Checkout Tools
  • last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
update mod_ssl transformations
  1. … 3 more files in changeset.
link to the OpenSSL 1.0.2 version of the SSL_CONF_cmd man page
  1. … 1 more file in changeset.
Clarify the change to the default cipher suite lists
  1. … 2 more files in changeset.
adjust link to SSL_CONF_cmd man page on www.openssl.org, again
  1. … 2 more files in changeset.
Merge r1650047 from trunk:

Add support for extracting subjectAltName entries of type

rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n

variables.

* docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the

environment variables table

* modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction

of subjectAltName entries for the "StdEnvVars" case

* modules/ssl/ssl_engine_vars.c: add support for retrieving the

SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with

individual on-demand lookup (ssl_var_lookup_ssl_cert_san),

or with full-list extraction to the environment ("StdEnvVars")

* modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype

* modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and

SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common

code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where

suitable. Limit SSL_X509_getSAN to the two most common subjectAltName

entry types appearing in user or server certificates (i.e., rfc822Name

and dNSName), for the time being.

* modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8

and SSL_X509_getSAN prototypes

Proposed by: kbrand

Reviewed by: ylavic, druggeri

  1. … 9 more files in changeset.
adjust link to SSL_CONF_cmd man page on www.openssl.org
  1. … 2 more files in changeset.
Backport r1421323, r1534754, r1546693, r1555464 from trunk:

Add support for OpenSSL configuration commands by introducing

the SSLOpenSSLConfCmd directive.

Proposed by: kbrand

Reviewed by: drh, trawick

  1. … 8 more files in changeset.
RFC 6961 (TLS Multiple Certificate Status Extension)

has been published in June 2013; replace obsolete I-D reference.

  1. … 2 more files in changeset.