Skip to content
  1. Dec 01, 2007
    • Ruediger Pluem's avatar
      - when using "-l" reduce two consecutive calls to apr_time_now() to one. · a85229ed
      Ruediger Pluem authored
        This will not change the logic if no "-l" gets used, and it will spare
        one call to apr_time_now() in case "-l" gets used and more important
        it gives the code better atomicity, because in fact between the two calls
        there is a slight change of jumping oder the DST boundary
      
      - for historic reasons the same code block is used two times with a
        slightly different way of transforming apr_time_t to int
        (once division by APR_USEC_PER_SEC, once call to apr_time_sec()),
        so let's unify it.
      
      - finally move the block into a function, because it gets used already
        two times.
      
      PR: 44004
      Submitted by: Rainer Jung <rainer.jung kippdata.de>
      Reviewed by: rpluem
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600154 13f79535-47bb-0310-9956-ffa450edef68
      a85229ed
  2. Nov 29, 2007
    • Nick Kew's avatar
      Since we don't support chained filters, and can't expect to while the · d6637a51
      Nick Kew authored
      filter_init problem remains, we should make it clear to users at startup time.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599393 13f79535-47bb-0310-9956-ffa450edef68
      d6637a51
    • Joe Orton's avatar
      mod_ssl: Add support for OCSP validation of client certificates: · 34a2afe4
      Joe Orton authored
      * modules/ssl/ssl_engine_config.c (modssl_ctx_init,
        modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
        (ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
        ssl_cmd_SSLOCSPEnable): Add functions.
      
      * modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.
      
      * modules/ssl/ssl_private.h: Add prototypes, config options to
        modssl_ctx_t.
      
      * modules/ssl/ssl_util_ocsp.c: New file, utility interface for
        dispatching OCSP requests.
      
      * modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
        OCSP validation.
      
      * modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
        OCSP validation if configured, and the cert is so-far verified to be
        trusted.  Fail if OCSP validation is configured an the optional-no-ca 
        check tripped.
      
      * modules/ssl/config.m4: Check for OCSP support, build new files.
      
      * modules/ssl/mod_ssl.dsp: Build new files.
      
      * modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
        interfaces.
      
      PR: 41123
      Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
      Reviewed by: Steve Henson <steve openssl.org>
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68
      34a2afe4
  3. Nov 26, 2007
  4. Nov 20, 2007
  5. Nov 19, 2007
  6. Nov 16, 2007
  7. Nov 15, 2007
  8. Nov 14, 2007
  9. Nov 13, 2007
  10. Nov 10, 2007
  11. Nov 08, 2007
  12. Nov 07, 2007
  13. Nov 06, 2007
    • Joe Orton's avatar
      mod_ssl: Fix forever-broken TLS upgrade support; perform the upgrade · cae41321
      Joe Orton authored
      in the post_read_request hook rather than in a filter, and fix the
      filter insertion issue:
      
      * modules/ssl/ssl_engine_kernel.c (upgrade_connection): New function,
      mostly moved from ssl_io_filter_Upgrade.
      (ssl_hook_ReadReq): Call upgrade_connection to upgrade to TLS if
      required.
      
      * modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove
      function.
      (ssl_io_input_add_filter, ssl_io_filter_init): Take a request_rec
      pointer and pass to ap_add_*_filter to ensure the filter chain
      is modified correctly; remove it from the filter afterwards.
      (ssl_io_filter_register): Drop UPGRADE_FILTER registration.
      
      * modules/ssl/mod_ssl.c (ssl_init_ssl_connection): Take a request_rec
      pointer, pass to ssl_io_filter_init.
      (ssl_hook_pre_connection): Pass NULL request_rec pointer to above.
      (ssl_hook_Insert_Filter): Remove function.
      (ssl_register_hooks): Drop insert_filter hook.
      
      * modules/ssl/ssl_private.h: Update prototypes.
      
      PR: 41231
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@592446 13f79535-47bb-0310-9956-ffa450edef68
      cae41321
  14. Nov 04, 2007
  15. Nov 02, 2007
  16. Oct 31, 2007
  17. Oct 29, 2007
  18. Oct 27, 2007
  19. Oct 26, 2007
  20. Oct 24, 2007
  21. Oct 11, 2007
  22. Oct 09, 2007
  23. Oct 08, 2007
  24. Oct 07, 2007
  25. Oct 03, 2007
  26. Oct 02, 2007