source: mod_gnutls/src

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @b6c7866   13 days fiona.klute Update copyright headers of files changed this year
(edit) @a900948   13 days fiona.klute Support multiple ALPN proposals for proxy TLS connections The note …
(edit) @4d38cbd   13 days fiona.klute Return EOS/success for failed proxy TLS connections only on handshake …
(edit) @08c48d7   2 weeks fiona.klute Extract code for turning APR array of strings into gnutls_datum_t …
(edit) @c7710cf   4 weeks fiona.klute Immediately return from proxy_conn_set_alpn() if there is no proxy …
(edit) @564f33f   4 weeks fiona.klute Move SNI and ALPN setup for proxy connections to gnutls_proxy.c
(edit) @0378c22   4 weeks fiona.klute Move mod_proxy note name definitions to gnutls_proxy.h
(edit) @68b5156   4 weeks fiona.klute Move proxy-only functions from gnutls_hooks.c to a dedicated file
(edit) @0fcba60   4 weeks fiona.klute Move compiled default priorities to gnutls_util.[hc]
(edit) @f674424   5 weeks fiona.klute First prototype of proxy ALPN support The current code assumes that …
(edit) @2038b76   5 weeks fiona.klute Ensure nonblocking reads pass EAGAIN or EINTR status to caller
(edit) @92cb0cc   5 weeks fiona.klute Handle APR_TIMEUP return value from blocking ap_get_brigade() call …
(edit) @0da10eb   8 weeks fiona.klute Document Early SNI related functions and rename the post client hello hook
(edit) @64470ce   2 months fiona.klute Load credentials and prepare ALPN in pre client hello hook This fully …
(edit) @79fc46b   2 months fiona.klute Don't cancel virtual host lookup after successful default SNI fallback
(edit) @a26d3f6   2 months fiona.klute Protect early_sni_hook() against being called in the wrong context
(edit) @4963516   2 months fiona.klute Use server back reference for ALPN handling Necessary because during …
(edit) @d4c1a4e   2 months fiona.klute Add a reference from mod_gnutls server settings back to the server_rec …
(edit) @c0fc11e   2 months fiona.klute Separate functions for default SNI and loading virtual host …
(edit) @7ff6c6c   2 months fiona.klute Add proof-of-concept SNI parser in a pre client hello hook The SNI …
(edit) @4e388b0   2 months fiona.klute Consistently use strcasecmp() instead of mixing in apr_strnatcasecmp()
(edit) @f06c148   2 months fiona.klute Simplify wildcard match for virtual host aliases
(edit) @6d8c00c   2 months fiona.klute Include apr_strings.h only where needed
(edit) @3c6645b   2 months fiona.klute gnutls_hooks.c: Fix spaces in check_server_aliases()
(edit) @3aff94d   3 months fiona.klute Include cache status in mod_status reports
(edit) @04753db8   3 months fiona.klute Require Host header to match SNI hostname (if any) This is a …
(edit) @a14cf5c   3 months fiona.klute Store SNI hostname in mod_gnutls' connection context
(edit) @de3fad3   3 months fiona.klute Require handshake and request to use the same server The new check …
(edit) @15368a4   3 months fiona.klute Improve log messages for PKCS #11 provider loading
(edit) @8273683   3 months fiona.klute Fix port numbers for vhosts in post_config log messages
(edit) @469861a   4 months fiona.klute Enable session tickets in the post client hello hook With this …
(edit) @bac1a32   4 months fiona.klute Order, log message, and style fixes
(edit) @fdd3bf0   4 months fiona.klute Enable session tickets by default if GnuTLS version >= 3.6.4 GnuTLS …
(edit) @bd2b48b   4 months fiona.klute Immediately retry on EINTR or EAGAIN for blocking receive Proxy TLS …
(edit) @78d75ac   4 months fiona.klute Use the right cache config string in cache trace logs
(edit) @0d7660d   4 months fiona.klute Provide a default path for the default OCSP cache
(edit) @60868d2   4 months fiona.klute Default to NORMAL for the GnuTLS priority settings This simplifies …
(edit) @72b669e   4 months fiona.klute Refuse to send or receive over a failed TLS connection On a failed …
(edit) @adceac0   4 months fiona.klute Remove unneeded server variables "cert_cn" and "cert_san" "cert_san" …
(edit) @cb6476c   4 months fiona.klute Enable OCSP stapling by default if possible If the user hasn't …
(edit) @efc43b4   4 months fiona.klute Split per-vhost post config for OCSP stapling into configuring and …
(edit) @994200a   4 months fiona.klute Set up shmcb OCSP cache by default The shmcb socache doesn't require …
(edit) @3358887   8 months fiona.klute Assign cache configuration to server only if successful The sc->cache …
(edit) @eced11a   8 months fiona.klute Remove server variable ocsp_cache_enable There is no need to …
(edit) @92b5f4d   8 months fiona.klute Use the OCSP cache for responses
(edit) @babdb29   8 months fiona.klute Initialize and clean up the OCSP cache, following session cache patterns
(edit) @d036f96   8 months fiona.klute Add configuration directive GnuTLSOCSPCache (no-op for now) First …
(edit) @2d454a2   8 months fiona.klute Macro for session cache name
(edit) @72377cf   9 months fiona.klute Always set SSL_COMPRESS_METHOD=NULL with GnuTLS >= 3.6.0 Compression …
(edit) @ce5f776   9 months fiona.klute Move config and post_config of a cache instance to separate functions …
(edit) @5ab2868   9 months fiona.klute Remove unused server variable The mgs_srvconf_rec.non_ssl_request …
(edit) @f52f1b4   9 months fiona.klute Allow GnuTLSCacheTimeout in virtual host config I'm not sure if …
(edit) @d8d6b1e   9 months fiona.klute Reallocate buffer to data size after fetching from socache There is …
(edit) @a314ec9   9 months fiona.klute Store config pointer in struct mgs_cache for logging This way the …
(edit) @b94aee2   9 months fiona.klute Remove internal cache type enum The cache type is now transparently …
(edit) @adf36c3   9 months fiona.klute Update documentation in gnutls_cache.c
(edit) @41f9bcb   9 months fiona.klute Use cache parameter in mgs_cache_store() and mgs_cache_fetch() The …
(edit) @ded2291   9 months fiona.klute Switch generic cache store/fetch function pointers to constant …
(edit) @6bbd378   9 months fiona.klute Remove special handling for APR memcache and leftover includes
(edit) @0363315   9 months fiona.klute Use cache mutex only if socache provider is not multiprocess/thread safe
(edit) @14a6f41   9 months fiona.klute Check for a cache during OCSP setup
(edit) @de1ceab   9 months fiona.klute Replace internal cache implementation with mod_socache Massively …
(edit) @0470e44   9 months fiona.klute Support common socache "type:config" style for GnuTLSCache directive
(edit) @7921dc7   9 months fiona.klute Remove OpenPGP authentication OpenPGP authentication was removed from …
(edit) @2246a84   9 months fiona.klute Make automatic OCSP cache updates and fuzz time configurable
(edit) @fa6d0bb   9 months fiona.klute Initialize OCSP stapling only if mod_gnutls is enabled for a virtual …
(edit) @f233a23   9 months fiona.klute Logic for fuzzy OCSP update timing If a server has a lot of virtual …
(edit) @3d30543   9 months fiona.klute Write failure cache entries from asynchronous OCSP updates This …
(edit) @61e802c   9 months fiona.klute Simplify mgs_async_ocsp_update Always use OCSP mutex for updates, …
(edit) @3c475e0   9 months fiona.klute Ensure that mod_gnutls child_init runs before mod_watchdog's Our …
(edit) @103cafa   9 months fiona.klute Remove extra "OCSP failed" log entry while writing failure to cache …
(edit) @a85de63   9 months fiona.klute Make cache_fetch_func work without a connection context This is …
(edit) @c34a68b   9 months fiona.klute dbm_cache_fetch: Prepare for signature without connection context …
(edit) @3656df0   9 months fiona.klute mgs_cache_ocsp_failure: Make expiry timeout an argument A failure …
(edit) @6945efb   9 months fiona.klute mc_cache_fetch: Don't require a connection context
(edit) @3381559   9 months fiona.klute Adjust intervals for async OCSP updates based on cache expiry or failure
(edit) @0cdfb19   9 months fiona.klute Documentation for mgs_new_singleton_watchdog
(edit) @a467635   9 months fiona.klute Enable asynchronous OCSP updates Asynchronous updates are always …
(edit) @506e64a   9 months fiona.klute Optionally return cache expiry time when caching an OCSP response …
(edit) @0e3f8c6   9 months fiona.klute Create module-wide singleton watchdog during post_config
(edit) @4aa63a4   9 months fiona.klute Infrastructure for mod_watchdog support Asynchronous OCSP cache …
(edit) @3c123cd   9 months fiona.klute Update my name, prepare changelog for the next release debian/masterdebian/stretch-backportsupstream
(edit) @9cee2e9   9 months fiona.klute Support ALPN (required for secure HTTP/2) debian/masterdebian/stretch-backportsupstream
(edit) @2f10643   9 months fiona.klute Consider secondary connections (like mod_http2 streams) in hooks … debian/masterdebian/stretch-backportsupstream
(edit) @e7cf823   9 months fiona.klute Add process_connection hook, adjust hook order for mod_http2 … debian/masterdebian/stretch-backportsupstream
(edit) @4cdd4fd   9 months fiona.klute Implement ssl_var_lookup function (subset of mod_ssl implementation) … debian/masterdebian/stretch-backportsupstream
(edit) @23e98b3   9 months fiona.klute Implement ssl_engine_set as introduced by mod_ssl in Apache 2.4.33 debian/masterdebian/stretch-backportsupstream
(edit) @235e109   9 months fiona.klute Unify initialization of mod_gnutls connection context debian/masterdebian/stretch-backportsupstream
(edit) @fe21671   13 months thomas2.klute ssl_engine_disable(): Remove mod_gnutls filters, not first in chain debian/masterdebian/stretch-backportsupstream
(edit) @1de1026   14 months thomas2.klute mgs_get_ocsp_response(): Separate mgs_srvconf_rec* variable for … debian/masterdebian/stretch-backportsupstream
(edit) @994a5fb   14 months thomas2.klute Do not reconfigure OCSP status callback on each connection The … debian/masterdebian/stretch-backportsupstream
(edit) @54d07a1   15 months thomas2.klute Do not announce (unused) session ticket support on proxy connections … debian/masterdebian/stretch-backportsupstream
(edit) @265159d   15 months thomas2.klute Send SNI for proxy connections debian/masterdebian/stretch-backportsupstream
(edit) @98cf33f   16 months thomas2.klute Rewrite SNI handler to accept long names and ignore unknown name types … debian/masterdebian/stretch-backportsupstream
(edit) @017ef2d   16 months thomas2.klute Cleanup of post client hello and SNI handling functions * Get module … debian/masterdebian/stretch-backportsupstream
(edit) @cebb74a   16 months thomas2.klute Remove broken SNI/session resumption workaround By specification, the … debian/masterdebian/stretch-backportsupstream
(edit) @e389b85   16 months thomas2.klute Remove obsolete global GnuTLS (de)init calls These calls have been … debian/masterdebian/stretch-backportsupstream
(edit) @f4deac5   19 months thomas2.klute Warn users about OpenPGP deprecation OpenPGP support has been … debian/masterdebian/stretch-backportsupstream
(edit) @a2b4ab6   19 months thomas2.klute Use GnuTLS known DH parameters If the user does not configure the DH … debian/masterdebian/stretch-backportsupstream
(edit) @92ac36e   19 months thomas2.klute Remove dead code in DH parameters setup The dh_params variable in … debian/masterdebian/stretch-backportsupstream
Note: See TracRevisionLog for help on using the revision log.