|
|
|
@eb63377
|
4 years |
thomas2.klute |
Check only expiration time for OCSP responses from cache
Responses …
debian/masterdebian/stretch-backportsupstream
|
|
|
@366d1a1
|
4 years |
thomas2.klute |
Use nextUpdate field of OCSP response to set cache lifetime
debian/masterdebian/stretch-backportsupstream
|
|
|
@08817d0
|
4 years |
thomas2.klute |
Check OCSP response before caching
Only verified responses should be …
debian/masterdebian/stretch-backportsupstream
|
|
|
@368e581
|
4 years |
thomas2.klute |
Update OCSP response cache only if response is missing or invalid
…
debian/masterdebian/stretch-backportsupstream
|
|
|
@4bf4ce2
|
4 years |
thomas2.klute |
Use GCC builtins to catch overflows with mixed integer types
…
debian/masterdebian/stretch-backportsupstream
|
|
|
@6b4136c
|
4 years |
thomas2.klute |
Store OCSP responses in DBM cache before use
This is not proper …
debian/masterdebian/stretch-backportsupstream
|
|
|
@2f932fa
|
4 years |
thomas2.klute |
Use gnutls_datum_t to pass DBM keys for GnuTLS sessions
The APR …
debian/masterdebian/stretch-backportsupstream
|
|
|
@6814e48
|
4 years |
thomas2.klute |
Explain the different signatures of the dbm_cache functions
debian/masterdebian/stretch-backportsupstream
|
|
|
@15245bf
|
4 years |
thomas2.klute |
Split dbm_cache_fetch() in generic and GnuTLS session specific parts
…
debian/masterdebian/stretch-backportsupstream
|
|
|
@1d1361f
|
4 years |
thomas2.klute |
Make dbm_cache_store() work outside connection context
debian/masterdebian/stretch-backportsupstream
|
|
|
@ae08186
|
4 years |
thomas2.klute |
DBM cache: Separate session caching and generic store operation
debian/masterdebian/stretch-backportsupstream
|
|
|
@f785704
|
4 years |
thomas2.klute |
Make dbm_cache_expire() work outside connection context
DBM cache …
debian/masterdebian/stretch-backportsupstream
|
|
|
@04e6e65
|
4 years |
thomas2.klute |
Move declarations of cache-related functions to a dedicated header
…
debian/masterdebian/stretch-backportsupstream
|
|
|
@379a297
|
4 years |
thomas2.klute |
Remove code used only with GnuTLS 2.x
debian/masterdebian/stretch-backportsupstream
|
|
|
@7511bfa
|
4 years |
thomas2.klute |
Use ap_log_cerror() instead of ap_log_error() where reasonable
…
debian/masterdebian/stretch-backportsupstream
|
|
|
@8913410
|
4 years |
thomas2.klute |
Update copyright headers
debian/masterdebian/stretch-backportsupstream
|
|
|
@c3ad933
|
4 years |
thomas2.klute |
Remove stale support code for Apache versions before 2.2
debian/masterdebian/stretch-backportsupstream
|
|
|
@fd6bb19
|
4 years |
thomas2.klute |
Extract OCSP access URI from the server certificate
debian/masterdebian/stretch-backportsupstream
|
|
|
@4ae7810
|
4 years |
thomas2.klute |
Log port along with hostname if OCSP trust list initialization fails
debian/masterdebian/stretch-backportsupstream
|
|
|
@68ce93c
|
4 years |
thomas2.klute |
Rearrange mgs_get_ocsp_response() for readability
debian/masterdebian/stretch-backportsupstream
|
|
|
@fad7695
|
4 years |
thomas2.klute |
Store OCSP trust list in server config
This avoids recreating the …
debian/masterdebian/stretch-backportsupstream
|
|
|
@64856fd
|
4 years |
thomas2.klute |
Get rid of exit(-1) calls in mgs_hook_post_config()
This allows the …
debian/masterdebian/stretch-backportsupstream
|
|
|
@2a1ffd6
|
4 years |
thomas2.klute |
Move trust list generation for OCSP to a separate function
The new …
debian/masterdebian/stretch-backportsupstream
|
|
|
@d35b98e
|
4 years |
thomas2.klute |
Check OCSP response and staple it only if good
debian/masterdebian/stretch-backportsupstream
|
|
|
@c05780e
|
4 years |
thomas2.klute |
Proper runtests integration
Test fails if runtests failed, avoid …
debian/masterdebian/stretch-backportsupstream
|
|
|
@4cc1edc
|
4 years |
thomas2.klute |
Remove pointless <If> from test server config
Apparently <If> is …
debian/masterdebian/stretch-backportsupstream
|
|
|
@20f8e99
|
4 years |
thomas2.klute |
Provide full certificate chain to the server
The server will need CA …
debian/masterdebian/stretch-backportsupstream
|
|
|
@94cb972
|
4 years |
thomas2.klute |
Minimal OCSP stapling implementation using externally provided …
debian/masterdebian/stretch-backportsupstream
|
|
|
@b674e95
|
4 years |
thomas2.klute |
Merge version 0.7.5 into ocsp branch
debian/masterdebian/stretch-backportsupstream
|
|
|
@086cea9
|
4 years |
thomas2.klute |
Release version 0.7.5
debian/masterdebian/stretch-backportsjessie-backportsupstream
mod_gnutls/0.7.5
|
|
|
@2b80754
|
4 years |
thomas2.klute |
Delete target files before exporting PGP certificates
GnuPG promts or …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@9e56602
|
4 years |
thomas2.klute |
Check for write errors in pgpcrc.c to get rid of build warning
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@42829ae
|
4 years |
thomas2.klute |
Build pgpcrc through Automake, clean new GnuPG privkey files & directories
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@298dc66
|
4 years |
thomas2.klute |
use --outfile instead of stdio redirection
This way, when a command …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@d70dd6e
|
4 years |
thomas2.klute |
ensure cleanup of gpg v2.1 keyrings as well
depending on the version …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@0bda20f
|
4 years |
thomas2.klute |
Make "make distcheck" work
This requires strict DIST/DISTCLEAN lists …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@eb34ac4
|
4 years |
thomas2.klute |
Let Automake handle module installation
Using a custom pkglib …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@eda8686
|
4 years |
thomas2.klute |
Disable building static libraries
Only the dynamic library is used by …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@19f2719
|
4 years |
thomas2.klute |
Update comments and formating in push/pull functions
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@a9fa300
|
4 years |
thomas2.klute |
Set GnuTLS session errno on all error paths in mgs_transport_read()
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@6868585
|
4 years |
thomas2.klute |
Remove unnecessary session pointer check
The transport functions are …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@be41ee4
|
4 years |
thomas2.klute |
Set GnuTLS session errno on errors in mgs_transport_write()
Sunil …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@efe884e
|
4 years |
thomas2.klute |
Skip OCSP test with incompatible GnuTLS versions
Please see the …
debian/masterdebian/stretch-backportsupstream
|
|
|
@c4d6e77
|
4 years |
thomas2.klute |
Test suite: New test case for simple HTTPS access with OCSP status check
debian/masterdebian/stretch-backportsupstream
|
|
|
@9e309ae
|
4 years |
thomas2.klute |
Merge version 0.7.4 into ocsp
debian/masterdebian/stretch-backportsupstream
|
|
|
@c6cfe6e
|
4 years |
thomas2.klute |
Release version 0.7.4
debian/masterdebian/stretch-backportsjessie-backportsupstream
mod_gnutls/0.7.4
|
|
|
@a0161fe
|
4 years |
thomas2.klute |
Test suite: Include OCSP URI in server & client certificates if enabled
debian/masterdebian/stretch-backportsupstream
|
|
|
@21181b2
|
4 years |
thomas2.klute |
Test suite: Enable OCSP if OpenSSL is available, provide port for …
debian/masterdebian/stretch-backportsupstream
|
|
|
@c0c4106
|
4 years |
thomas2.klute |
Test suite: Minimal OCSP responder (CGI script and Apache config snippet)
debian/masterdebian/stretch-backportsupstream
|
|
|
@ea99ffe
|
4 years |
thomas2.klute |
Test suite: Build OCSP database
debian/masterdebian/stretch-backportsupstream
|
|
|
@a03f94e
|
4 years |
thomas2.klute |
Test suite: Build OCSP responder certificate
debian/masterdebian/stretch-backportsupstream
|
|
|
@42bee37
|
4 years |
thomas2.klute |
Test suite: OCSP index generation tool
gen_ocsp_index creates an …
debian/masterdebian/stretch-backportsupstream
|
|
|
@28fc74b
|
4 years |
thomas2.klute |
Capture full gnutls-cli output in test logs
Copying instead of …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@5725dca
|
4 years |
thomas2.klute |
Test suite: Consistent use of @VAR@ vs. $(VAR)
Makefile.am will …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@aeaf28b
|
4 years |
thomas2.klute |
Allow user to set SoftHSM PKCS #11 module
Users may want to use a …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@b0e5dae
|
4 years |
thomas2.klute |
Test suite: Add support for SoftHSM 2
./configure now detects SoftHSM …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@6f644fa
|
4 years |
thomas2.klute |
Test suite: Generate SoftHSM config for initialization as needed
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@74772b2
|
4 years |
thomas2.klute |
Define autoconf/automake variables to handle different SoftHSM versions
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@5eb4544
|
4 years |
thomas2.klute |
Test suite: Search SoftHSM during ./configure, detect module for v1 or …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@d84f0f7
|
4 years |
thomas2.klute |
Test 26_redirect_HTTP_to_HTTPS: Add --verbose option when using curl
…
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@f0923c4
|
4 years |
thomas2.klute |
Release version 0.7.3
debian/masterdebian/stretch-backportsjessie-backportsupstream
mod_gnutls/0.7.3
|
|
|
@67f2f58
|
4 years |
thomas2.klute |
Support curl or Wget for test case "26_redirect_HTTP_to_HTTPS"
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@5aae10e
|
4 years |
thomas2.klute |
configure.ac: Better wording for network and user namespace creation check
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@7c0ccaf
|
4 years |
thomas2.klute |
Rename test "26_HTTPS_server_var" to "redirect_HTTP_to_HTTPS"
The new …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@a038290
|
4 years |
thomas2.klute |
Set the correct PID file in test-26_HTTPS_server_var.bash
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@8ac7c0d
|
4 years |
thomas2.klute |
Register "ssl_is_https" function for compatibility with mod_rewrite
…
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@7aeabcb
|
4 years |
thomas2.klute |
Update documentation for test certificate generation
Add hint about …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@06f8005
|
4 years |
thomas2.klute |
Test suite: Fix file lists for distribution archive creation
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@db6bac4
|
4 years |
thomas2.klute |
PKCS #11 test case: Generate temporary SoftHSM config from …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@5d9f34e
|
4 years |
thomas2.klute |
configure: Check if flock supports --timeout
This builds on the …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@1bb6b1c
|
4 years |
thomas2.klute |
configure: Fix "not available" case in check for unshare
The changed …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@d7c2508
|
4 years |
thomas2.klute |
configure: Run "ip addr show" only if network could be started
…
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@dc55c77
|
4 years |
thomas2.klute |
Test suite: Update priorities in status test for GnuTLS 3.4 …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@c0bb823
|
4 years |
thomas2.klute |
Test suite: Create rogue client certificate for client auth test
Test …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@4d2d182
|
4 years |
thomas2.klute |
Test suite: Switch to non-root user namespace before running Apache
…
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@b21bf4f
|
4 years |
thomas2.klute |
configure: Check if creating namespaces is possible
Some Linux …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@29d3311
|
4 years |
thomas2.klute |
New test case regarding priorities: Disable TLS 1.0
This test case is …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@bc539d5
|
4 years |
thomas2.klute |
Implement short message for mod_status reports
Until now the flags …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@600cf16
|
4 years |
thomas2.klute |
mgs_status_hook: Remove code for GnuTLS versions < 3
mod_gnutls …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@c3bee83
|
4 years |
thomas2.klute |
Update test suite documentation
Most updates are regarding network …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@948c181
|
4 years |
thomas2.klute |
Test suite: Fix include path for proxy_backend.conf
The file is …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@5b6a5d9
|
4 years |
thomas2.klute |
Test suite: Honor "--disable-flock" while creating PGP certificates
…
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@f87c1b5
|
4 years |
thomas2.klute |
Test suite: Run proxy backend servers in parallel if namespaces are enabled
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@62ba7f0
|
4 years |
thomas2.klute |
Test suite: Move common config for proxy backend servers into a shared file
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@725e9af
|
4 years |
thomas2.klute |
Proxy tests: Fix typo in directory path in exit hook
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@ddf6027
|
4 years |
thomas2.klute |
Test suite: Move Listen configuration to test/apache-conf/
This …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@cf4e708
|
4 years |
thomas2.klute |
Run tests in separate network namespaces
Creating a network namespace …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@bca7629
|
4 years |
thomas2.klute |
Remove outdated build files
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@3ccceed
|
4 years |
thomas2.klute |
Test suite: Include common.bash in dist, fix path to generated listen.conf
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@dff57b4
|
4 years |
thomas2.klute |
Update documentation for TEST_IP and "--disable-flock"
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@412ee84
|
4 years |
thomas2.klute |
Test suite: Allow the user to disable use of "flock"
Using "flock" …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@a08b25e
|
4 years |
thomas2.klute |
Test suite: Listen on IPv6 and IPv4 loopback by default
Distributions …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@3e04c0b
|
4 years |
thomas2.klute |
Test suite: Don't restrict IP addresses of virtual hosts
The IP …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@7225749
|
4 years |
thomas2.klute |
Use "markdown" to build HTML doc if pandoc is not available
Some …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@13ffeff
|
4 years |
thomas2.klute |
let a failed diff be verbose
there is no reason to pass -q to diff …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@9413c36
|
4 years |
thomas2.klute |
Remove legacy macro file m4/libmemcache.m4
The CHECK_MEMCACHE macro …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@07cc51f
|
4 years |
thomas2.klute |
Release version 0.7.2
debian/masterdebian/stretch-backportsjessie-backportsupstream
mod_gnutls/0.7.2
|
|
|
@dc058b8
|
4 years |
thomas2.klute |
Update installation documentation
* The --with-apr-memcache option …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@73b0bf0
|
4 years |
thomas2.klute |
mgs_filter_input: Use APR_STATUS_IS macros instead of integer comparison
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|
@a2368a4
|
4 years |
thomas2.klute |
Use TLS session cleanup hook for all connection pools
If a TLS …
debian/masterdebian/stretch-backportsjessie-backportsupstream
|
|
|