source: mod_gnutls/src

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @9071889   2 months fiona.klute Remove pointless set-once process pool userdata I know some modules …
(edit) @e819f13   2 months fiona.klute Unconditionally enable early SNI parsing All supported GnuTLS …
(edit) @4f2c988   2 months fiona.klute Send 403 if required client post-handshake authentication fails This …
(edit) @f94938c   2 months fiona.klute Nicer logging for post-handshake authentication
(edit) @fcad37b   2 months fiona.klute Retry gnutls_reauth() on transport interruptions
(edit) @9db4dcd   2 months fiona.klute Handle GNUTLS_E_GOT_APPLICATION_DATA on gnutls_reauth() Pending …
(edit) @4a22ee6   2 months fiona.klute Fix speculative reads using cached data The rollback buffer …
(edit) @6fa6095   2 months fiona.klute Partial post-handshake auth support Needs proper error handling, …
(edit) @e24e3bf9   2 months fiona.klute Rewrite authz hook Using the effective mode simplifies the code a …
(edit) @3b2edd6   2 months fiona.klute Use GnuTLS' certificate status text instead of hard-coded cases …
(edit) @ee2854b   2 months fiona.klute Remove a forgotten "return OK" in mgs_cert_verify See …
(edit) @99196d9   2 months fiona.klute Reauthentication: Much simpler check for HTTP/2 Integer comparison …
(edit) @0dc1a31   3 months fiona.klute Always return DECLINED instead of OK from mgs_cert_verify The return …
(edit) @346c03b   3 months fiona.klute Prohibit TLS renegotiation for HTTP/2 connections (RFC 7540, section 9.2.1)
(edit) @b22def6   3 months fiona.klute Remove SIGPIPE signal block There's no discernible reason to keep …
(edit) @05e2d9e   3 months fiona.klute Move function declarations for gnutls_io.c into a separate header
(edit) @33fa7d5   3 months fiona.klute Ensure stapling is active for server certificates with "must-staple" …
(edit) @5c9ca6b   3 months fiona.klute Ensure sc->ocsp and sc->ocsp_num are always initialized They should …
(edit) @a3e0f7b   3 months fiona.klute Support a list of files for the GnuTLSOCSPResponseFile option This …
(edit) @845c112   3 months fiona.klute Async OCSP updates for multi-stapling There's now one mod_watchdog …
(edit) @c446ca5   3 months fiona.klute Small cleanups (use mgs_ocsp_data_t, update copyright header)
(edit) @ce987dc   3 months fiona.klute Log number of certificates in chain that OCSP stapling is enabled for
(edit) @1aad1d7   3 months fiona.klute Consider stapling configured if it's configured for one certificate …
(edit) @1c3853a   3 months fiona.klute Minimal multi-staple implementation Works, but has limitations: * …
(edit) @08ba205   3 months fiona.klute Turn per-vhost OCSP data into an array Size 1 for now, but it's a …
(edit) @4e60dd8   3 months fiona.klute Handle initialization of the OCSP data structure in one place This …
(edit) @de9b100   3 months fiona.klute OCSP config: Check if cache is available before processing certificate …
(edit) @cf6f974   3 months fiona.klute mgs_get_ocsp_response: Accept request information from …
(edit) @98b37a1   3 months fiona.klute mgs_get_ocsp_response: Consistently use "sc" variable The "sc = …
(edit) @9418c1e   3 months fiona.klute mgs_cache_ocsp_failure: Require explicit struct mgs_ocsp_data
(edit) @06dcf89   3 months fiona.klute mgs_cache_ocsp_response: Require explicit struct mgs_ocsp_data
(edit) @75f2d96   3 months fiona.klute check_ocsp_response: Require explicit struct mgs_ocsp_data The …
(edit) @e798149   3 months fiona.klute do_ocsp_request: Require responder URI This method just handles a …
(edit) @bdd10be   3 months fiona.klute mgs_create_ocsp_request: Require explicit struct mgs_ocsp_data This …
(edit) @a8374f7   3 months fiona.klute Keep a reference to the certificate with OCSP data When implementing …
(edit) @e376ed8   4 months fiona.klute Merge branch 'subca'
(edit) @dcec209   4 months fiona.klute Fix possible segfault (NULL pointer dereference) on failed TLS …
(edit) @556783e   8 months fiona.klute Provide OCSP response via gnutls_certificate_retrieve_function3 …
(edit) @81018a4   8 months fiona.klute Remove compatibility code for GnuTLS version before 3.6.3
(edit) @65c84e5   8 months fiona.klute Set certificates via gnutls_certificate_set_retrieve_function3() The …
(edit) @6200f6f   14 months fiona.klute Switch server based on early SNI only if a name was found debian/master
(edit) @b6c7866   15 months fiona.klute Update copyright headers of files changed this year debian/master
(edit) @a900948   15 months fiona.klute Support multiple ALPN proposals for proxy TLS connections The note … debian/master
(edit) @4d38cbd   15 months fiona.klute Return EOS/success for failed proxy TLS connections only on handshake … debian/master
(edit) @08c48d7   15 months fiona.klute Extract code for turning APR array of strings into gnutls_datum_t … debian/master
(edit) @c7710cf   16 months fiona.klute Immediately return from proxy_conn_set_alpn() if there is no proxy … debian/master
(edit) @564f33f   16 months fiona.klute Move SNI and ALPN setup for proxy connections to gnutls_proxy.c debian/master
(edit) @0378c22   16 months fiona.klute Move mod_proxy note name definitions to gnutls_proxy.h debian/master
(edit) @68b5156   16 months fiona.klute Move proxy-only functions from gnutls_hooks.c to a dedicated file debian/master
(edit) @0fcba60   16 months fiona.klute Move compiled default priorities to gnutls_util.[hc] debian/master
(edit) @f674424   16 months fiona.klute First prototype of proxy ALPN support The current code assumes that … debian/master
(edit) @2038b76   16 months fiona.klute Ensure nonblocking reads pass EAGAIN or EINTR status to caller debian/master
(edit) @92cb0cc   16 months fiona.klute Handle APR_TIMEUP return value from blocking ap_get_brigade() call … debian/master
(edit) @0da10eb   16 months fiona.klute Document Early SNI related functions and rename the post client hello hook debian/master
(edit) @64470ce   17 months fiona.klute Load credentials and prepare ALPN in pre client hello hook This fully … debian/master
(edit) @79fc46b   17 months fiona.klute Don't cancel virtual host lookup after successful default SNI fallback debian/master
(edit) @a26d3f6   17 months fiona.klute Protect early_sni_hook() against being called in the wrong context debian/master
(edit) @4963516   17 months fiona.klute Use server back reference for ALPN handling Necessary because during … debian/master
(edit) @d4c1a4e   17 months fiona.klute Add a reference from mod_gnutls server settings back to the server_rec … debian/master
(edit) @c0fc11e   17 months fiona.klute Separate functions for default SNI and loading virtual host … debian/master
(edit) @7ff6c6c   17 months fiona.klute Add proof-of-concept SNI parser in a pre client hello hook The SNI … debian/master
(edit) @4e388b0   17 months fiona.klute Consistently use strcasecmp() instead of mixing in apr_strnatcasecmp() debian/master
(edit) @f06c148   17 months fiona.klute Simplify wildcard match for virtual host aliases debian/master
(edit) @6d8c00c   17 months fiona.klute Include apr_strings.h only where needed debian/master
(edit) @3c6645b   17 months fiona.klute gnutls_hooks.c: Fix spaces in check_server_aliases() debian/master
(edit) @3aff94d   17 months fiona.klute Include cache status in mod_status reports debian/master
(edit) @04753db8   17 months fiona.klute Require Host header to match SNI hostname (if any) This is a … debian/master
(edit) @a14cf5c   17 months fiona.klute Store SNI hostname in mod_gnutls' connection context debian/master
(edit) @de3fad3   17 months fiona.klute Require handshake and request to use the same server The new check … debian/master
(edit) @15368a4   17 months fiona.klute Improve log messages for PKCS #11 provider loading debian/master
(edit) @8273683   17 months fiona.klute Fix port numbers for vhosts in post_config log messages debian/master
(edit) @469861a   18 months fiona.klute Enable session tickets in the post client hello hook With this … debian/master
(edit) @bac1a32   18 months fiona.klute Order, log message, and style fixes debian/master
(edit) @fdd3bf0   18 months fiona.klute Enable session tickets by default if GnuTLS version >= 3.6.4 GnuTLS … debian/master
(edit) @bd2b48b   18 months fiona.klute Immediately retry on EINTR or EAGAIN for blocking receive Proxy TLS … debian/master
(edit) @78d75ac   18 months fiona.klute Use the right cache config string in cache trace logs debian/master
(edit) @0d7660d   18 months fiona.klute Provide a default path for the default OCSP cache debian/master
(edit) @60868d2   18 months fiona.klute Default to NORMAL for the GnuTLS priority settings This simplifies … debian/master
(edit) @72b669e   18 months fiona.klute Refuse to send or receive over a failed TLS connection On a failed … debian/master
(edit) @adceac0   18 months fiona.klute Remove unneeded server variables "cert_cn" and "cert_san" "cert_san" … debian/master
(edit) @cb6476c   18 months fiona.klute Enable OCSP stapling by default if possible If the user hasn't … debian/master
(edit) @efc43b4   18 months fiona.klute Split per-vhost post config for OCSP stapling into configuring and … debian/master
(edit) @994200a   18 months fiona.klute Set up shmcb OCSP cache by default The shmcb socache doesn't require … debian/master
(edit) @3358887   22 months fiona.klute Assign cache configuration to server only if successful The sc->cache … debian/master
(edit) @eced11a   23 months fiona.klute Remove server variable ocsp_cache_enable There is no need to … debian/master
(edit) @92b5f4d   23 months fiona.klute Use the OCSP cache for responses debian/master
(edit) @babdb29   23 months fiona.klute Initialize and clean up the OCSP cache, following session cache patterns debian/master
(edit) @d036f96   23 months fiona.klute Add configuration directive GnuTLSOCSPCache (no-op for now) First … debian/master
(edit) @2d454a2   23 months fiona.klute Macro for session cache name debian/master
(edit) @72377cf   2 years fiona.klute Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0 Compression … debian/master
(edit) @ce5f776   2 years fiona.klute Move config and post_config of a cache instance to separate functions … debian/master
(edit) @5ab2868   2 years fiona.klute Remove unused server variable The mgs_srvconf_rec.non_ssl_request … debian/master
(edit) @f52f1b4   2 years fiona.klute Allow GnuTLSCacheTimeout in virtual host config I'm not sure if … debian/master
(edit) @d8d6b1e   2 years fiona.klute Reallocate buffer to data size after fetching from socache There is … debian/master
(edit) @a314ec9   2 years fiona.klute Store config pointer in struct mgs_cache for logging This way the … debian/master
(edit) @b94aee2   2 years fiona.klute Remove internal cache type enum The cache type is now transparently … debian/master
(edit) @adf36c3   2 years fiona.klute Update documentation in gnutls_cache.c debian/master
(edit) @41f9bcb   2 years fiona.klute Use cache parameter in mgs_cache_store() and mgs_cache_fetch() The … debian/master
(edit) @ded2291   2 years fiona.klute Switch generic cache store/fetch function pointers to constant … debian/master
(edit) @6bbd378   2 years fiona.klute Remove special handling for APR memcache and leftover includes debian/master
Note: See TracRevisionLog for help on using the revision log.