source: mod_gnutls/src/gnutls_hooks.c

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @104e881   3 years thomas2.klute General comment updates for Doxygen compatibility Mostly /* */ vs. … debian/masterdebian/stretch-backportsupstream
(edit) @e9ef72c   3 years thomas2.klute Disable GnuTLSSessionTickets by default as described in handbook The … debian/masterdebian/stretch-backportsupstream
(edit) @ac3f500   3 years thomas2.klute Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … debian/masterdebian/stretch-backportsupstream
(edit) @87d507b   3 years thomas2.klute Overwrite session ticket key before releasing it Private key material … debian/masterdebian/stretch-backportsupstream
(edit) @4d4a406   3 years thomas2.klute New config option: GnuTLSOCSPStapling This flag option … debian/masterdebian/stretch-backportsupstream
(edit) @b8700b0   3 years thomas2.klute Deinit proxy credentials on config pool cleanup debian/masterdebian/stretch-backportsupstream
(edit) @02eabe7   3 years thomas2.klute TLS Proxy: Fix memory leak while logging certificate status The … debian/masterdebian/stretch-backportsupstream
(edit) @f265001   3 years thomas2.klute Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … debian/masterdebian/stretch-backportsupstream
(edit) @44e8944   3 years thomas2.klute Allocate memory for X.509 and PGP certificates only when needed debian/masterdebian/stretch-backportsupstream
(edit) @eee1432   3 years thomas2.klute Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … debian/masterdebian/stretch-backportsupstream
(edit) @cc74801   3 years thomas2.klute Move generated vhost-wide OCSP config into a private structure debian/masterdebian/stretch-backportsupstream
(edit) @d6834e0   3 years thomas2.klute OCSP refresh mutex: Prevent parallel requests Add a global mutex … debian/masterdebian/stretch-backportsupstream
(edit) @aa68232   3 years thomas2.klute Move global cache mutex into the private cache struct debian/masterdebian/stretch-backportsupstream
(edit) @e809fb3   3 years thomas2.klute Use generic cache functions for OCSP response caching With this, OCSP … debian/masterdebian/stretch-backportsupstream
(edit) @f450ac9   3 years thomas2.klute Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … debian/masterdebian/stretch-backportsupstream
(edit) @c005645   3 years thomas2.klute Mutex for DBM cache access I noticed that with a DBM cache enabled … debian/masterdebian/stretch-backportsupstream
(edit) @04e6e65   4 years thomas2.klute Move declarations of cache-related functions to a dedicated header … debian/masterdebian/stretch-backportsupstream
(edit) @7511bfa   4 years thomas2.klute Use ap_log_cerror() instead of ap_log_error() where reasonable … debian/masterdebian/stretch-backportsupstream
(edit) @c3ad933   4 years thomas2.klute Remove stale support code for Apache versions before 2.2 debian/masterdebian/stretch-backportsupstream
(edit) @fd6bb19   4 years thomas2.klute Extract OCSP access URI from the server certificate debian/masterdebian/stretch-backportsupstream
(edit) @fad7695   4 years thomas2.klute Store OCSP trust list in server config This avoids recreating the … debian/masterdebian/stretch-backportsupstream
(edit) @64856fd   4 years thomas2.klute Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … debian/masterdebian/stretch-backportsupstream
(edit) @94cb972   4 years thomas2.klute Minimal OCSP stapling implementation using externally provided … debian/masterdebian/stretch-backportsupstream
(edit) @bc539d5   4 years thomas2.klute Implement short message for mod_status reports Until now the flags … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @600cf16   4 years thomas2.klute mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @a2368a4   4 years thomas2.klute Use TLS session cleanup hook for all connection pools If a TLS … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @2ceb836   4 years thomas2.klute Update log messages on session termination (cleanup_gnutls_session, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @dff03fa   4 years thomas2.klute Configure C99 mode Variable declarations in for loops improve code … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @9ca1f21   4 years thomas2.klute Allow loading more than one PKCS #11 module using GnuTLSP11Module … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @7764015   4 years thomas2.klute Update GnuTLSP11Module documentation for stricter semantics debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @746e993   4 years thomas2.klute Formatting fix for PKCS #11 module loading debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @f21d2a6   4 years thomas2.klute Changed the semantics of GnuTLSP11Module That setting instructs … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @efd3cfe   4 years thomas2.klute Whitespace fix in gnutls_hooks.c debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @99f8375   4 years thomas2.klute Ensure safe defaults during client verification Initialize the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e021722   4 years thomas2.klute Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e391197   4 years thomas2.klute Update copyright headers for C source debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @87f1ed2   5 years thomas2.klute Allow loading of an additional PKCS #11 provider library When using … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @4133f2d   5 years thomas2.klute Unify argument handling in mgs_set_priorities Just store the argument … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @2cde026d   5 years thomas2.klute Merge branch 'new-gnutls-api' Merge my TLS proxy implementation with … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @f030883   5 years thomas2.klute Set GnuTLS priorities for proxy connections separately Until now, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @d04f7da   5 years thomas2.klute Version guards for gnutls_privkey_import_openpgp_raw workaround The … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @8b472af   5 years thomas2.klute Use server root for file paths in TLS proxy config This is what users … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @2cde8111   5 years thomas2.klute Workarounds for OpenPGP key handling Commit … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @01b5d85   5 years thomas2.klute Merge branch 'client-verify-fix' into new-gnutls-api Merge the fix … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @c4a015b   5 years thomas2.klute Merge branch 'split-testsuite' into new-gnutls-api OpenPGP support is … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @259e835   5 years thomas2.klute Merge branch 'master' into new-gnutls-api Branch 'master' at this … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @809c422   5 years thomas2.klute TLS proxy: Add support for CRLs to back end server verification When … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @bd24203   5 years thomas2.klute Explicitly build trust list for proxy connections This change … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @7d2123d   5 years thomas2.klute Log errors while loading proxy certificate trust list The way the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @6bbc00a   5 years thomas2.klute Check hostname of proxy back end server against certificate … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @0de1839   5 years thomas2.klute Support X.509 auth for TLS proxy connections This commit adds support … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @b324906   5 years thomas2.klute Merge branch 'client-verify-fix' into tls-proxy Most importantly, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @5a8a32b   5 years thomas2.klute TLS Client auth: Check server verify mode if unset for dir The … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @b429e4c   5 years thomas2.klute Cleanup handler for proxy TLS connections When handling client … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @d7a8286   5 years thomas2.klute Remove debug log messages for allocating connection config memory … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @beb14d9   5 years thomas2.klute Proof of concept: Support for proxy back end connections using TLS … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @c1ef069   5 years thomas2.klute Record if a connection is a proxy connection When handling a proxy … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @5342265   5 years thomas2.klute Close last for loop in mgs_find_sni_server The closing brace for the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @07d548d   5 years thomas2.klute Properly use SSLProxyEngine option ssl_proxy_enable now checks if … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e8acf05   5 years thomas2.klute Enable/disable TLS per connection in ssl_engine_disable Previously, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e4b58b6   5 years thomas2.klute Check error codes during GnuTLS connection init These calls shouldn't … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @031acac   5 years nmav Use the new (3.1.3+) GnuTLS APIs to obtain private keys. This allows … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @fd82e59   6 years dkg use strict compiler arguments by default (-Wall -Werror -Wextra) … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @765cac2   6 years dkg clean up MGS_SIDE abuse of apr_pstrcat We were allocating twice as … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @2aaf4f5   6 years dkg implement GnuTLSExportCertificates control over max exported cert size … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @55dc3f0   6 years dkg Make Apache 2.4 display the correct module in error logs debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @83eafed   6 years dkg avoid a very unlikely NULL dereference debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @4ec9183   6 years dkg Include GnuTLS version as additional version component in Server … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @46de753   6 years dkg fix build against GnuTLS 2.12.x debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @671b64f   6 years dkg remove all trailing whitespace debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @9720026   6 years dkg silly newline cleanup debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @5674676   6 years dkg add SSL_DH_PRIME_BITS to expose the size of the DH modulus to CGI debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @b4739cd   6 years dkg display some information in mod_status debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @b55bf71   6 years dkg accept the e-mail address in the cert Subject if no sAN e-mail is present debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @a01f8ab   6 years dkg upgrade to libmsv 0.1 API debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @832182b   6 years dkg extracting the user ID from a certificate cleanly. debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @5c0d491   6 years dkg MSVA: successful communication between apache and the agent This is … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @07889ab   6 years dkg MSVA: some initial framework debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @cf2b905   6 years dkg MSVA: document and parse GnuTLSClientVerifyMethod directive The … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @6bb2474   7 years dkg Changed Default Export Of Full PEM Certificates To FALSE This matches … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @b1c2b01   7 years dkg avoid a segfault if no X.509 certificates are present during vhost_cb debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @7d1ab49   7 years dkg restore GnuTLSExportCertificate directive It looks to me like this … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @c0dd3ab   7 years dkg avoid invoking gnutls_transport_get_ptr on a NULL session debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @b668622   7 years dkg Do not override the configured GnuTLS priority string. This fixes … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @8985a6b   7 years dkg allow certificate use for clients without SNI The test removed here … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @9ecd212   7 years dkg avoid embedding extra/unnecessary newlines in logs debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @932b68e   7 years dkg Check for the version of GnuTLS we built against debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @cb5188f   7 years dkg fatal library initialization error logs should be at APLOG_EMERG … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @421ef1c   7 years dkg deal responsibly with grave failures in pre_config hook If a … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @040387c   7 years dkg server-wide settings should be defaults unless overridden in a vhost … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @369f47a   7 years dkg avoid calling gnutls_srp_server_get_username() unless SRP is configured debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @b8df283   7 years dkg use gnutls_datum_t instead of the deprecated gnutls_datum debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @2b76a9c   7 years dkg X.509 certificates are ordered EE first (see … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @6055aff   7 years dkg warn if the server hostname cannot be found in the certificate debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @e2b936e   7 years dkg no longer using first_run since 31645b2ad; remove it debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @3b4c0d0   7 years neuromancer * Added Comments to Header Structures * Refactored the following: … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @cb60afc   7 years neuromancer Bugfix: check_server_aliases() Signed-off-by: Dash Shendy … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @e3d36c7   7 years neuromancer Fixed conditional ServerAlias? names' & wildcards' matching … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @14d718f   7 years neuromancer Added support for wildcards in ServerAlias? configuration directive … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
(edit) @9ee0464   7 years neuromancer Compilation Errors Cleanup Signed-off-by: Dash Shendy … debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
Note: See TracRevisionLog for help on using the revision log.