source: mod_gnutls/src

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @54d07a1   13 months thomas2.klute Do not announce (unused) session ticket support on proxy connections … debian/masterdebian/stretch-backportsupstream
(edit) @265159d   13 months thomas2.klute Send SNI for proxy connections debian/masterdebian/stretch-backportsupstream
(edit) @98cf33f   14 months thomas2.klute Rewrite SNI handler to accept long names and ignore unknown name types … debian/masterdebian/stretch-backportsupstream
(edit) @017ef2d   14 months thomas2.klute Cleanup of post client hello and SNI handling functions * Get module … debian/masterdebian/stretch-backportsupstream
(edit) @cebb74a   14 months thomas2.klute Remove broken SNI/session resumption workaround By specification, the … debian/masterdebian/stretch-backportsupstream
(edit) @e389b85   14 months thomas2.klute Remove obsolete global GnuTLS (de)init calls These calls have been … debian/masterdebian/stretch-backportsupstream
(edit) @f4deac5   17 months thomas2.klute Warn users about OpenPGP deprecation OpenPGP support has been … debian/masterdebian/stretch-backportsupstream
(edit) @a2b4ab6   17 months thomas2.klute Use GnuTLS known DH parameters If the user does not configure the DH … debian/masterdebian/stretch-backportsupstream
(edit) @92ac36e   17 months thomas2.klute Remove dead code in DH parameters setup The dh_params variable in … debian/masterdebian/stretch-backportsupstream
(edit) @4f7edd5   20 months thomas2.klute Remove log for mutex creation errors (core logs them at emergency level) debian/masterdebian/stretch-backportsupstream
(edit) @5ac4bbe   2 years thomas2.klute Use APR_SIZE_T_FMT macro for portable apr_size_t formatting The size … debian/masterdebian/stretch-backportsupstream
(edit) @08b821a   2 years thomas2.klute gnutls_io.c: API documentation debian/masterdebian/stretch-backportsupstream
(edit) @104e881   2 years thomas2.klute General comment updates for Doxygen compatibility Mostly /* */ vs. … debian/masterdebian/stretch-backportsupstream
(edit) @14548b9   2 years thomas2.klute Update comments in gnutls_cache.(c|h) to work with Doxygen debian/masterdebian/stretch-backportsupstream
(edit) @e1c094c   2 years thomas2.klute Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring a … debian/masterdebian/stretch-backportsupstream
(edit) @b888e8b   2 years thomas2.klute New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces in … debian/masterdebian/stretch-backportsupstream
(edit) @3475e62   2 years thomas2.klute Remove EXPERIMENTAL mark for OCSP from internal documentation debian/masterdebian/stretch-backportsupstream
(edit) @c39ae1a   2 years thomas2.klute Initialize OCSP timeouts with an "unset" value The configuration … debian/masterdebian/stretch-backportsupstream
(edit) @ef107fd   2 years thomas2.klute Remove TODO for OCSP requests without nonces Ideally all OCSP … debian/masterdebian/stretch-backportsupstream
(edit) @0a02378   2 years thomas2.klute Style fixes for OCSP related time differences * Consistently use … debian/masterdebian/stretch-backportsupstream
(edit) @333bbc7   2 years thomas2.klute Configurable OCSP socket timeout Stalled OCSP requests must time out … debian/masterdebian/stretch-backportsupstream
(edit) @c6dda6d   2 years thomas2.klute Rate limit OCSP requests Retries after failed OCSP requests must be … debian/masterdebian/stretch-backportsupstream
(edit) @d26fa55   2 years thomas2.klute Allow GnuTLSOCSPGraceTime in virtual host context mgs_set_timeout … debian/masterdebian/stretch-backportsupstream
(edit) @3f0b470   2 years thomas2.klute Macro for the OCSP socket timeout debian/masterdebian/stretch-backportsupstream
(edit) @8a0da86   2 years thomas2.klute Adjust log levels for OCSP cache updates debian/masterdebian/stretch-backportsupstream
(edit) @9c456a9   2 years thomas2.klute Clean up cache logging * Demote ordinary cache store/fetch operations … debian/masterdebian/stretch-backportsupstream
(edit) @e9ef72c   2 years thomas2.klute Disable GnuTLSSessionTickets by default as described in handbook The … debian/masterdebian/stretch-backportsupstream
(edit) @f1147b6   2 years thomas2.klute OCSP post config: Ensure OCSP URI or response file are set If the … debian/masterdebian/stretch-backportsupstream
(edit) @ef06c74   2 years thomas2.klute Compatibility code for GCC version < 5 The builtin_add_overflow() … debian/masterdebian/stretch-backportsupstream
(edit) @ac3f500   2 years thomas2.klute Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … debian/masterdebian/stretch-backportsupstream
(edit) @87d507b   2 years thomas2.klute Overwrite session ticket key before releasing it Private key material … debian/masterdebian/stretch-backportsupstream
(edit) @78b75b3   2 years thomas2.klute Restore GnuTLSOCSPResponseFile option Using an externally updated … debian/masterdebian/stretch-backportsupstream
(edit) @4d4a406   2 years thomas2.klute New config option: GnuTLSOCSPStapling This flag option … debian/masterdebian/stretch-backportsupstream
(edit) @70d014b   2 years thomas2.klute Remove FIXME comment about releasing config structures: Done! debian/masterdebian/stretch-backportsupstream
(edit) @b8700b0   2 years thomas2.klute Deinit proxy credentials on config pool cleanup debian/masterdebian/stretch-backportsupstream
(edit) @02eabe7   2 years thomas2.klute TLS Proxy: Fix memory leak while logging certificate status The … debian/masterdebian/stretch-backportsupstream
(edit) @f265001   2 years thomas2.klute Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … debian/masterdebian/stretch-backportsupstream
(edit) @7e7d328   2 years thomas2.klute Deinit PGP certificate on config pool cleanup debian/masterdebian/stretch-backportsupstream
(edit) @44e8944   2 years thomas2.klute Allocate memory for X.509 and PGP certificates only when needed debian/masterdebian/stretch-backportsupstream
(edit) @eee1432   2 years thomas2.klute Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … debian/masterdebian/stretch-backportsupstream
(edit) @45b7b83   2 years thomas2.klute Deinit PGP private key and keyring on config pool cleanup debian/masterdebian/stretch-backportsupstream
(edit) @db9ef68   2 years thomas2.klute Deinit client CA list on config pool cleanup debian/masterdebian/stretch-backportsupstream
(edit) @81433f1   2 years thomas2.klute Reformat mgs_load_files() This commit changes only whitespace and … debian/masterdebian/stretch-backportsupstream
(edit) @e2ba939   2 years thomas2.klute Prevent memory leaks in post_conf hook Valgrind indicated memory … debian/masterdebian/stretch-backportsupstream
(edit) @894efd0   2 years thomas2.klute Check OCSP response nonce debian/masterdebian/stretch-backportsupstream
(edit) @82745d1   2 years thomas2.klute Fix memory usage issues * Use-after-free of the OCSP request in … debian/masterdebian/stretch-backportsupstream
(edit) @16ad0eb   2 years thomas2.klute Perform OCSP request over HTTP Finally the whole stack is there! … debian/masterdebian/stretch-backportsupstream
(edit) @0831437   2 years thomas2.klute Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro to … debian/masterdebian/stretch-backportsupstream
(edit) @47a909e   2 years thomas2.klute Create OCSP requests when updating the cached response Actually … debian/masterdebian/stretch-backportsupstream
(edit) @a372379   2 years thomas2.klute Store server certificate fingerprint in OCSP config It's not like … debian/masterdebian/stretch-backportsupstream
(edit) @cc74801   2 years thomas2.klute Move generated vhost-wide OCSP config into a private structure debian/masterdebian/stretch-backportsupstream
(edit) @5559aa6   2 years thomas2.klute Rely on cache for OCSP response expiration With fixed DBM cache … debian/masterdebian/stretch-backportsupstream
(edit) @11e6205   2 years thomas2.klute dbm_cache_fetch(): Clear data size on allocation failure Memory … debian/masterdebian/stretch-backportsupstream
(edit) @b2e6406   2 years thomas2.klute Safe integer type conversion in mgs_filter_input() Read sizes should … debian/masterdebian/stretch-backportsupstream
(edit) @15b22cb   2 years thomas2.klute Allow compiling with clang Needs just a minimal workaround for an … debian/masterdebian/stretch-backportsupstream
(edit) @d6834e0   2 years thomas2.klute OCSP refresh mutex: Prevent parallel requests Add a global mutex … debian/masterdebian/stretch-backportsupstream
(edit) @aa68232   2 years thomas2.klute Move global cache mutex into the private cache struct debian/masterdebian/stretch-backportsupstream
(edit) @e809fb3   2 years thomas2.klute Use generic cache functions for OCSP response caching With this, OCSP … debian/masterdebian/stretch-backportsupstream
(edit) @3e22b82   2 years thomas2.klute Add generic store/fetch support to the memcached cache Required to … debian/masterdebian/stretch-backportsupstream
(edit) @70a1e5a   2 years thomas2.klute Introduce OCSP caching grace time A cached OCSP response must be … debian/masterdebian/stretch-backportsupstream
(edit) @f450ac9   2 years thomas2.klute Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … debian/masterdebian/stretch-backportsupstream
(edit) @d18afb8   2 years thomas2.klute Ensure that dbm_cache_fetch() does not return expired data The cache … debian/masterdebian/stretch-backportsupstream
(edit) @c6572ec   2 years thomas2.klute Apply default cache timeout to OCSP responses without nextUpdate debian/masterdebian/stretch-backportsupstream
(edit) @c55902b   2 years thomas2.klute Trigger cache expiration on fetch, small restructuring In a situation … debian/masterdebian/stretch-backportsupstream
(edit) @c005645   2 years thomas2.klute Mutex for DBM cache access I noticed that with a DBM cache enabled … debian/masterdebian/stretch-backportsupstream
(edit) @eb63377   2 years thomas2.klute Check only expiration time for OCSP responses from cache Responses … debian/masterdebian/stretch-backportsupstream
(edit) @366d1a1   2 years thomas2.klute Use nextUpdate field of OCSP response to set cache lifetime debian/masterdebian/stretch-backportsupstream
(edit) @08817d0   2 years thomas2.klute Check OCSP response before caching Only verified responses should be … debian/masterdebian/stretch-backportsupstream
(edit) @368e581   2 years thomas2.klute Update OCSP response cache only if response is missing or invalid … debian/masterdebian/stretch-backportsupstream
(edit) @4bf4ce2   2 years thomas2.klute Use GCC builtins to catch overflows with mixed integer types … debian/masterdebian/stretch-backportsupstream
(edit) @6b4136c   2 years thomas2.klute Store OCSP responses in DBM cache before use This is not proper … debian/masterdebian/stretch-backportsupstream
(edit) @2f932fa   2 years thomas2.klute Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR … debian/masterdebian/stretch-backportsupstream
(edit) @6814e48   2 years thomas2.klute Explain the different signatures of the dbm_cache functions debian/masterdebian/stretch-backportsupstream
(edit) @15245bf   2 years thomas2.klute Split dbm_cache_fetch() in generic and GnuTLS session specific parts … debian/masterdebian/stretch-backportsupstream
(edit) @1d1361f   2 years thomas2.klute Make dbm_cache_store() work outside connection context debian/masterdebian/stretch-backportsupstream
(edit) @ae08186   2 years thomas2.klute DBM cache: Separate session caching and generic store operation debian/masterdebian/stretch-backportsupstream
(edit) @f785704   2 years thomas2.klute Make dbm_cache_expire() work outside connection context DBM cache … debian/masterdebian/stretch-backportsupstream
(edit) @04e6e65   2 years thomas2.klute Move declarations of cache-related functions to a dedicated header … debian/masterdebian/stretch-backportsupstream
(edit) @7511bfa   2 years thomas2.klute Use ap_log_cerror() instead of ap_log_error() where reasonable … debian/masterdebian/stretch-backportsupstream
(edit) @8913410   2 years thomas2.klute Update copyright headers debian/masterdebian/stretch-backportsupstream
(edit) @c3ad933   2 years thomas2.klute Remove stale support code for Apache versions before 2.2 debian/masterdebian/stretch-backportsupstream
(edit) @fd6bb19   2 years thomas2.klute Extract OCSP access URI from the server certificate debian/masterdebian/stretch-backportsupstream
(edit) @4ae7810   2 years thomas2.klute Log port along with hostname if OCSP trust list initialization fails debian/masterdebian/stretch-backportsupstream
(edit) @68ce93c   2 years thomas2.klute Rearrange mgs_get_ocsp_response() for readability debian/masterdebian/stretch-backportsupstream
(edit) @fad7695   2 years thomas2.klute Store OCSP trust list in server config This avoids recreating the … debian/masterdebian/stretch-backportsupstream
(edit) @64856fd   2 years thomas2.klute Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … debian/masterdebian/stretch-backportsupstream
(edit) @2a1ffd6   2 years thomas2.klute Move trust list generation for OCSP to a separate function The new … debian/masterdebian/stretch-backportsupstream
(edit) @d35b98e   2 years thomas2.klute Check OCSP response and staple it only if good debian/masterdebian/stretch-backportsupstream
(edit) @94cb972   2 years thomas2.klute Minimal OCSP stapling implementation using externally provided … debian/masterdebian/stretch-backportsupstream
(edit) @0bda20f   2 years thomas2.klute Make "make distcheck" work This requires strict DIST/DISTCLEAN lists … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @eb34ac4   2 years thomas2.klute Let Automake handle module installation Using a custom pkglib … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @19f2719   2 years thomas2.klute Update comments and formating in push/pull functions debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @a9fa300   2 years thomas2.klute Set GnuTLS session errno on all error paths in mgs_transport_read() debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @6868585   2 years thomas2.klute Remove unnecessary session pointer check The transport functions are … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @be41ee4   2 years thomas2.klute Set GnuTLS session errno on errors in mgs_transport_write() Sunil … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @8ac7c0d   3 years thomas2.klute Register "ssl_is_https" function for compatibility with mod_rewrite … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @bc539d5   3 years thomas2.klute Implement short message for mod_status reports Until now the flags … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @600cf16   3 years thomas2.klute mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @73b0bf0   3 years thomas2.klute mgs_filter_input: Use APR_STATUS_IS macros instead of integer comparison debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit) @a2368a4   3 years thomas2.klute Use TLS session cleanup hook for all connection pools If a TLS … debian/masterdebian/stretch-backportsjessie-backportsupstream
Note: See TracRevisionLog for help on using the revision log.