httpd

Checkout Tools
  • last updated 8 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1650490 is being indexed.

* modules/dav/main/config.m4: Remove long-redundant expat reference.

Add copy and paste typo fix to proposal.

Xforms.

Fix copy and paste error in docs of new feature.

Promote.

Add some easy votes.

Propose.

Xforms.

  1. … 6 more files in changeset.
Add SSLSessionTickets (on|off).

It controls the use of TLS session tickets

(RFC 5077). Default is unchanged (on).

Using session tickets without restarting

the web server with an appropriate frequency

(e.g. daily) compromises perfect forward

secrecy.

As long as we do not have a nice key management

there should be a way to deactivate session

tickets.

save some bytes per Christophe's review.

Update mod_ssl's IO/state dump proposal.
mod_ssl: follow up to r1601919.

Likewise when set from SNI callback.

update mod_ssl.html.en transformation
Add support for extracting subjectAltName entries of type

rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n

variables.

* docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the

environment variables table

* modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction

of subjectAltName entries for the "StdEnvVars" case

* modules/ssl/ssl_engine_vars.c: add support for retrieving the

SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with

individual on-demand lookup (ssl_var_lookup_ssl_cert_san),

or with full-list extraction to the environment ("StdEnvVars")

* modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype

* modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and

SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common

code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where

suitable. Limit SSL_X509_getSAN to the two most common subjectAltName

entry types appearing in user or server certificates (i.e., rfc822Name

and dNSName), for the time being.

* modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8

and SSL_X509_getSAN prototypes

mod_proxy: Don't put non balancer-member workers in error state by

default for connection or 500/503 errors, and honor status=+I for

any error. PR 48388.

Add CHANGE for r1649632
Add PR
Add missing 'filemod' in functions list + minor formatting issue + long line split
Be consistant with the code below which accepts lower or upper case.
* modules/cache/mod_socache_memcache.c (socache_mc_store): Pass

through expiration time.

Submitted by: Faidon Liambotis <paravoid debian.org>, jorton

Rebuild.

XML update.

Rebuild.

XML update.

Rebuild.

XML update.

Rebuild.

XML update.

Rebuild.

XML update.