Context Navigation

source: mod_gnutls

Legend:

: Added
: Modified
: Copied or renamed

Diff		Rev	Age	Author	Log Message
	(edit)	@8a0da86	7 years	thomas2.klute	Adjust log levels for OCSP cache updates asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@9c456a9	7 years	thomas2.klute	Clean up cache logging * Demote ordinary cache store/fetch operations … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@df49a2d	7 years	thomas2.klute	Handbook: Sort options into subsections asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@c3c96ca	7 years	thomas2.klute	Handbook: Update and simplify description of GnuTLSPriorities The … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@fc124e9	7 years	thomas2.klute	Handbook: Update configuration examples * Replaced old example … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@743e31f	7 years	thomas2.klute	Documentation: Use "TLS" as the generic term instead of "SSL" asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@e9ef72c	7 years	thomas2.klute	Disable GnuTLSSessionTickets by default as described in handbook The … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@5a5032f	7 years	thomas2.klute	Documentation for OCSP stapling options asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@4c529de	7 years	thomas2.klute	Update Apache and GnuTLS version dependencies asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@3725f2d	7 years	thomas2.klute	Disable OCSP test for GnuTLS 3.5.0 Since 3.5.1 has been released, … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@f1147b6	7 years	thomas2.klute	OCSP post config: Ensure OCSP URI or response file are set If the … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@ef06c74	7 years	thomas2.klute	Compatibility code for GCC version < 5 The builtin_add_overflow() … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@ac3f500	7 years	thomas2.klute	Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@87d507b	7 years	thomas2.klute	Overwrite session ticket key before releasing it Private key material … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@78b75b3	7 years	thomas2.klute	Restore GnuTLSOCSPResponseFile option Using an externally updated … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@a784735	7 years	thomas2.klute	Test 27_OCSP_server: Check if gnutls-cli received a stapled OCSP response asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@4d4a406	7 years	thomas2.klute	New config option: GnuTLSOCSPStapling This flag option … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@70d014b	7 years	thomas2.klute	Remove FIXME comment about releasing config structures: Done! asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@b8700b0	7 years	thomas2.klute	Deinit proxy credentials on config pool cleanup asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@02eabe7	7 years	thomas2.klute	TLS Proxy: Fix memory leak while logging certificate status The … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@f265001	7 years	thomas2.klute	Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@7e7d328	7 years	thomas2.klute	Deinit PGP certificate on config pool cleanup asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@44e8944	7 years	thomas2.klute	Allocate memory for X.509 and PGP certificates only when needed asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@eee1432	7 years	thomas2.klute	Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@45b7b83	7 years	thomas2.klute	Deinit PGP private key and keyring on config pool cleanup asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@db9ef68	7 years	thomas2.klute	Deinit client CA list on config pool cleanup asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@81433f1	7 years	thomas2.klute	Reformat mgs_load_files() This commit changes only whitespace and … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@e2ba939	7 years	thomas2.klute	Prevent memory leaks in post_conf hook Valgrind indicated memory … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@317b569	7 years	thomas2.klute	Make the response validity period of the test responder configurable asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@894efd0	7 years	thomas2.klute	Check OCSP response nonce asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@82745d1	7 years	thomas2.klute	Fix memory usage issues * Use-after-free of the OCSP request in … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@16ad0eb	7 years	thomas2.klute	Perform OCSP request over HTTP Finally the whole stack is there! … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@04addef	7 years	thomas2.klute	Test suite: Always lock authority PGP keyring I've occasionally … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@0831437	7 years	thomas2.klute	Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro to … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@47a909e	7 years	thomas2.klute	Create OCSP requests when updating the cached response Actually … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@6c44ed2	7 years	thomas2.klute	Test suite: Explicitly link gen_ocsp_index against libgnutls This is … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@a372379	7 years	thomas2.klute	Store server certificate fingerprint in OCSP config It's not like … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@cc74801e	7 years	thomas2.klute	Move generated vhost-wide OCSP config into a private structure asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@6b89353	7 years	thomas2.klute	Remove Lua bytecode variables from directory config structure The … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@5559aa6	7 years	thomas2.klute	Rely on cache for OCSP response expiration With fixed DBM cache … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@11e6205	7 years	thomas2.klute	dbm_cache_fetch(): Clear data size on allocation failure Memory … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@b2e6406	7 years	thomas2.klute	Safe integer type conversion in mgs_filter_input() Read sizes should … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@15b22cb	7 years	thomas2.klute	Allow compiling with clang Needs just a minimal workaround for an … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@d6834e0	7 years	thomas2.klute	OCSP refresh mutex: Prevent parallel requests Add a global mutex … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@aa68232	7 years	thomas2.klute	Move global cache mutex into the private cache struct asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@e809fb30	7 years	thomas2.klute	Use generic cache functions for OCSP response caching With this, OCSP … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@3e22b82	7 years	thomas2.klute	Add generic store/fetch support to the memcached cache Required to … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@70a1e5a	7 years	thomas2.klute	Introduce OCSP caching grace time A cached OCSP response must be … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@f450ac9	7 years	thomas2.klute	Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@d18afb8	7 years	thomas2.klute	Ensure that dbm_cache_fetch() does not return expired data The cache … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@c6572ec	7 years	thomas2.klute	Apply default cache timeout to OCSP responses without nextUpdate asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@c55902b	7 years	thomas2.klute	Trigger cache expiration on fetch, small restructuring In a situation … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@c005645	7 years	thomas2.klute	Mutex for DBM cache access I noticed that with a DBM cache enabled … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@eb63377	7 years	thomas2.klute	Check only expiration time for OCSP responses from cache Responses … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@366d1a1	7 years	thomas2.klute	Use nextUpdate field of OCSP response to set cache lifetime asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@08817d0	7 years	thomas2.klute	Check OCSP response before caching Only verified responses should be … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@368e581	7 years	thomas2.klute	Update OCSP response cache only if response is missing or invalid … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@4bf4ce2	7 years	thomas2.klute	Use GCC builtins to catch overflows with mixed integer types … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@6b4136c	7 years	thomas2.klute	Store OCSP responses in DBM cache before use This is not proper … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@2f932fa	7 years	thomas2.klute	Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@6814e48	7 years	thomas2.klute	Explain the different signatures of the dbm_cache functions asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@15245bf	7 years	thomas2.klute	Split dbm_cache_fetch() in generic and GnuTLS session specific parts … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@1d1361f	7 years	thomas2.klute	Make dbm_cache_store() work outside connection context asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
	(edit)	@ae08186	7 years	thomas2.klute	DBM cache: Separate session caching and generic store operation asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@f785704	7 years	thomas2.klute	Make dbm_cache_expire() work outside connection context DBM cache … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@04e6e65	7 years	thomas2.klute	Move declarations of cache-related functions to a dedicated header … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@379a297	7 years	thomas2.klute	Remove code used only with GnuTLS 2.x asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@7511bfa	7 years	thomas2.klute	Use ap_log_cerror() instead of ap_log_error() where reasonable … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@8913410	7 years	thomas2.klute	Update copyright headers asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c3ad933	7 years	thomas2.klute	Remove stale support code for Apache versions before 2.2 asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@fd6bb19	7 years	thomas2.klute	Extract OCSP access URI from the server certificate asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@4ae7810	7 years	thomas2.klute	Log port along with hostname if OCSP trust list initialization fails asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@68ce93c	7 years	thomas2.klute	Rearrange mgs_get_ocsp_response() for readability asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@fad7695	7 years	thomas2.klute	Store OCSP trust list in server config This avoids recreating the … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@64856fd	7 years	thomas2.klute	Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@2a1ffd6	7 years	thomas2.klute	Move trust list generation for OCSP to a separate function The new … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@d35b98e	7 years	thomas2.klute	Check OCSP response and staple it only if good asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c05780e	7 years	thomas2.klute	Proper runtests integration Test fails if runtests failed, avoid … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@4cc1edc	7 years	thomas2.klute	Remove pointless <If> from test server config Apparently <If> is … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@20f8e99	7 years	thomas2.klute	Provide full certificate chain to the server The server will need CA … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@94cb972	7 years	thomas2.klute	Minimal OCSP stapling implementation using externally provided … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@b674e95	7 years	thomas2.klute	Merge version 0.7.5 into ocsp branch asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@086cea9	7 years	thomas2.klute	Release version 0.7.5 asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream mod_gnutls/0.7.5
(edit)	@2b80754	7 years	thomas2.klute	Delete target files before exporting PGP certificates GnuPG promts or … asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@9e56602	7 years	thomas2.klute	Check for write errors in pgpcrc.c to get rid of build warning asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@42829ae	7 years	thomas2.klute	Build pgpcrc through Automake, clean new GnuPG privkey files & directories asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@298dc66	7 years	thomas2.klute	use --outfile instead of stdio redirection This way, when a command … asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@d70dd6e	7 years	thomas2.klute	ensure cleanup of gpg v2.1 keyrings as well depending on the version … asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@0bda20f	7 years	thomas2.klute	Make "make distcheck" work This requires strict DIST/DISTCLEAN lists … asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@eb34ac4	7 years	thomas2.klute	Let Automake handle module installation Using a custom pkglib … asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@eda8686	7 years	thomas2.klute	Disable building static libraries Only the dynamic library is used by … asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@19f2719	7 years	thomas2.klute	Update comments and formating in push/pull functions asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@a9fa300	7 years	thomas2.klute	Set GnuTLS session errno on all error paths in mgs_transport_read() asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@6868585	7 years	thomas2.klute	Remove unnecessary session pointer check The transport functions are … asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@be41ee4	7 years	thomas2.klute	Set GnuTLS session errno on errors in mgs_transport_write() Sunil … asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream
(edit)	@efe884e	7 years	thomas2.klute	Skip OCSP test with incompatible GnuTLS versions Please see the … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c4d6e77	7 years	thomas2.klute	Test suite: New test case for simple HTTPS access with OCSP status check asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@9e309ae	7 years	thomas2.klute	Merge version 0.7.4 into ocsp asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c6cfe6e	7 years	thomas2.klute	Release version 0.7.4 asynciodebian/masterdebian/stretch-backportsjessie-backportsmainproxy-ticketupstream mod_gnutls/0.7.4
(edit)	@a0161fe	7 years	thomas2.klute	Test suite: Include OCSP URI in server & client certificates if enabled asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream

Note: See TracRevisionLog for help on using the revision log.

Download in other formats: