source: mod_gnutls/src/gnutls_hooks.c

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @469861a   2 years fiona.klute Enable session tickets in the post client hello hook With this … asynciodebian/masterproxy-ticket
(edit) @bac1a32   2 years fiona.klute Order, log message, and style fixes asynciodebian/masterproxy-ticket
(edit) @fdd3bf0   2 years fiona.klute Enable session tickets by default if GnuTLS version >= 3.6.4 GnuTLS … asynciodebian/masterproxy-ticket
(edit) @60868d2   2 years fiona.klute Default to NORMAL for the GnuTLS priority settings This simplifies … asynciodebian/masterproxy-ticket
(edit) @adceac0   2 years fiona.klute Remove unneeded server variables "cert_cn" and "cert_san" "cert_san" … asynciodebian/masterproxy-ticket
(edit) @cb6476c   2 years fiona.klute Enable OCSP stapling by default if possible If the user hasn't … asynciodebian/masterproxy-ticket
(edit) @efc43b4   2 years fiona.klute Split per-vhost post config for OCSP stapling into configuring and … asynciodebian/masterproxy-ticket
(edit) @eced11a   3 years fiona.klute Remove server variable ocsp_cache_enable There is no need to … asynciodebian/masterproxy-ticket
(edit) @babdb29   3 years fiona.klute Initialize and clean up the OCSP cache, following session cache patterns asynciodebian/masterproxy-ticket
(edit) @72377cf   3 years fiona.klute Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0 Compression … asynciodebian/masterproxy-ticket
(edit) @ce5f776   3 years fiona.klute Move config and post_config of a cache instance to separate functions … asynciodebian/masterproxy-ticket
(edit) @f52f1b4   3 years fiona.klute Allow GnuTLSCacheTimeout in virtual host config I'm not sure if … asynciodebian/masterproxy-ticket
(edit) @b94aee2   3 years fiona.klute Remove internal cache type enum The cache type is now transparently … asynciodebian/masterproxy-ticket
(edit) @de1ceab   3 years fiona.klute Replace internal cache implementation with mod_socache Massively … asynciodebian/masterproxy-ticket
(edit) @7921dc7   3 years fiona.klute Remove OpenPGP authentication OpenPGP authentication was removed from … asynciodebian/masterproxy-ticket
(edit) @fa6d0bb   3 years fiona.klute Initialize OCSP stapling only if mod_gnutls is enabled for a virtual … asynciodebian/masterproxy-ticket
(edit) @0e3f8c6   3 years fiona.klute Create module-wide singleton watchdog during post_config asynciodebian/masterproxy-ticket
(edit) @3c123cd   3 years fiona.klute Update my name, prepare changelog for the next release asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @9cee2e9   3 years fiona.klute Support ALPN (required for secure HTTP/2) asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @2f10643   3 years fiona.klute Consider secondary connections (like mod_http2 streams) in hooks … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e7cf823   3 years fiona.klute Add process_connection hook, adjust hook order for mod_http2 … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @235e109   3 years fiona.klute Unify initialization of mod_gnutls connection context asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @994a5fb   3 years thomas2.klute Do not reconfigure OCSP status callback on each connection The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @54d07a1   3 years thomas2.klute Do not announce (unused) session ticket support on proxy connections … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @265159d   3 years thomas2.klute Send SNI for proxy connections asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @98cf33f   3 years thomas2.klute Rewrite SNI handler to accept long names and ignore unknown name types … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @017ef2d   3 years thomas2.klute Cleanup of post client hello and SNI handling functions * Get module … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e389b85   3 years thomas2.klute Remove obsolete global GnuTLS (de)init calls These calls have been … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @f4deac5   4 years thomas2.klute Warn users about OpenPGP deprecation OpenPGP support has been … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @a2b4ab6   4 years thomas2.klute Use GnuTLS known DH parameters If the user does not configure the DH … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @92ac36e   4 years thomas2.klute Remove dead code in DH parameters setup The dh_params variable in … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4f7edd5   4 years thomas2.klute Remove log for mutex creation errors (core logs them at emergency level) asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @104e881   4 years thomas2.klute General comment updates for Doxygen compatibility Mostly /* */ vs. … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e9ef72c   5 years thomas2.klute Disable GnuTLSSessionTickets by default as described in handbook The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @ac3f500   5 years thomas2.klute Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @87d507b   5 years thomas2.klute Overwrite session ticket key before releasing it Private key material … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4d4a406   5 years thomas2.klute New config option: GnuTLSOCSPStapling This flag option … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @b8700b0   5 years thomas2.klute Deinit proxy credentials on config pool cleanup asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @02eabe7   5 years thomas2.klute TLS Proxy: Fix memory leak while logging certificate status The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @f265001   5 years thomas2.klute Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @44e8944   5 years thomas2.klute Allocate memory for X.509 and PGP certificates only when needed asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @eee1432   5 years thomas2.klute Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @cc74801e   5 years thomas2.klute Move generated vhost-wide OCSP config into a private structure asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @d6834e0   5 years thomas2.klute OCSP refresh mutex: Prevent parallel requests Add a global mutex … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @aa68232   5 years thomas2.klute Move global cache mutex into the private cache struct asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e809fb3   5 years thomas2.klute Use generic cache functions for OCSP response caching With this, OCSP … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @f450ac9   5 years thomas2.klute Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c005645   5 years thomas2.klute Mutex for DBM cache access I noticed that with a DBM cache enabled … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @04e6e65   5 years thomas2.klute Move declarations of cache-related functions to a dedicated header … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @7511bfa   5 years thomas2.klute Use ap_log_cerror() instead of ap_log_error() where reasonable … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c3ad933   5 years thomas2.klute Remove stale support code for Apache versions before 2.2 asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @fd6bb19   5 years thomas2.klute Extract OCSP access URI from the server certificate asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @fad7695   5 years thomas2.klute Store OCSP trust list in server config This avoids recreating the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @64856fd   5 years thomas2.klute Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @94cb972   5 years thomas2.klute Minimal OCSP stapling implementation using externally provided … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @bc539d5   5 years thomas2.klute Implement short message for mod_status reports Until now the flags … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @600cf16   5 years thomas2.klute mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @a2368a4   5 years thomas2.klute Use TLS session cleanup hook for all connection pools If a TLS … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @2ceb836   5 years thomas2.klute Update log messages on session termination (cleanup_gnutls_session, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @dff03fa   5 years thomas2.klute Configure C99 mode Variable declarations in for loops improve code … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @9ca1f21   5 years thomas2.klute Allow loading more than one PKCS #11 module using GnuTLSP11Module … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @7764015   5 years thomas2.klute Update GnuTLSP11Module documentation for stricter semantics asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @746e993   5 years thomas2.klute Formatting fix for PKCS #11 module loading asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @f21d2a6   5 years thomas2.klute Changed the semantics of GnuTLSP11Module That setting instructs … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @efd3cfe   5 years thomas2.klute Whitespace fix in gnutls_hooks.c asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @99f8375   5 years thomas2.klute Ensure safe defaults during client verification Initialize the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @e021722   6 years thomas2.klute Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @e391197   6 years thomas2.klute Update copyright headers for C source asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @87f1ed2   6 years thomas2.klute Allow loading of an additional PKCS #11 provider library When using … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @4133f2d   6 years thomas2.klute Unify argument handling in mgs_set_priorities Just store the argument … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @2cde026d   6 years thomas2.klute Merge branch 'new-gnutls-api' Merge my TLS proxy implementation with … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @f030883   6 years thomas2.klute Set GnuTLS priorities for proxy connections separately Until now, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @d04f7da   6 years thomas2.klute Version guards for gnutls_privkey_import_openpgp_raw workaround The … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @8b472af   6 years thomas2.klute Use server root for file paths in TLS proxy config This is what users … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @2cde8111   6 years thomas2.klute Workarounds for OpenPGP key handling Commit … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @01b5d85   6 years thomas2.klute Merge branch 'client-verify-fix' into new-gnutls-api Merge the fix … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @c4a015b   6 years thomas2.klute Merge branch 'split-testsuite' into new-gnutls-api OpenPGP support is … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @259e835   6 years thomas2.klute Merge branch 'master' into new-gnutls-api Branch 'master' at this … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @809c422   6 years thomas2.klute TLS proxy: Add support for CRLs to back end server verification When … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @bd24203   6 years thomas2.klute Explicitly build trust list for proxy connections This change … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @7d2123d   6 years thomas2.klute Log errors while loading proxy certificate trust list The way the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @6bbc00a   6 years thomas2.klute Check hostname of proxy back end server against certificate … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @0de1839   6 years thomas2.klute Support X.509 auth for TLS proxy connections This commit adds support … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @b324906   6 years thomas2.klute Merge branch 'client-verify-fix' into tls-proxy Most importantly, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @5a8a32b   6 years thomas2.klute TLS Client auth: Check server verify mode if unset for dir The … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @b429e4c   6 years thomas2.klute Cleanup handler for proxy TLS connections When handling client … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @d7a8286   6 years thomas2.klute Remove debug log messages for allocating connection config memory … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @beb14d9   6 years thomas2.klute Proof of concept: Support for proxy back end connections using TLS … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @c1ef069   6 years thomas2.klute Record if a connection is a proxy connection When handling a proxy … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @5342265   6 years thomas2.klute Close last for loop in mgs_find_sni_server The closing brace for the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @07d548d   6 years thomas2.klute Properly use SSLProxyEngine option ssl_proxy_enable now checks if … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @e8acf05   6 years thomas2.klute Enable/disable TLS per connection in ssl_engine_disable Previously, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @e4b58b6   6 years thomas2.klute Check error codes during GnuTLS connection init These calls shouldn't … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @031acac   7 years nmav Use the new (3.1.3+) GnuTLS APIs to obtain private keys. This allows … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @fd82e59   7 years dkg use strict compiler arguments by default (-Wall -Werror -Wextra) … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @765cac2   7 years dkg clean up MGS_SIDE abuse of apr_pstrcat We were allocating twice as … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @2aaf4f5   7 years dkg implement GnuTLSExportCertificates control over max exported cert size … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @55dc3f0   7 years dkg Make Apache 2.4 display the correct module in error logs asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @83eafed   7 years dkg avoid a very unlikely NULL dereference asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit) @4ec9183   7 years dkg Include GnuTLS version as additional version component in Server … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
Note: See TracRevisionLog for help on using the revision log.