Context Navigation

View Latest Revision

gnutls_ocsp.c

Legend:

: Added
: Modified
: Copied or renamed

	Rev	Age	Author	Log Message
(edit)	@f233a23	3 years	fiona.klute	Logic for fuzzy OCSP update timing If a server has a lot of virtual … asynciodebian/masterproxy-ticket
(edit)	@3d30543	3 years	fiona.klute	Write failure cache entries from asynchronous OCSP updates This … asynciodebian/masterproxy-ticket
(edit)	@61e802c	3 years	fiona.klute	Simplify mgs_async_ocsp_update Always use OCSP mutex for updates, … asynciodebian/masterproxy-ticket
(edit)	@103cafa	3 years	fiona.klute	Remove extra "OCSP failed" log entry while writing failure to cache … asynciodebian/masterproxy-ticket
(edit)	@a85de63	3 years	fiona.klute	Make cache_fetch_func work without a connection context This is … asynciodebian/masterproxy-ticket
(edit)	@3656df0	3 years	fiona.klute	mgs_cache_ocsp_failure: Make expiry timeout an argument A failure … asynciodebian/masterproxy-ticket
(edit)	@3381559	3 years	fiona.klute	Adjust intervals for async OCSP updates based on cache expiry or failure asynciodebian/masterproxy-ticket
(edit)	@a467635	3 years	fiona.klute	Enable asynchronous OCSP updates Asynchronous updates are always … asynciodebian/masterproxy-ticket
(edit)	@506e64a	3 years	fiona.klute	Optionally return cache expiry time when caching an OCSP response … asynciodebian/masterproxy-ticket
(edit)	@3c123cd	3 years	fiona.klute	Update my name, prepare changelog for the next release asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@1de1026	3 years	thomas2.klute	mgs_get_ocsp_response(): Separate mgs_srvconf_rec* variable for … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@994a5fb	3 years	thomas2.klute	Do not reconfigure OCSP status callback on each connection The … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@104e881	4 years	thomas2.klute	General comment updates for Doxygen compatibility Mostly /* */ vs. … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e1c094c	4 years	thomas2.klute	Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring a … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@b888e8b	4 years	thomas2.klute	New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces in … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c39ae1a	4 years	thomas2.klute	Initialize OCSP timeouts with an "unset" value The configuration … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@ef107fd	4 years	thomas2.klute	Remove TODO for OCSP requests without nonces Ideally all OCSP … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@333bbc7	4 years	thomas2.klute	Configurable OCSP socket timeout Stalled OCSP requests must time out … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c6dda6d	4 years	thomas2.klute	Rate limit OCSP requests Retries after failed OCSP requests must be … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@3f0b470	5 years	thomas2.klute	Macro for the OCSP socket timeout asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@8a0da86	5 years	thomas2.klute	Adjust log levels for OCSP cache updates asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f1147b6	5 years	thomas2.klute	OCSP post config: Ensure OCSP URI or response file are set If the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@ef06c74	5 years	thomas2.klute	Compatibility code for GCC version < 5 The builtin_add_overflow() … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@78b75b3	5 years	thomas2.klute	Restore GnuTLSOCSPResponseFile option Using an externally updated … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4d4a406	5 years	thomas2.klute	New config option: GnuTLSOCSPStapling This flag option … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@894efd0	5 years	thomas2.klute	Check OCSP response nonce asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@82745d1	5 years	thomas2.klute	Fix memory usage issues * Use-after-free of the OCSP request in … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@16ad0eb	5 years	thomas2.klute	Perform OCSP request over HTTP Finally the whole stack is there! … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@47a909e	5 years	thomas2.klute	Create OCSP requests when updating the cached response Actually … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@a372379	5 years	thomas2.klute	Store server certificate fingerprint in OCSP config It's not like … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@cc74801e	5 years	thomas2.klute	Move generated vhost-wide OCSP config into a private structure asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@5559aa6	5 years	thomas2.klute	Rely on cache for OCSP response expiration With fixed DBM cache … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@d6834e0	5 years	thomas2.klute	OCSP refresh mutex: Prevent parallel requests Add a global mutex … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e809fb3	5 years	thomas2.klute	Use generic cache functions for OCSP response caching With this, OCSP … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@70a1e5a	5 years	thomas2.klute	Introduce OCSP caching grace time A cached OCSP response must be … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@d18afb8	5 years	thomas2.klute	Ensure that dbm_cache_fetch() does not return expired data The cache … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c6572ec	5 years	thomas2.klute	Apply default cache timeout to OCSP responses without nextUpdate asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@eb63377	5 years	thomas2.klute	Check only expiration time for OCSP responses from cache Responses … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@366d1a1	5 years	thomas2.klute	Use nextUpdate field of OCSP response to set cache lifetime asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@08817d0	5 years	thomas2.klute	Check OCSP response before caching Only verified responses should be … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@368e581	5 years	thomas2.klute	Update OCSP response cache only if response is missing or invalid … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4bf4ce2	5 years	thomas2.klute	Use GCC builtins to catch overflows with mixed integer types … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@6b4136c	5 years	thomas2.klute	Store OCSP responses in DBM cache before use This is not proper … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@fd6bb19	5 years	thomas2.klute	Extract OCSP access URI from the server certificate asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4ae7810	5 years	thomas2.klute	Log port along with hostname if OCSP trust list initialization fails asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@68ce93c	5 years	thomas2.klute	Rearrange mgs_get_ocsp_response() for readability asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@fad7695	5 years	thomas2.klute	Store OCSP trust list in server config This avoids recreating the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@2a1ffd6	5 years	thomas2.klute	Move trust list generation for OCSP to a separate function The new … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@d35b98e	5 years	thomas2.klute	Check OCSP response and staple it only if good asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(add)	@94cb972	5 years	thomas2.klute	Minimal OCSP stapling implementation using externally provided … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream

Note: See TracRevisionLog for help on using the revision log.

Download in other formats: