Context Navigation

source: mod_gnutls/src

Legend:

: Added
: Modified
: Copied or renamed

	Rev	Age	Author	Log Message
(edit)	@44e8944	5 years	thomas2.klute	Allocate memory for X.509 and PGP certificates only when needed asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@eee1432	5 years	thomas2.klute	Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@45b7b83	5 years	thomas2.klute	Deinit PGP private key and keyring on config pool cleanup asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@db9ef68	5 years	thomas2.klute	Deinit client CA list on config pool cleanup asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@81433f1	5 years	thomas2.klute	Reformat mgs_load_files() This commit changes only whitespace and … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e2ba939	5 years	thomas2.klute	Prevent memory leaks in post_conf hook Valgrind indicated memory … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@894efd0	5 years	thomas2.klute	Check OCSP response nonce asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@82745d1	5 years	thomas2.klute	Fix memory usage issues * Use-after-free of the OCSP request in … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@16ad0eb	5 years	thomas2.klute	Perform OCSP request over HTTP Finally the whole stack is there! … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@0831437	5 years	thomas2.klute	Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro to … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@47a909e	5 years	thomas2.klute	Create OCSP requests when updating the cached response Actually … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@a372379	5 years	thomas2.klute	Store server certificate fingerprint in OCSP config It's not like … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@cc74801e	5 years	thomas2.klute	Move generated vhost-wide OCSP config into a private structure asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@5559aa6	5 years	thomas2.klute	Rely on cache for OCSP response expiration With fixed DBM cache … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@11e6205	5 years	thomas2.klute	dbm_cache_fetch(): Clear data size on allocation failure Memory … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@b2e6406	5 years	thomas2.klute	Safe integer type conversion in mgs_filter_input() Read sizes should … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@15b22cb	5 years	thomas2.klute	Allow compiling with clang Needs just a minimal workaround for an … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@d6834e0	5 years	thomas2.klute	OCSP refresh mutex: Prevent parallel requests Add a global mutex … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@aa68232	5 years	thomas2.klute	Move global cache mutex into the private cache struct asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@e809fb3	5 years	thomas2.klute	Use generic cache functions for OCSP response caching With this, OCSP … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@3e22b82	5 years	thomas2.klute	Add generic store/fetch support to the memcached cache Required to … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@70a1e5a	5 years	thomas2.klute	Introduce OCSP caching grace time A cached OCSP response must be … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f450ac9	5 years	thomas2.klute	Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@d18afb8	5 years	thomas2.klute	Ensure that dbm_cache_fetch() does not return expired data The cache … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c6572ec	5 years	thomas2.klute	Apply default cache timeout to OCSP responses without nextUpdate asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c55902b	5 years	thomas2.klute	Trigger cache expiration on fetch, small restructuring In a situation … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c005645	5 years	thomas2.klute	Mutex for DBM cache access I noticed that with a DBM cache enabled … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@eb63377	5 years	thomas2.klute	Check only expiration time for OCSP responses from cache Responses … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@366d1a1	5 years	thomas2.klute	Use nextUpdate field of OCSP response to set cache lifetime asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@08817d0	5 years	thomas2.klute	Check OCSP response before caching Only verified responses should be … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@368e581	5 years	thomas2.klute	Update OCSP response cache only if response is missing or invalid … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4bf4ce2	5 years	thomas2.klute	Use GCC builtins to catch overflows with mixed integer types … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@6b4136c	5 years	thomas2.klute	Store OCSP responses in DBM cache before use This is not proper … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@2f932fa	5 years	thomas2.klute	Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@6814e48	5 years	thomas2.klute	Explain the different signatures of the dbm_cache functions asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@15245bf	5 years	thomas2.klute	Split dbm_cache_fetch() in generic and GnuTLS session specific parts … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@1d1361f	5 years	thomas2.klute	Make dbm_cache_store() work outside connection context asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@ae08186	5 years	thomas2.klute	DBM cache: Separate session caching and generic store operation asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@f785704	5 years	thomas2.klute	Make dbm_cache_expire() work outside connection context DBM cache … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@04e6e65	5 years	thomas2.klute	Move declarations of cache-related functions to a dedicated header … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@7511bfa	5 years	thomas2.klute	Use ap_log_cerror() instead of ap_log_error() where reasonable … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@8913410	5 years	thomas2.klute	Update copyright headers asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@c3ad933	5 years	thomas2.klute	Remove stale support code for Apache versions before 2.2 asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@fd6bb19	5 years	thomas2.klute	Extract OCSP access URI from the server certificate asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@4ae7810	5 years	thomas2.klute	Log port along with hostname if OCSP trust list initialization fails asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@68ce93c	5 years	thomas2.klute	Rearrange mgs_get_ocsp_response() for readability asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@fad7695	5 years	thomas2.klute	Store OCSP trust list in server config This avoids recreating the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@64856fd	5 years	thomas2.klute	Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@2a1ffd6	5 years	thomas2.klute	Move trust list generation for OCSP to a separate function The new … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@d35b98e	5 years	thomas2.klute	Check OCSP response and staple it only if good asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@94cb972	5 years	thomas2.klute	Minimal OCSP stapling implementation using externally provided … asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
(edit)	@0bda20f	5 years	thomas2.klute	Make "make distcheck" work This requires strict DIST/DISTCLEAN lists … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@eb34ac4	5 years	thomas2.klute	Let Automake handle module installation Using a custom pkglib … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@19f2719	5 years	thomas2.klute	Update comments and formating in push/pull functions asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@a9fa300	5 years	thomas2.klute	Set GnuTLS session errno on all error paths in mgs_transport_read() asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@6868585	5 years	thomas2.klute	Remove unnecessary session pointer check The transport functions are … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@be41ee4	5 years	thomas2.klute	Set GnuTLS session errno on errors in mgs_transport_write() Sunil … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@8ac7c0d	5 years	thomas2.klute	Register "ssl_is_https" function for compatibility with mod_rewrite … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@bc539d5	5 years	thomas2.klute	Implement short message for mod_status reports Until now the flags … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@600cf16	5 years	thomas2.klute	mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@73b0bf0	6 years	thomas2.klute	mgs_filter_input: Use APR_STATUS_IS macros instead of integer comparison asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@a2368a4	6 years	thomas2.klute	Use TLS session cleanup hook for all connection pools If a TLS … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2ceb836	6 years	thomas2.klute	Update log messages on session termination (cleanup_gnutls_session, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@401a0de	6 years	thomas2.klute	Close TLS session on EOF in input filter If the input filter receives … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@f5a36ee	6 years	thomas2.klute	Pass EAGAIN/EINTR from gnutls_io_input_read to input filter … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@02a6a18	6 years	thomas2.klute	gnutls_io.c: Don't mix EAGAIN and EINTR in mgs_transport_read … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@dff03fa	6 years	thomas2.klute	Configure C99 mode Variable declarations in for loops improve code … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@9ca1f21	6 years	thomas2.klute	Allow loading more than one PKCS #11 module using GnuTLSP11Module … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@88df24d	6 years	thomas2.klute	Replace "SSL" with "TLS" in config directive descriptions asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@176047e	6 years	thomas2.klute	Use AP_INIT_FLAG for On/Off? config directives Letting the Apache … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@7764015	6 years	thomas2.klute	Update GnuTLSP11Module documentation for stricter semantics asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@746e993	6 years	thomas2.klute	Formatting fix for PKCS #11 module loading asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@f21d2a6	6 years	thomas2.klute	Changed the semantics of GnuTLSP11Module That setting instructs … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@efd3cfe	6 years	thomas2.klute	Whitespace fix in gnutls_hooks.c asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@99f8375	6 years	thomas2.klute	Ensure safe defaults during client verification Initialize the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@dfd5837	6 years	thomas2.klute	Log possible error messages from gnutls_bye asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@ee687ab	6 years	thomas2.klute	Update README and post-install documentation hint asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e021722	6 years	thomas2.klute	Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e391197	6 years	thomas2.klute	Update copyright headers for C source asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@a2e3c33	6 years	thomas2.klute	Rename option SSLProxyEngine to GnuTLSProxyEngine This matches the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@e765670	6 years	thomas2.klute	Fix signature of mgs_cache_child_init when building without … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@87f1ed2	6 years	thomas2.klute	Allow loading of an additional PKCS #11 provider library When using … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@4133f2d	6 years	thomas2.klute	Unify argument handling in mgs_set_priorities Just store the argument … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2cde026d	6 years	thomas2.klute	Merge branch 'new-gnutls-api' Merge my TLS proxy implementation with … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@73f6f12	6 years	thomas2.klute	Check handshake result before logging "TLS connection opened" Without … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@f030883	6 years	thomas2.klute	Set GnuTLS priorities for proxy connections separately Until now, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@d04f7da	6 years	thomas2.klute	Version guards for gnutls_privkey_import_openpgp_raw workaround The … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@8b472af	6 years	thomas2.klute	Use server root for file paths in TLS proxy config This is what users … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@2cde8111	6 years	thomas2.klute	Workarounds for OpenPGP key handling Commit … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@01b5d85	6 years	thomas2.klute	Merge branch 'client-verify-fix' into new-gnutls-api Merge the fix … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@c4a015b	6 years	thomas2.klute	Merge branch 'split-testsuite' into new-gnutls-api OpenPGP support is … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@259e835	6 years	thomas2.klute	Merge branch 'master' into new-gnutls-api Branch 'master' at this … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@1d9cfaf	6 years	thomas2.klute	gnutls_config.c: Backport function signature changes from master … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@809c422	6 years	thomas2.klute	TLS proxy: Add support for CRLs to back end server verification When … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@bd24203	6 years	thomas2.klute	Explicitly build trust list for proxy connections This change … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@7d2123d	6 years	thomas2.klute	Log errors while loading proxy certificate trust list The way the … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@6bbc00a	6 years	thomas2.klute	Check hostname of proxy back end server against certificate … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@0de1839	6 years	thomas2.klute	Support X.509 auth for TLS proxy connections This commit adds support … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@7314438	6 years	thomas2.klute	Fix whitespace problems detected by git asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
(edit)	@b324906	6 years	thomas2.klute	Merge branch 'client-verify-fix' into tls-proxy Most importantly, … asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream

Note: See TracRevisionLog for help on using the revision log.

Download in other formats: