source: mod_gnutls/src

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @15b22cb   4 years thomas2.klute Allow compiling with clang Needs just a minimal workaround for an … debian/masterdebian/stretch-backportsupstream
(edit) @d6834e0   4 years thomas2.klute OCSP refresh mutex: Prevent parallel requests Add a global mutex … debian/masterdebian/stretch-backportsupstream
(edit) @aa68232   4 years thomas2.klute Move global cache mutex into the private cache struct debian/masterdebian/stretch-backportsupstream
(edit) @e809fb3   4 years thomas2.klute Use generic cache functions for OCSP response caching With this, OCSP … debian/masterdebian/stretch-backportsupstream
(edit) @3e22b82   4 years thomas2.klute Add generic store/fetch support to the memcached cache Required to … debian/masterdebian/stretch-backportsupstream
(edit) @70a1e5a   4 years thomas2.klute Introduce OCSP caching grace time A cached OCSP response must be … debian/masterdebian/stretch-backportsupstream
(edit) @f450ac9   4 years thomas2.klute Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … debian/masterdebian/stretch-backportsupstream
(edit) @d18afb8   4 years thomas2.klute Ensure that dbm_cache_fetch() does not return expired data The cache … debian/masterdebian/stretch-backportsupstream
(edit) @c6572ec   4 years thomas2.klute Apply default cache timeout to OCSP responses without nextUpdate debian/masterdebian/stretch-backportsupstream
(edit) @c55902b   4 years thomas2.klute Trigger cache expiration on fetch, small restructuring In a situation … debian/masterdebian/stretch-backportsupstream
(edit) @c005645   4 years thomas2.klute Mutex for DBM cache access I noticed that with a DBM cache enabled … debian/masterdebian/stretch-backportsupstream
(edit) @eb63377   4 years thomas2.klute Check only expiration time for OCSP responses from cache Responses … debian/masterdebian/stretch-backportsupstream
(edit) @366d1a1   4 years thomas2.klute Use nextUpdate field of OCSP response to set cache lifetime debian/masterdebian/stretch-backportsupstream
(edit) @08817d0   4 years thomas2.klute Check OCSP response before caching Only verified responses should be … debian/masterdebian/stretch-backportsupstream
(edit) @368e581   4 years thomas2.klute Update OCSP response cache only if response is missing or invalid … debian/masterdebian/stretch-backportsupstream
(edit) @4bf4ce2   4 years thomas2.klute Use GCC builtins to catch overflows with mixed integer types … debian/masterdebian/stretch-backportsupstream
(edit) @6b4136c   4 years thomas2.klute Store OCSP responses in DBM cache before use This is not proper … debian/masterdebian/stretch-backportsupstream
(edit) @2f932fa   4 years thomas2.klute Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR … debian/masterdebian/stretch-backportsupstream
(edit) @6814e48   4 years thomas2.klute Explain the different signatures of the dbm_cache functions debian/masterdebian/stretch-backportsupstream
(edit) @15245bf   4 years thomas2.klute Split dbm_cache_fetch() in generic and GnuTLS session specific parts … debian/masterdebian/stretch-backportsupstream
(edit) @1d1361f   4 years thomas2.klute Make dbm_cache_store() work outside connection context debian/masterdebian/stretch-backportsupstream
(edit) @ae08186   4 years thomas2.klute DBM cache: Separate session caching and generic store operation debian/masterdebian/stretch-backportsupstream
(edit) @f785704   4 years thomas2.klute Make dbm_cache_expire() work outside connection context DBM cache … debian/masterdebian/stretch-backportsupstream
(edit) @04e6e65   4 years thomas2.klute Move declarations of cache-related functions to a dedicated header … debian/masterdebian/stretch-backportsupstream
(edit) @7511bfa   4 years thomas2.klute Use ap_log_cerror() instead of ap_log_error() where reasonable … debian/masterdebian/stretch-backportsupstream
(edit) @8913410   4 years thomas2.klute Update copyright headers debian/masterdebian/stretch-backportsupstream
(edit) @c3ad933   4 years thomas2.klute Remove stale support code for Apache versions before 2.2 debian/masterdebian/stretch-backportsupstream
(edit) @fd6bb19   4 years thomas2.klute Extract OCSP access URI from the server certificate debian/masterdebian/stretch-backportsupstream
(edit) @4ae7810   4 years thomas2.klute Log port along with hostname if OCSP trust list initialization fails debian/masterdebian/stretch-backportsupstream
(edit) @68ce93c   4 years thomas2.klute Rearrange mgs_get_ocsp_response() for readability debian/masterdebian/stretch-backportsupstream
(edit) @fad7695   4 years thomas2.klute Store OCSP trust list in server config This avoids recreating the … debian/masterdebian/stretch-backportsupstream
(edit) @64856fd   4 years thomas2.klute Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … debian/masterdebian/stretch-backportsupstream
(edit) @2a1ffd6   4 years thomas2.klute Move trust list generation for OCSP to a separate function The new … debian/masterdebian/stretch-backportsupstream
(edit) @d35b98e   4 years thomas2.klute Check OCSP response and staple it only if good debian/masterdebian/stretch-backportsupstream
(edit) @94cb972   4 years thomas2.klute Minimal OCSP stapling implementation using externally provided … debian/masterdebian/stretch-backportsupstream
(edit) @0bda20f   4 years thomas2.klute Make "make distcheck" work This requires strict DIST/DISTCLEAN lists … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @eb34ac4   4 years thomas2.klute Let Automake handle module installation Using a custom pkglib … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @19f2719   4 years thomas2.klute Update comments and formating in push/pull functions debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @a9fa300   4 years thomas2.klute Set GnuTLS session errno on all error paths in mgs_transport_read() debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @6868585   4 years thomas2.klute Remove unnecessary session pointer check The transport functions are … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @be41ee4   4 years thomas2.klute Set GnuTLS session errno on errors in mgs_transport_write() Sunil … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @8ac7c0d   4 years thomas2.klute Register "ssl_is_https" function for compatibility with mod_rewrite … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @bc539d5   4 years thomas2.klute Implement short message for mod_status reports Until now the flags … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @600cf16   4 years thomas2.klute mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @73b0bf0   4 years thomas2.klute mgs_filter_input: Use APR_STATUS_IS macros instead of integer comparison debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @a2368a4   4 years thomas2.klute Use TLS session cleanup hook for all connection pools If a TLS … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @2ceb836   4 years thomas2.klute Update log messages on session termination (cleanup_gnutls_session, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @401a0de   4 years thomas2.klute Close TLS session on EOF in input filter If the input filter receives … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @f5a36ee   4 years thomas2.klute Pass EAGAIN/EINTR from gnutls_io_input_read to input filter … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @02a6a18   4 years thomas2.klute gnutls_io.c: Don't mix EAGAIN and EINTR in mgs_transport_read … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @dff03fa   4 years thomas2.klute Configure C99 mode Variable declarations in for loops improve code … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @9ca1f21   4 years thomas2.klute Allow loading more than one PKCS #11 module using GnuTLSP11Module … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @88df24d   4 years thomas2.klute Replace "SSL" with "TLS" in config directive descriptions debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @176047e   4 years thomas2.klute Use AP_INIT_FLAG for On/Off? config directives Letting the Apache … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @7764015   4 years thomas2.klute Update GnuTLSP11Module documentation for stricter semantics debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @746e993   4 years thomas2.klute Formatting fix for PKCS #11 module loading debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @f21d2a6   4 years thomas2.klute Changed the semantics of GnuTLSP11Module That setting instructs … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @efd3cfe   4 years thomas2.klute Whitespace fix in gnutls_hooks.c debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @99f8375   4 years thomas2.klute Ensure safe defaults during client verification Initialize the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @dfd5837   4 years thomas2.klute Log possible error messages from gnutls_bye debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @ee687ab   4 years thomas2.klute Update README and post-install documentation hint debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e021722   4 years thomas2.klute Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e391197   4 years thomas2.klute Update copyright headers for C source debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @a2e3c33   5 years thomas2.klute Rename option SSLProxyEngine to GnuTLSProxyEngine This matches the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e765670   5 years thomas2.klute Fix signature of mgs_cache_child_init when building without … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @87f1ed2   5 years thomas2.klute Allow loading of an additional PKCS #11 provider library When using … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @4133f2d   5 years thomas2.klute Unify argument handling in mgs_set_priorities Just store the argument … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @2cde026d   5 years thomas2.klute Merge branch 'new-gnutls-api' Merge my TLS proxy implementation with … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @73f6f12   5 years thomas2.klute Check handshake result before logging "TLS connection opened" Without … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @f030883   5 years thomas2.klute Set GnuTLS priorities for proxy connections separately Until now, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @d04f7da   5 years thomas2.klute Version guards for gnutls_privkey_import_openpgp_raw workaround The … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @8b472af   5 years thomas2.klute Use server root for file paths in TLS proxy config This is what users … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @2cde8111   5 years thomas2.klute Workarounds for OpenPGP key handling Commit … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @01b5d85   5 years thomas2.klute Merge branch 'client-verify-fix' into new-gnutls-api Merge the fix … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @c4a015b   5 years thomas2.klute Merge branch 'split-testsuite' into new-gnutls-api OpenPGP support is … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @259e835   5 years thomas2.klute Merge branch 'master' into new-gnutls-api Branch 'master' at this … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @1d9cfaf   5 years thomas2.klute gnutls_config.c: Backport function signature changes from master … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @809c422   5 years thomas2.klute TLS proxy: Add support for CRLs to back end server verification When … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @bd24203   5 years thomas2.klute Explicitly build trust list for proxy connections This change … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @7d2123d   5 years thomas2.klute Log errors while loading proxy certificate trust list The way the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @6bbc00a   5 years thomas2.klute Check hostname of proxy back end server against certificate … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @0de1839   5 years thomas2.klute Support X.509 auth for TLS proxy connections This commit adds support … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @7314438   5 years thomas2.klute Fix whitespace problems detected by git debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @b324906   5 years thomas2.klute Merge branch 'client-verify-fix' into tls-proxy Most importantly, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @5a8a32b   5 years thomas2.klute TLS Client auth: Check server verify mode if unset for dir The … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @b429e4c   5 years thomas2.klute Cleanup handler for proxy TLS connections When handling client … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @d7a8286   5 years thomas2.klute Remove debug log messages for allocating connection config memory … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @265eafc   5 years thomas2.klute gnutls_io.c: Log connection start/end and unusual input filter events … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @4261999   5 years thomas2.klute gnutls_io_input_read: Retry gnutls_record_recv if necessary While … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @398d1a0   5 years thomas2.klute Improved logging for gnutls_io_input_read * Log if something tried to … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @4fefa39   5 years thomas2.klute src/gnutls_io.c: Reformat gnutls_io_filter_error for readability No … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @beb14d9   5 years thomas2.klute Proof of concept: Support for proxy back end connections using TLS … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @c1ef069   5 years thomas2.klute Record if a connection is a proxy connection When handling a proxy … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @5342265   5 years thomas2.klute Close last for loop in mgs_find_sni_server The closing brace for the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @07d548d   5 years thomas2.klute Properly use SSLProxyEngine option ssl_proxy_enable now checks if … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @accbb83   5 years thomas2.klute mod_gnutls.c: Whitespace and line break fixes debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @c782c1f   5 years thomas2.klute Don't do global deinit when disabling TLS for a proxy back end … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e8acf05   5 years thomas2.klute Enable/disable TLS per connection in ssl_engine_disable Previously, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @e4b58b6   5 years thomas2.klute Check error codes during GnuTLS connection init These calls shouldn't … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @3d361b8   5 years thomas2.klute Check if filters exist before removing them in ssl_engine_disable … debian/masterdebian/stretch-backportsjessie-backportsupstream
Note: See TracRevisionLog for help on using the revision log.