Context Navigation

source: mod_gnutls/src

Legend:

: Added
: Modified
: Copied or renamed

	Rev	Age	Author	Log Message
(edit)	@44e8944	4 years	thomas2.klute	Allocate memory for X.509 and PGP certificates only when needed debian/masterdebian/stretch-backportsupstream
(edit)	@eee1432	4 years	thomas2.klute	Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … debian/masterdebian/stretch-backportsupstream
(edit)	@45b7b83	4 years	thomas2.klute	Deinit PGP private key and keyring on config pool cleanup debian/masterdebian/stretch-backportsupstream
(edit)	@db9ef68	4 years	thomas2.klute	Deinit client CA list on config pool cleanup debian/masterdebian/stretch-backportsupstream
(edit)	@81433f1	4 years	thomas2.klute	Reformat mgs_load_files() This commit changes only whitespace and … debian/masterdebian/stretch-backportsupstream
(edit)	@e2ba939	4 years	thomas2.klute	Prevent memory leaks in post_conf hook Valgrind indicated memory … debian/masterdebian/stretch-backportsupstream
(edit)	@894efd0	4 years	thomas2.klute	Check OCSP response nonce debian/masterdebian/stretch-backportsupstream
(edit)	@82745d1	4 years	thomas2.klute	Fix memory usage issues * Use-after-free of the OCSP request in … debian/masterdebian/stretch-backportsupstream
(edit)	@16ad0eb	4 years	thomas2.klute	Perform OCSP request over HTTP Finally the whole stack is there! … debian/masterdebian/stretch-backportsupstream
(edit)	@0831437	4 years	thomas2.klute	Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro to … debian/masterdebian/stretch-backportsupstream
(edit)	@47a909e	4 years	thomas2.klute	Create OCSP requests when updating the cached response Actually … debian/masterdebian/stretch-backportsupstream
(edit)	@a372379	4 years	thomas2.klute	Store server certificate fingerprint in OCSP config It's not like … debian/masterdebian/stretch-backportsupstream
(edit)	@cc74801e	4 years	thomas2.klute	Move generated vhost-wide OCSP config into a private structure debian/masterdebian/stretch-backportsupstream
(edit)	@5559aa6	4 years	thomas2.klute	Rely on cache for OCSP response expiration With fixed DBM cache … debian/masterdebian/stretch-backportsupstream
(edit)	@11e6205	4 years	thomas2.klute	dbm_cache_fetch(): Clear data size on allocation failure Memory … debian/masterdebian/stretch-backportsupstream
(edit)	@b2e6406	4 years	thomas2.klute	Safe integer type conversion in mgs_filter_input() Read sizes should … debian/masterdebian/stretch-backportsupstream
(edit)	@15b22cb	4 years	thomas2.klute	Allow compiling with clang Needs just a minimal workaround for an … debian/masterdebian/stretch-backportsupstream
(edit)	@d6834e0	4 years	thomas2.klute	OCSP refresh mutex: Prevent parallel requests Add a global mutex … debian/masterdebian/stretch-backportsupstream
(edit)	@aa68232	4 years	thomas2.klute	Move global cache mutex into the private cache struct debian/masterdebian/stretch-backportsupstream
(edit)	@e809fb3	4 years	thomas2.klute	Use generic cache functions for OCSP response caching With this, OCSP … debian/masterdebian/stretch-backportsupstream
(edit)	@3e22b82	4 years	thomas2.klute	Add generic store/fetch support to the memcached cache Required to … debian/masterdebian/stretch-backportsupstream
(edit)	@70a1e5a	4 years	thomas2.klute	Introduce OCSP caching grace time A cached OCSP response must be … debian/masterdebian/stretch-backportsupstream
(edit)	@f450ac9	4 years	thomas2.klute	Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … debian/masterdebian/stretch-backportsupstream
(edit)	@d18afb8	4 years	thomas2.klute	Ensure that dbm_cache_fetch() does not return expired data The cache … debian/masterdebian/stretch-backportsupstream
(edit)	@c6572ec	4 years	thomas2.klute	Apply default cache timeout to OCSP responses without nextUpdate debian/masterdebian/stretch-backportsupstream
(edit)	@c55902b	4 years	thomas2.klute	Trigger cache expiration on fetch, small restructuring In a situation … debian/masterdebian/stretch-backportsupstream
(edit)	@c005645	4 years	thomas2.klute	Mutex for DBM cache access I noticed that with a DBM cache enabled … debian/masterdebian/stretch-backportsupstream
(edit)	@eb63377	4 years	thomas2.klute	Check only expiration time for OCSP responses from cache Responses … debian/masterdebian/stretch-backportsupstream
(edit)	@366d1a1	4 years	thomas2.klute	Use nextUpdate field of OCSP response to set cache lifetime debian/masterdebian/stretch-backportsupstream
(edit)	@08817d0	4 years	thomas2.klute	Check OCSP response before caching Only verified responses should be … debian/masterdebian/stretch-backportsupstream
(edit)	@368e581	4 years	thomas2.klute	Update OCSP response cache only if response is missing or invalid … debian/masterdebian/stretch-backportsupstream
(edit)	@4bf4ce2	4 years	thomas2.klute	Use GCC builtins to catch overflows with mixed integer types … debian/masterdebian/stretch-backportsupstream
(edit)	@6b4136c	4 years	thomas2.klute	Store OCSP responses in DBM cache before use This is not proper … debian/masterdebian/stretch-backportsupstream
(edit)	@2f932fa	4 years	thomas2.klute	Use gnutls_datum_t to pass DBM keys for GnuTLS sessions The APR … debian/masterdebian/stretch-backportsupstream
(edit)	@6814e48	4 years	thomas2.klute	Explain the different signatures of the dbm_cache functions debian/masterdebian/stretch-backportsupstream
(edit)	@15245bf	4 years	thomas2.klute	Split dbm_cache_fetch() in generic and GnuTLS session specific parts … debian/masterdebian/stretch-backportsupstream
(edit)	@1d1361f	4 years	thomas2.klute	Make dbm_cache_store() work outside connection context debian/masterdebian/stretch-backportsupstream
(edit)	@ae08186	4 years	thomas2.klute	DBM cache: Separate session caching and generic store operation debian/masterdebian/stretch-backportsupstream
(edit)	@f785704	4 years	thomas2.klute	Make dbm_cache_expire() work outside connection context DBM cache … debian/masterdebian/stretch-backportsupstream
(edit)	@04e6e65	4 years	thomas2.klute	Move declarations of cache-related functions to a dedicated header … debian/masterdebian/stretch-backportsupstream
(edit)	@7511bfa	4 years	thomas2.klute	Use ap_log_cerror() instead of ap_log_error() where reasonable … debian/masterdebian/stretch-backportsupstream
(edit)	@8913410	4 years	thomas2.klute	Update copyright headers debian/masterdebian/stretch-backportsupstream
(edit)	@c3ad933	4 years	thomas2.klute	Remove stale support code for Apache versions before 2.2 debian/masterdebian/stretch-backportsupstream
(edit)	@fd6bb19	4 years	thomas2.klute	Extract OCSP access URI from the server certificate debian/masterdebian/stretch-backportsupstream
(edit)	@4ae7810	4 years	thomas2.klute	Log port along with hostname if OCSP trust list initialization fails debian/masterdebian/stretch-backportsupstream
(edit)	@68ce93c	4 years	thomas2.klute	Rearrange mgs_get_ocsp_response() for readability debian/masterdebian/stretch-backportsupstream
(edit)	@fad7695	4 years	thomas2.klute	Store OCSP trust list in server config This avoids recreating the … debian/masterdebian/stretch-backportsupstream
(edit)	@64856fd	4 years	thomas2.klute	Get rid of exit(-1) calls in mgs_hook_post_config() This allows the … debian/masterdebian/stretch-backportsupstream
(edit)	@2a1ffd6	4 years	thomas2.klute	Move trust list generation for OCSP to a separate function The new … debian/masterdebian/stretch-backportsupstream
(edit)	@d35b98e	4 years	thomas2.klute	Check OCSP response and staple it only if good debian/masterdebian/stretch-backportsupstream
(edit)	@94cb972	4 years	thomas2.klute	Minimal OCSP stapling implementation using externally provided … debian/masterdebian/stretch-backportsupstream
(edit)	@0bda20f	4 years	thomas2.klute	Make "make distcheck" work This requires strict DIST/DISTCLEAN lists … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@eb34ac4	4 years	thomas2.klute	Let Automake handle module installation Using a custom pkglib … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@19f2719	4 years	thomas2.klute	Update comments and formating in push/pull functions debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@a9fa300	4 years	thomas2.klute	Set GnuTLS session errno on all error paths in mgs_transport_read() debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@6868585	4 years	thomas2.klute	Remove unnecessary session pointer check The transport functions are … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@be41ee4	4 years	thomas2.klute	Set GnuTLS session errno on errors in mgs_transport_write() Sunil … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@8ac7c0d	4 years	thomas2.klute	Register "ssl_is_https" function for compatibility with mod_rewrite … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@bc539d5	4 years	thomas2.klute	Implement short message for mod_status reports Until now the flags … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@600cf16	4 years	thomas2.klute	mgs_status_hook: Remove code for GnuTLS versions < 3 mod_gnutls … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@73b0bf0	4 years	thomas2.klute	mgs_filter_input: Use APR_STATUS_IS macros instead of integer comparison debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@a2368a4	4 years	thomas2.klute	Use TLS session cleanup hook for all connection pools If a TLS … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@2ceb836	4 years	thomas2.klute	Update log messages on session termination (cleanup_gnutls_session, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@401a0de	4 years	thomas2.klute	Close TLS session on EOF in input filter If the input filter receives … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@f5a36ee	4 years	thomas2.klute	Pass EAGAIN/EINTR from gnutls_io_input_read to input filter … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@02a6a18	4 years	thomas2.klute	gnutls_io.c: Don't mix EAGAIN and EINTR in mgs_transport_read … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@dff03fa	4 years	thomas2.klute	Configure C99 mode Variable declarations in for loops improve code … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@9ca1f21	4 years	thomas2.klute	Allow loading more than one PKCS #11 module using GnuTLSP11Module … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@88df24d	4 years	thomas2.klute	Replace "SSL" with "TLS" in config directive descriptions debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@176047e	4 years	thomas2.klute	Use AP_INIT_FLAG for On/Off? config directives Letting the Apache … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@7764015	4 years	thomas2.klute	Update GnuTLSP11Module documentation for stricter semantics debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@746e993	4 years	thomas2.klute	Formatting fix for PKCS #11 module loading debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@f21d2a6	4 years	thomas2.klute	Changed the semantics of GnuTLSP11Module That setting instructs … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@efd3cfe	5 years	thomas2.klute	Whitespace fix in gnutls_hooks.c debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@99f8375	5 years	thomas2.klute	Ensure safe defaults during client verification Initialize the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@dfd5837	5 years	thomas2.klute	Log possible error messages from gnutls_bye debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@ee687ab	5 years	thomas2.klute	Update README and post-install documentation hint debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@e021722	5 years	thomas2.klute	Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@e391197	5 years	thomas2.klute	Update copyright headers for C source debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@a2e3c33	5 years	thomas2.klute	Rename option SSLProxyEngine to GnuTLSProxyEngine This matches the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@e765670	5 years	thomas2.klute	Fix signature of mgs_cache_child_init when building without … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@87f1ed2	5 years	thomas2.klute	Allow loading of an additional PKCS #11 provider library When using … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@4133f2d	5 years	thomas2.klute	Unify argument handling in mgs_set_priorities Just store the argument … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@2cde026d	5 years	thomas2.klute	Merge branch 'new-gnutls-api' Merge my TLS proxy implementation with … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@73f6f12	5 years	thomas2.klute	Check handshake result before logging "TLS connection opened" Without … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@f030883	5 years	thomas2.klute	Set GnuTLS priorities for proxy connections separately Until now, … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@d04f7da	5 years	thomas2.klute	Version guards for gnutls_privkey_import_openpgp_raw workaround The … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@8b472af	5 years	thomas2.klute	Use server root for file paths in TLS proxy config This is what users … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@2cde8111	5 years	thomas2.klute	Workarounds for OpenPGP key handling Commit … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@01b5d85	5 years	thomas2.klute	Merge branch 'client-verify-fix' into new-gnutls-api Merge the fix … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@c4a015b	5 years	thomas2.klute	Merge branch 'split-testsuite' into new-gnutls-api OpenPGP support is … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@259e835	5 years	thomas2.klute	Merge branch 'master' into new-gnutls-api Branch 'master' at this … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@1d9cfaf	5 years	thomas2.klute	gnutls_config.c: Backport function signature changes from master … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@809c422	5 years	thomas2.klute	TLS proxy: Add support for CRLs to back end server verification When … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@bd24203	5 years	thomas2.klute	Explicitly build trust list for proxy connections This change … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@7d2123d	5 years	thomas2.klute	Log errors while loading proxy certificate trust list The way the … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@6bbc00a	5 years	thomas2.klute	Check hostname of proxy back end server against certificate … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@0de1839	5 years	thomas2.klute	Support X.509 auth for TLS proxy connections This commit adds support … debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@7314438	5 years	thomas2.klute	Fix whitespace problems detected by git debian/masterdebian/stretch-backportsjessie-backportsupstream
(edit)	@b324906	5 years	thomas2.klute	Merge branch 'client-verify-fix' into tls-proxy Most importantly, … debian/masterdebian/stretch-backportsjessie-backportsupstream

Note: See TracRevisionLog for help on using the revision log.

Download in other formats: