Context Navigation

source: mod_gnutls/src

Legend:

: Added
: Modified
: Copied or renamed

	Rev	Age	Author	Log Message
(edit)	@e819f13	3 years	fiona.klute	Unconditionally enable early SNI parsing All supported GnuTLS … asynciomainproxy-ticket
(edit)	@4f2c988	3 years	fiona.klute	Send 403 if required client post-handshake authentication fails This … asynciomainproxy-ticket
(edit)	@f94938c	3 years	fiona.klute	Nicer logging for post-handshake authentication asynciomainproxy-ticket
(edit)	@fcad37b	3 years	fiona.klute	Retry gnutls_reauth() on transport interruptions asynciomainproxy-ticket
(edit)	@9db4dcd	3 years	fiona.klute	Handle GNUTLS_E_GOT_APPLICATION_DATA on gnutls_reauth() Pending … asynciomainproxy-ticket
(edit)	@4a22ee6	3 years	fiona.klute	Fix speculative reads using cached data The rollback buffer … asynciomainproxy-ticket
(edit)	@6fa6095	3 years	fiona.klute	Partial post-handshake auth support Needs proper error handling, … asynciomainproxy-ticket
(edit)	@e24e3bf9	3 years	fiona.klute	Rewrite authz hook Using the effective mode simplifies the code a … asynciomainproxy-ticket
(edit)	@3b2edd6	3 years	fiona.klute	Use GnuTLS' certificate status text instead of hard-coded cases … asynciomainproxy-ticket
(edit)	@ee2854b	3 years	fiona.klute	Remove a forgotten "return OK" in mgs_cert_verify See … asynciomainproxy-ticket
(edit)	@99196d9	3 years	fiona.klute	Reauthentication: Much simpler check for HTTP/2 Integer comparison … asynciomainproxy-ticket
(edit)	@0dc1a31	3 years	fiona.klute	Always return DECLINED instead of OK from mgs_cert_verify The return … asynciomainproxy-ticket
(edit)	@346c03b	3 years	fiona.klute	Prohibit TLS renegotiation for HTTP/2 connections (RFC 7540, section 9.2.1) asynciomainproxy-ticket
(edit)	@b22def6	3 years	fiona.klute	Remove SIGPIPE signal block There's no discernible reason to keep … asynciomainproxy-ticket
(edit)	@05e2d9e	3 years	fiona.klute	Move function declarations for gnutls_io.c into a separate header asynciomainproxy-ticket
(edit)	@33fa7d5	3 years	fiona.klute	Ensure stapling is active for server certificates with "must-staple" … asynciomainproxy-ticket
(edit)	@5c9ca6b	3 years	fiona.klute	Ensure sc->ocsp and sc->ocsp_num are always initialized They should … asynciomainproxy-ticket
(edit)	@a3e0f7b	3 years	fiona.klute	Support a list of files for the GnuTLSOCSPResponseFile option This … asynciomainproxy-ticket
(edit)	@845c112	3 years	fiona.klute	Async OCSP updates for multi-stapling There's now one mod_watchdog … asynciomainproxy-ticket
(edit)	@c446ca5	3 years	fiona.klute	Small cleanups (use mgs_ocsp_data_t, update copyright header) asynciomainproxy-ticket
(edit)	@ce987dc	3 years	fiona.klute	Log number of certificates in chain that OCSP stapling is enabled for asynciomainproxy-ticket
(edit)	@1aad1d7	3 years	fiona.klute	Consider stapling configured if it's configured for one certificate … asynciomainproxy-ticket
(edit)	@1c3853a	3 years	fiona.klute	Minimal multi-staple implementation Works, but has limitations: * … asynciomainproxy-ticket
(edit)	@08ba205	3 years	fiona.klute	Turn per-vhost OCSP data into an array Size 1 for now, but it's a … asynciomainproxy-ticket
(edit)	@4e60dd8	3 years	fiona.klute	Handle initialization of the OCSP data structure in one place This … asynciomainproxy-ticket
(edit)	@de9b100	3 years	fiona.klute	OCSP config: Check if cache is available before processing certificate … asynciomainproxy-ticket
(edit)	@cf6f974	3 years	fiona.klute	mgs_get_ocsp_response: Accept request information from … asynciomainproxy-ticket
(edit)	@98b37a1	3 years	fiona.klute	mgs_get_ocsp_response: Consistently use "sc" variable The "sc = … asynciomainproxy-ticket
(edit)	@9418c1e	3 years	fiona.klute	mgs_cache_ocsp_failure: Require explicit struct mgs_ocsp_data asynciomainproxy-ticket
(edit)	@06dcf89	3 years	fiona.klute	mgs_cache_ocsp_response: Require explicit struct mgs_ocsp_data asynciomainproxy-ticket
(edit)	@75f2d96	3 years	fiona.klute	check_ocsp_response: Require explicit struct mgs_ocsp_data The … asynciomainproxy-ticket
(edit)	@e798149	3 years	fiona.klute	do_ocsp_request: Require responder URI This method just handles a … asynciomainproxy-ticket
(edit)	@bdd10be	3 years	fiona.klute	mgs_create_ocsp_request: Require explicit struct mgs_ocsp_data This … asynciomainproxy-ticket
(edit)	@a8374f7	3 years	fiona.klute	Keep a reference to the certificate with OCSP data When implementing … asynciomainproxy-ticket
(edit)	@e376ed8	3 years	fiona.klute	Merge branch 'subca' asynciomainproxy-ticket
(edit)	@dcec209	3 years	fiona.klute	Fix possible segfault (NULL pointer dereference) on failed TLS … asynciomainproxy-ticket
(edit)	@556783e	4 years	fiona.klute	Provide OCSP response via gnutls_certificate_retrieve_function3 … asynciomainproxy-ticket
(edit)	@81018a4	4 years	fiona.klute	Remove compatibility code for GnuTLS version before 3.6.3 asynciomainproxy-ticket
(edit)	@65c84e5	4 years	fiona.klute	Set certificates via gnutls_certificate_set_retrieve_function3() The … asynciomainproxy-ticket
(edit)	@6200f6f	4 years	fiona.klute	Switch server based on early SNI only if a name was found asynciodebian/mastermainproxy-ticket
(edit)	@b6c7866	4 years	fiona.klute	Update copyright headers of files changed this year asynciodebian/mastermainproxy-ticket
(edit)	@a900948	4 years	fiona.klute	Support multiple ALPN proposals for proxy TLS connections The note … asynciodebian/mastermainproxy-ticket
(edit)	@4d38cbd	4 years	fiona.klute	Return EOS/success for failed proxy TLS connections only on handshake … asynciodebian/mastermainproxy-ticket
(edit)	@08c48d7	4 years	fiona.klute	Extract code for turning APR array of strings into gnutls_datum_t … asynciodebian/mastermainproxy-ticket
(edit)	@c7710cf	4 years	fiona.klute	Immediately return from proxy_conn_set_alpn() if there is no proxy … asynciodebian/mastermainproxy-ticket
(edit)	@564f33f	4 years	fiona.klute	Move SNI and ALPN setup for proxy connections to gnutls_proxy.c asynciodebian/mastermainproxy-ticket
(edit)	@0378c22	4 years	fiona.klute	Move mod_proxy note name definitions to gnutls_proxy.h asynciodebian/mastermainproxy-ticket
(edit)	@68b5156	4 years	fiona.klute	Move proxy-only functions from gnutls_hooks.c to a dedicated file asynciodebian/mastermainproxy-ticket
(edit)	@0fcba60	4 years	fiona.klute	Move compiled default priorities to gnutls_util.[hc] asynciodebian/mastermainproxy-ticket
(edit)	@f674424	4 years	fiona.klute	First prototype of proxy ALPN support The current code assumes that … asynciodebian/mastermainproxy-ticket
(edit)	@2038b76	4 years	fiona.klute	Ensure nonblocking reads pass EAGAIN or EINTR status to caller asynciodebian/mastermainproxy-ticket
(edit)	@92cb0cc	4 years	fiona.klute	Handle APR_TIMEUP return value from blocking ap_get_brigade() call … asynciodebian/mastermainproxy-ticket
(edit)	@0da10eb	4 years	fiona.klute	Document Early SNI related functions and rename the post client hello hook asynciodebian/mastermainproxy-ticket
(edit)	@64470ce	4 years	fiona.klute	Load credentials and prepare ALPN in pre client hello hook This fully … asynciodebian/mastermainproxy-ticket
(edit)	@79fc46b	4 years	fiona.klute	Don't cancel virtual host lookup after successful default SNI fallback asynciodebian/mastermainproxy-ticket
(edit)	@a26d3f6	4 years	fiona.klute	Protect early_sni_hook() against being called in the wrong context asynciodebian/mastermainproxy-ticket
(edit)	@4963516	4 years	fiona.klute	Use server back reference for ALPN handling Necessary because during … asynciodebian/mastermainproxy-ticket
(edit)	@d4c1a4e	4 years	fiona.klute	Add a reference from mod_gnutls server settings back to the server_rec … asynciodebian/mastermainproxy-ticket
(edit)	@c0fc11e	4 years	fiona.klute	Separate functions for default SNI and loading virtual host … asynciodebian/mastermainproxy-ticket
(edit)	@7ff6c6c	4 years	fiona.klute	Add proof-of-concept SNI parser in a pre client hello hook The SNI … asynciodebian/mastermainproxy-ticket
(edit)	@4e388b0	4 years	fiona.klute	Consistently use strcasecmp() instead of mixing in apr_strnatcasecmp() asynciodebian/mastermainproxy-ticket
(edit)	@f06c148	4 years	fiona.klute	Simplify wildcard match for virtual host aliases asynciodebian/mastermainproxy-ticket
(edit)	@6d8c00c	4 years	fiona.klute	Include apr_strings.h only where needed asynciodebian/mastermainproxy-ticket
(edit)	@3c6645b	4 years	fiona.klute	gnutls_hooks.c: Fix spaces in check_server_aliases() asynciodebian/mastermainproxy-ticket
(edit)	@3aff94d	4 years	fiona.klute	Include cache status in mod_status reports asynciodebian/mastermainproxy-ticket
(edit)	@04753db8	4 years	fiona.klute	Require Host header to match SNI hostname (if any) This is a … asynciodebian/mastermainproxy-ticket
(edit)	@a14cf5c	4 years	fiona.klute	Store SNI hostname in mod_gnutls' connection context asynciodebian/mastermainproxy-ticket
(edit)	@de3fad3	4 years	fiona.klute	Require handshake and request to use the same server The new check … asynciodebian/mastermainproxy-ticket
(edit)	@15368a4	4 years	fiona.klute	Improve log messages for PKCS #11 provider loading asynciodebian/mastermainproxy-ticket
(edit)	@8273683	4 years	fiona.klute	Fix port numbers for vhosts in post_config log messages asynciodebian/mastermainproxy-ticket
(edit)	@469861a	4 years	fiona.klute	Enable session tickets in the post client hello hook With this … asynciodebian/mastermainproxy-ticket
(edit)	@bac1a32	4 years	fiona.klute	Order, log message, and style fixes asynciodebian/mastermainproxy-ticket
(edit)	@fdd3bf0	4 years	fiona.klute	Enable session tickets by default if GnuTLS version >= 3.6.4 GnuTLS … asynciodebian/mastermainproxy-ticket
(edit)	@bd2b48b	4 years	fiona.klute	Immediately retry on EINTR or EAGAIN for blocking receive Proxy TLS … asynciodebian/mastermainproxy-ticket
(edit)	@78d75ac	4 years	fiona.klute	Use the right cache config string in cache trace logs asynciodebian/mastermainproxy-ticket
(edit)	@0d7660d	4 years	fiona.klute	Provide a default path for the default OCSP cache asynciodebian/mastermainproxy-ticket
(edit)	@60868d2	4 years	fiona.klute	Default to NORMAL for the GnuTLS priority settings This simplifies … asynciodebian/mastermainproxy-ticket
(edit)	@72b669e	4 years	fiona.klute	Refuse to send or receive over a failed TLS connection On a failed … asynciodebian/mastermainproxy-ticket
(edit)	@adceac0	4 years	fiona.klute	Remove unneeded server variables "cert_cn" and "cert_san" "cert_san" … asynciodebian/mastermainproxy-ticket
(edit)	@cb6476c	4 years	fiona.klute	Enable OCSP stapling by default if possible If the user hasn't … asynciodebian/mastermainproxy-ticket
(edit)	@efc43b4	4 years	fiona.klute	Split per-vhost post config for OCSP stapling into configuring and … asynciodebian/mastermainproxy-ticket
(edit)	@994200a	4 years	fiona.klute	Set up shmcb OCSP cache by default The shmcb socache doesn't require … asynciodebian/mastermainproxy-ticket
(edit)	@3358887	5 years	fiona.klute	Assign cache configuration to server only if successful The sc->cache … asynciodebian/mastermainproxy-ticket
(edit)	@eced11a	5 years	fiona.klute	Remove server variable ocsp_cache_enable There is no need to … asynciodebian/mastermainproxy-ticket
(edit)	@92b5f4d	5 years	fiona.klute	Use the OCSP cache for responses asynciodebian/mastermainproxy-ticket
(edit)	@babdb29	5 years	fiona.klute	Initialize and clean up the OCSP cache, following session cache patterns asynciodebian/mastermainproxy-ticket
(edit)	@d036f96	5 years	fiona.klute	Add configuration directive GnuTLSOCSPCache (no-op for now) First … asynciodebian/mastermainproxy-ticket
(edit)	@2d454a2	5 years	fiona.klute	Macro for session cache name asynciodebian/mastermainproxy-ticket
(edit)	@72377cf	5 years	fiona.klute	Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0 Compression … asynciodebian/mastermainproxy-ticket
(edit)	@ce5f776	5 years	fiona.klute	Move config and post_config of a cache instance to separate functions … asynciodebian/mastermainproxy-ticket
(edit)	@5ab2868	5 years	fiona.klute	Remove unused server variable The mgs_srvconf_rec.non_ssl_request … asynciodebian/mastermainproxy-ticket
(edit)	@f52f1b4	5 years	fiona.klute	Allow GnuTLSCacheTimeout in virtual host config I'm not sure if … asynciodebian/mastermainproxy-ticket
(edit)	@d8d6b1e	5 years	fiona.klute	Reallocate buffer to data size after fetching from socache There is … asynciodebian/mastermainproxy-ticket
(edit)	@a314ec9	5 years	fiona.klute	Store config pointer in struct mgs_cache for logging This way the … asynciodebian/mastermainproxy-ticket
(edit)	@b94aee2	5 years	fiona.klute	Remove internal cache type enum The cache type is now transparently … asynciodebian/mastermainproxy-ticket
(edit)	@adf36c3	5 years	fiona.klute	Update documentation in gnutls_cache.c asynciodebian/mastermainproxy-ticket
(edit)	@41f9bcb	5 years	fiona.klute	Use cache parameter in mgs_cache_store() and mgs_cache_fetch() The … asynciodebian/mastermainproxy-ticket
(edit)	@ded2291	5 years	fiona.klute	Switch generic cache store/fetch function pointers to constant … asynciodebian/mastermainproxy-ticket
(edit)	@6bbd378	5 years	fiona.klute	Remove special handling for APR memcache and leftover includes asynciodebian/mastermainproxy-ticket
(edit)	@0363315	5 years	fiona.klute	Use cache mutex only if socache provider is not multiprocess/thread safe asynciodebian/mastermainproxy-ticket

Note: See TracRevisionLog for help on using the revision log.

Download in other formats: