source: mod_gnutls/src/gnutls_hooks.c

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @8d0efdc   15 months fiona.klute Disable session tickets by default After learning that the GnuTLS key … asyncio
(edit) @e6d9e47   16 months fiona.klute Move the callback for incoming tickets into gnutls_proxy.c It's only … asyncio
(edit) @e151b6f   16 months fiona.klute Do not try to cache or load cached proxy sessions without a session cache asyncio
(edit) @7e29705   16 months fiona.klute Fix memory leak: Free ticket after storing it in cache asyncio
(edit) @411d286   16 months fiona.klute Store session tickets for proxy connections in the session cache The … asyncio
(edit) @d827d0c   16 months fiona.klute Create cache keys for proxy session tickets The key is based on the … asyncio
(edit) @33d812d   16 months fiona.klute Retrieve received session tickets The tickets aren't used yet. Making … asyncioproxy-ticket
(edit) @132eadc   16 months fiona.klute Implement gnutls_pull_timeout_func According to GnuTLS documentation … asyncioproxy-ticket
(edit) @9071889   20 months fiona.klute Remove pointless set-once process pool userdata I know some modules … asyncioproxy-ticket
(edit) @e819f13   20 months fiona.klute Unconditionally enable early SNI parsing All supported GnuTLS … asyncioproxy-ticket
(edit) @4f2c988   20 months fiona.klute Send 403 if required client post-handshake authentication fails This … asyncioproxy-ticket
(edit) @f94938c   20 months fiona.klute Nicer logging for post-handshake authentication asyncioproxy-ticket
(edit) @9db4dcd   20 months fiona.klute Handle GNUTLS_E_GOT_APPLICATION_DATA on gnutls_reauth() Pending … asyncioproxy-ticket
(edit) @6fa6095   20 months fiona.klute Partial post-handshake auth support Needs proper error handling, … asyncioproxy-ticket
(edit) @e24e3bf9   20 months fiona.klute Rewrite authz hook Using the effective mode simplifies the code a … asyncioproxy-ticket
(edit) @3b2edd6   20 months fiona.klute Use GnuTLS' certificate status text instead of hard-coded cases … asyncioproxy-ticket
(edit) @ee2854b   20 months fiona.klute Remove a forgotten "return OK" in mgs_cert_verify See … asyncioproxy-ticket
(edit) @99196d9   20 months fiona.klute Reauthentication: Much simpler check for HTTP/2 Integer comparison … asyncioproxy-ticket
(edit) @0dc1a31   20 months fiona.klute Always return DECLINED instead of OK from mgs_cert_verify The return … asyncioproxy-ticket
(edit) @346c03b   20 months fiona.klute Prohibit TLS renegotiation for HTTP/2 connections (RFC 7540, section 9.2.1) asyncioproxy-ticket
(edit) @b22def6   20 months fiona.klute Remove SIGPIPE signal block There's no discernible reason to keep … asyncioproxy-ticket
(edit) @05e2d9e   20 months fiona.klute Move function declarations for gnutls_io.c into a separate header asyncioproxy-ticket
(edit) @33fa7d5   20 months fiona.klute Ensure stapling is active for server certificates with "must-staple" … asyncioproxy-ticket
(edit) @845c112   20 months fiona.klute Async OCSP updates for multi-stapling There's now one mod_watchdog … asyncioproxy-ticket
(edit) @1c3853a   20 months fiona.klute Minimal multi-staple implementation Works, but has limitations: * … asyncioproxy-ticket
(edit) @08ba205   20 months fiona.klute Turn per-vhost OCSP data into an array Size 1 for now, but it's a … asyncioproxy-ticket
(edit) @cf6f974   20 months fiona.klute mgs_get_ocsp_response: Accept request information from … asyncioproxy-ticket
(edit) @556783e   2 years fiona.klute Provide OCSP response via gnutls_certificate_retrieve_function3 … asyncioproxy-ticket
(edit) @81018a4   2 years fiona.klute Remove compatibility code for GnuTLS version before 3.6.3 asyncioproxy-ticket
(edit) @65c84e5   2 years fiona.klute Set certificates via gnutls_certificate_set_retrieve_function3() The … asyncioproxy-ticket
(edit) @6200f6f   3 years fiona.klute Switch server based on early SNI only if a name was found asynciodebian/masterproxy-ticket
(edit) @b6c7866   3 years fiona.klute Update copyright headers of files changed this year asynciodebian/masterproxy-ticket
(edit) @08c48d7   3 years fiona.klute Extract code for turning APR array of strings into gnutls_datum_t … asynciodebian/masterproxy-ticket
(edit) @68b5156   3 years fiona.klute Move proxy-only functions from gnutls_hooks.c to a dedicated file asynciodebian/masterproxy-ticket
(edit) @0fcba60   3 years fiona.klute Move compiled default priorities to gnutls_util.[hc] asynciodebian/masterproxy-ticket
(edit) @0da10eb   3 years fiona.klute Document Early SNI related functions and rename the post client hello hook asynciodebian/masterproxy-ticket
(edit) @64470ce   3 years fiona.klute Load credentials and prepare ALPN in pre client hello hook This fully … asynciodebian/masterproxy-ticket
(edit) @79fc46b   3 years fiona.klute Don't cancel virtual host lookup after successful default SNI fallback asynciodebian/masterproxy-ticket
(edit) @a26d3f6   3 years fiona.klute Protect early_sni_hook() against being called in the wrong context asynciodebian/masterproxy-ticket
(edit) @4963516   3 years fiona.klute Use server back reference for ALPN handling Necessary because during … asynciodebian/masterproxy-ticket
(edit) @d4c1a4e   3 years fiona.klute Add a reference from mod_gnutls server settings back to the server_rec … asynciodebian/masterproxy-ticket
(edit) @c0fc11e   3 years fiona.klute Separate functions for default SNI and loading virtual host … asynciodebian/masterproxy-ticket
(edit) @7ff6c6c   3 years fiona.klute Add proof-of-concept SNI parser in a pre client hello hook The SNI … asynciodebian/masterproxy-ticket
(edit) @4e388b0   3 years fiona.klute Consistently use strcasecmp() instead of mixing in apr_strnatcasecmp() asynciodebian/masterproxy-ticket
(edit) @f06c148   3 years fiona.klute Simplify wildcard match for virtual host aliases asynciodebian/masterproxy-ticket
(edit) @3c6645b   3 years fiona.klute gnutls_hooks.c: Fix spaces in check_server_aliases() asynciodebian/masterproxy-ticket
(edit) @3aff94d   3 years fiona.klute Include cache status in mod_status reports asynciodebian/masterproxy-ticket
(edit) @04753db8   3 years fiona.klute Require Host header to match SNI hostname (if any) This is a … asynciodebian/masterproxy-ticket
(edit) @a14cf5c   3 years fiona.klute Store SNI hostname in mod_gnutls' connection context asynciodebian/masterproxy-ticket
(edit) @de3fad3   3 years fiona.klute Require handshake and request to use the same server The new check … asynciodebian/masterproxy-ticket
(edit) @15368a4   3 years fiona.klute Improve log messages for PKCS #11 provider loading asynciodebian/masterproxy-ticket
(edit) @8273683   3 years fiona.klute Fix port numbers for vhosts in post_config log messages asynciodebian/masterproxy-ticket
(edit) @469861a   3 years fiona.klute Enable session tickets in the post client hello hook With this … asynciodebian/masterproxy-ticket
(edit) @bac1a32   3 years fiona.klute Order, log message, and style fixes asynciodebian/masterproxy-ticket
(edit) @fdd3bf0   3 years fiona.klute Enable session tickets by default if GnuTLS version >= 3.6.4 GnuTLS … asynciodebian/masterproxy-ticket
(edit) @60868d2   3 years fiona.klute Default to NORMAL for the GnuTLS priority settings This simplifies … asynciodebian/masterproxy-ticket
(edit) @adceac0   3 years fiona.klute Remove unneeded server variables "cert_cn" and "cert_san" "cert_san" … asynciodebian/masterproxy-ticket
(edit) @cb6476c   3 years fiona.klute Enable OCSP stapling by default if possible If the user hasn't … asynciodebian/masterproxy-ticket
(edit) @efc43b4   3 years fiona.klute Split per-vhost post config for OCSP stapling into configuring and … asynciodebian/masterproxy-ticket
(edit) @eced11a   3 years fiona.klute Remove server variable ocsp_cache_enable There is no need to … asynciodebian/masterproxy-ticket
(edit) @babdb29   3 years fiona.klute Initialize and clean up the OCSP cache, following session cache patterns asynciodebian/masterproxy-ticket
(edit) @72377cf   3 years fiona.klute Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0 Compression … asynciodebian/masterproxy-ticket
(edit) @ce5f776   3 years fiona.klute Move config and post_config of a cache instance to separate functions … asynciodebian/masterproxy-ticket
(edit) @f52f1b4   3 years fiona.klute Allow GnuTLSCacheTimeout in virtual host config I'm not sure if … asynciodebian/masterproxy-ticket
(edit) @b94aee2   3 years fiona.klute Remove internal cache type enum The cache type is now transparently … asynciodebian/masterproxy-ticket
(edit) @de1ceab   3 years fiona.klute Replace internal cache implementation with mod_socache Massively … asynciodebian/masterproxy-ticket
(edit) @7921dc7   3 years fiona.klute Remove OpenPGP authentication OpenPGP authentication was removed from … asynciodebian/masterproxy-ticket
(edit) @fa6d0bb   3 years fiona.klute Initialize OCSP stapling only if mod_gnutls is enabled for a virtual … asynciodebian/masterproxy-ticket
(edit) @0e3f8c6   3 years fiona.klute Create module-wide singleton watchdog during post_config asynciodebian/masterproxy-ticket
(edit) @3c123cd   3 years fiona.klute Update my name, prepare changelog for the next release asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @9cee2e9   3 years fiona.klute Support ALPN (required for secure HTTP/2) asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @2f10643   3 years fiona.klute Consider secondary connections (like mod_http2 streams) in hooks … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e7cf823   3 years fiona.klute Add process_connection hook, adjust hook order for mod_http2 … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @235e109   3 years fiona.klute Unify initialization of mod_gnutls connection context asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @994a5fb   4 years thomas2.klute Do not reconfigure OCSP status callback on each connection The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @54d07a1   4 years thomas2.klute Do not announce (unused) session ticket support on proxy connections … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @265159d   4 years thomas2.klute Send SNI for proxy connections asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @98cf33f   4 years thomas2.klute Rewrite SNI handler to accept long names and ignore unknown name types … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @017ef2d   4 years thomas2.klute Cleanup of post client hello and SNI handling functions * Get module … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e389b85   4 years thomas2.klute Remove obsolete global GnuTLS (de)init calls These calls have been … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @f4deac5   4 years thomas2.klute Warn users about OpenPGP deprecation OpenPGP support has been … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @a2b4ab6   4 years thomas2.klute Use GnuTLS known DH parameters If the user does not configure the DH … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @92ac36e   4 years thomas2.klute Remove dead code in DH parameters setup The dh_params variable in … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4f7edd5   4 years thomas2.klute Remove log for mutex creation errors (core logs them at emergency level) asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @104e881   5 years thomas2.klute General comment updates for Doxygen compatibility Mostly /* */ vs. … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e9ef72c   5 years thomas2.klute Disable GnuTLSSessionTickets by default as described in handbook The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @ac3f500   5 years thomas2.klute Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @87d507b   5 years thomas2.klute Overwrite session ticket key before releasing it Private key material … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4d4a406   5 years thomas2.klute New config option: GnuTLSOCSPStapling This flag option … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @b8700b0   5 years thomas2.klute Deinit proxy credentials on config pool cleanup asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @02eabe7   5 years thomas2.klute TLS Proxy: Fix memory leak while logging certificate status The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @f265001   5 years thomas2.klute Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @44e8944   5 years thomas2.klute Allocate memory for X.509 and PGP certificates only when needed asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @eee1432   5 years thomas2.klute Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @cc74801e   5 years thomas2.klute Move generated vhost-wide OCSP config into a private structure asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @d6834e0   5 years thomas2.klute OCSP refresh mutex: Prevent parallel requests Add a global mutex … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @aa68232   5 years thomas2.klute Move global cache mutex into the private cache struct asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e809fb30   5 years thomas2.klute Use generic cache functions for OCSP response caching With this, OCSP … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @f450ac9   5 years thomas2.klute Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c005645   5 years thomas2.klute Mutex for DBM cache access I noticed that with a DBM cache enabled … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
Note: See TracRevisionLog for help on using the revision log.