|
|
@efc43b4
|
4 years |
fiona.klute |
Split per-vhost post config for OCSP stapling into configuring and …
asynciodebian/masterproxy-ticket
|
|
|
@eced11a
|
5 years |
fiona.klute |
Remove server variable ocsp_cache_enable
There is no need to …
asynciodebian/masterproxy-ticket
|
|
|
@babdb29
|
5 years |
fiona.klute |
Initialize and clean up the OCSP cache, following session cache patterns
asynciodebian/masterproxy-ticket
|
|
|
@72377cf
|
5 years |
fiona.klute |
Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0
Compression …
asynciodebian/masterproxy-ticket
|
|
|
@ce5f776
|
5 years |
fiona.klute |
Move config and post_config of a cache instance to separate functions
…
asynciodebian/masterproxy-ticket
|
|
|
@f52f1b4
|
5 years |
fiona.klute |
Allow GnuTLSCacheTimeout in virtual host config
I'm not sure if …
asynciodebian/masterproxy-ticket
|
|
|
@b94aee2
|
5 years |
fiona.klute |
Remove internal cache type enum
The cache type is now transparently …
asynciodebian/masterproxy-ticket
|
|
|
@de1ceab
|
5 years |
fiona.klute |
Replace internal cache implementation with mod_socache
Massively …
asynciodebian/masterproxy-ticket
|
|
|
@7921dc7
|
5 years |
fiona.klute |
Remove OpenPGP authentication
OpenPGP authentication was removed from …
asynciodebian/masterproxy-ticket
|
|
|
@fa6d0bb
|
5 years |
fiona.klute |
Initialize OCSP stapling only if mod_gnutls is enabled for a virtual …
asynciodebian/masterproxy-ticket
|
|
|
@0e3f8c6
|
5 years |
fiona.klute |
Create module-wide singleton watchdog during post_config
asynciodebian/masterproxy-ticket
|
|
|
@3c123cd
|
5 years |
fiona.klute |
Update my name, prepare changelog for the next release
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@9cee2e9
|
5 years |
fiona.klute |
Support ALPN (required for secure HTTP/2)
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@2f10643
|
5 years |
fiona.klute |
Consider secondary connections (like mod_http2 streams) in hooks
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e7cf823
|
5 years |
fiona.klute |
Add process_connection hook, adjust hook order for mod_http2 …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@235e109
|
5 years |
fiona.klute |
Unify initialization of mod_gnutls connection context
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@994a5fb
|
5 years |
thomas2.klute |
Do not reconfigure OCSP status callback on each connection
The …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@54d07a1
|
5 years |
thomas2.klute |
Do not announce (unused) session ticket support on proxy connections
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@265159d
|
5 years |
thomas2.klute |
Send SNI for proxy connections
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@98cf33f
|
5 years |
thomas2.klute |
Rewrite SNI handler to accept long names and ignore unknown name types …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@017ef2d
|
5 years |
thomas2.klute |
Cleanup of post client hello and SNI handling functions
* Get module …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e389b85
|
5 years |
thomas2.klute |
Remove obsolete global GnuTLS (de)init calls
These calls have been …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@f4deac5
|
6 years |
thomas2.klute |
Warn users about OpenPGP deprecation
OpenPGP support has been …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@a2b4ab6
|
6 years |
thomas2.klute |
Use GnuTLS known DH parameters
If the user does not configure the DH …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@92ac36e
|
6 years |
thomas2.klute |
Remove dead code in DH parameters setup
The dh_params variable in …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@4f7edd5
|
6 years |
thomas2.klute |
Remove log for mutex creation errors (core logs them at emergency level)
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@104e881
|
6 years |
thomas2.klute |
General comment updates for Doxygen compatibility
Mostly /* */ vs. …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e9ef72c
|
7 years |
thomas2.klute |
Disable GnuTLSSessionTickets by default as described in handbook
The …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@ac3f500
|
7 years |
thomas2.klute |
Compatibility code for GnuTLS version < 3.4
* gnutls_memset() is not …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@87d507b
|
7 years |
thomas2.klute |
Overwrite session ticket key before releasing it
Private key material …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@4d4a406
|
7 years |
thomas2.klute |
New config option: GnuTLSOCSPStapling
This flag option …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@b8700b0
|
7 years |
thomas2.klute |
Deinit proxy credentials on config pool cleanup
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@02eabe7
|
7 years |
thomas2.klute |
TLS Proxy: Fix memory leak while logging certificate status
The …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@f265001
|
7 years |
thomas2.klute |
Bind temporary pool in load_proxy_x509_credentials() to ptemp scope
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@44e8944
|
7 years |
thomas2.klute |
Allocate memory for X.509 and PGP certificates only when needed
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@eee1432
|
7 years |
thomas2.klute |
Bind temporary pool in mgs_load_files() to ptemp scope
Pool 'spool' …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@cc74801e
|
7 years |
thomas2.klute |
Move generated vhost-wide OCSP config into a private structure
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@d6834e0
|
7 years |
thomas2.klute |
OCSP refresh mutex: Prevent parallel requests
Add a global mutex …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@aa68232
|
7 years |
thomas2.klute |
Move global cache mutex into the private cache struct
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e809fb30
|
7 years |
thomas2.klute |
Use generic cache functions for OCSP response caching
With this, OCSP …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@f450ac9
|
7 years |
thomas2.klute |
Replace mgs_session_id2sz() with apr_(p?)escape_hex()
There's no need …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c005645
|
7 years |
thomas2.klute |
Mutex for DBM cache access
I noticed that with a DBM cache enabled …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@04e6e65
|
7 years |
thomas2.klute |
Move declarations of cache-related functions to a dedicated header
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@7511bfa
|
7 years |
thomas2.klute |
Use ap_log_cerror() instead of ap_log_error() where reasonable
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c3ad933
|
7 years |
thomas2.klute |
Remove stale support code for Apache versions before 2.2
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@fd6bb19
|
7 years |
thomas2.klute |
Extract OCSP access URI from the server certificate
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@fad7695
|
7 years |
thomas2.klute |
Store OCSP trust list in server config
This avoids recreating the …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@64856fd
|
7 years |
thomas2.klute |
Get rid of exit(-1) calls in mgs_hook_post_config()
This allows the …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@94cb972
|
7 years |
thomas2.klute |
Minimal OCSP stapling implementation using externally provided …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@bc539d5
|
7 years |
thomas2.klute |
Implement short message for mod_status reports
Until now the flags …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@600cf16
|
7 years |
thomas2.klute |
mgs_status_hook: Remove code for GnuTLS versions < 3
mod_gnutls …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@a2368a4
|
7 years |
thomas2.klute |
Use TLS session cleanup hook for all connection pools
If a TLS …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@2ceb836
|
7 years |
thomas2.klute |
Update log messages on session termination (cleanup_gnutls_session, …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@dff03fa
|
7 years |
thomas2.klute |
Configure C99 mode
Variable declarations in for loops improve code …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@9ca1f21
|
7 years |
thomas2.klute |
Allow loading more than one PKCS #11 module using GnuTLSP11Module
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@7764015
|
7 years |
thomas2.klute |
Update GnuTLSP11Module documentation for stricter semantics
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@746e993
|
7 years |
thomas2.klute |
Formatting fix for PKCS #11 module loading
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@f21d2a6
|
7 years |
thomas2.klute |
Changed the semantics of GnuTLSP11Module
That setting instructs …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@efd3cfe
|
7 years |
thomas2.klute |
Whitespace fix in gnutls_hooks.c
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@99f8375
|
7 years |
thomas2.klute |
Ensure safe defaults during client verification
Initialize the …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@e021722
|
8 years |
thomas2.klute |
Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@e391197
|
8 years |
thomas2.klute |
Update copyright headers for C source
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@87f1ed2
|
8 years |
thomas2.klute |
Allow loading of an additional PKCS #11 provider library
When using …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@4133f2d
|
8 years |
thomas2.klute |
Unify argument handling in mgs_set_priorities
Just store the argument …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@2cde026d
|
8 years |
thomas2.klute |
Merge branch 'new-gnutls-api'
Merge my TLS proxy implementation with …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@f030883
|
8 years |
thomas2.klute |
Set GnuTLS priorities for proxy connections separately
Until now, …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@d04f7da
|
8 years |
thomas2.klute |
Version guards for gnutls_privkey_import_openpgp_raw workaround
The …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@8b472af
|
8 years |
thomas2.klute |
Use server root for file paths in TLS proxy config
This is what users …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@2cde8111
|
8 years |
thomas2.klute |
Workarounds for OpenPGP key handling
Commit …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@01b5d85
|
8 years |
thomas2.klute |
Merge branch 'client-verify-fix' into new-gnutls-api
Merge the fix …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@c4a015b
|
8 years |
thomas2.klute |
Merge branch 'split-testsuite' into new-gnutls-api
OpenPGP support is …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@259e835
|
8 years |
thomas2.klute |
Merge branch 'master' into new-gnutls-api
Branch 'master' at this …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@809c422
|
8 years |
thomas2.klute |
TLS proxy: Add support for CRLs to back end server verification
When …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@bd24203
|
8 years |
thomas2.klute |
Explicitly build trust list for proxy connections
This change …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@7d2123d
|
8 years |
thomas2.klute |
Log errors while loading proxy certificate trust list
The way the …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@6bbc00a
|
8 years |
thomas2.klute |
Check hostname of proxy back end server against certificate
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@0de1839
|
8 years |
thomas2.klute |
Support X.509 auth for TLS proxy connections
This commit adds support …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@b324906
|
8 years |
thomas2.klute |
Merge branch 'client-verify-fix' into tls-proxy
Most importantly, …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@5a8a32b
|
8 years |
thomas2.klute |
TLS Client auth: Check server verify mode if unset for dir
The …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@b429e4c
|
8 years |
thomas2.klute |
Cleanup handler for proxy TLS connections
When handling client …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@d7a8286
|
8 years |
thomas2.klute |
Remove debug log messages for allocating connection config memory
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@beb14d9
|
8 years |
thomas2.klute |
Proof of concept: Support for proxy back end connections using TLS
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@c1ef069
|
8 years |
thomas2.klute |
Record if a connection is a proxy connection
When handling a proxy …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@5342265
|
8 years |
thomas2.klute |
Close last for loop in mgs_find_sni_server
The closing brace for the …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@07d548d
|
8 years |
thomas2.klute |
Properly use SSLProxyEngine option
ssl_proxy_enable now checks if …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@e8acf05
|
8 years |
thomas2.klute |
Enable/disable TLS per connection in ssl_engine_disable
Previously, …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@e4b58b6
|
8 years |
thomas2.klute |
Check error codes during GnuTLS connection init
These calls shouldn't …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@031acac
|
9 years |
nmav |
Use the new (3.1.3+) GnuTLS APIs to obtain private keys.
This allows …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@fd82e59
|
9 years |
dkg |
use strict compiler arguments by default (-Wall -Werror -Wextra)
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@765cac2
|
9 years |
dkg |
clean up MGS_SIDE abuse of apr_pstrcat
We were allocating twice as …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@2aaf4f5
|
9 years |
dkg |
implement GnuTLSExportCertificates control over max exported cert size …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@55dc3f0
|
9 years |
dkg |
Make Apache 2.4 display the correct module in error logs
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@83eafed
|
9 years |
dkg |
avoid a very unlikely NULL dereference
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@4ec9183
|
9 years |
dkg |
Include GnuTLS version as additional version component in Server …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@46de753
|
9 years |
dkg |
fix build against GnuTLS 2.12.x
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@671b64f
|
9 years |
dkg |
remove all trailing whitespace
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@9720026
|
9 years |
dkg |
silly newline cleanup
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@5674676
|
9 years |
dkg |
add SSL_DH_PRIME_BITS to expose the size of the DH modulus to CGI
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@b4739cd
|
9 years |
dkg |
display some information in mod_status
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@b55bf71
|
9 years |
dkg |
accept the e-mail address in the cert Subject if no sAN e-mail is present
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|