Skip to content
GitLab
  1. 26 Apr, 2015 3 commits
    • Kaspar Brand's avatar
      adjust link to SSL_CONF_cmd man page on www.openssl.org, again · 1ac212e4
      Kaspar Brand authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1676088 13f79535-47bb-0310-9956-ffa450edef68
      1ac212e4
    • Kaspar Brand's avatar
      Merge r1650047 from trunk: · ecedee6c
      Kaspar Brand authored 
      Add support for extracting subjectAltName entries of type
rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n
variables.

* docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the
  environment variables table

* modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction
  of subjectAltName entries for the "StdEnvVars" case

* modules/ssl/ssl_engine_vars.c: add support for retrieving the
  SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with
  individual on-demand lookup (ssl_var_lookup_ssl_cert_san),
  or with full-list extraction to the environment ("StdEnvVars")

* modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype

* modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and
  SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common
  code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where
  suitable. Limit SSL_X509_getSAN to the two most common subjectAltName
  entry types appearing in user or server certificates (i.e., rfc822Name
  and dNSName), for the time being.

* modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8
  and SSL_X509_getSAN prototypes


Proposed by: kbrand
Reviewed by: ylavic, druggeri


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1676087 13f79535-47bb-0310-9956-ffa450edef68
      ecedee6c
    • Kaspar Brand's avatar
      consistently output SSLCertificateChainFile deprecation warnings · bc6185db
      Kaspar Brand authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1676085 13f79535-47bb-0310-9956-ffa450edef68
      bc6185db
  3. 25 Apr, 2015 1 commit
    • Kaspar Brand's avatar
      Remove NPN support and focus on ALPN (RFC 7301) · 8017c04f
      Kaspar Brand authored 
      * modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: drop
  modssl_register_npn optional function and related declarations.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks):
  no longer set NPN advertisement callback.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): remove
  NPN handling.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos):
  remove callback.

* modules/ssl/ssl_private.h: remove NPN prototypes, set
  HAVE_TLS_ALPN (OpenSSL 1.0.2 and later) with feature-based detection.

Rename SSLAlpnPreference to SSLALPNPreference, and add documentation.

Previous commits related to NPN and ALPN, for reference purposes:

r1332643 - Add support for TLS Next Protocol Negotiation
r1487772 - mod_ssl: Redesign NPN (Next Protocol Negotiation) API
           to avoid use of hooks API and inter-module hard linkage
r1670397 - ALPN support, based on mod_spdy/mod_h2 patch set
r1670434 - More ALPN goodness

(plus some minor tweaks: r1670578, r1675459, and r1675549)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1676004 13f79535-47bb-0310-9956-ffa450edef68
      8017c04f
  5. 24 Apr, 2015 3 commits
  7. 23 Apr, 2015 5 commits
  9. 22 Apr, 2015 16 commits
  11. 21 Apr, 2015 2 commits
  13. 20 Apr, 2015 3 commits
  15. 19 Apr, 2015 7 commits