source: mod_gnutls/src

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @d7eec4e   4 weeks fiona.klute Fix loop in blocking read on transport timeout The loop was cased by … main
(edit) @272833c   19 months fiona.klute Adjust log level for read error messages These are most likely caused … main
(edit) @ac49b95   19 months fiona.klute Avoid log spam if connection is aborted while sending * Don't try to … main
(edit) @eb21e89   20 months fiona.klute Fix server_rec references in mgs_get_ocsp_response() During the … main
(edit) @9c4ae9c2   21 months fiona.klute Use the issuer certificate directly to verify OCSP responses The … main
(edit) @b8e9e11   21 months fiona.klute Ensure the path part of OCSP URI isn't empty main
(edit) @c67643b   21 months fiona.klute SHA1 for issuer name hash and issuer key hash in OCSP requests Some … main
(edit) @d54572e   2 years fiona.klute Limit variable scopes in gnutls_hooks.c This fixes issues found using … asynciomain
(edit) @d8c4d75   2 years fiona.klute Remove redundant initializations Found by CppCheck?. asynciomain
(edit) @8da0c7e   2 years fiona.klute Limit variable scopes in gnutls_io.c This fixes issues found using … asynciomain
(edit) @ec33c23   2 years fiona.klute Remove shadowing re-declaration There's no need for a new variable … asynciomain
(edit) @9eda494   2 years fiona.klute Remove pointless assignment reported by clang-analyzer asynciomain
(edit) @70f9c00   2 years fiona.klute Clean up TLS error handling The HTTP_BAD_REQUEST case was never … asynciomain
(edit) @facbb08   3 years fiona.klute Update default priorities This removes insecure and outdated things … asynciomain
(edit) @a66b5be   3 years fiona.klute Include MGS_DEFAULT_PRIORITY statically in log messages Very minor … asynciomain
(edit) @e63515a   3 years fiona.klute Fix SNI/ServerAlias matching ServerAliases? were never checked if … asynciomain
(edit) @8d0efdc   3 years fiona.klute Disable session tickets by default After learning that the GnuTLS key … asynciomain
(edit) @796d9a3   3 years fiona.klute Cache session tickets for proxy connections only when using TLS 1.3 … asynciomain
(edit) @e6d9e47   3 years fiona.klute Move the callback for incoming tickets into gnutls_proxy.c It's only … asynciomain
(edit) @641d11b   3 years fiona.klute Delete session tickets for proxy connections when using them Tickets … asynciomain
(edit) @2b1b52f   3 years fiona.klute Actually use the computed socache key in socache_delete_session() We … asynciomain
(edit) @e151b6f   3 years fiona.klute Do not try to cache or load cached proxy sessions without a session cache asynciomain
(edit) @764fef3   3 years fiona.klute Load cached proxy TLS sessions from cache asynciomain
(edit) @7e29705   3 years fiona.klute Fix memory leak: Free ticket after storing it in cache asynciomain
(edit) @411d286   3 years fiona.klute Store session tickets for proxy connections in the session cache The … asynciomain
(edit) @d827d0c   3 years fiona.klute Create cache keys for proxy session tickets The key is based on the … asynciomain
(edit) @33d812d   3 years fiona.klute Retrieve received session tickets The tickets aren't used yet. Making … asynciomainproxy-ticket
(edit) @132eadc   3 years fiona.klute Implement gnutls_pull_timeout_func According to GnuTLS documentation … asynciomainproxy-ticket
(edit) @0484b31   3 years fiona.klute Set the module name for log messages from gnutls_watchdog.c asynciomainproxy-ticket
(edit) @87d7f89   3 years fiona.klute Send OCSP nonce only if GnuTLSOCSPCheckNonce is enabled asynciomainproxy-ticket
(edit) @e932ba5   3 years fiona.klute Do not enforce OCSP nonces by default The reason for this change is … asynciomainproxy-ticket
(edit) @9071889   3 years fiona.klute Remove pointless set-once process pool userdata I know some modules … asynciomainproxy-ticket
(edit) @e819f13   3 years fiona.klute Unconditionally enable early SNI parsing All supported GnuTLS … asynciomainproxy-ticket
(edit) @4f2c988   3 years fiona.klute Send 403 if required client post-handshake authentication fails This … asynciomainproxy-ticket
(edit) @f94938c   3 years fiona.klute Nicer logging for post-handshake authentication asynciomainproxy-ticket
(edit) @fcad37b   3 years fiona.klute Retry gnutls_reauth() on transport interruptions asynciomainproxy-ticket
(edit) @9db4dcd   3 years fiona.klute Handle GNUTLS_E_GOT_APPLICATION_DATA on gnutls_reauth() Pending … asynciomainproxy-ticket
(edit) @4a22ee6   3 years fiona.klute Fix speculative reads using cached data The rollback buffer … asynciomainproxy-ticket
(edit) @6fa6095   3 years fiona.klute Partial post-handshake auth support Needs proper error handling, … asynciomainproxy-ticket
(edit) @e24e3bf9   3 years fiona.klute Rewrite authz hook Using the effective mode simplifies the code a … asynciomainproxy-ticket
(edit) @3b2edd6   3 years fiona.klute Use GnuTLS' certificate status text instead of hard-coded cases … asynciomainproxy-ticket
(edit) @ee2854b   3 years fiona.klute Remove a forgotten "return OK" in mgs_cert_verify See … asynciomainproxy-ticket
(edit) @99196d9   3 years fiona.klute Reauthentication: Much simpler check for HTTP/2 Integer comparison … asynciomainproxy-ticket
(edit) @0dc1a31   3 years fiona.klute Always return DECLINED instead of OK from mgs_cert_verify The return … asynciomainproxy-ticket
(edit) @346c03b   3 years fiona.klute Prohibit TLS renegotiation for HTTP/2 connections (RFC 7540, section 9.2.1) asynciomainproxy-ticket
(edit) @b22def6   3 years fiona.klute Remove SIGPIPE signal block There's no discernible reason to keep … asynciomainproxy-ticket
(edit) @05e2d9e   3 years fiona.klute Move function declarations for gnutls_io.c into a separate header asynciomainproxy-ticket
(edit) @33fa7d5   3 years fiona.klute Ensure stapling is active for server certificates with "must-staple" … asynciomainproxy-ticket
(edit) @5c9ca6b   3 years fiona.klute Ensure sc->ocsp and sc->ocsp_num are always initialized They should … asynciomainproxy-ticket
(edit) @a3e0f7b   3 years fiona.klute Support a list of files for the GnuTLSOCSPResponseFile option This … asynciomainproxy-ticket
(edit) @845c112   3 years fiona.klute Async OCSP updates for multi-stapling There's now one mod_watchdog … asynciomainproxy-ticket
(edit) @c446ca5   3 years fiona.klute Small cleanups (use mgs_ocsp_data_t, update copyright header) asynciomainproxy-ticket
(edit) @ce987dc   3 years fiona.klute Log number of certificates in chain that OCSP stapling is enabled for asynciomainproxy-ticket
(edit) @1aad1d7   3 years fiona.klute Consider stapling configured if it's configured for one certificate … asynciomainproxy-ticket
(edit) @1c3853a   3 years fiona.klute Minimal multi-staple implementation Works, but has limitations: * … asynciomainproxy-ticket
(edit) @08ba205   3 years fiona.klute Turn per-vhost OCSP data into an array Size 1 for now, but it's a … asynciomainproxy-ticket
(edit) @4e60dd8   3 years fiona.klute Handle initialization of the OCSP data structure in one place This … asynciomainproxy-ticket
(edit) @de9b100   3 years fiona.klute OCSP config: Check if cache is available before processing certificate … asynciomainproxy-ticket
(edit) @cf6f974   3 years fiona.klute mgs_get_ocsp_response: Accept request information from … asynciomainproxy-ticket
(edit) @98b37a1   3 years fiona.klute mgs_get_ocsp_response: Consistently use "sc" variable The "sc = … asynciomainproxy-ticket
(edit) @9418c1e   3 years fiona.klute mgs_cache_ocsp_failure: Require explicit struct mgs_ocsp_data asynciomainproxy-ticket
(edit) @06dcf89   3 years fiona.klute mgs_cache_ocsp_response: Require explicit struct mgs_ocsp_data asynciomainproxy-ticket
(edit) @75f2d96   3 years fiona.klute check_ocsp_response: Require explicit struct mgs_ocsp_data The … asynciomainproxy-ticket
(edit) @e798149   3 years fiona.klute do_ocsp_request: Require responder URI This method just handles a … asynciomainproxy-ticket
(edit) @bdd10be   3 years fiona.klute mgs_create_ocsp_request: Require explicit struct mgs_ocsp_data This … asynciomainproxy-ticket
(edit) @a8374f7   3 years fiona.klute Keep a reference to the certificate with OCSP data When implementing … asynciomainproxy-ticket
(edit) @e376ed8   3 years fiona.klute Merge branch 'subca' asynciomainproxy-ticket
(edit) @dcec209   3 years fiona.klute Fix possible segfault (NULL pointer dereference) on failed TLS … asynciomainproxy-ticket
(edit) @556783e   4 years fiona.klute Provide OCSP response via gnutls_certificate_retrieve_function3 … asynciomainproxy-ticket
(edit) @81018a4   4 years fiona.klute Remove compatibility code for GnuTLS version before 3.6.3 asynciomainproxy-ticket
(edit) @65c84e5   4 years fiona.klute Set certificates via gnutls_certificate_set_retrieve_function3() The … asynciomainproxy-ticket
(edit) @6200f6f   4 years fiona.klute Switch server based on early SNI only if a name was found asynciodebian/mastermainproxy-ticket
(edit) @b6c7866   4 years fiona.klute Update copyright headers of files changed this year asynciodebian/mastermainproxy-ticket
(edit) @a900948   4 years fiona.klute Support multiple ALPN proposals for proxy TLS connections The note … asynciodebian/mastermainproxy-ticket
(edit) @4d38cbd   4 years fiona.klute Return EOS/success for failed proxy TLS connections only on handshake … asynciodebian/mastermainproxy-ticket
(edit) @08c48d7   4 years fiona.klute Extract code for turning APR array of strings into gnutls_datum_t … asynciodebian/mastermainproxy-ticket
(edit) @c7710cf   4 years fiona.klute Immediately return from proxy_conn_set_alpn() if there is no proxy … asynciodebian/mastermainproxy-ticket
(edit) @564f33f   4 years fiona.klute Move SNI and ALPN setup for proxy connections to gnutls_proxy.c asynciodebian/mastermainproxy-ticket
(edit) @0378c22   4 years fiona.klute Move mod_proxy note name definitions to gnutls_proxy.h asynciodebian/mastermainproxy-ticket
(edit) @68b5156   4 years fiona.klute Move proxy-only functions from gnutls_hooks.c to a dedicated file asynciodebian/mastermainproxy-ticket
(edit) @0fcba60   4 years fiona.klute Move compiled default priorities to gnutls_util.[hc] asynciodebian/mastermainproxy-ticket
(edit) @f674424   4 years fiona.klute First prototype of proxy ALPN support The current code assumes that … asynciodebian/mastermainproxy-ticket
(edit) @2038b76   4 years fiona.klute Ensure nonblocking reads pass EAGAIN or EINTR status to caller asynciodebian/mastermainproxy-ticket
(edit) @92cb0cc   4 years fiona.klute Handle APR_TIMEUP return value from blocking ap_get_brigade() call … asynciodebian/mastermainproxy-ticket
(edit) @0da10eb   4 years fiona.klute Document Early SNI related functions and rename the post client hello hook asynciodebian/mastermainproxy-ticket
(edit) @64470ce   4 years fiona.klute Load credentials and prepare ALPN in pre client hello hook This fully … asynciodebian/mastermainproxy-ticket
(edit) @79fc46b   4 years fiona.klute Don't cancel virtual host lookup after successful default SNI fallback asynciodebian/mastermainproxy-ticket
(edit) @a26d3f6   4 years fiona.klute Protect early_sni_hook() against being called in the wrong context asynciodebian/mastermainproxy-ticket
(edit) @4963516   4 years fiona.klute Use server back reference for ALPN handling Necessary because during … asynciodebian/mastermainproxy-ticket
(edit) @d4c1a4e   4 years fiona.klute Add a reference from mod_gnutls server settings back to the server_rec … asynciodebian/mastermainproxy-ticket
(edit) @c0fc11e   4 years fiona.klute Separate functions for default SNI and loading virtual host … asynciodebian/mastermainproxy-ticket
(edit) @7ff6c6c   4 years fiona.klute Add proof-of-concept SNI parser in a pre client hello hook The SNI … asynciodebian/mastermainproxy-ticket
(edit) @4e388b0   4 years fiona.klute Consistently use strcasecmp() instead of mixing in apr_strnatcasecmp() asynciodebian/mastermainproxy-ticket
(edit) @f06c148   4 years fiona.klute Simplify wildcard match for virtual host aliases asynciodebian/mastermainproxy-ticket
(edit) @6d8c00c   4 years fiona.klute Include apr_strings.h only where needed asynciodebian/mastermainproxy-ticket
(edit) @3c6645b   4 years fiona.klute gnutls_hooks.c: Fix spaces in check_server_aliases() asynciodebian/mastermainproxy-ticket
(edit) @3aff94d   4 years fiona.klute Include cache status in mod_status reports asynciodebian/mastermainproxy-ticket
(edit) @04753db8   4 years fiona.klute Require Host header to match SNI hostname (if any) This is a … asynciodebian/mastermainproxy-ticket
(edit) @a14cf5c   4 years fiona.klute Store SNI hostname in mod_gnutls' connection context asynciodebian/mastermainproxy-ticket
(edit) @de3fad3   4 years fiona.klute Require handshake and request to use the same server The new check … asynciodebian/mastermainproxy-ticket
Note: See TracRevisionLog for help on using the revision log.