|
|
|
@469861a
|
2 years |
fiona.klute |
Enable session tickets in the post client hello hook
With this …
asynciodebian/masterproxy-ticket
|
|
|
@5f15295
|
2 years |
fiona.klute |
Update configuration examples
asynciodebian/masterproxy-ticket
|
|
|
@1a3068c
|
2 years |
fiona.klute |
Update documentation on OCSP stapling and the certificate file
asynciodebian/masterproxy-ticket
|
|
|
@bac1a32
|
2 years |
fiona.klute |
Order, log message, and style fixes
asynciodebian/masterproxy-ticket
|
|
|
@fdd3bf0
|
2 years |
fiona.klute |
Enable session tickets by default if GnuTLS version >= 3.6.4
GnuTLS …
asynciodebian/masterproxy-ticket
|
|
|
@bd2b48b
|
2 years |
fiona.klute |
Immediately retry on EINTR or EAGAIN for blocking receive
Proxy TLS …
asynciodebian/masterproxy-ticket
|
|
|
@78d75ac
|
2 years |
fiona.klute |
Use the right cache config string in cache trace logs
asynciodebian/masterproxy-ticket
|
|
|
@0d7660d
|
2 years |
fiona.klute |
Provide a default path for the default OCSP cache
asynciodebian/masterproxy-ticket
|
|
|
@60868d2
|
2 years |
fiona.klute |
Default to NORMAL for the GnuTLS priority settings
This simplifies …
asynciodebian/masterproxy-ticket
|
|
|
@bd1d8d3
|
2 years |
fiona.klute |
Test suite: Stop proxy backend servers from writing to proxy access …
asynciodebian/masterproxy-ticket
|
|
|
@e796121
|
2 years |
fiona.klute |
Remove documentation on OpenPGP authentication
asynciodebian/masterproxy-ticket
|
|
|
@ed5d2b8
|
2 years |
fiona.klute |
Update GnuTLSCacheTimeout documentation: No longer used for OCSP
asynciodebian/masterproxy-ticket
|
|
|
@7105869
|
2 years |
fiona.klute |
Update GnuTLSCache documentation
asynciodebian/masterproxy-ticket
|
|
|
@b4eef18
|
2 years |
fiona.klute |
Add --with-gnutls-dev=DIR option to ./configure
Makes testing against …
asynciodebian/masterproxy-ticket
|
|
|
@1754503
|
2 years |
fiona.klute |
Test suite: Enable session tickets for session resumption test
TLS …
asynciodebian/masterproxy-ticket
|
|
|
@eb4cab7
|
2 years |
fiona.klute |
Test suite: Compare cipher suites to test the status page
Expecting a …
asynciodebian/masterproxy-ticket
|
|
|
@c33ef88
|
2 years |
fiona.klute |
Test suite: Use ciphers, not protocol versions for priority mismatch …
asynciodebian/masterproxy-ticket
|
|
|
@72b669e
|
2 years |
fiona.klute |
Refuse to send or receive over a failed TLS connection
On a failed …
asynciodebian/masterproxy-ticket
|
|
|
@514d4d6
|
2 years |
fiona.klute |
Test suite: Two more compatibility fixes for GnuTLS 3.6.4
asynciodebian/masterproxy-ticket
|
|
|
@2ec3e54
|
2 years |
fiona.klute |
Test suite: Remove size of DH prime from variable dump
The variable …
asynciodebian/masterproxy-ticket
|
|
|
@adceac0
|
2 years |
fiona.klute |
Remove unneeded server variables "cert_cn" and "cert_san"
"cert_san" …
asynciodebian/masterproxy-ticket
|
|
|
@cb6476c
|
2 years |
fiona.klute |
Enable OCSP stapling by default if possible
If the user hasn't …
asynciodebian/masterproxy-ticket
|
|
|
@efc43b4
|
2 years |
fiona.klute |
Split per-vhost post config for OCSP stapling into configuring and …
asynciodebian/masterproxy-ticket
|
|
|
@994200a
|
2 years |
fiona.klute |
Set up shmcb OCSP cache by default
The shmcb socache doesn't require …
asynciodebian/masterproxy-ticket
|
|
|
@3358887
|
3 years |
fiona.klute |
Assign cache configuration to server only if successful
The sc->cache …
asynciodebian/masterproxy-ticket
|
|
|
@eced11a
|
3 years |
fiona.klute |
Remove server variable ocsp_cache_enable
There is no need to …
asynciodebian/masterproxy-ticket
|
|
|
@92b5f4d
|
3 years |
fiona.klute |
Use the OCSP cache for responses
asynciodebian/masterproxy-ticket
|
|
|
@babdb29
|
3 years |
fiona.klute |
Initialize and clean up the OCSP cache, following session cache patterns
asynciodebian/masterproxy-ticket
|
|
|
@d036f96
|
3 years |
fiona.klute |
Add configuration directive GnuTLSOCSPCache (no-op for now)
First …
asynciodebian/masterproxy-ticket
|
|
|
@13870b7
|
3 years |
fiona.klute |
test-14_resume_session.bash: Check if the session was resumed …
asynciodebian/masterproxy-ticket
|
|
|
@2d454a2
|
3 years |
fiona.klute |
Macro for session cache name
asynciodebian/masterproxy-ticket
|
|
|
@72377cf
|
3 years |
fiona.klute |
Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0
Compression …
asynciodebian/masterproxy-ticket
|
|
|
@eaa8a9d
|
3 years |
fiona.klute |
Test suite: Fix list of dist files for test 03_cachetimeout_in_vhost
asynciodebian/masterproxy-ticket
|
|
|
@ce5f776
|
3 years |
fiona.klute |
Move config and post_config of a cache instance to separate functions
…
asynciodebian/masterproxy-ticket
|
|
|
@5ab2868
|
3 years |
fiona.klute |
Remove unused server variable
The mgs_srvconf_rec.non_ssl_request …
asynciodebian/masterproxy-ticket
|
|
|
@a6aa387
|
3 years |
fiona.klute |
Test suite: Update cache configuration, ensure unique cache paths
asynciodebian/masterproxy-ticket
|
|
|
@56c722f
|
3 years |
fiona.klute |
Test suite: Do not expire test PGP keys
Infinite validity is no …
asynciodebian/masterproxy-ticket
|
|
|
@f52f1b4
|
3 years |
fiona.klute |
Allow GnuTLSCacheTimeout in virtual host config
I'm not sure if …
asynciodebian/masterproxy-ticket
|
|
|
@d8d6b1e
|
3 years |
fiona.klute |
Reallocate buffer to data size after fetching from socache
There is …
asynciodebian/masterproxy-ticket
|
|
|
@a314ec9
|
3 years |
fiona.klute |
Store config pointer in struct mgs_cache for logging
This way the …
asynciodebian/masterproxy-ticket
|
|
|
@b94aee2
|
3 years |
fiona.klute |
Remove internal cache type enum
The cache type is now transparently …
asynciodebian/masterproxy-ticket
|
|
|
@2f949bc
|
3 years |
fiona.klute |
Remove deleted m4/apr_memcache.m4 from EXTRA_DIST
asynciodebian/masterproxy-ticket
|
|
|
@adf36c3
|
3 years |
fiona.klute |
Update documentation in gnutls_cache.c
asynciodebian/masterproxy-ticket
|
|
|
@41f9bcb
|
3 years |
fiona.klute |
Use cache parameter in mgs_cache_store() and mgs_cache_fetch()
The …
asynciodebian/masterproxy-ticket
|
|
|
@ded2291
|
3 years |
fiona.klute |
Switch generic cache store/fetch function pointers to constant …
asynciodebian/masterproxy-ticket
|
|
|
@6bbd378
|
3 years |
fiona.klute |
Remove special handling for APR memcache and leftover includes
asynciodebian/masterproxy-ticket
|
|
|
@0363315
|
3 years |
fiona.klute |
Use cache mutex only if socache provider is not multiprocess/thread safe
asynciodebian/masterproxy-ticket
|
|
|
@6c5c2ec
|
3 years |
fiona.klute |
Test for session resumption
asynciodebian/masterproxy-ticket
|
|
|
@14a6f41
|
3 years |
fiona.klute |
Check for a cache during OCSP setup
asynciodebian/masterproxy-ticket
|
|
|
@de1ceab
|
3 years |
fiona.klute |
Replace internal cache implementation with mod_socache
Massively …
asynciodebian/masterproxy-ticket
|
|
|
@0470e44
|
3 years |
fiona.klute |
Support common socache "type:config" style for GnuTLSCache directive
asynciodebian/masterproxy-ticket
|
|
|
@7921dc7
|
3 years |
fiona.klute |
Remove OpenPGP authentication
OpenPGP authentication was removed from …
asynciodebian/masterproxy-ticket
|
|
|
@2246a84
|
3 years |
fiona.klute |
Make automatic OCSP cache updates and fuzz time configurable
asynciodebian/masterproxy-ticket
|
|
|
@fa6d0bb
|
3 years |
fiona.klute |
Initialize OCSP stapling only if mod_gnutls is enabled for a virtual …
asynciodebian/masterproxy-ticket
|
|
|
@f233a23
|
3 years |
fiona.klute |
Logic for fuzzy OCSP update timing
If a server has a lot of virtual …
asynciodebian/masterproxy-ticket
|
|
|
@3d30543
|
3 years |
fiona.klute |
Write failure cache entries from asynchronous OCSP updates
This …
asynciodebian/masterproxy-ticket
|
|
|
@61e802c
|
3 years |
fiona.klute |
Simplify mgs_async_ocsp_update
Always use OCSP mutex for updates, …
asynciodebian/masterproxy-ticket
|
|
|
@3c475e0
|
3 years |
fiona.klute |
Ensure that mod_gnutls child_init runs before mod_watchdog's
Our …
asynciodebian/masterproxy-ticket
|
|
|
@103cafa
|
3 years |
fiona.klute |
Remove extra "OCSP failed" log entry while writing failure to cache
…
asynciodebian/masterproxy-ticket
|
|
|
@a85de63
|
3 years |
fiona.klute |
Make cache_fetch_func work without a connection context
This is …
asynciodebian/masterproxy-ticket
|
|
|
@c34a68b
|
3 years |
fiona.klute |
dbm_cache_fetch: Prepare for signature without connection context
…
asynciodebian/masterproxy-ticket
|
|
|
@3656df0
|
3 years |
fiona.klute |
mgs_cache_ocsp_failure: Make expiry timeout an argument
A failure …
asynciodebian/masterproxy-ticket
|
|
|
@6945efb
|
3 years |
fiona.klute |
mc_cache_fetch: Don't require a connection context
asynciodebian/masterproxy-ticket
|
|
|
@3381559
|
3 years |
fiona.klute |
Adjust intervals for async OCSP updates based on cache expiry or failure
asynciodebian/masterproxy-ticket
|
|
|
@0cdfb19
|
3 years |
fiona.klute |
Documentation for mgs_new_singleton_watchdog
asynciodebian/masterproxy-ticket
|
|
|
@a467635
|
3 years |
fiona.klute |
Enable asynchronous OCSP updates
Asynchronous updates are always …
asynciodebian/masterproxy-ticket
|
|
|
@506e64a
|
3 years |
fiona.klute |
Optionally return cache expiry time when caching an OCSP response
…
asynciodebian/masterproxy-ticket
|
|
|
@0e3f8c6
|
3 years |
fiona.klute |
Create module-wide singleton watchdog during post_config
asynciodebian/masterproxy-ticket
|
|
|
@5c62a6a
|
3 years |
fiona.klute |
mod_gnutls.h.in: Remove outdated comment
asynciodebian/masterproxy-ticket
|
|
|
@4aa63a4
|
3 years |
fiona.klute |
Infrastructure for mod_watchdog support
Asynchronous OCSP cache …
asynciodebian/masterproxy-ticket
|
|
|
@e00a037
|
3 years |
fiona.klute |
Release version 0.8.4
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
mod_gnutls/0.8.4
|
|
|
@d60ff7b
|
3 years |
fiona.klute |
Require Apache HTTPD 2.4.17 or newer
In older versions …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e9e89b4
|
3 years |
fiona.klute |
Clean up outdated comment/naming in test-26_redirect_HTTP_to_HTTPS.bash
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@3c123cd
|
3 years |
fiona.klute |
Update my name, prepare changelog for the next release
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@d50dac5
|
3 years |
fiona.klute |
New test case for HTTP/2 support
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@9cee2e9
|
3 years |
fiona.klute |
Support ALPN (required for secure HTTP/2)
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@2f10643
|
3 years |
fiona.klute |
Consider secondary connections (like mod_http2 streams) in hooks
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e7cf823
|
3 years |
fiona.klute |
Add process_connection hook, adjust hook order for mod_http2 …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@4cdd4fd
|
3 years |
fiona.klute |
Implement ssl_var_lookup function (subset of mod_ssl implementation)
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@23e98b3
|
3 years |
fiona.klute |
Implement ssl_engine_set as introduced by mod_ssl in Apache 2.4.33
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@235e109
|
3 years |
fiona.klute |
Unify initialization of mod_gnutls connection context
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@fe21671
|
3 years |
thomas2.klute |
ssl_engine_disable(): Remove mod_gnutls filters, not first in chain
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@1de1026
|
3 years |
thomas2.klute |
mgs_get_ocsp_response(): Separate mgs_srvconf_rec* variable for …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@994a5fb
|
3 years |
thomas2.klute |
Do not reconfigure OCSP status callback on each connection
The …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@2a912c3
|
3 years |
thomas2.klute |
Release version 0.8.3
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
mod_gnutls/0.8.3
|
|
|
@54d07a1
|
3 years |
thomas2.klute |
Do not announce (unused) session ticket support on proxy connections
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@265159d
|
3 years |
thomas2.klute |
Send SNI for proxy connections
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@321912b
|
3 years |
thomas2.klute |
Test suite: Start OCSP responder from runtests if config exists
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@ee94de5
|
3 years |
thomas2.klute |
Test suite: Clean up for current GnuPG versions
Newer GnuPG versions …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@acea635
|
3 years |
thomas2.klute |
Test suite: Wait for Apache shutdown before "distclean" check
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@1872744
|
3 years |
thomas2.klute |
Test suite: Rename bash function backend_apache to apache_service
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@b28158c
|
3 years |
thomas2.klute |
Test suite: Start proxy backend server from runtests if config exists
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c9e4709
|
3 years |
thomas2.klute |
Test suite: Use dir argument instead of "testdir" env in backend_apache
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@967bf9b
|
3 years |
thomas2.klute |
Test suite: Prevent duplicate "Listen" on OCSP_PORT
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@97d7c63
|
3 years |
thomas2.klute |
Test suite: Port config for proxy backend in Makefile and Apache …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e00d91a
|
3 years |
thomas2.klute |
Test suite: Use TEST_LOCK instead of constant TEST_PID in runtests
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@94430e6
|
3 years |
thomas2.klute |
Test suite: Run a separate Apache instance for the OCSP responder
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@a09df8c
|
3 years |
thomas2.klute |
Handbook: Update RFC reference for SNI
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@2ae1c3c
|
3 years |
thomas2.klute |
Update changelog with changes since 0.8.2
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@98cf33f
|
3 years |
thomas2.klute |
Rewrite SNI handler to accept long names and ignore unknown name types …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|