| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@395228 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
but safe fix for the mod_ssl renegotiation-vs-requests-with-bodies
bug:
* modules/ssl/ssl_private.h (ssl_io_buffer_fill): Add prototype.
* modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill,
ssl_io_filter_buffer): New functions.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): If a
renegotiation is needed, and the request has a non-zero
content-length, or a t-e header (and 100-continue was not requested),
call ssl_io_buffer_fill to set aside the request body data if
possible, then proceed with the negotiation.
PR: 12355
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290965 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- change ssl_expr_eval_oid to use ssl_ext_list
This change provides for a singfle function that provides an array of all
values from a certificate that match a given extension and removes the
duplictaed code that was present.
Reviewed by: Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@289444 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
submited by: Neale Ranns neale ranns.org
reviewed by: Ian Holsman
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263931 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
variable.
* modules/ssl/ssl_private.h, modules/ssl/mod_ssl.h
(ssl_extlist_by_oid): Move prototype to ssl_private.h.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@224722 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209827 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
So don't bother to store it, but still force OpenSSL
to provide a Session ID.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setting when configured e.g. as a reverse proxy:
* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate. (ssl_hook_Translate): Remove.
* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.
PR: 34452
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161958 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* modules/ssl/ssl_engine_vars.c (ssl_ext_lookup): New function.
(ssl_var_register): Register optional function.
* modules/ssl/ssl_private.h (ssl_ext_lookup): Add prototype.
Submitted by: David Reid, Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153933 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151408 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSLCADNRequestFile and SSLCADNRequestPath.
* modules/ssl/ssl_private.h (modssl_pk_server_t): Add ca_name_path,
ca_name_file fields.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_verify): If either of
SSLCADNRequestFile or SSLCADNRequestPath are configured, load the CA
DN list sent in the CertificateRequest from those certificates.
* modules/ssl/ssl_engine_config.c (modssl_ctx_init_server): Use
pcalloc to zero-initialize the entire modssl_pk_server_t structure.
(ssl_config_server_new): Merge the ca_name_* fields.
(ssl_cmd_SSLCADNRequestPath, ssl_cmd_SSLCADNRequestFile): New
functions.
PR: 32848
Submitted by: Tim Taylor <tim.taylor dfas.mil>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125165 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
configured SSL certificates to stdout, useful for cron-ing through a
"do I need to renew any of my certificates this week" tool:
* modules/ssl/ssl_engine_config.c (ssl_hook_ConfigTest): New function.
* modules/ssl/mod_ssl.c (ssl_register_hooks): ...register it as a
test_config hook.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105741 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
environment variable name.
* modules/ssl/ssl_private.h (struct SSLDirConfigRec): Add
szUserName field.
* modules/ssl/ssl_engine_config.c (ssl_config_perdir_create,
ssl_config_perdir_merge): Initialize and merge szUserName field.
(ssl_cmd_SSLUserName): New function.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Set r->user to
the value of the chosen SSL environment variable.
* modules/ssl/mod_ssl.c: Add SSLUserName config directive.
PR: 20957
Submitted by: Martin v. Loewis <martin v.loewis.de>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103834 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
which uses the server's cipher preference order rather than the
client's.
* modules/ssl/ssl_private.h (struct SSLSrvConfigRec): Add
cipher_server_pref field.
* modules/ssl/ssl_engine_config.c (ssl_config_server_create,
ssl_config_server_merge): Initialize and merge cipher_server_pref
field.
(ssl_cmd_SSLHonorCipherOrder): New function.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Set the
context option SSL_OP_CIPHER_SERVER_PREFERENCE when required.
PR: 28665
Submitted by: Jim Shneider <jschneid netilla.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103832 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
never implemented in 2.0 and never needed to be.
* docs/ssl/ssl-std.conf.in: Remove CompatEnvVars examples.
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLOptions): Don't allow
the CompatEnvVars argument.
* modules/ssl/ssl_private.h: Remove SSL_OPT_COMPATENVVARS macro.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103829 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_expire): Likewise.
* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_expire): Likewise.
* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_expire): Make static.
* modules/ssl/ssl_private.h: Remove prototypes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103793 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
functions ssl_util_strupper, ssl_util_ptxtstub, and
ssl_util_uuencode*.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103755 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
the OPTIONAL flag can be correctly merged within the
ssl_config_server_merge() function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102860 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
to be included even when mod_ssl is not enabled.
* Makefile.in (install-include): Only install mod_ssl.h.
* modules/ssl/ssl_private.h: New file.
* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.
* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h
* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.
* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102803 13f79535-47bb-0310-9956-ffa450edef68
|
