Checkout Tools
  • last updated 3 hours ago
Constraints: committers
Constraints: files
Constraints: dates
* moving the openssl related new hooks into mod_ssl_openssl.h

* chaning type parameter to openssl types

* adding explanation of return value in get_stapling_status()

* adding array element description for add_cert_files and add_fallback_cert_files hooks

  1. … 3 more files in changeset.
* include/ssl/mod_ssl.h: Include apr_tables.h and use apr_array_header_t


*) mod_ssl/mod_md:

Adding 2 new hooks for init/get of OCSP stapling status information when

other modules want to provide those. Falls back to own implementation with

same behaviour as before.

  1. … 3 more files in changeset.
*) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks for

adding certificates and keys to a virtual host. An additional hook allows

answering special TLS connections as used in ACME challenges.

  1. … 4 more files in changeset.
Follow up to r1740928: mod_ssl.h now needs http_config.h
mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,

allowing per backend TLS configuration.

  1. … 19 more files in changeset.
new Protocols directive and core API changes to enable protocol switching on HTTP Upgrade or ALPN, implemented in mod_ssl and mod_h2
  1. … 37 more files in changeset.
Formatting and wording improvements for ALPN (no code changes)

  1. … 5 more files in changeset.
Remove NPN support and focus on ALPN (RFC 7301)

* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: drop

modssl_register_npn optional function and related declarations.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks):

no longer set NPN advertisement callback.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): remove

NPN handling.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos):

remove callback.

* modules/ssl/ssl_private.h: remove NPN prototypes, set

HAVE_TLS_ALPN (OpenSSL 1.0.2 and later) with feature-based detection.

Rename SSLAlpnPreference to SSLALPNPreference, and add documentation.

Previous commits related to NPN and ALPN, for reference purposes:

r1332643 - Add support for TLS Next Protocol Negotiation

r1487772 - mod_ssl: Redesign NPN (Next Protocol Negotiation) API

to avoid use of hooks API and inter-module hard linkage

r1670397 - ALPN support, based on mod_spdy/mod_h2 patch set

r1670434 - More ALPN goodness

(plus some minor tweaks: r1670578, r1670440, r1670578,

r1670738, r1675459, and r1675549)

  1. … 10 more files in changeset.
ALPN support, based on mod_spdy/mod_h2 patch set

  1. … 4 more files in changeset.
Omitted from r1620926 in error.

Add API to support TLS channel bindings with mod_ssl.

* modules/ssl/mod_ssl.h: Define ssl_get_tls_cb.

* modules/ssl/ssl_engine_vars.c (ssl_get_tls_cb): New function.

Submitted by: Simo Sorce <simo>

mod_ssl: Add hooks to allow other modules to perform processing at

several stages of initialization and connection handling. See


This is enough to allow implementation of Certificate Transparency

outside of mod_ssl.

  1. … 10 more files in changeset.
remove stray character in comment

mod_ssl: Redesign NPN (Next Protocol Negotiation) API to avoid use of

hooks API and inter-module hard linkage:

* modules/ssl/mod_ssl.h: Remove NPN hooks, add "modssl_register_npn"

optional function and callback function type declarations for

ssl_npn_advertise_protos, ssl_npn_proto_negotiated.

* modules/ssl/mod_ssl.c: Drop hooks.

(modssl_register_npn): New optional function implementation.

(ssl_register_hooks): Register it.

* modules/ssl/ssl_private.h (SSLConnRec): Add npn_advertfns,

npn_negofns array fields.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos):

Replace use of hook API with array iteration.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Likewise.

Reviewed by: Matthew Steele <mdsteele>

  1. … 4 more files in changeset.
Removed trailing semicolons from header also.

Add support for TLS Next Protocol Negotiation:

* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new

hooks for next protocol advertisement/discovery.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable

NPN advertisement callback in handshake.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke

next-protocol discovery hook.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos):

New callback.

* modules/ssl/ssl_private.h: Add prototype.

Submitted by: Matthew Steele <mdsteele>

with slight tweaks by jorton

  1. … 6 more files in changeset.
Cleanup effort in prep for GA push:

Trim trailing whitespace... no func change

  1. … 63 more files in changeset.
update license header text
  1. … 316 more files in changeset.
Update the copyright year in all .c, .h and .xml files

  1. … 497 more files in changeset.
- remove ssl_ext_lookup and replace it with ssl_ext_list

- change ssl_expr_eval_oid to use ssl_ext_list

This change provides for a singfle function that provides an array of all

values from a certificate that match a given extension and removes the

duplictaed code that was present.

Reviewed by: Joe Orton

  1. … 4 more files in changeset.
Doxygen fixup / cleanup

submited by: Neale Ranns neale

reviewed by: Ian Holsman

  1. … 105 more files in changeset.
* modules/ssl/ssl_expr_eval.c (ssl_expr_eval_oid): Remove unused


* modules/ssl/ssl_private.h, modules/ssl/mod_ssl.h

(ssl_extlist_by_oid): Move prototype to ssl_private.h.

  1. … 2 more files in changeset.
Allow extraction of the values of SSL certificate extensions into

environment variables, so that their value can be used by any

module that is aware of environment variables, as in:

SetEnvIf OID("2.16.840.1.113730.1.13") "(.*) Generated (Certificate)" ca=$1



if the cert was issued by TinyCA.


SetenvIf OID("2.16.840.1.113730.1.13") "(.*)" NetscapeComment=$1

will set $NetscapeComment to the whole string.

It is technically allowed to have multiple instances of an extension

field, all with the same oid. In this case, the environment variable

will be set to the list of all fields, separated by commas.

The [PATCH] uses a cross-module call from mod_setenvif to

mod_ssl (the latter may also be missing: in this case the

variable will never be set). It calls a common function

in the ssl module that is also used for the SSLRequire

directive's test.

  1. … 3 more files in changeset.
* modules/ssl/mod_ssl.h: Add ssl_ext_lookup optional hook declaration.

* modules/ssl/ssl_engine_vars.c (ssl_ext_lookup): New function.

(ssl_var_register): Register optional function.

* modules/ssl/ssl_private.h (ssl_ext_lookup): Add prototype.

Submitted by: David Reid, Joe Orton

  1. … 3 more files in changeset.
Update copyright year to 2005 and standardize on current copyright owner line.

  1. … 522 more files in changeset.
general property cleanup

  1. … 712 more files in changeset.
* modules/ssl/mod_ssl.h: Declare ssl_is_https optional function.

* modules/ssl/ssl_engine_vars (ssl_is_https): New function.

(ssl_var_register): Register it.

  1. … 1 more file in changeset.
Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h

to be included even when mod_ssl is not enabled.

* (install-include): Only install mod_ssl.h.

* modules/ssl/ssl_private.h: New file.

* modules/ssl/mod_ssl.h: Move everything apart from than the optional

hook definitions into ssl_private.h.

* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h

* modules/ssl/config.m4: Always add the mod_ssl directory to the

include path so other modules can find mod_ssl.h.

* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional

hook definitions rather than copy'n'pasting them.

  1. … 28 more files in changeset.
fix name of The Apache Software Foundation

  1. … 361 more files in changeset.
fix copyright dates according to the first check in

  1. … 24 more files in changeset.