source: mod_gnutls/src/gnutls_ocsp.c

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @61e802c   2 years fiona.klute Simplify mgs_async_ocsp_update Always use OCSP mutex for updates, … debian/masterproxy-ticket
(edit) @103cafa   2 years fiona.klute Remove extra "OCSP failed" log entry while writing failure to cache … debian/masterproxy-ticket
(edit) @a85de63   2 years fiona.klute Make cache_fetch_func work without a connection context This is … debian/masterproxy-ticket
(edit) @3656df0   2 years fiona.klute mgs_cache_ocsp_failure: Make expiry timeout an argument A failure … debian/masterproxy-ticket
(edit) @3381559   2 years fiona.klute Adjust intervals for async OCSP updates based on cache expiry or failure debian/masterproxy-ticket
(edit) @a467635   2 years fiona.klute Enable asynchronous OCSP updates Asynchronous updates are always … debian/masterproxy-ticket
(edit) @506e64a   2 years fiona.klute Optionally return cache expiry time when caching an OCSP response … debian/masterproxy-ticket
(edit) @3c123cd   2 years fiona.klute Update my name, prepare changelog for the next release debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @1de1026   3 years thomas2.klute mgs_get_ocsp_response(): Separate mgs_srvconf_rec* variable for … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @994a5fb   3 years thomas2.klute Do not reconfigure OCSP status callback on each connection The … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @104e881   4 years thomas2.klute General comment updates for Doxygen compatibility Mostly /* */ vs. … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e1c094c   4 years thomas2.klute Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring a … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @b888e8b   4 years thomas2.klute New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces in … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c39ae1a   4 years thomas2.klute Initialize OCSP timeouts with an "unset" value The configuration … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @ef107fd   4 years thomas2.klute Remove TODO for OCSP requests without nonces Ideally all OCSP … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @333bbc7   4 years thomas2.klute Configurable OCSP socket timeout Stalled OCSP requests must time out … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c6dda6d   4 years thomas2.klute Rate limit OCSP requests Retries after failed OCSP requests must be … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @3f0b470   4 years thomas2.klute Macro for the OCSP socket timeout debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @8a0da86   4 years thomas2.klute Adjust log levels for OCSP cache updates debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @f1147b6   4 years thomas2.klute OCSP post config: Ensure OCSP URI or response file are set If the … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @ef06c74   4 years thomas2.klute Compatibility code for GCC version < 5 The builtin_add_overflow() … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @78b75b3   4 years thomas2.klute Restore GnuTLSOCSPResponseFile option Using an externally updated … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4d4a406   4 years thomas2.klute New config option: GnuTLSOCSPStapling This flag option … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @894efd0   4 years thomas2.klute Check OCSP response nonce debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @82745d1   4 years thomas2.klute Fix memory usage issues * Use-after-free of the OCSP request in … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @16ad0eb   4 years thomas2.klute Perform OCSP request over HTTP Finally the whole stack is there! … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @47a909e   4 years thomas2.klute Create OCSP requests when updating the cached response Actually … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @a372379   4 years thomas2.klute Store server certificate fingerprint in OCSP config It's not like … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @cc74801e   4 years thomas2.klute Move generated vhost-wide OCSP config into a private structure debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @5559aa6   4 years thomas2.klute Rely on cache for OCSP response expiration With fixed DBM cache … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @d6834e0   4 years thomas2.klute OCSP refresh mutex: Prevent parallel requests Add a global mutex … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @e809fb3   4 years thomas2.klute Use generic cache functions for OCSP response caching With this, OCSP … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @70a1e5a   4 years thomas2.klute Introduce OCSP caching grace time A cached OCSP response must be … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @d18afb8   4 years thomas2.klute Ensure that dbm_cache_fetch() does not return expired data The cache … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @c6572ec   4 years thomas2.klute Apply default cache timeout to OCSP responses without nextUpdate debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @eb63377   4 years thomas2.klute Check only expiration time for OCSP responses from cache Responses … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @366d1a1   4 years thomas2.klute Use nextUpdate field of OCSP response to set cache lifetime debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @08817d0   4 years thomas2.klute Check OCSP response before caching Only verified responses should be … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @368e581   4 years thomas2.klute Update OCSP response cache only if response is missing or invalid … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4bf4ce2   4 years thomas2.klute Use GCC builtins to catch overflows with mixed integer types … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @6b4136c   4 years thomas2.klute Store OCSP responses in DBM cache before use This is not proper … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @fd6bb19   4 years thomas2.klute Extract OCSP access URI from the server certificate debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @4ae7810   4 years thomas2.klute Log port along with hostname if OCSP trust list initialization fails debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @68ce93c   4 years thomas2.klute Rearrange mgs_get_ocsp_response() for readability debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @fad7695   4 years thomas2.klute Store OCSP trust list in server config This avoids recreating the … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @2a1ffd6   4 years thomas2.klute Move trust list generation for OCSP to a separate function The new … debian/masterdebian/stretch-backportsproxy-ticketupstream
(edit) @d35b98e   4 years thomas2.klute Check OCSP response and staple it only if good debian/masterdebian/stretch-backportsproxy-ticketupstream
(add) @94cb972   4 years thomas2.klute Minimal OCSP stapling implementation using externally provided … debian/masterdebian/stretch-backportsproxy-ticketupstream
Note: See TracRevisionLog for help on using the revision log.