified) Enable automatic brief descriptions in Doxygen documentation Mon, 05 Dec 2016 19:30:06 GMT Thomas Klute [9a18e30] * Makefile.am (modified) * configure.ac (modified) * doc/.gitignore (modified) * doc/doxygen.conf.in (added) * m4/ax_prog_doxygen.m4 (added) Support basic Doxygen calls Doxygen targets are included in the ... Mon, 14 Nov 2016 19:12:53 GMT Thomas Klute [e1c094c] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) * test/tests/27_OCSP_server/apache.conf (modified) Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring ... Tue, 01 Nov 2016 12:26:04 GMT Thomas Klute [b26a792] * CHANGELOG (modified) * configure.ac (modified) Beta release version 0.8.0-beta Tue, 01 Nov 2016 11:20:42 GMT Thomas Klute [b888e8b] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces ... Tue, 01 Nov 2016 11:20:26 GMT Thomas Klute [b34a67e] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Add example ocsptool command for response file creation Mon, 31 Oct 2016 22:30:14 GMT Thomas Klute [3475e62] * include/mod_gnutls.h.in (modified) * src/mod_gnutls.c (modified) Remove EXPERIMENTAL mark for OCSP from internal documentation Sun, 30 Oct 2016 21:43:03 GMT Thomas Klute [c39ae1a] * src/Makefile.am (modified) * src/gnutls_cache.c (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (added) * src/gnutls_ocsp.c (modified) Initialize OCSP timeouts with an "unset" value The configuration ... Sun, 30 Oct 2016 21:01:42 GMT Thomas Klute [0cd8f3d] * doc/mod_gnutls_manual.mdwn (modified) Update OCSP stapling documentation Sat, 29 Oct 2016 23:00:04 GMT Thomas Klute [444e6ed] * doc/mod_gnutls_manual.mdwn (modified) Fix documentation of GnuTLSCacheTimeout GnuTLSCacheTimeout has ... Sat, 29 Oct 2016 17:40:03 GMT Thomas Klute [ef107fd] * src/gnutls_ocsp.c (modified) Remove TODO for OCSP requests without nonces Ideally all OCSP ... Thu, 27 Oct 2016 22:21:05 GMT Thomas Klute [0a02378] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.h (modified) Style fixes for OCSP related time differences * Consistently use ... Thu, 27 Oct 2016 21:50:18 GMT Thomas Klute [333bbc7] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) Configurable OCSP socket timeout Stalled OCSP requests must time ... Fri, 21 Oct 2016 22:40:02 GMT Thomas Klute [c6dda6d] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Rate limit OCSP requests Retries after failed OCSP requests must be ... Fri, 21 Oct 2016 05:47:12 GMT Thomas Klute [d26fa55] * src/gnutls_config.c (modified) Allow GnuTLSOCSPGraceTime in virtual host context mgs_set_timeout ...