Skip to content
GitLab
  1. 11 Dec, 2007 2 commits
  3. 10 Dec, 2007 1 commit
  5. 09 Dec, 2007 2 commits
  7. 08 Dec, 2007 2 commits
  9. 03 Dec, 2007 1 commit
  11. 01 Dec, 2007 1 commit
    • Ruediger Pluem's avatar
      - when using "-l" reduce two consecutive calls to apr_time_now() to one. · a85229ed
      Ruediger Pluem authored 
        This will not change the logic if no "-l" gets used, and it will spare
  one call to apr_time_now() in case "-l" gets used and more important
  it gives the code better atomicity, because in fact between the two calls
  there is a slight change of jumping oder the DST boundary

- for historic reasons the same code block is used two times with a
  slightly different way of transforming apr_time_t to int
  (once division by APR_USEC_PER_SEC, once call to apr_time_sec()),
  so let's unify it.

- finally move the block into a function, because it gets used already
  two times.

PR: 44004
Submitted by: Rainer Jung <rainer.jung kippdata.de>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600154 13f79535-47bb-0310-9956-ffa450edef68
      a85229ed
  13. 29 Nov, 2007 2 commits
    • Nick Kew's avatar
      Since we don't support chained filters, and can't expect to while the · d6637a51
      Nick Kew authored 
      filter_init problem remains, we should make it clear to users at startup time.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599393 13f79535-47bb-0310-9956-ffa450edef68
      d6637a51
    • Joe Orton's avatar
      mod_ssl: Add support for OCSP validation of client certificates: · 34a2afe4
      Joe Orton authored 
      * modules/ssl/ssl_engine_config.c (modssl_ctx_init,
  modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
  (ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
  ssl_cmd_SSLOCSPEnable): Add functions.

* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.

* modules/ssl/ssl_private.h: Add prototypes, config options to
  modssl_ctx_t.

* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
  dispatching OCSP requests.

* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
  OCSP validation.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
  OCSP validation if configured, and the cert is so-far verified to be
  trusted.  Fail if OCSP validation is configured an the optional-no-ca 
  check tripped.

* modules/ssl/config.m4: Check for OCSP support, build new files.

* modules/ssl/mod_ssl.dsp: Build new files.

* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
  interfaces.

PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68
      34a2afe4
  15. 26 Nov, 2007 2 commits
  17. 20 Nov, 2007 3 commits
  19. 19 Nov, 2007 1 commit
  21. 16 Nov, 2007 3 commits
  23. 15 Nov, 2007 1 commit
  25. 14 Nov, 2007 1 commit
  27. 13 Nov, 2007 1 commit
  29. 10 Nov, 2007 1 commit
  31. 08 Nov, 2007 1 commit
  33. 07 Nov, 2007 2 commits
  35. 06 Nov, 2007 1 commit
    • Joe Orton's avatar
      mod_ssl: Fix forever-broken TLS upgrade support; perform the upgrade · cae41321
      Joe Orton authored 
      in the post_read_request hook rather than in a filter, and fix the
filter insertion issue:

* modules/ssl/ssl_engine_kernel.c (upgrade_connection): New function,
mostly moved from ssl_io_filter_Upgrade.
(ssl_hook_ReadReq): Call upgrade_connection to upgrade to TLS if
required.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove
function.
(ssl_io_input_add_filter, ssl_io_filter_init): Take a request_rec
pointer and pass to ap_add_*_filter to ensure the filter chain
is modified correctly; remove it from the filter afterwards.
(ssl_io_filter_register): Drop UPGRADE_FILTER registration.

* modules/ssl/mod_ssl.c (ssl_init_ssl_connection): Take a request_rec
pointer, pass to ssl_io_filter_init.
(ssl_hook_pre_connection): Pass NULL request_rec pointer to above.
(ssl_hook_Insert_Filter): Remove function.
(ssl_register_hooks): Drop insert_filter hook.

* modules/ssl/ssl_private.h: Update prototypes.

PR: 41231


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@592446 13f79535-47bb-0310-9956-ffa450edef68
      cae41321
  37. 04 Nov, 2007 1 commit
  39. 02 Nov, 2007 2 commits
  41. 31 Oct, 2007 1 commit
  43. 29 Oct, 2007 1 commit
  45. 27 Oct, 2007 1 commit
  47. 26 Oct, 2007 1 commit
  49. 24 Oct, 2007 2 commits
  51. 11 Oct, 2007 1 commit
  53. 09 Oct, 2007 1 commit
  55. 08 Oct, 2007 1 commit