Context Navigation

gnutls_hooks.c

Legend:

: Added
: Modified
: Copied or renamed

	Rev	Age	Author	Log Message
(edit)	@efc43b4	2 years	fiona.klute	Split per-vhost post config for OCSP stapling into configuring and … debian/masterproxy-ticket
(edit)	@eced11a	2 years	fiona.klute	Remove server variable ocsp_cache_enable There is no need to … debian/masterproxy-ticket
(edit)	@babdb29	2 years	fiona.klute	Initialize and clean up the OCSP cache, following session cache patterns debian/masterproxy-ticket
(edit)	@72377cf	2 years	fiona.klute	Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0 Compression … debian/masterproxy-ticket
(edit)	@ce5f776	2 years	fiona.klute	Move config and post_config of a cache instance to separate functions … debian/masterproxy-ticket
(edit)	@f52f1b4	2 years	fiona.klute	Allow GnuTLSCacheTimeout in virtual host config I'm not sure if … debian/masterproxy-ticket
(edit)	@b94aee2	2 years	fiona.klute	Remove internal cache type enum The cache type is now transparently … debian/masterproxy-ticket
(edit)	@de1ceab	2 years	fiona.klute	Replace internal cache implementation with mod_socache Massively … debian/masterproxy-ticket
(edit)	@7921dc7	2 years	fiona.klute	Remove OpenPGP authentication OpenPGP authentication was removed from … debian/masterproxy-ticket
(edit)	@fa6d0bb	2 years	fiona.klute	Initialize OCSP stapling only if mod_gnutls is enabled for a virtual … debian/masterproxy-ticket
(edit)	@0e3f8c6	2 years	fiona.klute	Create module-wide singleton watchdog during post_config debian/masterproxy-ticket
(edit)	@3c123cd	2 years	fiona.klute	Update my name, prepare changelog for the next release debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@9cee2e9	2 years	fiona.klute	Support ALPN (required for secure HTTP/2) debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@2f10643	2 years	fiona.klute	Consider secondary connections (like mod_http2 streams) in hooks … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e7cf823	2 years	fiona.klute	Add process_connection hook, adjust hook order for mod_http2 … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@235e109	2 years	fiona.klute	Unify initialization of mod_gnutls connection context debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@994a5fb	3 years	thomas2.klute	Do not reconfigure OCSP status callback on each connection The … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@54d07a1	3 years	thomas2.klute	Do not announce (unused) session ticket support on proxy connections … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@265159d	3 years	thomas2.klute	Send SNI for proxy connections debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@98cf33f	3 years	thomas2.klute	Rewrite SNI handler to accept long names and ignore unknown name types … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@017ef2d	3 years	thomas2.klute	Cleanup of post client hello and SNI handling functions * Get module … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e389b85	3 years	thomas2.klute	Remove obsolete global GnuTLS (de)init calls These calls have been … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f4deac5	3 years	thomas2.klute	Warn users about OpenPGP deprecation OpenPGP support has been … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@a2b4ab6	3 years	thomas2.klute	Use GnuTLS known DH parameters If the user does not configure the DH … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@92ac36e	3 years	thomas2.klute	Remove dead code in DH parameters setup The dh_params variable in … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4f7edd5	4 years	thomas2.klute	Remove log for mutex creation errors (core logs them at emergency level) debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@104e881	4 years	thomas2.klute	General comment updates for Doxygen compatibility Mostly /* */ vs. … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e9ef72c	4 years	thomas2.klute	Disable GnuTLSSessionTickets by default as described in handbook The … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@ac3f500	4 years	thomas2.klute	Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@87d507b	4 years	thomas2.klute	Overwrite session ticket key before releasing it Private key material … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4d4a406	4 years	thomas2.klute	New config option: GnuTLSOCSPStapling This flag option … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@b8700b0	4 years	thomas2.klute	Deinit proxy credentials on config pool cleanup debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@02eabe7	4 years	thomas2.klute	TLS Proxy: Fix memory leak while logging certificate status The … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f265001	4 years	thomas2.klute	Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@44e8944	4 years	thomas2.klute	Allocate memory for X.509 and PGP certificates only when needed debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@eee1432	4 years	thomas2.klute	Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@cc74801e	4 years	thomas2.klute	Move generated vhost-wide OCSP config into a private structure debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@d6834e0	4 years	thomas2.klute	OCSP refresh mutex: Prevent parallel requests Add a global mutex … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@aa68232	4 years	thomas2.klute	Move global cache mutex into the private cache struct debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e809fb3	4 years	thomas2.klute	Use generic cache functions for OCSP response caching With this, OCSP … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f450ac9	4 years	thomas2.klute	Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c005645	4 years	thomas2.klute	Mutex for DBM cache access I noticed that with a DBM cache enabled … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@04e6e65	4 years	thomas2.klute	Move declarations of cache-related functions to a dedicated header … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@7511bfa	4 years	thomas2.klute	Use ap_log_cerror() instead of ap_log_error() where reasonable … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c3ad933	4 years	thomas2.klute	Remove stale support code for Apache versions before 2.2 debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@fd6bb19	4 years	thomas2.klute	Extract OCSP access URI from the server certificate debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@fad7695	4 years	thomas2.klute	Store OCSP trust list in server config This avoids recreating the … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@64856fd	4 years	thomas2.klute	Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@94cb972	4 years	thomas2.klute	Minimal OCSP stapling implementation using externally provided … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@bc539d5	5 years	thomas2.klute	Implement short message for mod_status reports Until now the flags … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@600cf16	5 years	thomas2.klute	mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@a2368a4	5 years	thomas2.klute	Use TLS session cleanup hook for all connection pools If a TLS … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2ceb836	5 years	thomas2.klute	Update log messages on session termination (cleanup_gnutls_session, … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@dff03fa	5 years	thomas2.klute	Configure C99 mode Variable declarations in for loops improve code … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@9ca1f21	5 years	thomas2.klute	Allow loading more than one PKCS #11 module using GnuTLSP11Module … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@7764015	5 years	thomas2.klute	Update GnuTLSP11Module documentation for stricter semantics debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@746e993	5 years	thomas2.klute	Formatting fix for PKCS #11 module loading debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@f21d2a6	5 years	thomas2.klute	Changed the semantics of GnuTLSP11Module That setting instructs … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@efd3cfe	5 years	thomas2.klute	Whitespace fix in gnutls_hooks.c debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@99f8375	5 years	thomas2.klute	Ensure safe defaults during client verification Initialize the … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e021722	5 years	thomas2.klute	Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e391197	5 years	thomas2.klute	Update copyright headers for C source debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@87f1ed2	5 years	thomas2.klute	Allow loading of an additional PKCS #11 provider library When using … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@4133f2d	5 years	thomas2.klute	Unify argument handling in mgs_set_priorities Just store the argument … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2cde026d	5 years	thomas2.klute	Merge branch 'new-gnutls-api' Merge my TLS proxy implementation with … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@f030883	5 years	thomas2.klute	Set GnuTLS priorities for proxy connections separately Until now, … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@d04f7da	5 years	thomas2.klute	Version guards for gnutls_privkey_import_openpgp_raw workaround The … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@8b472af	5 years	thomas2.klute	Use server root for file paths in TLS proxy config This is what users … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2cde8111	5 years	thomas2.klute	Workarounds for OpenPGP key handling Commit … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@01b5d85	5 years	thomas2.klute	Merge branch 'client-verify-fix' into new-gnutls-api Merge the fix … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@c4a015b	5 years	thomas2.klute	Merge branch 'split-testsuite' into new-gnutls-api OpenPGP support is … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@259e835	5 years	thomas2.klute	Merge branch 'master' into new-gnutls-api Branch 'master' at this … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@809c422	5 years	thomas2.klute	TLS proxy: Add support for CRLs to back end server verification When … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@bd24203	5 years	thomas2.klute	Explicitly build trust list for proxy connections This change … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@7d2123d	6 years	thomas2.klute	Log errors while loading proxy certificate trust list The way the … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@6bbc00a	6 years	thomas2.klute	Check hostname of proxy back end server against certificate … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@0de1839	6 years	thomas2.klute	Support X.509 auth for TLS proxy connections This commit adds support … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b324906	6 years	thomas2.klute	Merge branch 'client-verify-fix' into tls-proxy Most importantly, … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@5a8a32b	6 years	thomas2.klute	TLS Client auth: Check server verify mode if unset for dir The … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b429e4c	6 years	thomas2.klute	Cleanup handler for proxy TLS connections When handling client … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@d7a8286	6 years	thomas2.klute	Remove debug log messages for allocating connection config memory … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@beb14d9	6 years	thomas2.klute	Proof of concept: Support for proxy back end connections using TLS … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@c1ef069	6 years	thomas2.klute	Record if a connection is a proxy connection When handling a proxy … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@5342265	6 years	thomas2.klute	Close last for loop in mgs_find_sni_server The closing brace for the … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@07d548d	6 years	thomas2.klute	Properly use SSLProxyEngine option ssl_proxy_enable now checks if … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e8acf05	6 years	thomas2.klute	Enable/disable TLS per connection in ssl_engine_disable Previously, … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e4b58b6	6 years	thomas2.klute	Check error codes during GnuTLS connection init These calls shouldn't … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@031acac	6 years	nmav	Use the new (3.1.3+) GnuTLS APIs to obtain private keys. This allows … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@fd82e59	7 years	dkg	use strict compiler arguments by default (-Wall -Werror -Wextra) … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@765cac2	7 years	dkg	clean up MGS_SIDE abuse of apr_pstrcat We were allocating twice as … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2aaf4f5	7 years	dkg	implement GnuTLSExportCertificates control over max exported cert size … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@55dc3f0	7 years	dkg	Make Apache 2.4 display the correct module in error logs debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@83eafed	7 years	dkg	avoid a very unlikely NULL dereference debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@4ec9183	7 years	dkg	Include GnuTLS version as additional version component in Server … debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@46de753	7 years	dkg	fix build against GnuTLS 2.12.x debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@671b64f	7 years	dkg	remove all trailing whitespace debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@9720026	7 years	dkg	silly newline cleanup debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@5674676	7 years	dkg	add SSL_DH_PRIME_BITS to expose the size of the DH modulus to CGI debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b4739cd	7 years	dkg	display some information in mod_status debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b55bf71	7 years	dkg	accept the e-mail address in the cert Subject if no sAN e-mail is present debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream

Note: See TracRevisionLog for help on using the revision log.

Download in other formats: