|
|
@44e8944
|
6 years |
thomas2.klute |
Allocate memory for X.509 and PGP certificates only when needed
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@eee1432
|
6 years |
thomas2.klute |
Bind temporary pool in mgs_load_files() to ptemp scope
Pool 'spool' …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@45b7b83
|
6 years |
thomas2.klute |
Deinit PGP private key and keyring on config pool cleanup
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@db9ef68
|
6 years |
thomas2.klute |
Deinit client CA list on config pool cleanup
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@81433f1
|
6 years |
thomas2.klute |
Reformat mgs_load_files()
This commit changes only whitespace and …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e2ba939
|
6 years |
thomas2.klute |
Prevent memory leaks in post_conf hook
Valgrind indicated memory …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@894efd0
|
6 years |
thomas2.klute |
Check OCSP response nonce
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@82745d1
|
6 years |
thomas2.klute |
Fix memory usage issues
* Use-after-free of the OCSP request in …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@16ad0eb
|
6 years |
thomas2.klute |
Perform OCSP request over HTTP
Finally the whole stack is there! …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@0831437
|
6 years |
thomas2.klute |
Clarify the purpose of mgs_time2sz()
I've renamed the CTIME macro to …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@47a909e
|
6 years |
thomas2.klute |
Create OCSP requests when updating the cached response
Actually …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@a372379
|
6 years |
thomas2.klute |
Store server certificate fingerprint in OCSP config
It's not like …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@cc74801e
|
6 years |
thomas2.klute |
Move generated vhost-wide OCSP config into a private structure
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@5559aa6
|
6 years |
thomas2.klute |
Rely on cache for OCSP response expiration
With fixed DBM cache …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@11e6205
|
6 years |
thomas2.klute |
dbm_cache_fetch(): Clear data size on allocation failure
Memory …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@b2e6406
|
6 years |
thomas2.klute |
Safe integer type conversion in mgs_filter_input()
Read sizes should …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@15b22cb
|
6 years |
thomas2.klute |
Allow compiling with clang
Needs just a minimal workaround for an …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@d6834e0
|
6 years |
thomas2.klute |
OCSP refresh mutex: Prevent parallel requests
Add a global mutex …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@aa68232
|
6 years |
thomas2.klute |
Move global cache mutex into the private cache struct
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@e809fb30
|
6 years |
thomas2.klute |
Use generic cache functions for OCSP response caching
With this, OCSP …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@3e22b82
|
6 years |
thomas2.klute |
Add generic store/fetch support to the memcached cache
Required to …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@70a1e5a
|
6 years |
thomas2.klute |
Introduce OCSP caching grace time
A cached OCSP response must be …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@f450ac9
|
6 years |
thomas2.klute |
Replace mgs_session_id2sz() with apr_(p?)escape_hex()
There's no need …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@d18afb8
|
6 years |
thomas2.klute |
Ensure that dbm_cache_fetch() does not return expired data
The cache …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c6572ec
|
6 years |
thomas2.klute |
Apply default cache timeout to OCSP responses without nextUpdate
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c55902b
|
6 years |
thomas2.klute |
Trigger cache expiration on fetch, small restructuring
In a situation …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c005645
|
6 years |
thomas2.klute |
Mutex for DBM cache access
I noticed that with a DBM cache enabled …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@eb63377
|
6 years |
thomas2.klute |
Check only expiration time for OCSP responses from cache
Responses …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@366d1a1
|
6 years |
thomas2.klute |
Use nextUpdate field of OCSP response to set cache lifetime
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@08817d0
|
6 years |
thomas2.klute |
Check OCSP response before caching
Only verified responses should be …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@368e581
|
6 years |
thomas2.klute |
Update OCSP response cache only if response is missing or invalid
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@4bf4ce2
|
6 years |
thomas2.klute |
Use GCC builtins to catch overflows with mixed integer types
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@6b4136c
|
6 years |
thomas2.klute |
Store OCSP responses in DBM cache before use
This is not proper …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@2f932fa
|
6 years |
thomas2.klute |
Use gnutls_datum_t to pass DBM keys for GnuTLS sessions
The APR …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@6814e48
|
6 years |
thomas2.klute |
Explain the different signatures of the dbm_cache functions
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@15245bf
|
6 years |
thomas2.klute |
Split dbm_cache_fetch() in generic and GnuTLS session specific parts
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@1d1361f
|
6 years |
thomas2.klute |
Make dbm_cache_store() work outside connection context
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@ae08186
|
6 years |
thomas2.klute |
DBM cache: Separate session caching and generic store operation
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@f785704
|
6 years |
thomas2.klute |
Make dbm_cache_expire() work outside connection context
DBM cache …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@04e6e65
|
6 years |
thomas2.klute |
Move declarations of cache-related functions to a dedicated header
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@7511bfa
|
6 years |
thomas2.klute |
Use ap_log_cerror() instead of ap_log_error() where reasonable
…
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@8913410
|
6 years |
thomas2.klute |
Update copyright headers
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@c3ad933
|
6 years |
thomas2.klute |
Remove stale support code for Apache versions before 2.2
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@fd6bb19
|
6 years |
thomas2.klute |
Extract OCSP access URI from the server certificate
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@4ae7810
|
6 years |
thomas2.klute |
Log port along with hostname if OCSP trust list initialization fails
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@68ce93c
|
6 years |
thomas2.klute |
Rearrange mgs_get_ocsp_response() for readability
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@fad7695
|
6 years |
thomas2.klute |
Store OCSP trust list in server config
This avoids recreating the …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@64856fd
|
6 years |
thomas2.klute |
Get rid of exit(-1) calls in mgs_hook_post_config()
This allows the …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@2a1ffd6
|
6 years |
thomas2.klute |
Move trust list generation for OCSP to a separate function
The new …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@d35b98e
|
6 years |
thomas2.klute |
Check OCSP response and staple it only if good
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@94cb972
|
6 years |
thomas2.klute |
Minimal OCSP stapling implementation using externally provided …
asynciodebian/masterdebian/stretch-backportsproxy-ticketupstream
|
|
|
@0bda20f
|
6 years |
thomas2.klute |
Make "make distcheck" work
This requires strict DIST/DISTCLEAN lists …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@eb34ac4
|
6 years |
thomas2.klute |
Let Automake handle module installation
Using a custom pkglib …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@19f2719
|
6 years |
thomas2.klute |
Update comments and formating in push/pull functions
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@a9fa300
|
6 years |
thomas2.klute |
Set GnuTLS session errno on all error paths in mgs_transport_read()
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@6868585
|
6 years |
thomas2.klute |
Remove unnecessary session pointer check
The transport functions are …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@be41ee4
|
6 years |
thomas2.klute |
Set GnuTLS session errno on errors in mgs_transport_write()
Sunil …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@8ac7c0d
|
6 years |
thomas2.klute |
Register "ssl_is_https" function for compatibility with mod_rewrite
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@bc539d5
|
6 years |
thomas2.klute |
Implement short message for mod_status reports
Until now the flags …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@600cf16
|
6 years |
thomas2.klute |
mgs_status_hook: Remove code for GnuTLS versions < 3
mod_gnutls …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@73b0bf0
|
7 years |
thomas2.klute |
mgs_filter_input: Use APR_STATUS_IS macros instead of integer comparison
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@a2368a4
|
7 years |
thomas2.klute |
Use TLS session cleanup hook for all connection pools
If a TLS …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@2ceb836
|
7 years |
thomas2.klute |
Update log messages on session termination (cleanup_gnutls_session, …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@401a0de
|
7 years |
thomas2.klute |
Close TLS session on EOF in input filter
If the input filter receives …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@f5a36ee
|
7 years |
thomas2.klute |
Pass EAGAIN/EINTR from gnutls_io_input_read to input filter
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@02a6a18
|
7 years |
thomas2.klute |
gnutls_io.c: Don't mix EAGAIN and EINTR in mgs_transport_read
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@dff03fa
|
7 years |
thomas2.klute |
Configure C99 mode
Variable declarations in for loops improve code …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@9ca1f21
|
7 years |
thomas2.klute |
Allow loading more than one PKCS #11 module using GnuTLSP11Module
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@88df24d
|
7 years |
thomas2.klute |
Replace "SSL" with "TLS" in config directive descriptions
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@176047e
|
7 years |
thomas2.klute |
Use AP_INIT_FLAG for On/Off? config directives
Letting the Apache …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@7764015
|
7 years |
thomas2.klute |
Update GnuTLSP11Module documentation for stricter semantics
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@746e993
|
7 years |
thomas2.klute |
Formatting fix for PKCS #11 module loading
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@f21d2a6
|
7 years |
thomas2.klute |
Changed the semantics of GnuTLSP11Module
That setting instructs …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@efd3cfe
|
7 years |
thomas2.klute |
Whitespace fix in gnutls_hooks.c
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@99f8375
|
7 years |
thomas2.klute |
Ensure safe defaults during client verification
Initialize the …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@dfd5837
|
7 years |
thomas2.klute |
Log possible error messages from gnutls_bye
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@ee687ab
|
7 years |
thomas2.klute |
Update README and post-install documentation hint
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@e021722
|
7 years |
thomas2.klute |
Update copyright headers for Nikos Mavrogiannopoulos' PKCS #11 patch
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@e391197
|
7 years |
thomas2.klute |
Update copyright headers for C source
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@a2e3c33
|
7 years |
thomas2.klute |
Rename option SSLProxyEngine to GnuTLSProxyEngine
This matches the …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@e765670
|
7 years |
thomas2.klute |
Fix signature of mgs_cache_child_init when building without …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@87f1ed2
|
7 years |
thomas2.klute |
Allow loading of an additional PKCS #11 provider library
When using …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@4133f2d
|
7 years |
thomas2.klute |
Unify argument handling in mgs_set_priorities
Just store the argument …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@2cde026d
|
7 years |
thomas2.klute |
Merge branch 'new-gnutls-api'
Merge my TLS proxy implementation with …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@73f6f12
|
7 years |
thomas2.klute |
Check handshake result before logging "TLS connection opened"
Without …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@f030883
|
7 years |
thomas2.klute |
Set GnuTLS priorities for proxy connections separately
Until now, …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@d04f7da
|
7 years |
thomas2.klute |
Version guards for gnutls_privkey_import_openpgp_raw workaround
The …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@8b472af
|
7 years |
thomas2.klute |
Use server root for file paths in TLS proxy config
This is what users …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@2cde8111
|
7 years |
thomas2.klute |
Workarounds for OpenPGP key handling
Commit …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@01b5d85
|
7 years |
thomas2.klute |
Merge branch 'client-verify-fix' into new-gnutls-api
Merge the fix …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@c4a015b
|
7 years |
thomas2.klute |
Merge branch 'split-testsuite' into new-gnutls-api
OpenPGP support is …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@259e835
|
7 years |
thomas2.klute |
Merge branch 'master' into new-gnutls-api
Branch 'master' at this …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@1d9cfaf
|
7 years |
thomas2.klute |
gnutls_config.c: Backport function signature changes from master
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@809c422
|
7 years |
thomas2.klute |
TLS proxy: Add support for CRLs to back end server verification
When …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@bd24203
|
7 years |
thomas2.klute |
Explicitly build trust list for proxy connections
This change …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@7d2123d
|
7 years |
thomas2.klute |
Log errors while loading proxy certificate trust list
The way the …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@6bbc00a
|
7 years |
thomas2.klute |
Check hostname of proxy back end server against certificate
…
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@0de1839
|
7 years |
thomas2.klute |
Support X.509 auth for TLS proxy connections
This commit adds support …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@7314438
|
7 years |
thomas2.klute |
Fix whitespace problems detected by git
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|
@b324906
|
7 years |
thomas2.klute |
Merge branch 'client-verify-fix' into tls-proxy
Most importantly, …
asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
|
|