diff options
| -rw-r--r-- | CHANGES | 30 | ||||
| -rw-r--r-- | changes-entries/ProxyWebsocketFallbackToProxyHttp.txt | 3 | ||||
| -rw-r--r-- | changes-entries/fix_pr61820_regression.txt | 2 | ||||
| -rw-r--r-- | changes-entries/hc_timeouts.txt | 1 | ||||
| -rw-r--r-- | changes-entries/ocsp_stapling_core.txt | 20 |
5 files changed, 30 insertions, 26 deletions
@@ -1,6 +1,36 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) core: Fix a regression that stripped the ETag header from 304 responses. + PR 61820 [Ruediger Pluem, Roy T. Fielding] + + *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This + allows modules to access and provide OCSP response data without being tied + of each other. The data is exchanged in standard, portable formats (PEM encoded + certificates and DER encoded responses), so that the actual SSL/crypto + implementations used by the modules are independant of each other. + Registration and retrieval happen in the context of a server (server_rec) + which modules may use to decide if they are configured for this or not. + The area of changes: + 1. core: defines 2 functions in include/http_ssl.h, so that modules may + register a certificate, together with its issuer certificate for OCSP + response provisioning and ask for current response data (DER bytes) later. + Also, 2 hooks are defined that allow modules to implement this OCSP + provisioning. + 2. mod_ssl uses the new functions, in addition to what it did already, to + register its certificates this way. If no one is interested in providing + OCSP, it falls back to its own (if configured) stapling implementation. + 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending + on configuration, it will accept registrations of its own certificates only, + all certificates or none. + [Stefan Eissing] + + *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the + fallback to mod_proxy_http for WebSocket upgrade and tunneling. + [Yann Ylavic] + + *) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic] + *) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] *) mod_md: Tolerate a missing "revokeCert" or "keyChange" resource. diff --git a/changes-entries/ProxyWebsocketFallbackToProxyHttp.txt b/changes-entries/ProxyWebsocketFallbackToProxyHttp.txt deleted file mode 100644 index 660acd3d81..0000000000 --- a/changes-entries/ProxyWebsocketFallbackToProxyHttp.txt +++ /dev/null @@ -1,3 +0,0 @@ - *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the - fallback to mod_proxy_http for WebSocket upgrade and tunneling. - [Yann Ylavic] diff --git a/changes-entries/fix_pr61820_regression.txt b/changes-entries/fix_pr61820_regression.txt deleted file mode 100644 index c1ce8e5c8f..0000000000 --- a/changes-entries/fix_pr61820_regression.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) core: Fix a regression that stripped the ETag header from 304 responses. - PR 61820 [Ruediger Pluem, Roy T. Fielding] diff --git a/changes-entries/hc_timeouts.txt b/changes-entries/hc_timeouts.txt deleted file mode 100644 index 50992bf40a..0000000000 --- a/changes-entries/hc_timeouts.txt +++ /dev/null @@ -1 +0,0 @@ - *) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic]
\ No newline at end of file diff --git a/changes-entries/ocsp_stapling_core.txt b/changes-entries/ocsp_stapling_core.txt deleted file mode 100644 index c07cd3e77e..0000000000 --- a/changes-entries/ocsp_stapling_core.txt +++ /dev/null @@ -1,20 +0,0 @@ - *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This - allows modules to access and provide OCSP response data without being tied - of each other. The data is exchanged in standard, portable formats (PEM encoded - certificates and DER encoded responses), so that the actual SSL/crypto - implementations used by the modules are independant of each other. - Registration and retrieval happen in the context of a server (server_rec) - which modules may use to decide if they are configured for this or not. - The area of changes: - 1. core: defines 2 functions in include/http_ssl.h, so that modules may - register a certificate, together with its issuer certificate for OCSP - response provisioning and ask for current response data (DER bytes) later. - Also, 2 hooks are defined that allow modules to implement this OCSP - provisioning. - 2. mod_ssl uses the new functions, in addition to what it did already, to - register its certificates this way. If no one is interested in providing - OCSP, it falls back to its own (if configured) stapling implementation. - 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending - on configuration, it will accept registrations of its own certificates only, - all certificates or none. - [Stefan Eissing] |