Context Navigation

gnutls_hooks.c

Legend:

: Added
: Modified
: Copied or renamed

	Rev	Age	Author	Log Message
(edit)	@efc43b4	3 years	fiona.klute	Split per-vhost post config for OCSP stapling into configuring and … asynciodebian/masterproxy-ticket
(edit)	@eced11a	3 years	fiona.klute	Remove server variable ocsp_cache_enable There is no need to … asynciodebian/masterproxy-ticket
(edit)	@babdb29	3 years	fiona.klute	Initialize and clean up the OCSP cache, following session cache patterns asynciodebian/masterproxy-ticket
(edit)	@72377cf	3 years	fiona.klute	Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0 Compression … asynciodebian/masterproxy-ticket
(edit)	@ce5f776	3 years	fiona.klute	Move config and post_config of a cache instance to separate functions … asynciodebian/masterproxy-ticket
(edit)	@f52f1b4	3 years	fiona.klute	Allow GnuTLSCacheTimeout in virtual host config I'm not sure if … asynciodebian/masterproxy-ticket
(edit)	@b94aee2	3 years	fiona.klute	Remove internal cache type enum The cache type is now transparently … asynciodebian/masterproxy-ticket
(edit)	@de1ceab	3 years	fiona.klute	Replace internal cache implementation with mod_socache Massively … asynciodebian/masterproxy-ticket
(edit)	@7921dc7	3 years	fiona.klute	Remove OpenPGP authentication OpenPGP authentication was removed from … asynciodebian/masterproxy-ticket
(edit)	@fa6d0bb	3 years	fiona.klute	Initialize OCSP stapling only if mod_gnutls is enabled for a virtual … asynciodebian/masterproxy-ticket
(edit)	@0e3f8c6	3 years	fiona.klute	Create module-wide singleton watchdog during post_config asynciodebian/masterproxy-ticket
(edit)	@3c123cd	3 years	fiona.klute	Update my name, prepare changelog for the next release asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@9cee2e9	3 years	fiona.klute	Support ALPN (required for secure HTTP/2) asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@2f10643	3 years	fiona.klute	Consider secondary connections (like mod_http2 streams) in hooks … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e7cf823	3 years	fiona.klute	Add process_connection hook, adjust hook order for mod_http2 … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@235e109	3 years	fiona.klute	Unify initialization of mod_gnutls connection context asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@994a5fb	4 years	thomas2.klute	Do not reconfigure OCSP status callback on each connection The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@54d07a1	4 years	thomas2.klute	Do not announce (unused) session ticket support on proxy connections … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@265159d	4 years	thomas2.klute	Send SNI for proxy connections asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@98cf33f	4 years	thomas2.klute	Rewrite SNI handler to accept long names and ignore unknown name types … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@017ef2d	4 years	thomas2.klute	Cleanup of post client hello and SNI handling functions * Get module … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e389b85	4 years	thomas2.klute	Remove obsolete global GnuTLS (de)init calls These calls have been … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f4deac5	4 years	thomas2.klute	Warn users about OpenPGP deprecation OpenPGP support has been … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@a2b4ab6	4 years	thomas2.klute	Use GnuTLS known DH parameters If the user does not configure the DH … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@92ac36e	4 years	thomas2.klute	Remove dead code in DH parameters setup The dh_params variable in … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4f7edd5	4 years	thomas2.klute	Remove log for mutex creation errors (core logs them at emergency level) asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@104e881	5 years	thomas2.klute	General comment updates for Doxygen compatibility Mostly /* */ vs. … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e9ef72c	5 years	thomas2.klute	Disable GnuTLSSessionTickets by default as described in handbook The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@ac3f500	5 years	thomas2.klute	Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@87d507b	5 years	thomas2.klute	Overwrite session ticket key before releasing it Private key material … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4d4a406	5 years	thomas2.klute	New config option: GnuTLSOCSPStapling This flag option … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@b8700b0	5 years	thomas2.klute	Deinit proxy credentials on config pool cleanup asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@02eabe7	5 years	thomas2.klute	TLS Proxy: Fix memory leak while logging certificate status The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f265001	5 years	thomas2.klute	Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@44e8944	5 years	thomas2.klute	Allocate memory for X.509 and PGP certificates only when needed asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@eee1432	5 years	thomas2.klute	Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@cc74801e	5 years	thomas2.klute	Move generated vhost-wide OCSP config into a private structure asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@d6834e0	5 years	thomas2.klute	OCSP refresh mutex: Prevent parallel requests Add a global mutex … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@aa68232	5 years	thomas2.klute	Move global cache mutex into the private cache struct asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e809fb3	5 years	thomas2.klute	Use generic cache functions for OCSP response caching With this, OCSP … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f450ac9	5 years	thomas2.klute	Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c005645	5 years	thomas2.klute	Mutex for DBM cache access I noticed that with a DBM cache enabled … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@04e6e65	5 years	thomas2.klute	Move declarations of cache-related functions to a dedicated header … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@7511bfa	5 years	thomas2.klute	Use ap_log_cerror() instead of ap_log_error() where reasonable … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c3ad933	5 years	thomas2.klute	Remove stale support code for Apache versions before 2.2 asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@fd6bb19	5 years	thomas2.klute	Extract OCSP access URI from the server certificate asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@fad7695	5 years	thomas2.klute	Store OCSP trust list in server config This avoids recreating the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@64856fd	5 years	thomas2.klute	Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@94cb972	5 years	thomas2.klute	Minimal OCSP stapling implementation using externally provided … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@bc539d5	5 years	thomas2.klute	Implement short message for mod_status reports Until now the flags … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@600cf16	5 years	thomas2.klute	mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@a2368a4	6 years	thomas2.klute	Use TLS session cleanup hook for all connection pools If a TLS … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2ceb836	6 years	thomas2.klute	Update log messages on session termination (cleanup_gnutls_session, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@dff03fa	6 years	thomas2.klute	Configure C99 mode Variable declarations in for loops improve code … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@9ca1f21	6 years	thomas2.klute	Allow loading more than one PKCS #11 module using GnuTLSP11Module … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@7764015	6 years	thomas2.klute	Update GnuTLSP11Module documentation for stricter semantics asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@746e993	6 years	thomas2.klute	Formatting fix for PKCS #11 module loading asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@f21d2a6	6 years	thomas2.klute	Changed the semantics of GnuTLSP11Module That setting instructs … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@efd3cfe	6 years	thomas2.klute	Whitespace fix in gnutls_hooks.c asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@99f8375	6 years	thomas2.klute	Ensure safe defaults during client verification Initialize the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e021722	6 years	thomas2.klute	Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e391197	6 years	thomas2.klute	Update copyright headers for C source asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@87f1ed2	6 years	thomas2.klute	Allow loading of an additional PKCS #11 provider library When using … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@4133f2d	6 years	thomas2.klute	Unify argument handling in mgs_set_priorities Just store the argument … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2cde026d	6 years	thomas2.klute	Merge branch 'new-gnutls-api' Merge my TLS proxy implementation with … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@f030883	6 years	thomas2.klute	Set GnuTLS priorities for proxy connections separately Until now, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@d04f7da	6 years	thomas2.klute	Version guards for gnutls_privkey_import_openpgp_raw workaround The … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@8b472af	6 years	thomas2.klute	Use server root for file paths in TLS proxy config This is what users … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2cde8111	6 years	thomas2.klute	Workarounds for OpenPGP key handling Commit … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@01b5d85	6 years	thomas2.klute	Merge branch 'client-verify-fix' into new-gnutls-api Merge the fix … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@c4a015b	6 years	thomas2.klute	Merge branch 'split-testsuite' into new-gnutls-api OpenPGP support is … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@259e835	6 years	thomas2.klute	Merge branch 'master' into new-gnutls-api Branch 'master' at this … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@809c422	6 years	thomas2.klute	TLS proxy: Add support for CRLs to back end server verification When … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@bd24203	6 years	thomas2.klute	Explicitly build trust list for proxy connections This change … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@7d2123d	6 years	thomas2.klute	Log errors while loading proxy certificate trust list The way the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@6bbc00a	6 years	thomas2.klute	Check hostname of proxy back end server against certificate … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@0de1839	6 years	thomas2.klute	Support X.509 auth for TLS proxy connections This commit adds support … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b324906	6 years	thomas2.klute	Merge branch 'client-verify-fix' into tls-proxy Most importantly, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@5a8a32b	6 years	thomas2.klute	TLS Client auth: Check server verify mode if unset for dir The … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b429e4c	6 years	thomas2.klute	Cleanup handler for proxy TLS connections When handling client … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@d7a8286	6 years	thomas2.klute	Remove debug log messages for allocating connection config memory … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@beb14d9	6 years	thomas2.klute	Proof of concept: Support for proxy back end connections using TLS … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@c1ef069	6 years	thomas2.klute	Record if a connection is a proxy connection When handling a proxy … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@5342265	6 years	thomas2.klute	Close last for loop in mgs_find_sni_server The closing brace for the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@07d548d	6 years	thomas2.klute	Properly use SSLProxyEngine option ssl_proxy_enable now checks if … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e8acf05	7 years	thomas2.klute	Enable/disable TLS per connection in ssl_engine_disable Previously, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e4b58b6	7 years	thomas2.klute	Check error codes during GnuTLS connection init These calls shouldn't … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@031acac	7 years	nmav	Use the new (3.1.3+) GnuTLS APIs to obtain private keys. This allows … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@fd82e59	7 years	dkg	use strict compiler arguments by default (-Wall -Werror -Wextra) … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@765cac2	7 years	dkg	clean up MGS_SIDE abuse of apr_pstrcat We were allocating twice as … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2aaf4f5	7 years	dkg	implement GnuTLSExportCertificates control over max exported cert size … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@55dc3f0	7 years	dkg	Make Apache 2.4 display the correct module in error logs asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@83eafed	7 years	dkg	avoid a very unlikely NULL dereference asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@4ec9183	7 years	dkg	Include GnuTLS version as additional version component in Server … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@46de753	8 years	dkg	fix build against GnuTLS 2.12.x asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@671b64f	8 years	dkg	remove all trailing whitespace asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@9720026	8 years	dkg	silly newline cleanup asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@5674676	8 years	dkg	add SSL_DH_PRIME_BITS to expose the size of the DH modulus to CGI asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b4739cd	8 years	dkg	display some information in mod_status asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b55bf71	8 years	dkg	accept the e-mail address in the cert Subject if no sAN e-mail is present asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream

Note: See TracRevisionLog for help on using the revision log.

Download in other formats: