From c3685c7a960c572f83d74ddbae23f7087a129979 Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Mon, 17 May 2021 13:54:02 +0000 Subject: Sync CHANGES entries. [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889961 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 5f7d63b413..4c22d3aa1e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,36 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) core: Fix a regression that stripped the ETag header from 304 responses. + PR 61820 [Ruediger Pluem, Roy T. Fielding] + + *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This + allows modules to access and provide OCSP response data without being tied + of each other. The data is exchanged in standard, portable formats (PEM encoded + certificates and DER encoded responses), so that the actual SSL/crypto + implementations used by the modules are independant of each other. + Registration and retrieval happen in the context of a server (server_rec) + which modules may use to decide if they are configured for this or not. + The area of changes: + 1. core: defines 2 functions in include/http_ssl.h, so that modules may + register a certificate, together with its issuer certificate for OCSP + response provisioning and ask for current response data (DER bytes) later. + Also, 2 hooks are defined that allow modules to implement this OCSP + provisioning. + 2. mod_ssl uses the new functions, in addition to what it did already, to + register its certificates this way. If no one is interested in providing + OCSP, it falls back to its own (if configured) stapling implementation. + 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending + on configuration, it will accept registrations of its own certificates only, + all certificates or none. + [Stefan Eissing] + + *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the + fallback to mod_proxy_http for WebSocket upgrade and tunneling. + [Yann Ylavic] + + *) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic] + *) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] *) mod_md: Tolerate a missing "revokeCert" or "keyChange" resource. -- cgit v1.2.3