# # ChangeLog for src in mod_gnutls # # Generated by Trac 1.2 # Apr 20, 2021, 6:01:30 PM Wed, 22 Mar 2017 18:52:03 GMT Thomas Klute [4f7edd5] * src/gnutls_hooks.c (modified) Remove log for mutex creation errors (core logs them at emergency level) Tue, 20 Dec 2016 21:37:33 GMT Thomas Klute [5ac4bbe] * src/gnutls_cache.c (modified) * src/gnutls_util.c (modified) Use APR_SIZE_T_FMT macro for portable apr_size_t formatting The ... Tue, 06 Dec 2016 22:46:44 GMT Thomas Klute [08b821a] * src/gnutls_io.c (modified) gnutls_io.c: API documentation Tue, 06 Dec 2016 07:13:55 GMT Thomas Klute [104e881] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/gnutls_util.c (modified) * src/gnutls_util.h (modified) * src/mod_gnutls.c (modified) General comment updates for Doxygen compatibility Mostly /* */ vs. ... Mon, 05 Dec 2016 21:02:30 GMT Thomas Klute [14548b9] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Update comments in gnutls_cache.(c|h) to work with Doxygen Mon, 14 Nov 2016 19:12:53 GMT Thomas Klute [e1c094c] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) * test/tests/27_OCSP_server/apache.conf (modified) Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring ... Tue, 01 Nov 2016 11:20:42 GMT Thomas Klute [b888e8b] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces ... Mon, 31 Oct 2016 22:30:14 GMT Thomas Klute [3475e62] * include/mod_gnutls.h.in (modified) * src/mod_gnutls.c (modified) Remove EXPERIMENTAL mark for OCSP from internal documentation Sun, 30 Oct 2016 21:43:03 GMT Thomas Klute [c39ae1a] * src/Makefile.am (modified) * src/gnutls_cache.c (modified) * src/gnutls_config.c (modified) * src/gnutls_config.h (added) * src/gnutls_ocsp.c (modified) Initialize OCSP timeouts with an "unset" value The configuration ... Sat, 29 Oct 2016 17:40:03 GMT Thomas Klute [ef107fd] * src/gnutls_ocsp.c (modified) Remove TODO for OCSP requests without nonces Ideally all OCSP ... Thu, 27 Oct 2016 22:21:05 GMT Thomas Klute [0a02378] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.h (modified) Style fixes for OCSP related time differences * Consistently use ... Thu, 27 Oct 2016 21:50:18 GMT Thomas Klute [333bbc7] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) Configurable OCSP socket timeout Stalled OCSP requests must time ... Fri, 21 Oct 2016 22:40:02 GMT Thomas Klute [c6dda6d] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Rate limit OCSP requests Retries after failed OCSP requests must be ... Fri, 21 Oct 2016 05:47:12 GMT Thomas Klute [d26fa55] * src/gnutls_config.c (modified) Allow GnuTLSOCSPGraceTime in virtual host context mgs_set_timeout ... Thu, 13 Oct 2016 19:23:21 GMT Thomas Klute [3f0b470] * src/gnutls_ocsp.c (modified) Macro for the OCSP socket timeout Mon, 20 Jun 2016 19:57:43 GMT Thomas Klute [8a0da86] * src/gnutls_ocsp.c (modified) Adjust log levels for OCSP cache updates Mon, 20 Jun 2016 19:50:22 GMT Thomas Klute [9c456a9] * src/gnutls_cache.c (modified) Clean up cache logging * Demote ordinary cache store/fetch ... Mon, 20 Jun 2016 18:51:01 GMT Thomas Klute [e9ef72c] * doc/mod_gnutls_manual.mdwn (modified) * src/gnutls_hooks.c (modified) Disable GnuTLSSessionTickets by default as described in handbook ... Sat, 18 Jun 2016 21:21:07 GMT Thomas Klute [f1147b6] * src/gnutls_ocsp.c (modified) OCSP post config: Ensure OCSP URI or response file are set If the ... Sat, 18 Jun 2016 19:18:36 GMT Thomas Klute [ef06c74] * src/gnutls_ocsp.c (modified) * src/gnutls_util.c (modified) Compatibility code for GCC version < 5 The __builtin_add_overflow() ... Sat, 18 Jun 2016 18:58:28 GMT Thomas Klute [ac3f500] * src/gnutls_cache.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is ... Fri, 17 Jun 2016 11:13:57 GMT Thomas Klute [87d507b] * src/gnutls_hooks.c (modified) Overwrite session ticket key before releasing it Private key ... Thu, 16 Jun 2016 22:49:25 GMT Thomas Klute [78b75b3] * include/mod_gnutls.h.in (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Restore GnuTLSOCSPResponseFile option Using an externally updated ... Thu, 16 Jun 2016 22:47:09 GMT Thomas Klute [4d4a406] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) * src/mod_gnutls.c (modified) * test/tests/27_OCSP_server/apache.conf (modified) New config option: GnuTLSOCSPStapling This flag option ... Thu, 16 Jun 2016 19:37:30 GMT Thomas Klute [70d014b] * src/gnutls_config.c (modified) Remove FIXME comment about releasing config structures: Done! Thu, 16 Jun 2016 18:32:02 GMT Thomas Klute [b8700b0] * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Deinit proxy credentials on config pool cleanup Thu, 16 Jun 2016 18:28:40 GMT Thomas Klute [02eabe7] * src/gnutls_hooks.c (modified) TLS Proxy: Fix memory leak while logging certificate status The ... Thu, 16 Jun 2016 08:36:12 GMT Thomas Klute [f265001] * src/gnutls_hooks.c (modified) Bind temporary pool in load_proxy_x509_credentials() to ptemp scope ... Wed, 15 Jun 2016 23:32:50 GMT Thomas Klute [7e7d328] * src/gnutls_config.c (modified) Deinit PGP certificate on config pool cleanup Wed, 15 Jun 2016 23:27:39 GMT Thomas Klute [44e8944] * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Allocate memory for X.509 and PGP certificates only when needed Wed, 15 Jun 2016 22:12:50 GMT Thomas Klute [eee1432] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' ... Wed, 15 Jun 2016 22:02:00 GMT Thomas Klute [45b7b83] * src/gnutls_config.c (modified) Deinit PGP private key and keyring on config pool cleanup Wed, 15 Jun 2016 18:20:43 GMT Thomas Klute [db9ef68] * src/gnutls_config.c (modified) Deinit client CA list on config pool cleanup Wed, 15 Jun 2016 17:32:14 GMT Thomas Klute [81433f1] * src/gnutls_config.c (modified) Reformat mgs_load_files() This commit changes only whitespace and ... Wed, 15 Jun 2016 17:32:14 GMT Thomas Klute [e2ba939] * src/gnutls_config.c (modified) Prevent memory leaks in post_conf hook Valgrind indicated memory ... Tue, 14 Jun 2016 20:57:36 GMT Thomas Klute [894efd0] * src/gnutls_ocsp.c (modified) Check OCSP response nonce Tue, 14 Jun 2016 19:38:18 GMT Thomas Klute [82745d1] * src/gnutls_ocsp.c (modified) Fix memory usage issues * Use-after-free of the OCSP request in ... Tue, 14 Jun 2016 18:40:13 GMT Thomas Klute [16ad0eb] * src/Makefile.am (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_util.c (added) * src/gnutls_util.h (added) Perform OCSP request over HTTP Finally the whole stack is there! ... Sat, 11 Jun 2016 23:03:01 GMT Thomas Klute [0831437] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro ... Sat, 11 Jun 2016 20:44:52 GMT Thomas Klute [47a909e] * src/gnutls_ocsp.c (modified) Create OCSP requests when updating the cached response Actually ... Sat, 11 Jun 2016 00:26:50 GMT Thomas Klute [a372379] * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Store server certificate fingerprint in OCSP config It's not like ... Sat, 11 Jun 2016 00:19:20 GMT Thomas Klute [cc74801e] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Move generated vhost-wide OCSP config into a private structure Fri, 10 Jun 2016 23:39:34 GMT Thomas Klute [5559aa6] * src/gnutls_ocsp.c (modified) Rely on cache for OCSP response expiration With fixed DBM cache ... Fri, 10 Jun 2016 23:30:12 GMT Thomas Klute [11e6205] * src/gnutls_cache.c (modified) dbm_cache_fetch(): Clear data size on allocation failure Memory ... Fri, 10 Jun 2016 19:14:51 GMT Thomas Klute [b2e6406] * src/gnutls_io.c (modified) Safe integer type conversion in mgs_filter_input() Read sizes ... Fri, 10 Jun 2016 16:46:02 GMT Thomas Klute [15b22cb] * src/mod_gnutls.c (modified) Allow compiling with clang Needs just a minimal workaround for an ... Fri, 10 Jun 2016 13:34:08 GMT Thomas Klute [d6834e0] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) OCSP refresh mutex: Prevent parallel requests Add a global mutex ... Fri, 10 Jun 2016 08:16:48 GMT Thomas Klute [aa68232] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Move global cache mutex into the private cache struct Thu, 09 Jun 2016 23:52:23 GMT Thomas Klute [e809fb3] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) Use generic cache functions for OCSP response caching With this, ... Thu, 09 Jun 2016 23:09:22 GMT Thomas Klute [3e22b82] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) Add generic store/fetch support to the memcached cache Required to ... Thu, 09 Jun 2016 21:08:30 GMT Thomas Klute [70a1e5a] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_ocsp.c (modified) * src/mod_gnutls.c (modified) Introduce OCSP caching grace time A cached OCSP response must be ... Thu, 09 Jun 2016 18:50:43 GMT Thomas Klute [f450ac9] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_hooks.c (modified) Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no ... Thu, 09 Jun 2016 16:33:30 GMT Thomas Klute [d18afb8] * src/gnutls_cache.c (modified) * src/gnutls_ocsp.c (modified) Ensure that dbm_cache_fetch() does not return expired data The ... Wed, 08 Jun 2016 21:58:24 GMT Thomas Klute [c6572ec] * src/gnutls_ocsp.c (modified) Apply default cache timeout to OCSP responses without nextUpdate Wed, 08 Jun 2016 21:24:15 GMT Thomas Klute [c55902b] * src/gnutls_cache.c (modified) Trigger cache expiration on fetch, small restructuring In a ... Wed, 08 Jun 2016 19:31:29 GMT Thomas Klute [c005645] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Mutex for DBM cache access I noticed that with a DBM cache enabled ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [eb63377] * src/gnutls_ocsp.c (modified) Check only expiration time for OCSP responses from cache Responses ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [366d1a1] * src/gnutls_ocsp.c (modified) Use nextUpdate field of OCSP response to set cache lifetime Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [08817d0] * src/gnutls_ocsp.c (modified) Check OCSP response before caching Only verified responses should ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [368e581] * src/gnutls_ocsp.c (modified) Update OCSP response cache only if response is missing or invalid ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [4bf4ce2] * README (modified) * src/gnutls_ocsp.c (modified) Use GCC builtins to catch overflows with mixed integer types ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [6b4136c] * src/gnutls_cache.c (modified) * src/gnutls_cache.h (modified) * src/gnutls_ocsp.c (modified) Store OCSP responses in DBM cache before use This is not proper ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [2f932fa] * src/gnutls_cache.c (modified) Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR ... Sun, 05 Jun 2016 19:42:32 GMT Thomas Klute [6814e48] * src/gnutls_cache.c (modified) Explain the different signatures of the dbm_cache functions Sun, 05 Jun 2016 19:42:31 GMT Thomas Klute [15245bf] * src/gnutls_cache.c (modified) Split dbm_cache_fetch() in generic and GnuTLS session specific parts ... Sun, 05 Jun 2016 19:42:31 GMT Thomas Klute [1d1361f] * src/gnutls_cache.c (modified) Make dbm_cache_store() work outside connection context Sun, 05 Jun 2016 19:42:31 GMT Thomas Klute [ae08186] * src/gnutls_cache.c (modified) DBM cache: Separate session caching and generic store operation Sun, 05 Jun 2016 19:42:31 GMT Thomas Klute [f785704] * src/gnutls_cache.c (modified) Make dbm_cache_expire() work outside connection context DBM cache ... Fri, 03 Jun 2016 22:49:21 GMT Thomas Klute [04e6e65] * include/mod_gnutls.h.in (modified) * src/Makefile.am (modified) * src/gnutls_cache.c (modified) * src/gnutls_cache.h (added) * src/gnutls_hooks.c (modified) Move declarations of cache-related functions to a dedicated header ... Fri, 03 Jun 2016 19:09:41 GMT Thomas Klute [7511bfa] * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Use ap_log_cerror() instead of ap_log_error() where reasonable ... Fri, 03 Jun 2016 19:01:26 GMT Thomas Klute [8913410] * include/mod_gnutls.h.in (modified) * src/gnutls_cache.c (modified) * src/gnutls_config.c (modified) * src/gnutls_io.c (modified) * src/mod_gnutls.c (modified) Update copyright headers Fri, 03 Jun 2016 18:31:56 GMT Thomas Klute [c3ad933] * include/mod_gnutls.h.in (modified) * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) * src/mod_gnutls.c (modified) Remove stale support code for Apache versions before 2.2 Fri, 03 Jun 2016 14:08:29 GMT Thomas Klute [fd6bb19] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Extract OCSP access URI from the server certificate Wed, 01 Jun 2016 17:01:20 GMT Thomas Klute [4ae7810] * src/gnutls_ocsp.c (modified) Log port along with hostname if OCSP trust list initialization fails Wed, 01 Jun 2016 16:41:29 GMT Thomas Klute [68ce93c] * src/gnutls_ocsp.c (modified) Rearrange mgs_get_ocsp_response() for readability Wed, 01 Jun 2016 16:20:12 GMT Thomas Klute [fad7695] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Store OCSP trust list in server config This avoids recreating the ... Tue, 31 May 2016 22:00:31 GMT Thomas Klute [64856fd] * include/mod_gnutls.h.in (modified) * src/gnutls_hooks.c (modified) Get rid of exit(-1) calls in mgs_hook_post_config() This allows the ... Tue, 31 May 2016 17:12:53 GMT Thomas Klute [2a1ffd6] * src/gnutls_ocsp.c (modified) * src/gnutls_ocsp.h (modified) Move trust list generation for OCSP to a separate function The new ... Mon, 30 May 2016 21:21:21 GMT Thomas Klute [d35b98e] * src/gnutls_ocsp.c (modified) Check OCSP response and staple it only if good Sun, 29 May 2016 22:06:59 GMT Thomas Klute [94cb972] * include/mod_gnutls.h.in (modified) * src/Makefile.am (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) * src/gnutls_ocsp.c (added) * src/gnutls_ocsp.h (added) * src/mod_gnutls.c (modified) * test/runtests (modified) * test/test-27_OCSP_server.bash (modified) * test/tests/27_OCSP_server/apache.conf (modified) Minimal OCSP stapling implementation using externally provided ... Fri, 27 May 2016 20:07:24 GMT Thomas Klute [0bda20f] * Makefile.am (modified) * configure.ac (modified) * m4/apache.m4 (modified) * src/Makefile.am (modified) * test/Makefile.am (modified) Make "make distcheck" work This requires strict DIST/DISTCLEAN ... Fri, 27 May 2016 18:56:21 GMT Thomas Klute [eb34ac4] * src/Makefile.am (modified) * test/base_apache.conf (modified) Let Automake handle module installation Using a custom pkglib ... Fri, 27 May 2016 16:26:15 GMT Thomas Klute [19f2719] * src/gnutls_io.c (modified) Update comments and formating in push/pull functions Fri, 27 May 2016 16:11:32 GMT Thomas Klute [a9fa300] * src/gnutls_io.c (modified) Set GnuTLS session errno on all error paths in mgs_transport_read() Thu, 26 May 2016 22:00:16 GMT Thomas Klute [6868585] * src/gnutls_io.c (modified) Remove unnecessary session pointer check The transport functions ... Thu, 26 May 2016 21:09:31 GMT Thomas Klute [be41ee4] * src/gnutls_io.c (modified) Set GnuTLS session errno on errors in mgs_transport_write() Sunil ... Thu, 11 Feb 2016 19:48:07 GMT Thomas Klute [8ac7c0d] * configure.ac (modified) * src/mod_gnutls.c (modified) * test/Makefile.am (modified) * test/README (modified) * test/test-26_HTTPS_server_var.bash (added) * test/tests/26_HTTPS_server_var/apache.conf (added) * test/tests/Makefile.am (modified) Register "ssl_is_https" function for compatibility with mod_rewrite ... Wed, 27 Jan 2016 17:30:40 GMT Thomas Klute [bc539d5] * src/gnutls_hooks.c (modified) * test/tests/16_view-status/output (modified) Implement short message for mod_status reports Until now the flags ... Wed, 27 Jan 2016 06:35:28 GMT Thomas Klute [600cf16] * src/gnutls_hooks.c (modified) mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls ... Sat, 21 Nov 2015 14:16:00 GMT Thomas Klute [73b0bf0] * src/gnutls_io.c (modified) mgs_filter_input: Use APR_STATUS_IS macros instead of integer comparison Sat, 21 Nov 2015 00:44:24 GMT Thomas Klute [a2368a4] * src/gnutls_hooks.c (modified) Use TLS session cleanup hook for all connection pools If a TLS ... Sat, 21 Nov 2015 00:37:15 GMT Thomas Klute [2ceb836] * src/gnutls_hooks.c (modified) * src/gnutls_io.c (modified) Update log messages on session termination (cleanup_gnutls_session, ... Wed, 18 Nov 2015 19:39:08 GMT Thomas Klute [401a0de] * src/gnutls_io.c (modified) Close TLS session on EOF in input filter If the input filter ... Thu, 12 Nov 2015 02:10:35 GMT Thomas Klute [f5a36ee] * src/gnutls_io.c (modified) Pass EAGAIN/EINTR from gnutls_io_input_read to input filter ... Thu, 12 Nov 2015 01:34:01 GMT Thomas Klute [02a6a18] * src/gnutls_io.c (modified) gnutls_io.c: Don't mix EAGAIN and EINTR in mgs_transport_read ... Fri, 18 Sep 2015 23:45:20 GMT Thomas Klute [dff03fa] * configure.ac (modified) * src/gnutls_hooks.c (modified) Configure C99 mode Variable declarations in for loops improve code ... Fri, 18 Sep 2015 23:12:16 GMT Thomas Klute [9ca1f21] * doc/mod_gnutls_manual.mdwn (modified) * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Allow loading more than one PKCS #11 module using GnuTLSP11Module ... Thu, 17 Sep 2015 20:50:11 GMT Thomas Klute [88df24d] * src/mod_gnutls.c (modified) Replace "SSL" with "TLS" in config directive descriptions Thu, 17 Sep 2015 20:25:07 GMT Thomas Klute [176047e] * include/mod_gnutls.h.in (modified) * src/gnutls_config.c (modified) * src/mod_gnutls.c (modified) Use AP_INIT_FLAG for On/Off config directives Letting the Apache ... Thu, 17 Sep 2015 19:48:54 GMT Thomas Klute [7764015] * doc/mod_gnutls_manual.mdwn (modified) * src/gnutls_config.c (modified) * src/gnutls_hooks.c (modified) Update GnuTLSP11Module documentation for stricter semantics