|
|
@f233a23
|
3 years |
fiona.klute |
Logic for fuzzy OCSP update timing
If a server has a lot of virtual …
asynciodebian/masterproxy-ticket
|
|
|
@3d30543
|
3 years |
fiona.klute |
Write failure cache entries from asynchronous OCSP updates
This …
asynciodebian/masterproxy-ticket
|
|
|
@61e802c
|
3 years |
fiona.klute |
Simplify mgs_async_ocsp_update
Always use OCSP mutex for updates, …
asynciodebian/masterproxy-ticket
|
|
|
@103cafa
|
3 years |
fiona.klute |
Remove extra "OCSP failed" log entry while writing failure to cache
…
asynciodebian/masterproxy-ticket
|
|
|
@a85de63
|
3 years |
fiona.klute |
Make cache_fetch_func work without a connection context
This is …
asynciodebian/masterproxy-ticket
|
|
|
@3656df0
|
3 years |
fiona.klute |
mgs_cache_ocsp_failure: Make expiry timeout an argument
A failure …
asynciodebian/masterproxy-ticket
|
|
|
@3381559
|
3 years |
fiona.klute |
Adjust intervals for async OCSP updates based on cache expiry or failure
asynciodebian/masterproxy-ticket
|
|
|
@a467635
|
3 years |
fiona.klute |
Enable asynchronous OCSP updates
Asynchronous updates are always …
asynciodebian/masterproxy-ticket
|
|
|
@506e64a
|
3 years |
fiona.klute |
Optionally return cache expiry time when caching an OCSP response
…
asynciodebian/masterproxy-ticket
|
|
|
@3c123cd
|
3 years |
fiona.klute |
Update my name, prepare changelog for the next release
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@1de1026
|
3 years |
thomas2.klute |
mgs_get_ocsp_response(): Separate mgs_srvconf_rec* variable for …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@994a5fb
|
3 years |
thomas2.klute |
Do not reconfigure OCSP status callback on each connection
The …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@104e881
|
4 years |
thomas2.klute |
General comment updates for Doxygen compatibility
Mostly /* */ vs. …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e1c094c
|
4 years |
thomas2.klute |
Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout
Configuring a …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@b888e8b
|
4 years |
thomas2.klute |
New directive GnuTLSOCSPCheckNonce
Some CAs refuse to send nonces in …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c39ae1a
|
4 years |
thomas2.klute |
Initialize OCSP timeouts with an "unset" value
The configuration …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@ef107fd
|
4 years |
thomas2.klute |
Remove TODO for OCSP requests without nonces
Ideally all OCSP …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@333bbc7
|
4 years |
thomas2.klute |
Configurable OCSP socket timeout
Stalled OCSP requests must time out …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c6dda6d
|
4 years |
thomas2.klute |
Rate limit OCSP requests
Retries after failed OCSP requests must be …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@3f0b470
|
5 years |
thomas2.klute |
Macro for the OCSP socket timeout
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@8a0da86
|
5 years |
thomas2.klute |
Adjust log levels for OCSP cache updates
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@f1147b6
|
5 years |
thomas2.klute |
OCSP post config: Ensure OCSP URI or response file are set
If the …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@ef06c74
|
5 years |
thomas2.klute |
Compatibility code for GCC version < 5
The builtin_add_overflow() …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@78b75b3
|
5 years |
thomas2.klute |
Restore GnuTLSOCSPResponseFile option
Using an externally updated …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@4d4a406
|
5 years |
thomas2.klute |
New config option: GnuTLSOCSPStapling
This flag option …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@894efd0
|
5 years |
thomas2.klute |
Check OCSP response nonce
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@82745d1
|
5 years |
thomas2.klute |
Fix memory usage issues
* Use-after-free of the OCSP request in …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@16ad0eb
|
5 years |
thomas2.klute |
Perform OCSP request over HTTP
Finally the whole stack is there! …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@47a909e
|
5 years |
thomas2.klute |
Create OCSP requests when updating the cached response
Actually …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@a372379
|
5 years |
thomas2.klute |
Store server certificate fingerprint in OCSP config
It's not like …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@cc74801e
|
5 years |
thomas2.klute |
Move generated vhost-wide OCSP config into a private structure
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@5559aa6
|
5 years |
thomas2.klute |
Rely on cache for OCSP response expiration
With fixed DBM cache …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@d6834e0
|
5 years |
thomas2.klute |
OCSP refresh mutex: Prevent parallel requests
Add a global mutex …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e809fb3
|
5 years |
thomas2.klute |
Use generic cache functions for OCSP response caching
With this, OCSP …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@70a1e5a
|
5 years |
thomas2.klute |
Introduce OCSP caching grace time
A cached OCSP response must be …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@d18afb8
|
5 years |
thomas2.klute |
Ensure that dbm_cache_fetch() does not return expired data
The cache …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c6572ec
|
5 years |
thomas2.klute |
Apply default cache timeout to OCSP responses without nextUpdate
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@eb63377
|
5 years |
thomas2.klute |
Check only expiration time for OCSP responses from cache
Responses …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@366d1a1
|
5 years |
thomas2.klute |
Use nextUpdate field of OCSP response to set cache lifetime
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@08817d0
|
5 years |
thomas2.klute |
Check OCSP response before caching
Only verified responses should be …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@368e581
|
5 years |
thomas2.klute |
Update OCSP response cache only if response is missing or invalid
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@4bf4ce2
|
5 years |
thomas2.klute |
Use GCC builtins to catch overflows with mixed integer types
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@6b4136c
|
5 years |
thomas2.klute |
Store OCSP responses in DBM cache before use
This is not proper …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@fd6bb19
|
5 years |
thomas2.klute |
Extract OCSP access URI from the server certificate
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@4ae7810
|
5 years |
thomas2.klute |
Log port along with hostname if OCSP trust list initialization fails
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@68ce93c
|
5 years |
thomas2.klute |
Rearrange mgs_get_ocsp_response() for readability
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@fad7695
|
5 years |
thomas2.klute |
Store OCSP trust list in server config
This avoids recreating the …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@2a1ffd6
|
5 years |
thomas2.klute |
Move trust list generation for OCSP to a separate function
The new …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@d35b98e
|
5 years |
thomas2.klute |
Check OCSP response and staple it only if good
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@94cb972
|
5 years |
thomas2.klute |
Minimal OCSP stapling implementation using externally provided …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|