source: mod_gnutls/src

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @54d07a1   7 weeks thomas2.klute Do not announce (unused) session ticket support on proxy connections …
(edit) @265159d   8 weeks thomas2.klute Send SNI for proxy connections
(edit) @98cf33f   3 months thomas2.klute Rewrite SNI handler to accept long names and ignore unknown name types …
(edit) @017ef2d   3 months thomas2.klute Cleanup of post client hello and SNI handling functions * Get module …
(edit) @cebb74a   3 months thomas2.klute Remove broken SNI/session resumption workaround By specification, the …
(edit) @e389b85   3 months thomas2.klute Remove obsolete global GnuTLS (de)init calls These calls have been …
(edit) @f4deac5   5 months thomas2.klute Warn users about OpenPGP deprecation OpenPGP support has been …
(edit) @a2b4ab6   5 months thomas2.klute Use GnuTLS known DH parameters If the user does not configure the DH …
(edit) @92ac36e   6 months thomas2.klute Remove dead code in DH parameters setup The dh_params variable in …
(edit) @4f7edd5   9 months thomas2.klute Remove log for mutex creation errors (core logs them at emergency level)
(edit) @5ac4bbe   12 months thomas2.klute Use APR_SIZE_T_FMT macro for portable apr_size_t formatting The size … debianupstream
(edit) @08b821a   12 months thomas2.klute gnutls_io.c: API documentation debianupstream
(edit) @104e881   12 months thomas2.klute General comment updates for Doxygen compatibility Mostly /* */ vs. … debianupstream
(edit) @14548b9   12 months thomas2.klute Update comments in gnutls_cache.(c|h) to work with Doxygen debianupstream
(edit) @e1c094c   13 months thomas2.klute Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring a … debianupstream
(edit) @b888e8b   14 months thomas2.klute New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces in … debianupstream
(edit) @3475e62   14 months thomas2.klute Remove EXPERIMENTAL mark for OCSP from internal documentation debianupstream
(edit) @c39ae1a   14 months thomas2.klute Initialize OCSP timeouts with an "unset" value The configuration … debianupstream
(edit) @ef107fd   14 months thomas2.klute Remove TODO for OCSP requests without nonces Ideally all OCSP … debianupstream
(edit) @0a02378   14 months thomas2.klute Style fixes for OCSP related time differences * Consistently use … debianupstream
(edit) @333bbc7   14 months thomas2.klute Configurable OCSP socket timeout Stalled OCSP requests must time out … debianupstream
(edit) @c6dda6d   14 months thomas2.klute Rate limit OCSP requests Retries after failed OCSP requests must be … debianupstream
(edit) @d26fa55   14 months thomas2.klute Allow GnuTLSOCSPGraceTime in virtual host context mgs_set_timeout … debianupstream
(edit) @3f0b470   14 months thomas2.klute Macro for the OCSP socket timeout debianupstream
(edit) @8a0da86   18 months thomas2.klute Adjust log levels for OCSP cache updates debianupstream
(edit) @9c456a9   18 months thomas2.klute Clean up cache logging * Demote ordinary cache store/fetch operations … debianupstream
(edit) @e9ef72c   18 months thomas2.klute Disable GnuTLSSessionTickets by default as described in handbook The … debianupstream
(edit) @f1147b6   18 months thomas2.klute OCSP post config: Ensure OCSP URI or response file are set If the … debianupstream
(edit) @ef06c74   18 months thomas2.klute Compatibility code for GCC version < 5 The builtin_add_overflow() … debianupstream
(edit) @ac3f500   18 months thomas2.klute Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … debianupstream
(edit) @87d507b   18 months thomas2.klute Overwrite session ticket key before releasing it Private key material … debianupstream
(edit) @78b75b3   18 months thomas2.klute Restore GnuTLSOCSPResponseFile option Using an externally updated … debianupstream
(edit) @4d4a406   18 months thomas2.klute New config option: GnuTLSOCSPStapling This flag option … debianupstream
(edit) @70d014b   18 months thomas2.klute Remove FIXME comment about releasing config structures: Done! debianupstream
(edit) @b8700b0   18 months thomas2.klute Deinit proxy credentials on config pool cleanup debianupstream
(edit) @02eabe7   18 months thomas2.klute TLS Proxy: Fix memory leak while logging certificate status The … debianupstream
(edit) @f265001   18 months thomas2.klute Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … debianupstream
(edit) @7e7d328   18 months thomas2.klute Deinit PGP certificate on config pool cleanup debianupstream
(edit) @44e8944   18 months thomas2.klute Allocate memory for X.509 and PGP certificates only when needed debianupstream
(edit) @eee1432   18 months thomas2.klute Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … debianupstream
(edit) @45b7b83   18 months thomas2.klute Deinit PGP private key and keyring on config pool cleanup debianupstream
(edit) @db9ef68   18 months thomas2.klute Deinit client CA list on config pool cleanup debianupstream
(edit) @81433f1   18 months thomas2.klute Reformat mgs_load_files() This commit changes only whitespace and … debianupstream
(edit) @e2ba939   18 months thomas2.klute Prevent memory leaks in post_conf hook Valgrind indicated memory … debianupstream
(edit) @894efd0   18 months thomas2.klute Check OCSP response nonce debianupstream
(edit) @82745d1   18 months thomas2.klute Fix memory usage issues * Use-after-free of the OCSP request in … debianupstream
(edit) @16ad0eb   18 months thomas2.klute Perform OCSP request over HTTP Finally the whole stack is there! … debianupstream
(edit) @0831437   18 months thomas2.klute Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro to … debianupstream
(edit) @47a909e   18 months thomas2.klute Create OCSP requests when updating the cached response Actually … debianupstream
(edit) @a372379   18 months thomas2.klute Store server certificate fingerprint in OCSP config It's not like … debianupstream
(edit) @cc74801   18 months thomas2.klute Move generated vhost-wide OCSP config into a private structure debianupstream
(edit) @5559aa6   18 months thomas2.klute Rely on cache for OCSP response expiration With fixed DBM cache … debianupstream
(edit) @11e6205   18 months thomas2.klute dbm_cache_fetch(): Clear data size on allocation failure Memory … debianupstream
(edit) @b2e6406   18 months thomas2.klute Safe integer type conversion in mgs_filter_input() Read sizes should … debianupstream
(edit) @15b22cb   18 months thomas2.klute Allow compiling with clang Needs just a minimal workaround for an … debianupstream
(edit) @d6834e0   18 months thomas2.klute OCSP refresh mutex: Prevent parallel requests Add a global mutex … debianupstream
(edit) @aa68232   18 months thomas2.klute Move global cache mutex into the private cache struct debianupstream
(edit) @e809fb3   18 months thomas2.klute Use generic cache functions for OCSP response caching With this, OCSP … debianupstream
(edit) @3e22b82   18 months thomas2.klute Add generic store/fetch support to the memcached cache Required to … debianupstream
(edit) @70a1e5a   18 months thomas2.klute Introduce OCSP caching grace time A cached OCSP response must be … debianupstream
(edit) @f450ac9   18 months thomas2.klute Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … debianupstream
(edit) @d18afb8   18 months thomas2.klute Ensure that dbm_cache_fetch() does not return expired data The cache … debianupstream
(edit) @c6572ec   18 months thomas2.klute Apply default cache timeout to OCSP responses without nextUpdate debianupstream
(edit) @c55902b   18 months thomas2.klute Trigger cache expiration on fetch, small restructuring In a situation … debianupstream
(edit) @c005645   18 months thomas2.klute Mutex for DBM cache access I noticed that with a DBM cache enabled … debianupstream
(edit) @eb63377   18 months thomas2.klute Check only expiration time for OCSP responses from cache Responses … debianupstream
(edit) @366d1a1   18 months thomas2.klute Use nextUpdate field of OCSP response to set cache lifetime debianupstream
(edit) @08817d0   18 months thomas2.klute Check OCSP response before caching Only verified responses should be … debianupstream
(edit) @368e581   18 months thomas2.klute Update OCSP response cache only if response is missing or invalid … debianupstream
(edit) @4bf4ce2   18 months thomas2.klute Use GCC builtins to catch overflows with mixed integer types … debianupstream
(edit) @6b4136c   18 months thomas2.klute Store OCSP responses in DBM cache before use This is not proper … debianupstream
(edit) @2f932fa   18 months thomas2.klute Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR … debianupstream
(edit) @6814e48   18 months thomas2.klute Explain the different signatures of the dbm_cache functions debianupstream
(edit) @15245bf   18 months thomas2.klute Split dbm_cache_fetch() in generic and GnuTLS session specific parts … debianupstream
(edit) @1d1361f   18 months thomas2.klute Make dbm_cache_store() work outside connection context debianupstream
(edit) @ae08186   18 months thomas2.klute DBM cache: Separate session caching and generic store operation debianupstream
(edit) @f785704   18 months thomas2.klute Make dbm_cache_expire() work outside connection context DBM cache … debianupstream
(edit) @04e6e65   19 months thomas2.klute Move declarations of cache-related functions to a dedicated header … debianupstream
(edit) @7511bfa   19 months thomas2.klute Use ap_log_cerror() instead of ap_log_error() where reasonable … debianupstream
(edit) @8913410   19 months thomas2.klute Update copyright headers debianupstream
(edit) @c3ad933   19 months thomas2.klute Remove stale support code for Apache versions before 2.2 debianupstream
(edit) @fd6bb19   19 months thomas2.klute Extract OCSP access URI from the server certificate debianupstream
(edit) @4ae7810   19 months thomas2.klute Log port along with hostname if OCSP trust list initialization fails debianupstream
(edit) @68ce93c   19 months thomas2.klute Rearrange mgs_get_ocsp_response() for readability debianupstream
(edit) @fad7695   19 months thomas2.klute Store OCSP trust list in server config This avoids recreating the … debianupstream
(edit) @64856fd   19 months thomas2.klute Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … debianupstream
(edit) @2a1ffd6   19 months thomas2.klute Move trust list generation for OCSP to a separate function The new … debianupstream
(edit) @d35b98e   19 months thomas2.klute Check OCSP response and staple it only if good debianupstream
(edit) @94cb972   19 months thomas2.klute Minimal OCSP stapling implementation using externally provided … debianupstream
(edit) @0bda20f   19 months thomas2.klute Make "make distcheck" work This requires strict DIST/DISTCLEAN lists … debianjessie-backportsupstream
(edit) @eb34ac4   19 months thomas2.klute Let Automake handle module installation Using a custom pkglib … debianjessie-backportsupstream
(edit) @19f2719   19 months thomas2.klute Update comments and formating in push/pull functions debianjessie-backportsupstream
(edit) @a9fa300   19 months thomas2.klute Set GnuTLS session errno on all error paths in mgs_transport_read() debianjessie-backportsupstream
(edit) @6868585   19 months thomas2.klute Remove unnecessary session pointer check The transport functions are … debianjessie-backportsupstream
(edit) @be41ee4   19 months thomas2.klute Set GnuTLS session errno on errors in mgs_transport_write() Sunil … debianjessie-backportsupstream
(edit) @8ac7c0d   22 months thomas2.klute Register "ssl_is_https" function for compatibility with mod_rewrite … debianjessie-backportsupstream
(edit) @bc539d5   23 months thomas2.klute Implement short message for mod_status reports Until now the flags … debianjessie-backportsupstream
(edit) @600cf16   23 months thomas2.klute mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … debianjessie-backportsupstream
(edit) @73b0bf0   2 years thomas2.klute mgs_filter_input: Use APR_STATUS_IS macros instead of integer comparison debianjessie-backportsupstream
(edit) @a2368a4   2 years thomas2.klute Use TLS session cleanup hook for all connection pools If a TLS … debianjessie-backportsupstream
Note: See TracRevisionLog for help on using the revision log.