# # ChangeLog for / in mod_gnutls # # Generated by Trac 1.2 # Feb 28, 2021, 2:21:00 PM Tue, 10 Oct 2017 17:37:04 GMT Thomas Klute [97d7c63] * test/Makefile.am (modified) * test/proxy_backend.bash (modified) * test/proxy_backend.conf.in (modified) * test/tests/19_TLS_reverse_proxy/backend.conf (modified) * test/tests/20_TLS_reverse_proxy_client_auth/backend.conf (modified) * test/tests/21_TLS_reverse_proxy_wrong_cert/backend.conf (modified) * test/tests/22_TLS_reverse_proxy_crl_revoke/backend.conf (modified) * test/tests/23_TLS_reverse_proxy_mismatched_priorities/backend.conf (modified) Test suite: Port config for proxy backend in Makefile and Apache ... Tue, 10 Oct 2017 16:41:18 GMT Thomas Klute [e00d91a] * test/runtests (modified) Test suite: Use TEST_LOCK instead of constant TEST_PID in runtests ... Tue, 10 Oct 2017 16:32:13 GMT Thomas Klute [94430e6] * configure.ac (modified) * test/.gitignore (modified) * test/Makefile.am (modified) * test/ocsp_server.conf.in (moved) * test/proxy_backend.bash (modified) * test/test-26_redirect_HTTP_to_HTTPS.bash (modified) * test/test-27_OCSP_server.bash (modified) * test/tests/27_OCSP_server/apache.conf (modified) * test/tests/27_OCSP_server/ocsp.conf (added) * test/tests/Makefile.am (modified) Test suite: Run a separate Apache instance for the OCSP responder ... Sun, 01 Oct 2017 16:24:01 GMT Thomas Klute [a09df8c] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Update RFC reference for SNI Sun, 17 Sep 2017 17:11:32 GMT Thomas Klute [2ae1c3c] * CHANGELOG (modified) Update changelog with changes since 0.8.2 Sun, 17 Sep 2017 17:01:23 GMT Thomas Klute [98cf33f] * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Rewrite SNI handler to accept long names and ignore unknown name ... Sun, 17 Sep 2017 15:06:44 GMT Thomas Klute [017ef2d] * src/gnutls_hooks.c (modified) Cleanup of post client hello and SNI handling functions * Get ... Sat, 16 Sep 2017 21:12:54 GMT Thomas Klute [cebb74a] * src/gnutls_io.c (modified) Remove broken SNI/session resumption workaround By specification, ... Thu, 14 Sep 2017 21:09:11 GMT Thomas Klute [e389b85] * src/gnutls_hooks.c (modified) Remove obsolete global GnuTLS (de)init calls These calls have been ... Mon, 11 Sep 2017 20:53:37 GMT Thomas Klute [732c5733] * doc/mod_gnutls_manual.mdwn (modified) Fix description of environment variable "SSL_CLIENT_I_DN" (issuer DN) Mon, 11 Sep 2017 06:29:42 GMT Thomas Klute [cdc6e4a] * test/proxy_backend.bash (modified) * test/runtests (modified) Choose flock or PID wait based on availability, not file parameter ... Wed, 05 Jul 2017 20:31:34 GMT Thomas Klute [b8b1990] * test/Makefile.am (modified) * test/ffdhe3072.pem (added) * test/tests/12_cgi_variables/apache.conf (modified) * test/tests/12_cgi_variables/output (modified) * test/tests/17_cgi_vars_large_cert/apache.conf (modified) * test/tests/17_cgi_vars_large_cert/output (modified) Use fixed DH parameters for tests that log DH prime length in CGI ... Wed, 05 Jul 2017 17:16:09 GMT Thomas Klute [f4deac5] * doc/mod_gnutls_manual.mdwn (modified) * src/gnutls_hooks.c (modified) Warn users about OpenPGP deprecation OpenPGP support has been ... Wed, 05 Jul 2017 16:48:44 GMT Thomas Klute [bd6591f] * doc/mod_gnutls_manual.mdwn (modified) Update documentation of the GnuTLSDHFile option Wed, 05 Jul 2017 05:47:32 GMT Thomas Klute [a2b4ab6] * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Use GnuTLS known DH parameters If the user does not configure the ... Tue, 27 Jun 2017 17:02:55 GMT Thomas Klute [92ac36e] * src/gnutls_hooks.c (modified) Remove dead code in DH parameters setup The dh_params variable in ... Sat, 08 Apr 2017 11:17:47 GMT Thomas Klute [439005a] * test/.gitignore (modified) * test/Makefile.am (modified) * test/gnutls_openpgp_support.c (added) * test/test-14_basic_openpgp.bash (modified) Skip OpenPGP test if GnuTLS was compiled without OpenPGP support Wed, 22 Mar 2017 18:52:03 GMT Thomas Klute [4f7edd5] * src/gnutls_hooks.c (modified) Remove log for mutex creation errors (core logs them at emergency level) Tue, 14 Mar 2017 17:50:11 GMT Thomas Klute [f2a44d1] * test/base_apache.conf (modified) Test suite: Set DefaultRuntimeDir for all Apache instances ... Mon, 13 Mar 2017 18:53:15 GMT Thomas Klute [342e11d] * test/proxy_backend.bash (modified) Test suite: Remove unnecessary TEST_IP handling for proxy back-end ... Sun, 05 Mar 2017 17:48:56 GMT Thomas Klute [339a49d] * test/Makefile.am (modified) Test suite: List .bash in TEST_EXTENSIONS This way the test harness ... Sun, 05 Mar 2017 16:55:51 GMT Thomas Klute [4fb510d] * test/Makefile.am (modified) * test/common.bash (modified) * test/runtests (modified) Test suite: Add generic function to wait for a command to succeed ... Sun, 05 Mar 2017 14:22:29 GMT Thomas Klute [5f3222b] * test/runtests (modified) Test suite: Use "caller" builtin and BASH_COMMAND for error traces Sun, 19 Feb 2017 21:58:07 GMT Thomas Klute [0b83b21] * include/mod_gnutls.h.in (modified) Remove two left-over function declarations for Lua auth handling ... Sun, 19 Feb 2017 18:04:07 GMT Thomas Klute [b0e4ce6] * configure.ac (modified) configure.ac: Log values of CFLAGS and LDFLAGS for GnuTLS ... Sun, 19 Feb 2017 17:57:56 GMT Thomas Klute [6135393] * configure.ac (modified) Do not treat warnings about deprecated declarations as errors ... Sun, 12 Feb 2017 12:24:54 GMT Thomas Klute [37beb92] * configure.ac (modified) * test/apache-conf/netns.conf.in (modified) Test suite: Do not explicitly set the mutex type to "default" The ... Sat, 11 Feb 2017 14:58:38 GMT Thomas Klute [fb4da99] * test/runtests (modified) Test suite: Log the HTTPD build configuration if VERBOSE is enabled Wed, 08 Feb 2017 12:27:17 GMT Thomas Klute [4ae5b82] * configure.ac (modified) * test/proxy_backend.bash (modified) * test/runtests (modified) Check if flock supports --verbose Some old versions of flock do not ... Mon, 06 Feb 2017 17:05:25 GMT Thomas Klute [6c030c1] * configure.ac (modified) * test/Makefile.am (modified) * test/README (modified) * test/runtests (modified) Test suite: Make timeouts for server locks and HTTPS requests ... Mon, 06 Feb 2017 16:11:47 GMT Thomas Klute [bbfcbb5] * test/runtests (modified) Test suite: Log if a process to be stopped by PID file is not running ... Mon, 06 Feb 2017 14:49:50 GMT Thomas Klute [8184ad0] * test/proxy_backend.bash (modified) * test/runtests (modified) Test suite: Run flock with "--verbose" to log timeouts Mon, 06 Feb 2017 12:49:47 GMT Thomas Klute [26ae700] * test/tests/06_verify_sni_a/apache.conf (modified) * test/tests/07_verify_sni_b/apache.conf (modified) * test/tests/08_verify_no_sni_fallback_to_first_vhost/apache.conf (modified) * test/tests/09_verify_no_sni_fails_with_wrong_order/apache.conf (modified) Test suite: Remove NameVirtualHost directives According to the ... Sun, 22 Jan 2017 17:45:57 GMT Thomas Klute [d39ea18] * test/runtests (modified) Test suite: Do not continue test case if Apache instance fails to ... Sun, 08 Jan 2017 14:14:59 GMT Thomas Klute [0202d6b] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.2 Sun, 08 Jan 2017 14:00:28 GMT Thomas Klute [10d9053] * test/gen_ocsp_index.c (modified) * test/server.template.in (modified) * test/test-27_OCSP_server.bash (modified) Test suite, gen_ocsp_index.c: Handle serial as fixed order byte array ... Thu, 22 Dec 2016 21:10:07 GMT Thomas Klute [0a12ff8] * test/runtests (modified) Test suite: Ensure CRLF line ends in HTTP headers Debian Sid ... Tue, 20 Dec 2016 22:06:32 GMT Thomas Klute [154db29] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.1 Tue, 20 Dec 2016 21:37:33 GMT Thomas Klute [5ac4bbe] * src/gnutls_cache.c (modified) * src/gnutls_util.c (modified) Use APR_SIZE_T_FMT macro for portable apr_size_t formatting The ... Sun, 11 Dec 2016 22:13:25 GMT Thomas Klute [677754f] * CHANGELOG (modified) * configure.ac (modified) Release version 0.8.0 Fri, 09 Dec 2016 23:51:35 GMT Thomas Klute [c22af3a] * doc/mod_gnutls_manual.mdwn (modified) Handbook: List Berkeley DB and GDBM as equal options for DBM caches ... Thu, 08 Dec 2016 07:06:05 GMT Thomas Klute [251edfe] * README (modified) Mention Doxygen documentation in README Tue, 06 Dec 2016 22:46:44 GMT Thomas Klute [08b821a] * src/gnutls_io.c (modified) gnutls_io.c: API documentation Tue, 06 Dec 2016 21:18:20 GMT Thomas Klute [e0e0b0f] * doc/doxygen.conf.in (modified) Include memcached cache functions in Doxygen documentation, if enabled Tue, 06 Dec 2016 07:13:55 GMT Thomas Klute [104e881] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/gnutls_util.c (modified) * src/gnutls_util.h (modified) * src/mod_gnutls.c (modified) General comment updates for Doxygen compatibility Mostly /* */ vs. ... Mon, 05 Dec 2016 21:02:30 GMT Thomas Klute [14548b9] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Update comments in gnutls_cache.(c|h) to work with Doxygen Mon, 05 Dec 2016 20:58:26 GMT Thomas Klute [d4d066f] * doc/doxygen.conf.in (modified) Enable automatic brief descriptions in Doxygen documentation Mon, 05 Dec 2016 19:30:06 GMT Thomas Klute [9a18e30] * Makefile.am (modified) * configure.ac (modified) * doc/.gitignore (modified) * doc/doxygen.conf.in (added) * m4/ax_prog_doxygen.m4 (added) Support basic Doxygen calls Doxygen targets are included in the ... Mon, 14 Nov 2016 19:12:53 GMT Thomas Klute [e1c094c] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) * test/tests/27_OCSP_server/apache.conf (modified) Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring ... Tue, 01 Nov 2016 12:26:04 GMT Thomas Klute [b26a792] * CHANGELOG (modified) * configure.ac (modified) Beta release version 0.8.0-beta Tue, 01 Nov 2016 11:20:42 GMT Thomas Klute [b888e8b] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces ... Tue, 01 Nov 2016 11:20:26 GMT Thomas Klute [b34a67e] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Add example ocsptool command for response file creation Mon, 31 Oct 2016 22:30:14 GMT Thomas Klute [3475e62] * include/mod_gnutls.h.in (modified) * src/mod_gnutls.c (modified) Remove EXPERIMENTAL mark for OCSP from internal documentation Sun, 30 Oct 2016 21:43:03 GMT Thomas Klute [c39ae1a] * src/Makefile.am (modified) * src/gnutls_cache.c (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (added) * src/gnutls_ocsp.c (modified) Initialize OCSP timeouts with an "unset" value The configuration ... Sun, 30 Oct 2016 21:01:42 GMT Thomas Klute [0cd8f3d] * doc/mod_gnutls_manual.mdwn (modified) Update OCSP stapling documentation Sat, 29 Oct 2016 23:00:04 GMT Thomas Klute [444e6ed] * doc/mod_gnutls_manual.mdwn (modified) Fix documentation of GnuTLSCacheTimeout GnuTLSCacheTimeout has ... Sat, 29 Oct 2016 17:40:03 GMT Thomas Klute [ef107fd] * src/gnutls_ocsp.c (modified) Remove TODO for OCSP requests without nonces Ideally all OCSP ... Thu, 27 Oct 2016 22:21:05 GMT Thomas Klute [0a02378] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.h (modified) Style fixes for OCSP related time differences * Consistently use ... Thu, 27 Oct 2016 21:50:18 GMT Thomas Klute [333bbc7] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) Configurable OCSP socket timeout Stalled OCSP requests must time ... Fri, 21 Oct 2016 22:40:02 GMT Thomas Klute [c6dda6d] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Rate limit OCSP requests Retries after failed OCSP requests must be ... Fri, 21 Oct 2016 05:47:12 GMT Thomas Klute [d26fa55] * src/gnutls_config.c (modified) Allow GnuTLSOCSPGraceTime in virtual host context mgs_set_timeout ... Thu, 13 Oct 2016 19:23:21 GMT Thomas Klute [3f0b470] * src/gnutls_ocsp.c (modified) Macro for the OCSP socket timeout Tue, 21 Jun 2016 17:50:30 GMT Thomas Klute [4bc17ae] * CHANGELOG (modified) * configure.ac (modified) Alpha release version 0.8.0-alpha Mon, 20 Jun 2016 19:57:43 GMT Thomas Klute [8a0da86] * src/gnutls_ocsp.c (modified) Adjust log levels for OCSP cache updates Mon, 20 Jun 2016 19:50:22 GMT Thomas Klute [9c456a9] * src/gnutls_cache.c (modified) Clean up cache logging * Demote ordinary cache store/fetch ... Mon, 20 Jun 2016 19:23:21 GMT Thomas Klute [df49a2d] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Sort options into subsections Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [c3c96ca] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Update and simplify description of GnuTLSPriorities The ... Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [fc124e9] * doc/mod_gnutls_manual.mdwn (modified) Handbook: Update configuration examples * Replaced old example ... Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [743e31f] * doc/mod_gnutls_manual.mdwn (modified) Documentation: Use "TLS" as the generic term instead of "SSL" Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [e9ef72c] * doc/mod_gnutls_manual.mdwn (modified) * src/gnutls_hooks.c (modified) Disable GnuTLSSessionTickets by default as described in handbook ... Mon, 20 Jun 2016 18:50:50 GMT Thomas Klute [5a5032f] * doc/mod_gnutls_manual.mdwn (modified) Documentation for OCSP stapling options Sat, 18 Jun 2016 22:13:27 GMT Thomas Klute [4c529de] * README (modified) * configure.ac (modified) Update Apache and GnuTLS version dependencies Sat, 18 Jun 2016 21:30:05 GMT Thomas Klute [3725f2d] * configure.ac (modified) Disable OCSP test for GnuTLS 3.5.0 Since 3.5.1 has been released, ... Sat, 18 Jun 2016 21:21:07 GMT Thomas Klute [f1147b6] * src/gnutls_ocsp.c (modified) OCSP post config: Ensure OCSP URI or response file are set If the ... Sat, 18 Jun 2016 19:18:36 GMT Thomas Klute [ef06c74] * src/gnutls_ocsp.c (modified) * src/gnutls_util.c (modified) Compatibility code for GCC version < 5 The __builtin_add_overflow() ... Sat, 18 Jun 2016 18:58:28 GMT Thomas Klute [ac3f500] * src/gnutls_cache.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is ... Fri, 17 Jun 2016 11:13:57 GMT Thomas Klute [87d507b] * src/gnutls_hooks.c (modified) Overwrite session ticket key before releasing it Private key ... Thu, 16 Jun 2016 22:49:25 GMT Thomas Klute [78b75b3] * include/mod_gnutls.h.in (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Restore GnuTLSOCSPResponseFile option Using an externally updated ... Thu, 16 Jun 2016 22:47:53 GMT Thomas Klute [a784735] * test/test-27_OCSP_server.bash (modified) Test 27_OCSP_server: Check if gnutls-cli received a stapled OCSP response Thu, 16 Jun 2016 22:47:09 GMT Thomas Klute [4d4a406] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) * test/tests/27_OCSP_server/apache.conf (modified) New config option: GnuTLSOCSPStapling This flag option ... Thu, 16 Jun 2016 19:37:30 GMT Thomas Klute [70d014b] * src/gnutls_config.c (modified) Remove FIXME comment about releasing config structures: Done! Thu, 16 Jun 2016 18:32:02 GMT Thomas Klute [b8700b0] * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Deinit proxy credentials on config pool cleanup Thu, 16 Jun 2016 18:28:40 GMT Thomas Klute [02eabe7] * src/gnutls_hooks.c (modified) TLS Proxy: Fix memory leak while logging certificate status The ... Thu, 16 Jun 2016 08:36:12 GMT Thomas Klute [f265001] * src/gnutls_hooks.c (modified) Bind temporary pool in load_proxy_x509_credentials() to ptemp scope ... Wed, 15 Jun 2016 23:32:50 GMT Thomas Klute [7e7d328] * src/gnutls_config.c (modified) Deinit PGP certificate on config pool cleanup Wed, 15 Jun 2016 23:27:39 GMT Thomas Klute [44e8944] * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Allocate memory for X.509 and PGP certificates only when needed Wed, 15 Jun 2016 22:12:50 GMT Thomas Klute [eee1432] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' ... Wed, 15 Jun 2016 22:02:00 GMT Thomas Klute [45b7b83] * src/gnutls_config.c (modified) Deinit PGP private key and keyring on config pool cleanup Wed, 15 Jun 2016 18:20:43 GMT Thomas Klute [db9ef68] * src/gnutls_config.c (modified) Deinit client CA list on config pool cleanup Wed, 15 Jun 2016 17:32:14 GMT Thomas Klute [81433f1] * src/gnutls_config.c (modified) Reformat mgs_load_files() This commit changes only whitespace and ... Wed, 15 Jun 2016 17:32:14 GMT Thomas Klute [e2ba939] * src/gnutls_config.c (modified) Prevent memory leaks in post_conf hook Valgrind indicated memory ... Tue, 14 Jun 2016 22:41:53 GMT Thomas Klute [317b569] * test/data/ocsp.cgi (modified) Make the response validity period of the test responder configurable Tue, 14 Jun 2016 20:57:36 GMT Thomas Klute [894efd0] * src/gnutls_ocsp.c (modified) Check OCSP response nonce Tue, 14 Jun 2016 19:38:18 GMT Thomas Klute [82745d1] * src/gnutls_ocsp.c (modified) Fix memory usage issues * Use-after-free of the OCSP request in ... Tue, 14 Jun 2016 18:40:13 GMT Thomas Klute [16ad0eb] * src/Makefile.am (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_util.c (added) * src/gnutls_util.h (added) Perform OCSP request over HTTP Finally the whole stack is there! ... Mon, 13 Jun 2016 05:32:44 GMT Thomas Klute [04addef] * test/test_ca.mk (modified) Test suite: Always lock authority PGP keyring I've occasionally ... Sat, 11 Jun 2016 23:03:01 GMT Thomas Klute [0831437] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro ... Sat, 11 Jun 2016 20:44:52 GMT Thomas Klute [47a909e] * src/gnutls_ocsp.c (modified) Create OCSP requests when updating the cached response Actually ... Sat, 11 Jun 2016 12:20:27 GMT Thomas Klute [6c44ed2] * test/Makefile.am (modified) Test suite: Explicitly link gen_ocsp_index against libgnutls This ... Sat, 11 Jun 2016 00:26:50 GMT Thomas Klute [a372379] * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Store server certificate fingerprint in OCSP config It's not like ...