Skip to content
  1. Jan 15, 2015
  2. Jan 14, 2015
  3. Jan 12, 2015
  4. Jan 09, 2015
  5. Dec 17, 2014
  6. Dec 16, 2014
    • Jim Jagielski's avatar
      Merge r1641077, r1641095 from trunk: · 610b4763
      Jim Jagielski authored
      mod_ssl: Fix recognition of OCSP stapling responses that are encoded
               improperly or too large.
      
      The one byte "ok" flag stored with the response was accounted for in
      the wrong condition.
      
      
      follow up to r1641077: 
      
      one bug was traded for another in r1641077; track the response
      length and the cached object length separately to avoid such
      confusion
      
      Submitted by: trawick
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1645935 13f79535-47bb-0310-9956-ffa450edef68
      610b4763
  7. Dec 14, 2014
  8. Dec 05, 2014
  9. Dec 02, 2014
  10. Nov 29, 2014
  11. Nov 25, 2014
    • Joe Orton's avatar
      Merge r1640036, r1640331 from trunk: · 55ad7eb6
      Joe Orton authored
      mod_proxy_fcgi: SECURITY: CVE-2014-3583 (cve.mitre.org)
      Fix a potential crash with response headers' size above 8K.
      
      The code changes to mod_authnz_fcgi keep the handle_headers()
      function in sync between the two modules.  mod_authnz_fcgi
      does not have this issue because it allocated a separate byte
      for terminating '\0'.
      
      Submitted by: ylavic, trawick
      Reviewed by: ylavic, trawick, mrumph
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641551 13f79535-47bb-0310-9956-ffa450edef68
      55ad7eb6
  12. Nov 11, 2014
  13. Nov 01, 2014
  14. Oct 29, 2014
  15. Oct 27, 2014
    • Jim Jagielski's avatar
      Merge r1629372, r1629485, r1629519 from trunk: · 1046d0c0
      Jim Jagielski authored
      Move OCSP stapling information from a per-certificate store
      (ex_data attached to an X509 *) to a per-server hash which is
      allocated from the pconf pool. Fixes PR 54357, PR 56919 and
      a leak with the certinfo_free cleanup function (missing
      OCSP_CERTID_free).
      
      * modules/ssl/ssl_util_stapling.c: drop certinfo_free, and add
        ssl_stapling_certid_free (used with apr_pool_cleanup_register).
        Switch to a stapling_certinfo hash which is keyed by the SHA-1
        digest of the certificate's DER encoding, rework ssl_stapling_init_cert
        to only store info once per certificate (allocated from the pconf
        to the extent possible) and extend the logging.
      
      * modules/ssl/ssl_private.h: adjust prototype for
        ssl_stapling_init_cert, replace ssl_stapling_ex_init with
        ssl_stapling_certinfo_hash_init
      
      * modules/ssl/ssl_engine_init.c: adjust ssl_stapling_* calls
      
      Based on initial work by Alex Bligh <alex alex.org.uk>
      
      
      Follow up to r1629372: ensure compatibily with OpenSSL < 1.0 (sk_OPENSSL_STRING_value).
      
      Follow up to r1629372 and r1629485: ensure compatibily with OpenSSL < 1.0 (sk_OPENSSL_STRING_[num|value|pop] macros).
      Submitted by: kbrand, ylavic, ylavic
      Reviewed/backported by: jim
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634529 13f79535-47bb-0310-9956-ffa450edef68
      1046d0c0