source: mod_gnutls/src/gnutls_ocsp.c

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @bac1a32   2 years fiona.klute Order, log message, and style fixes asynciodebian/masterproxy-ticket
(edit) @efc43b4   2 years fiona.klute Split per-vhost post config for OCSP stapling into configuring and … asynciodebian/masterproxy-ticket
(edit) @92b5f4d   3 years fiona.klute Use the OCSP cache for responses asynciodebian/masterproxy-ticket
(edit) @ded2291   3 years fiona.klute Switch generic cache store/fetch function pointers to constant … asynciodebian/masterproxy-ticket
(edit) @14a6f41   3 years fiona.klute Check for a cache during OCSP setup asynciodebian/masterproxy-ticket
(edit) @de1ceab   3 years fiona.klute Replace internal cache implementation with mod_socache Massively … asynciodebian/masterproxy-ticket
(edit) @2246a84   3 years fiona.klute Make automatic OCSP cache updates and fuzz time configurable asynciodebian/masterproxy-ticket
(edit) @f233a23   3 years fiona.klute Logic for fuzzy OCSP update timing If a server has a lot of virtual … asynciodebian/masterproxy-ticket
(edit) @3d30543   3 years fiona.klute Write failure cache entries from asynchronous OCSP updates This … asynciodebian/masterproxy-ticket
(edit) @61e802c   3 years fiona.klute Simplify mgs_async_ocsp_update Always use OCSP mutex for updates, … asynciodebian/masterproxy-ticket
(edit) @103cafa   3 years fiona.klute Remove extra "OCSP failed" log entry while writing failure to cache … asynciodebian/masterproxy-ticket
(edit) @a85de63   3 years fiona.klute Make cache_fetch_func work without a connection context This is … asynciodebian/masterproxy-ticket
(edit) @3656df0   3 years fiona.klute mgs_cache_ocsp_failure: Make expiry timeout an argument A failure … asynciodebian/masterproxy-ticket
(edit) @3381559   3 years fiona.klute Adjust intervals for async OCSP updates based on cache expiry or failure asynciodebian/masterproxy-ticket
(edit) @a467635   3 years fiona.klute Enable asynchronous OCSP updates Asynchronous updates are always … asynciodebian/masterproxy-ticket
(edit) @506e64a   3 years fiona.klute Optionally return cache expiry time when caching an OCSP response … asynciodebian/masterproxy-ticket
(edit) @3c123cd   3 years fiona.klute Update my name, prepare changelog for the next release asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @1de1026   3 years thomas2.klute mgs_get_ocsp_response(): Separate mgs_srvconf_rec* variable for … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @994a5fb   3 years thomas2.klute Do not reconfigure OCSP status callback on each connection The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @104e881   4 years thomas2.klute General comment updates for Doxygen compatibility Mostly /* */ vs. … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e1c094c   4 years thomas2.klute Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring a … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @b888e8b   4 years thomas2.klute New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces in … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c39ae1a   4 years thomas2.klute Initialize OCSP timeouts with an "unset" value The configuration … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @ef107fd   4 years thomas2.klute Remove TODO for OCSP requests without nonces Ideally all OCSP … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @333bbc7   4 years thomas2.klute Configurable OCSP socket timeout Stalled OCSP requests must time out … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c6dda6d   4 years thomas2.klute Rate limit OCSP requests Retries after failed OCSP requests must be … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @3f0b470   4 years thomas2.klute Macro for the OCSP socket timeout asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @8a0da86   4 years thomas2.klute Adjust log levels for OCSP cache updates asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @f1147b6   4 years thomas2.klute OCSP post config: Ensure OCSP URI or response file are set If the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @ef06c74   4 years thomas2.klute Compatibility code for GCC version < 5 The builtin_add_overflow() … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @78b75b3   4 years thomas2.klute Restore GnuTLSOCSPResponseFile option Using an externally updated … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4d4a406   4 years thomas2.klute New config option: GnuTLSOCSPStapling This flag option … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @894efd0   4 years thomas2.klute Check OCSP response nonce asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @82745d1   4 years thomas2.klute Fix memory usage issues * Use-after-free of the OCSP request in … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @16ad0eb   4 years thomas2.klute Perform OCSP request over HTTP Finally the whole stack is there! … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @47a909e   4 years thomas2.klute Create OCSP requests when updating the cached response Actually … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @a372379   4 years thomas2.klute Store server certificate fingerprint in OCSP config It's not like … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @cc74801e   4 years thomas2.klute Move generated vhost-wide OCSP config into a private structure asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @5559aa6   4 years thomas2.klute Rely on cache for OCSP response expiration With fixed DBM cache … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @d6834e0   4 years thomas2.klute OCSP refresh mutex: Prevent parallel requests Add a global mutex … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e809fb3   4 years thomas2.klute Use generic cache functions for OCSP response caching With this, OCSP … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @70a1e5a   4 years thomas2.klute Introduce OCSP caching grace time A cached OCSP response must be … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @d18afb8   4 years thomas2.klute Ensure that dbm_cache_fetch() does not return expired data The cache … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c6572ec   4 years thomas2.klute Apply default cache timeout to OCSP responses without nextUpdate asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @eb63377   5 years thomas2.klute Check only expiration time for OCSP responses from cache Responses … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @366d1a1   5 years thomas2.klute Use nextUpdate field of OCSP response to set cache lifetime asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @08817d0   5 years thomas2.klute Check OCSP response before caching Only verified responses should be … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @368e581   5 years thomas2.klute Update OCSP response cache only if response is missing or invalid … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4bf4ce2   5 years thomas2.klute Use GCC builtins to catch overflows with mixed integer types … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @6b4136c   5 years thomas2.klute Store OCSP responses in DBM cache before use This is not proper … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @fd6bb19   5 years thomas2.klute Extract OCSP access URI from the server certificate asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4ae7810   5 years thomas2.klute Log port along with hostname if OCSP trust list initialization fails asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @68ce93c   5 years thomas2.klute Rearrange mgs_get_ocsp_response() for readability asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @fad7695   5 years thomas2.klute Store OCSP trust list in server config This avoids recreating the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @2a1ffd6   5 years thomas2.klute Move trust list generation for OCSP to a separate function The new … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @d35b98e   5 years thomas2.klute Check OCSP response and staple it only if good asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(add) @94cb972   5 years thomas2.klute Minimal OCSP stapling implementation using externally provided … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
Note: See TracRevisionLog for help on using the revision log.