Context Navigation

source: mod_gnutls/src

Legend:

: Added
: Modified
: Copied or renamed

	Rev	Age	Author	Log Message
(edit)	@ded2291	5 years	fiona.klute	Switch generic cache store/fetch function pointers to constant … asynciodebian/mastermainproxy-ticket
(edit)	@6bbd378	5 years	fiona.klute	Remove special handling for APR memcache and leftover includes asynciodebian/mastermainproxy-ticket
(edit)	@0363315	5 years	fiona.klute	Use cache mutex only if socache provider is not multiprocess/thread safe asynciodebian/mastermainproxy-ticket
(edit)	@14a6f41	5 years	fiona.klute	Check for a cache during OCSP setup asynciodebian/mastermainproxy-ticket
(edit)	@de1ceab	5 years	fiona.klute	Replace internal cache implementation with mod_socache Massively … asynciodebian/mastermainproxy-ticket
(edit)	@0470e44	5 years	fiona.klute	Support common socache "type:config" style for GnuTLSCache directive asynciodebian/mastermainproxy-ticket
(edit)	@7921dc7	5 years	fiona.klute	Remove OpenPGP authentication OpenPGP authentication was removed from … asynciodebian/mastermainproxy-ticket
(edit)	@2246a84	5 years	fiona.klute	Make automatic OCSP cache updates and fuzz time configurable asynciodebian/mastermainproxy-ticket
(edit)	@fa6d0bb	5 years	fiona.klute	Initialize OCSP stapling only if mod_gnutls is enabled for a virtual … asynciodebian/mastermainproxy-ticket
(edit)	@f233a23	5 years	fiona.klute	Logic for fuzzy OCSP update timing If a server has a lot of virtual … asynciodebian/mastermainproxy-ticket
(edit)	@3d30543	5 years	fiona.klute	Write failure cache entries from asynchronous OCSP updates This … asynciodebian/mastermainproxy-ticket
(edit)	@61e802c	5 years	fiona.klute	Simplify mgs_async_ocsp_update Always use OCSP mutex for updates, … asynciodebian/mastermainproxy-ticket
(edit)	@3c475e0	5 years	fiona.klute	Ensure that mod_gnutls child_init runs before mod_watchdog's Our … asynciodebian/mastermainproxy-ticket
(edit)	@103cafa	5 years	fiona.klute	Remove extra "OCSP failed" log entry while writing failure to cache … asynciodebian/mastermainproxy-ticket
(edit)	@a85de63	5 years	fiona.klute	Make cache_fetch_func work without a connection context This is … asynciodebian/mastermainproxy-ticket
(edit)	@c34a68b	5 years	fiona.klute	dbm_cache_fetch: Prepare for signature without connection context … asynciodebian/mastermainproxy-ticket
(edit)	@3656df0	5 years	fiona.klute	mgs_cache_ocsp_failure: Make expiry timeout an argument A failure … asynciodebian/mastermainproxy-ticket
(edit)	@6945efb	5 years	fiona.klute	mc_cache_fetch: Don't require a connection context asynciodebian/mastermainproxy-ticket
(edit)	@3381559	5 years	fiona.klute	Adjust intervals for async OCSP updates based on cache expiry or failure asynciodebian/mastermainproxy-ticket
(edit)	@0cdfb19	5 years	fiona.klute	Documentation for mgs_new_singleton_watchdog asynciodebian/mastermainproxy-ticket
(edit)	@a467635	5 years	fiona.klute	Enable asynchronous OCSP updates Asynchronous updates are always … asynciodebian/mastermainproxy-ticket
(edit)	@506e64a	5 years	fiona.klute	Optionally return cache expiry time when caching an OCSP response … asynciodebian/mastermainproxy-ticket
(edit)	@0e3f8c6	5 years	fiona.klute	Create module-wide singleton watchdog during post_config asynciodebian/mastermainproxy-ticket
(edit)	@4aa63a4	5 years	fiona.klute	Infrastructure for mod_watchdog support Asynchronous OCSP cache … asynciodebian/mastermainproxy-ticket
(edit)	@3c123cd	5 years	fiona.klute	Update my name, prepare changelog for the next release asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@9cee2e9	5 years	fiona.klute	Support ALPN (required for secure HTTP/2) asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@2f10643	5 years	fiona.klute	Consider secondary connections (like mod_http2 streams) in hooks … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@e7cf823	5 years	fiona.klute	Add process_connection hook, adjust hook order for mod_http2 … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@4cdd4fd	5 years	fiona.klute	Implement ssl_var_lookup function (subset of mod_ssl implementation) … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@23e98b3	5 years	fiona.klute	Implement ssl_engine_set as introduced by mod_ssl in Apache 2.4.33 asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@235e109	5 years	fiona.klute	Unify initialization of mod_gnutls connection context asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@fe21671	5 years	thomas2.klute	ssl_engine_disable(): Remove mod_gnutls filters, not first in chain asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@1de1026	5 years	thomas2.klute	mgs_get_ocsp_response(): Separate mgs_srvconf_rec* variable for … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@994a5fb	5 years	thomas2.klute	Do not reconfigure OCSP status callback on each connection The … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@54d07a1	5 years	thomas2.klute	Do not announce (unused) session ticket support on proxy connections … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@265159d	5 years	thomas2.klute	Send SNI for proxy connections asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@98cf33f	6 years	thomas2.klute	Rewrite SNI handler to accept long names and ignore unknown name types … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@017ef2d	6 years	thomas2.klute	Cleanup of post client hello and SNI handling functions * Get module … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@cebb74a	6 years	thomas2.klute	Remove broken SNI/session resumption workaround By specification, the … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@e389b85	6 years	thomas2.klute	Remove obsolete global GnuTLS (de)init calls These calls have been … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@f4deac5	6 years	thomas2.klute	Warn users about OpenPGP deprecation OpenPGP support has been … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@a2b4ab6	6 years	thomas2.klute	Use GnuTLS known DH parameters If the user does not configure the DH … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@92ac36e	6 years	thomas2.klute	Remove dead code in DH parameters setup The dh_params variable in … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@4f7edd5	6 years	thomas2.klute	Remove log for mutex creation errors (core logs them at emergency level) asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@5ac4bbe	6 years	thomas2.klute	Use APR_SIZE_T_FMT macro for portable apr_size_t formatting The size … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@08b821a	6 years	thomas2.klute	gnutls_io.c: API documentation asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@104e881	6 years	thomas2.klute	General comment updates for Doxygen compatibility Mostly /* */ vs. … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@14548b9	6 years	thomas2.klute	Update comments in gnutls_cache.(c\|h) to work with Doxygen asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@e1c094c	6 years	thomas2.klute	Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout Configuring a … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@b888e8b	6 years	thomas2.klute	New directive GnuTLSOCSPCheckNonce Some CAs refuse to send nonces in … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@3475e62	6 years	thomas2.klute	Remove EXPERIMENTAL mark for OCSP from internal documentation asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c39ae1a	6 years	thomas2.klute	Initialize OCSP timeouts with an "unset" value The configuration … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@ef107fd	6 years	thomas2.klute	Remove TODO for OCSP requests without nonces Ideally all OCSP … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@0a02378	6 years	thomas2.klute	Style fixes for OCSP related time differences * Consistently use … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@333bbc7	6 years	thomas2.klute	Configurable OCSP socket timeout Stalled OCSP requests must time out … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c6dda6d	6 years	thomas2.klute	Rate limit OCSP requests Retries after failed OCSP requests must be … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@d26fa55	6 years	thomas2.klute	Allow GnuTLSOCSPGraceTime in virtual host context mgs_set_timeout … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@3f0b470	6 years	thomas2.klute	Macro for the OCSP socket timeout asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@8a0da86	7 years	thomas2.klute	Adjust log levels for OCSP cache updates asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@9c456a9	7 years	thomas2.klute	Clean up cache logging * Demote ordinary cache store/fetch operations … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@e9ef72c	7 years	thomas2.klute	Disable GnuTLSSessionTickets by default as described in handbook The … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@f1147b6	7 years	thomas2.klute	OCSP post config: Ensure OCSP URI or response file are set If the … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@ef06c74	7 years	thomas2.klute	Compatibility code for GCC version < 5 The builtin_add_overflow() … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@ac3f500	7 years	thomas2.klute	Compatibility code for GnuTLS version < 3.4 * gnutls_memset() is not … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@87d507b	7 years	thomas2.klute	Overwrite session ticket key before releasing it Private key material … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@78b75b3	7 years	thomas2.klute	Restore GnuTLSOCSPResponseFile option Using an externally updated … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@4d4a406	7 years	thomas2.klute	New config option: GnuTLSOCSPStapling This flag option … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@70d014b	7 years	thomas2.klute	Remove FIXME comment about releasing config structures: Done! asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@b8700b0	7 years	thomas2.klute	Deinit proxy credentials on config pool cleanup asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@02eabe7	7 years	thomas2.klute	TLS Proxy: Fix memory leak while logging certificate status The … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@f265001	7 years	thomas2.klute	Bind temporary pool in load_proxy_x509_credentials() to ptemp scope … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@7e7d328	7 years	thomas2.klute	Deinit PGP certificate on config pool cleanup asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@44e8944	7 years	thomas2.klute	Allocate memory for X.509 and PGP certificates only when needed asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@eee1432	7 years	thomas2.klute	Bind temporary pool in mgs_load_files() to ptemp scope Pool 'spool' … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@45b7b83	7 years	thomas2.klute	Deinit PGP private key and keyring on config pool cleanup asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@db9ef68	7 years	thomas2.klute	Deinit client CA list on config pool cleanup asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@81433f1	7 years	thomas2.klute	Reformat mgs_load_files() This commit changes only whitespace and … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@e2ba939	7 years	thomas2.klute	Prevent memory leaks in post_conf hook Valgrind indicated memory … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@894efd0	7 years	thomas2.klute	Check OCSP response nonce asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@82745d1	7 years	thomas2.klute	Fix memory usage issues * Use-after-free of the OCSP request in … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@16ad0eb	7 years	thomas2.klute	Perform OCSP request over HTTP Finally the whole stack is there! … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@0831437	7 years	thomas2.klute	Clarify the purpose of mgs_time2sz() I've renamed the CTIME macro to … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@47a909e	7 years	thomas2.klute	Create OCSP requests when updating the cached response Actually … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@a372379	7 years	thomas2.klute	Store server certificate fingerprint in OCSP config It's not like … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@cc74801e	7 years	thomas2.klute	Move generated vhost-wide OCSP config into a private structure asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@5559aa6	7 years	thomas2.klute	Rely on cache for OCSP response expiration With fixed DBM cache … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@11e6205	7 years	thomas2.klute	dbm_cache_fetch(): Clear data size on allocation failure Memory … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@b2e6406	7 years	thomas2.klute	Safe integer type conversion in mgs_filter_input() Read sizes should … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@15b22cb	7 years	thomas2.klute	Allow compiling with clang Needs just a minimal workaround for an … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@d6834e0	7 years	thomas2.klute	OCSP refresh mutex: Prevent parallel requests Add a global mutex … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@aa68232	7 years	thomas2.klute	Move global cache mutex into the private cache struct asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@e809fb30	7 years	thomas2.klute	Use generic cache functions for OCSP response caching With this, OCSP … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@3e22b82	7 years	thomas2.klute	Add generic store/fetch support to the memcached cache Required to … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@70a1e5a	7 years	thomas2.klute	Introduce OCSP caching grace time A cached OCSP response must be … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@f450ac9	7 years	thomas2.klute	Replace mgs_session_id2sz() with apr_(p?)escape_hex() There's no need … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@d18afb8	7 years	thomas2.klute	Ensure that dbm_cache_fetch() does not return expired data The cache … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c6572ec	7 years	thomas2.klute	Apply default cache timeout to OCSP responses without nextUpdate asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c55902b	7 years	thomas2.klute	Trigger cache expiration on fetch, small restructuring In a situation … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@c005645	7 years	thomas2.klute	Mutex for DBM cache access I noticed that with a DBM cache enabled … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream
(edit)	@eb63377	7 years	thomas2.klute	Check only expiration time for OCSP responses from cache Responses … asynciodebian/masterdebian/stretch-backportsmainproxy-ticketupstream

Note: See TracRevisionLog for help on using the revision log.

Download in other formats: