# # ChangeLog for src/gnutls_ocsp.c in mod_gnutls # # Generated by Trac 1.2 # Jan 23, 2021, 2:46:22 AM Tue, 14 Jun 2016 20:57:36 GMT Thomas Klute [894efd0] * src/gnutls_ocsp.c (modified) Check OCSP response nonce Tue, 14 Jun 2016 19:38:18 GMT Thomas Klute [82745d1] * src/gnutls_ocsp.c (modified) Fix memory usage issues * Use-after-free of the OCSP request in ... Tue, 14 Jun 2016 18:40:13 GMT Thomas Klute [16ad0eb] * src/Makefile.am (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_util.c (added) * src/gnutls_util.h (added) Perform OCSP request over HTTP Finally the whole stack is there! ... Sat, 11 Jun 2016 20:44:52 GMT Thomas Klute [47a909e] * src/gnutls_ocsp.c (modified) Create OCSP requests when updating the cached response Actually ... Sat, 11 Jun 2016 00:26:50 GMT Thomas Klute [a372379] * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Store server certificate fingerprint in OCSP config It's not like ... Sat, 11 Jun 2016 00:19:20 GMT Thomas Klute [cc74801e] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Move generated vhost-wide OCSP config into a private structure Fri, 10 Jun 2016 23:39:34 GMT Thomas Klute [5559aa6] * src/gnutls_ocsp.c (modified) Rely on cache for OCSP response expiration With fixed DBM cache ... Fri, 10 Jun 2016 13:34:08 GMT Thomas Klute [d6834e0] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) OCSP refresh mutex: Prevent parallel requests Add a global mutex ... Thu, 09 Jun 2016 23:52:23 GMT Thomas Klute [e809fb3] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) Use generic cache functions for OCSP response caching With this, ... Thu, 09 Jun 2016 21:08:30 GMT Thomas Klute [70a1e5a] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Introduce OCSP caching grace time A cached OCSP response must be ... Thu, 09 Jun 2016 16:33:30 GMT Thomas Klute [d18afb8] * src/gnutls_cache.c (modified) * src/gnutls_ocsp.c (modified) Ensure that dbm_cache_fetch() does not return expired data The ... Wed, 08 Jun 2016 21:58:24 GMT Thomas Klute [c6572ec] * src/gnutls_ocsp.c (modified) Apply default cache timeout to OCSP responses without nextUpdate Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [eb63377] * src/gnutls_ocsp.c (modified) Check only expiration time for OCSP responses from cache Responses ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [366d1a1] * src/gnutls_ocsp.c (modified) Use nextUpdate field of OCSP response to set cache lifetime Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [08817d0] * src/gnutls_ocsp.c (modified) Check OCSP response before caching Only verified responses should ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [368e581] * src/gnutls_ocsp.c (modified) Update OCSP response cache only if response is missing or invalid ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [4bf4ce2] * README (modified) * src/gnutls_ocsp.c (modified) Use GCC builtins to catch overflows with mixed integer types ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [6b4136c] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_ocsp.c (modified) Store OCSP responses in DBM cache before use This is not proper ... Fri, 03 Jun 2016 14:08:29 GMT Thomas Klute [fd6bb19] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Extract OCSP access URI from the server certificate Wed, 01 Jun 2016 17:01:20 GMT Thomas Klute [4ae7810] * src/gnutls_ocsp.c (modified) Log port along with hostname if OCSP trust list initialization fails Wed, 01 Jun 2016 16:41:29 GMT Thomas Klute [68ce93c] * src/gnutls_ocsp.c (modified) Rearrange mgs_get_ocsp_response() for readability Wed, 01 Jun 2016 16:20:12 GMT Thomas Klute [fad7695] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Store OCSP trust list in server config This avoids recreating the ... Tue, 31 May 2016 17:12:53 GMT Thomas Klute [2a1ffd6] * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Move trust list generation for OCSP to a separate function The new ... Mon, 30 May 2016 21:21:21 GMT Thomas Klute [d35b98e] * src/gnutls_ocsp.c (modified) Check OCSP response and staple it only if good Sun, 29 May 2016 22:06:59 GMT Thomas Klute [94cb972] * include/mod_gnutls.h.in (modified) * src/Makefile.am (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (added) * src/gnutls_ocsp.h (added) * src/mod_gnutls.c (modified) * test/runtests (modified) * test/test-27_OCSP_server.bash (modified) * test/tests/27_OCSP_server/apache.conf (modified) Minimal OCSP stapling implementation using externally provided ...