Skip to content
  1. Dec 28, 2007
  3. Dec 24, 2007
  5. Dec 21, 2007
  7. Dec 14, 2007
  9. Dec 13, 2007
  11. Dec 12, 2007
  13. Dec 11, 2007
  15. Dec 10, 2007
  17. Dec 09, 2007
  19. Dec 08, 2007
  21. Dec 03, 2007
  23. Dec 01, 2007
    • Ruediger Pluem's avatar
      - when using "-l" reduce two consecutive calls to apr_time_now() to one. · a85229ed
      Ruediger Pluem authored 
        This will not change the logic if no "-l" gets used, and it will spare
  one call to apr_time_now() in case "-l" gets used and more important
  it gives the code better atomicity, because in fact between the two calls
  there is a slight change of jumping oder the DST boundary

- for historic reasons the same code block is used two times with a
  slightly different way of transforming apr_time_t to int
  (once division by APR_USEC_PER_SEC, once call to apr_time_sec()),
  so let's unify it.

- finally move the block into a function, because it gets used already
  two times.

PR: 44004
Submitted by: Rainer Jung <rainer.jung kippdata.de>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600154 13f79535-47bb-0310-9956-ffa450edef68
      a85229ed
  25. Nov 29, 2007
    • Nick Kew's avatar
      Since we don't support chained filters, and can't expect to while the · d6637a51
      Nick Kew authored 
      filter_init problem remains, we should make it clear to users at startup time.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599393 13f79535-47bb-0310-9956-ffa450edef68
      d6637a51
    • Joe Orton's avatar
      mod_ssl: Add support for OCSP validation of client certificates: · 34a2afe4
      Joe Orton authored 
      * modules/ssl/ssl_engine_config.c (modssl_ctx_init,
  modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
  (ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
  ssl_cmd_SSLOCSPEnable): Add functions.

* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.

* modules/ssl/ssl_private.h: Add prototypes, config options to
  modssl_ctx_t.

* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
  dispatching OCSP requests.

* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
  OCSP validation.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
  OCSP validation if configured, and the cert is so-far verified to be
  trusted.  Fail if OCSP validation is configured an the optional-no-ca 
  check tripped.

* modules/ssl/config.m4: Check for OCSP support, build new files.

* modules/ssl/mod_ssl.dsp: Build new files.

* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
  interfaces.

PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68
      34a2afe4
  27. Nov 26, 2007
  29. Nov 20, 2007
  31. Nov 19, 2007
  33. Nov 16, 2007
  35. Nov 15, 2007
  37. Nov 14, 2007
  39. Nov 13, 2007
  41. Nov 10, 2007
  43. Nov 08, 2007
  45. Nov 07, 2007
  47. Nov 06, 2007
    • Joe Orton's avatar
      mod_ssl: Fix forever-broken TLS upgrade support; perform the upgrade · cae41321
      Joe Orton authored 
      in the post_read_request hook rather than in a filter, and fix the
filter insertion issue:

* modules/ssl/ssl_engine_kernel.c (upgrade_connection): New function,
mostly moved from ssl_io_filter_Upgrade.
(ssl_hook_ReadReq): Call upgrade_connection to upgrade to TLS if
required.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove
function.
(ssl_io_input_add_filter, ssl_io_filter_init): Take a request_rec
pointer and pass to ap_add_*_filter to ensure the filter chain
is modified correctly; remove it from the filter afterwards.
(ssl_io_filter_register): Drop UPGRADE_FILTER registration.

* modules/ssl/mod_ssl.c (ssl_init_ssl_connection): Take a request_rec
pointer, pass to ssl_io_filter_init.
(ssl_hook_pre_connection): Pass NULL request_rec pointer to above.
(ssl_hook_Insert_Filter): Remove function.
(ssl_register_hooks): Drop insert_filter hook.

* modules/ssl/ssl_private.h: Update prototypes.

PR: 41231


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@592446 13f79535-47bb-0310-9956-ffa450edef68
      cae41321
  49. Nov 04, 2007