Skip to content
  1. Nov 29, 2007
    • Joe Orton's avatar
      mod_ssl: Add support for OCSP validation of client certificates: · 34a2afe4
      Joe Orton authored
      * modules/ssl/ssl_engine_config.c (modssl_ctx_init,
        modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
        (ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
        ssl_cmd_SSLOCSPEnable): Add functions.
      
      * modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.
      
      * modules/ssl/ssl_private.h: Add prototypes, config options to
        modssl_ctx_t.
      
      * modules/ssl/ssl_util_ocsp.c: New file, utility interface for
        dispatching OCSP requests.
      
      * modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
        OCSP validation.
      
      * modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
        OCSP validation if configured, and the cert is so-far verified to be
        trusted.  Fail if OCSP validation is configured an the optional-no-ca 
        check tripped.
      
      * modules/ssl/config.m4: Check for OCSP support, build new files.
      
      * modules/ssl/mod_ssl.dsp: Build new files.
      
      * modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
        interfaces.
      
      PR: 41123
      Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
      Reviewed by: Steve Henson <steve openssl.org>
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68
      34a2afe4
  2. Nov 26, 2007
  3. Nov 20, 2007
  4. Nov 19, 2007
  5. Nov 16, 2007
  6. Nov 15, 2007
  7. Nov 14, 2007
  8. Nov 13, 2007
  9. Nov 10, 2007
  10. Nov 08, 2007
  11. Nov 07, 2007
  12. Nov 06, 2007
    • Joe Orton's avatar
      mod_ssl: Fix forever-broken TLS upgrade support; perform the upgrade · cae41321
      Joe Orton authored
      in the post_read_request hook rather than in a filter, and fix the
      filter insertion issue:
      
      * modules/ssl/ssl_engine_kernel.c (upgrade_connection): New function,
      mostly moved from ssl_io_filter_Upgrade.
      (ssl_hook_ReadReq): Call upgrade_connection to upgrade to TLS if
      required.
      
      * modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove
      function.
      (ssl_io_input_add_filter, ssl_io_filter_init): Take a request_rec
      pointer and pass to ap_add_*_filter to ensure the filter chain
      is modified correctly; remove it from the filter afterwards.
      (ssl_io_filter_register): Drop UPGRADE_FILTER registration.
      
      * modules/ssl/mod_ssl.c (ssl_init_ssl_connection): Take a request_rec
      pointer, pass to ssl_io_filter_init.
      (ssl_hook_pre_connection): Pass NULL request_rec pointer to above.
      (ssl_hook_Insert_Filter): Remove function.
      (ssl_register_hooks): Drop insert_filter hook.
      
      * modules/ssl/ssl_private.h: Update prototypes.
      
      PR: 41231
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@592446 13f79535-47bb-0310-9956-ffa450edef68
      cae41321
  13. Nov 04, 2007
  14. Nov 02, 2007
  15. Oct 31, 2007
  16. Oct 29, 2007
  17. Oct 27, 2007
  18. Oct 26, 2007
  19. Oct 24, 2007
  20. Oct 11, 2007
  21. Oct 09, 2007
  22. Oct 08, 2007
  23. Oct 07, 2007
  24. Oct 03, 2007
  25. Oct 02, 2007
  26. Sep 30, 2007
  27. Sep 29, 2007