Skip to content
GitLab
  1. 29 Nov, 2007 2 commits
    • Nick Kew's avatar
      Since we don't support chained filters, and can't expect to while the · d6637a51
      Nick Kew authored 
      filter_init problem remains, we should make it clear to users at startup time.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599393 13f79535-47bb-0310-9956-ffa450edef68
      d6637a51
    • Joe Orton's avatar
      mod_ssl: Add support for OCSP validation of client certificates: · 34a2afe4
      Joe Orton authored 
      * modules/ssl/ssl_engine_config.c (modssl_ctx_init,
  modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
  (ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
  ssl_cmd_SSLOCSPEnable): Add functions.

* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.

* modules/ssl/ssl_private.h: Add prototypes, config options to
  modssl_ctx_t.

* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
  dispatching OCSP requests.

* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
  OCSP validation.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
  OCSP validation if configured, and the cert is so-far verified to be
  trusted.  Fail if OCSP validation is configured an the optional-no-ca 
  check tripped.

* modules/ssl/config.m4: Check for OCSP support, build new files.

* modules/ssl/mod_ssl.dsp: Build new files.

* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
  interfaces.

PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68
      34a2afe4
  3. 26 Nov, 2007 2 commits
  5. 20 Nov, 2007 3 commits
  7. 19 Nov, 2007 1 commit
  9. 16 Nov, 2007 3 commits
  11. 15 Nov, 2007 1 commit
  13. 14 Nov, 2007 1 commit
  15. 13 Nov, 2007 1 commit
  17. 10 Nov, 2007 1 commit
  19. 08 Nov, 2007 1 commit
  21. 07 Nov, 2007 2 commits
  23. 06 Nov, 2007 1 commit
    • Joe Orton's avatar
      mod_ssl: Fix forever-broken TLS upgrade support; perform the upgrade · cae41321
      Joe Orton authored 
      in the post_read_request hook rather than in a filter, and fix the
filter insertion issue:

* modules/ssl/ssl_engine_kernel.c (upgrade_connection): New function,
mostly moved from ssl_io_filter_Upgrade.
(ssl_hook_ReadReq): Call upgrade_connection to upgrade to TLS if
required.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove
function.
(ssl_io_input_add_filter, ssl_io_filter_init): Take a request_rec
pointer and pass to ap_add_*_filter to ensure the filter chain
is modified correctly; remove it from the filter afterwards.
(ssl_io_filter_register): Drop UPGRADE_FILTER registration.

* modules/ssl/mod_ssl.c (ssl_init_ssl_connection): Take a request_rec
pointer, pass to ssl_io_filter_init.
(ssl_hook_pre_connection): Pass NULL request_rec pointer to above.
(ssl_hook_Insert_Filter): Remove function.
(ssl_register_hooks): Drop insert_filter hook.

* modules/ssl/ssl_private.h: Update prototypes.

PR: 41231


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@592446 13f79535-47bb-0310-9956-ffa450edef68
      cae41321
  25. 04 Nov, 2007 1 commit
  27. 02 Nov, 2007 2 commits
  29. 31 Oct, 2007 1 commit
  31. 29 Oct, 2007 1 commit
  33. 27 Oct, 2007 1 commit
  35. 26 Oct, 2007 1 commit
  37. 24 Oct, 2007 2 commits
  39. 11 Oct, 2007 1 commit
  41. 09 Oct, 2007 1 commit
  43. 08 Oct, 2007 5 commits
  45. 07 Oct, 2007 1 commit
  47. 03 Oct, 2007 1 commit
  49. 02 Oct, 2007 2 commits
  51. 30 Sep, 2007 1 commit