source: mod_gnutls/src

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @1c3853a   13 months fiona.klute Minimal multi-staple implementation Works, but has limitations: * … asyncioproxy-ticket
(edit) @08ba205   13 months fiona.klute Turn per-vhost OCSP data into an array Size 1 for now, but it's a … asyncioproxy-ticket
(edit) @4e60dd8   13 months fiona.klute Handle initialization of the OCSP data structure in one place This … asyncioproxy-ticket
(edit) @de9b100   13 months fiona.klute OCSP config: Check if cache is available before processing certificate … asyncioproxy-ticket
(edit) @cf6f974   13 months fiona.klute mgs_get_ocsp_response: Accept request information from … asyncioproxy-ticket
(edit) @98b37a1   13 months fiona.klute mgs_get_ocsp_response: Consistently use "sc" variable The "sc = … asyncioproxy-ticket
(edit) @9418c1e   13 months fiona.klute mgs_cache_ocsp_failure: Require explicit struct mgs_ocsp_data asyncioproxy-ticket
(edit) @06dcf89   13 months fiona.klute mgs_cache_ocsp_response: Require explicit struct mgs_ocsp_data asyncioproxy-ticket
(edit) @75f2d96   13 months fiona.klute check_ocsp_response: Require explicit struct mgs_ocsp_data The … asyncioproxy-ticket
(edit) @e798149   13 months fiona.klute do_ocsp_request: Require responder URI This method just handles a … asyncioproxy-ticket
(edit) @bdd10be   13 months fiona.klute mgs_create_ocsp_request: Require explicit struct mgs_ocsp_data This … asyncioproxy-ticket
(edit) @a8374f7   13 months fiona.klute Keep a reference to the certificate with OCSP data When implementing … asyncioproxy-ticket
(edit) @e376ed8   14 months fiona.klute Merge branch 'subca' asyncioproxy-ticket
(edit) @dcec209   14 months fiona.klute Fix possible segfault (NULL pointer dereference) on failed TLS … asyncioproxy-ticket
(edit) @556783e   18 months fiona.klute Provide OCSP response via gnutls_certificate_retrieve_function3 … asyncioproxy-ticket
(edit) @81018a4   18 months fiona.klute Remove compatibility code for GnuTLS version before 3.6.3 asyncioproxy-ticket
(edit) @65c84e5   18 months fiona.klute Set certificates via gnutls_certificate_set_retrieve_function3() The … asyncioproxy-ticket
(edit) @6200f6f   2 years fiona.klute Switch server based on early SNI only if a name was found asynciodebian/masterproxy-ticket
(edit) @b6c7866   2 years fiona.klute Update copyright headers of files changed this year asynciodebian/masterproxy-ticket
(edit) @a900948   2 years fiona.klute Support multiple ALPN proposals for proxy TLS connections The note … asynciodebian/masterproxy-ticket
(edit) @4d38cbd   2 years fiona.klute Return EOS/success for failed proxy TLS connections only on handshake … asynciodebian/masterproxy-ticket
(edit) @08c48d7   2 years fiona.klute Extract code for turning APR array of strings into gnutls_datum_t … asynciodebian/masterproxy-ticket
(edit) @c7710cf   2 years fiona.klute Immediately return from proxy_conn_set_alpn() if there is no proxy … asynciodebian/masterproxy-ticket
(edit) @564f33f   2 years fiona.klute Move SNI and ALPN setup for proxy connections to gnutls_proxy.c asynciodebian/masterproxy-ticket
(edit) @0378c22   2 years fiona.klute Move mod_proxy note name definitions to gnutls_proxy.h asynciodebian/masterproxy-ticket
(edit) @68b5156   2 years fiona.klute Move proxy-only functions from gnutls_hooks.c to a dedicated file asynciodebian/masterproxy-ticket
(edit) @0fcba60   2 years fiona.klute Move compiled default priorities to gnutls_util.[hc] asynciodebian/masterproxy-ticket
(edit) @f674424   2 years fiona.klute First prototype of proxy ALPN support The current code assumes that … asynciodebian/masterproxy-ticket
(edit) @2038b76   2 years fiona.klute Ensure nonblocking reads pass EAGAIN or EINTR status to caller asynciodebian/masterproxy-ticket
(edit) @92cb0cc   2 years fiona.klute Handle APR_TIMEUP return value from blocking ap_get_brigade() call … asynciodebian/masterproxy-ticket
(edit) @0da10eb   2 years fiona.klute Document Early SNI related functions and rename the post client hello hook asynciodebian/masterproxy-ticket
(edit) @64470ce   2 years fiona.klute Load credentials and prepare ALPN in pre client hello hook This fully … asynciodebian/masterproxy-ticket
(edit) @79fc46b   2 years fiona.klute Don't cancel virtual host lookup after successful default SNI fallback asynciodebian/masterproxy-ticket
(edit) @a26d3f6   2 years fiona.klute Protect early_sni_hook() against being called in the wrong context asynciodebian/masterproxy-ticket
(edit) @4963516   2 years fiona.klute Use server back reference for ALPN handling Necessary because during … asynciodebian/masterproxy-ticket
(edit) @d4c1a4e   2 years fiona.klute Add a reference from mod_gnutls server settings back to the server_rec … asynciodebian/masterproxy-ticket
(edit) @c0fc11e   2 years fiona.klute Separate functions for default SNI and loading virtual host … asynciodebian/masterproxy-ticket
(edit) @7ff6c6c   2 years fiona.klute Add proof-of-concept SNI parser in a pre client hello hook The SNI … asynciodebian/masterproxy-ticket
(edit) @4e388b0   2 years fiona.klute Consistently use strcasecmp() instead of mixing in apr_strnatcasecmp() asynciodebian/masterproxy-ticket
(edit) @f06c148   2 years fiona.klute Simplify wildcard match for virtual host aliases asynciodebian/masterproxy-ticket
(edit) @6d8c00c   2 years fiona.klute Include apr_strings.h only where needed asynciodebian/masterproxy-ticket
(edit) @3c6645b   2 years fiona.klute gnutls_hooks.c: Fix spaces in check_server_aliases() asynciodebian/masterproxy-ticket
(edit) @3aff94d   2 years fiona.klute Include cache status in mod_status reports asynciodebian/masterproxy-ticket
(edit) @04753db8   2 years fiona.klute Require Host header to match SNI hostname (if any) This is a … asynciodebian/masterproxy-ticket
(edit) @a14cf5c   2 years fiona.klute Store SNI hostname in mod_gnutls' connection context asynciodebian/masterproxy-ticket
(edit) @de3fad3   2 years fiona.klute Require handshake and request to use the same server The new check … asynciodebian/masterproxy-ticket
(edit) @15368a4   2 years fiona.klute Improve log messages for PKCS #11 provider loading asynciodebian/masterproxy-ticket
(edit) @8273683   2 years fiona.klute Fix port numbers for vhosts in post_config log messages asynciodebian/masterproxy-ticket
(edit) @469861a   2 years fiona.klute Enable session tickets in the post client hello hook With this … asynciodebian/masterproxy-ticket
(edit) @bac1a32   2 years fiona.klute Order, log message, and style fixes asynciodebian/masterproxy-ticket
(edit) @fdd3bf0   2 years fiona.klute Enable session tickets by default if GnuTLS version >= 3.6.4 GnuTLS … asynciodebian/masterproxy-ticket
(edit) @bd2b48b   2 years fiona.klute Immediately retry on EINTR or EAGAIN for blocking receive Proxy TLS … asynciodebian/masterproxy-ticket
(edit) @78d75ac   2 years fiona.klute Use the right cache config string in cache trace logs asynciodebian/masterproxy-ticket
(edit) @0d7660d   2 years fiona.klute Provide a default path for the default OCSP cache asynciodebian/masterproxy-ticket
(edit) @60868d2   2 years fiona.klute Default to NORMAL for the GnuTLS priority settings This simplifies … asynciodebian/masterproxy-ticket
(edit) @72b669e   2 years fiona.klute Refuse to send or receive over a failed TLS connection On a failed … asynciodebian/masterproxy-ticket
(edit) @adceac0   2 years fiona.klute Remove unneeded server variables "cert_cn" and "cert_san" "cert_san" … asynciodebian/masterproxy-ticket
(edit) @cb6476c   2 years fiona.klute Enable OCSP stapling by default if possible If the user hasn't … asynciodebian/masterproxy-ticket
(edit) @efc43b4   2 years fiona.klute Split per-vhost post config for OCSP stapling into configuring and … asynciodebian/masterproxy-ticket
(edit) @994200a   2 years fiona.klute Set up shmcb OCSP cache by default The shmcb socache doesn't require … asynciodebian/masterproxy-ticket
(edit) @3358887   3 years fiona.klute Assign cache configuration to server only if successful The sc->cache … asynciodebian/masterproxy-ticket
(edit) @eced11a   3 years fiona.klute Remove server variable ocsp_cache_enable There is no need to … asynciodebian/masterproxy-ticket
(edit) @92b5f4d   3 years fiona.klute Use the OCSP cache for responses asynciodebian/masterproxy-ticket
(edit) @babdb29   3 years fiona.klute Initialize and clean up the OCSP cache, following session cache patterns asynciodebian/masterproxy-ticket
(edit) @d036f96   3 years fiona.klute Add configuration directive GnuTLSOCSPCache (no-op for now) First … asynciodebian/masterproxy-ticket
(edit) @2d454a2   3 years fiona.klute Macro for session cache name asynciodebian/masterproxy-ticket
(edit) @72377cf   3 years fiona.klute Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0 Compression … asynciodebian/masterproxy-ticket
(edit) @ce5f776   3 years fiona.klute Move config and post_config of a cache instance to separate functions … asynciodebian/masterproxy-ticket
(edit) @5ab2868   3 years fiona.klute Remove unused server variable The mgs_srvconf_rec.non_ssl_request … asynciodebian/masterproxy-ticket
(edit) @f52f1b4   3 years fiona.klute Allow GnuTLSCacheTimeout in virtual host config I'm not sure if … asynciodebian/masterproxy-ticket
(edit) @d8d6b1e   3 years fiona.klute Reallocate buffer to data size after fetching from socache There is … asynciodebian/masterproxy-ticket
(edit) @a314ec9   3 years fiona.klute Store config pointer in struct mgs_cache for logging This way the … asynciodebian/masterproxy-ticket
(edit) @b94aee2   3 years fiona.klute Remove internal cache type enum The cache type is now transparently … asynciodebian/masterproxy-ticket
(edit) @adf36c3   3 years fiona.klute Update documentation in gnutls_cache.c asynciodebian/masterproxy-ticket
(edit) @41f9bcb   3 years fiona.klute Use cache parameter in mgs_cache_store() and mgs_cache_fetch() The … asynciodebian/masterproxy-ticket
(edit) @ded2291   3 years fiona.klute Switch generic cache store/fetch function pointers to constant … asynciodebian/masterproxy-ticket
(edit) @6bbd378   3 years fiona.klute Remove special handling for APR memcache and leftover includes asynciodebian/masterproxy-ticket
(edit) @0363315   3 years fiona.klute Use cache mutex only if socache provider is not multiprocess/thread safe asynciodebian/masterproxy-ticket
(edit) @14a6f41   3 years fiona.klute Check for a cache during OCSP setup asynciodebian/masterproxy-ticket
(edit) @de1ceab   3 years fiona.klute Replace internal cache implementation with mod_socache Massively … asynciodebian/masterproxy-ticket
(edit) @0470e44   3 years fiona.klute Support common socache "type:config" style for GnuTLSCache directive asynciodebian/masterproxy-ticket
(edit) @7921dc7   3 years fiona.klute Remove OpenPGP authentication OpenPGP authentication was removed from … asynciodebian/masterproxy-ticket
(edit) @2246a84   3 years fiona.klute Make automatic OCSP cache updates and fuzz time configurable asynciodebian/masterproxy-ticket
(edit) @fa6d0bb   3 years fiona.klute Initialize OCSP stapling only if mod_gnutls is enabled for a virtual … asynciodebian/masterproxy-ticket
(edit) @f233a23   3 years fiona.klute Logic for fuzzy OCSP update timing If a server has a lot of virtual … asynciodebian/masterproxy-ticket
(edit) @3d30543   3 years fiona.klute Write failure cache entries from asynchronous OCSP updates This … asynciodebian/masterproxy-ticket
(edit) @61e802c   3 years fiona.klute Simplify mgs_async_ocsp_update Always use OCSP mutex for updates, … asynciodebian/masterproxy-ticket
(edit) @3c475e0   3 years fiona.klute Ensure that mod_gnutls child_init runs before mod_watchdog's Our … asynciodebian/masterproxy-ticket
(edit) @103cafa   3 years fiona.klute Remove extra "OCSP failed" log entry while writing failure to cache … asynciodebian/masterproxy-ticket
(edit) @a85de63   3 years fiona.klute Make cache_fetch_func work without a connection context This is … asynciodebian/masterproxy-ticket
(edit) @c34a68b   3 years fiona.klute dbm_cache_fetch: Prepare for signature without connection context … asynciodebian/masterproxy-ticket
(edit) @3656df0   3 years fiona.klute mgs_cache_ocsp_failure: Make expiry timeout an argument A failure … asynciodebian/masterproxy-ticket
(edit) @6945efb   3 years fiona.klute mc_cache_fetch: Don't require a connection context asynciodebian/masterproxy-ticket
(edit) @3381559   3 years fiona.klute Adjust intervals for async OCSP updates based on cache expiry or failure asynciodebian/masterproxy-ticket
(edit) @0cdfb19   3 years fiona.klute Documentation for mgs_new_singleton_watchdog asynciodebian/masterproxy-ticket
(edit) @a467635   3 years fiona.klute Enable asynchronous OCSP updates Asynchronous updates are always … asynciodebian/masterproxy-ticket
(edit) @506e64a   3 years fiona.klute Optionally return cache expiry time when caching an OCSP response … asynciodebian/masterproxy-ticket
(edit) @0e3f8c6   3 years fiona.klute Create module-wide singleton watchdog during post_config asynciodebian/masterproxy-ticket
(edit) @4aa63a4   3 years fiona.klute Infrastructure for mod_watchdog support Asynchronous OCSP cache … asynciodebian/masterproxy-ticket
(edit) @3c123cd   3 years fiona.klute Update my name, prepare changelog for the next release asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
Note: See TracRevisionLog for help on using the revision log.