delta/apache/httpd.git/modules/ssl/mod_ssl.c, branch execd-dev github.com: apache/httpd.git No functional Change: Removing trailing whitespace. This also 2005-11-10T15:11:44+00:00 Jim Jagielski jim@apache.org 2005-11-10T15:11:44+00:00 5061d9fa920cb1821a51495fc42833c54e5bd714 means that "blank" lines consisting of just spaces or tabs are now really blank lines git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332306 13f79535-47bb-0310-9956-ffa450edef68 
means that "blank" lines consisting of just spaces or
tabs are now really blank lines


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332306 13f79535-47bb-0310-9956-ffa450edef68
No functional change: simple detabbing of indented code. 2005-11-10T15:05:51+00:00 Jim Jagielski jim@apache.org 2005-11-10T15:05:51+00:00 5d2fae4818e5eca5c32f439da1dbaed1bb2dad1b git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332305 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332305 13f79535-47bb-0310-9956-ffa450edef68
- remove ssl_ext_lookup and replace it with ssl_ext_list 2005-09-16T09:03:49+00:00 David Reid dreid@apache.org 2005-09-16T09:03:49+00:00 42b3715533aac28a1a179c9ff72c08a10773ca75 - change ssl_expr_eval_oid to use ssl_ext_list This change provides for a singfle function that provides an array of all values from a certificate that match a given extension and removes the duplictaed code that was present. Reviewed by: Joe Orton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@289444 13f79535-47bb-0310-9956-ffa450edef68 
- change ssl_expr_eval_oid to use ssl_ext_list

This change provides for a singfle function that provides an array of all
values from a certificate that match a given extension and removes the
duplictaed code that was present.

Reviewed by: Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@289444 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/mod_ssl.c (ssl_hook_pre_config): Initialize all 2005-08-01T12:11:30+00:00 Joe Orton jorton@apache.org 2005-08-01T12:11:30+00:00 8fab5ecebac4e80eae524e6adeb685131d622559 algorithms in OpenSSL; enables PKCS#8 keyfile support. PR: 35469 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@226777 13f79535-47bb-0310-9956-ffa450edef68 
algorithms in OpenSSL; enables PKCS#8 keyfile support.

PR: 35469


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@226777 13f79535-47bb-0310-9956-ffa450edef68
Allow extraction of the values of SSL certificate extensions into 2005-07-22T12:11:55+00:00 Martin Kraemer martin@apache.org 2005-07-22T12:11:55+00:00 4c8c57327534587c0b56f007e24616d373cb0963 environment variables, so that their value can be used by any module that is aware of environment variables, as in: SetEnvIf OID("2.16.840.1.113730.1.13") "(.*) Generated (Certificate)" ca=$1 sets ca=TinyCA if the cert was issued by TinyCA. Similarly, SetenvIf OID("2.16.840.1.113730.1.13") "(.*)" NetscapeComment=$1 will set $NetscapeComment to the whole string. It is technically allowed to have multiple instances of an extension field, all with the same oid. In this case, the environment variable will be set to the list of all fields, separated by commas. The [PATCH] uses a cross-module call from mod_setenvif to mod_ssl (the latter may also be missing: in this case the variable will never be set). It calls a common function in the ssl module that is also used for the SSLRequire directive's test. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@220307 13f79535-47bb-0310-9956-ffa450edef68 
environment variables, so that their value can be used by any
module that is aware of environment variables, as in:

  SetEnvIf OID("2.16.840.1.113730.1.13") "(.*) Generated (Certificate)" ca=$1
sets
  ca=TinyCA
if the cert was issued by TinyCA.

Similarly,
  SetenvIf OID("2.16.840.1.113730.1.13") "(.*)" NetscapeComment=$1
will set $NetscapeComment to the whole string.

It is technically allowed to have multiple instances of an extension
field, all with the same oid. In this case, the environment variable
will be set to the list of all fields, separated by commas.

The [PATCH] uses a cross-module call from mod_setenvif to
mod_ssl (the latter may also be missing: in this case the
variable will never be set). It calls a common function
in the ssl module that is also used for the SSLRequire
directive's test.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@220307 13f79535-47bb-0310-9956-ffa450edef68
Good suggestion from a private Email. name changes. 2005-07-08T15:58:46+00:00 Jim Jagielski jim@apache.org 2005-07-08T15:58:46+00:00 f4572909ff96047555bb53500a9098d0832cb20a git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209827 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209827 13f79535-47bb-0310-9956-ffa450edef68
Fix case where buggy OpenSSL internal cache continually grows. 2005-07-08T15:41:14+00:00 Jim Jagielski jim@apache.org 2005-07-08T15:41:14+00:00 073384b2624d94d92ade66816d35e9f4dff181d2 So don't bother to store it, but still force OpenSSL to provide a Session ID. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68 
So don't bother to store it, but still force OpenSSL
to provide a Session ID.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68
Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown 2005-04-19T20:02:09+00:00 Joe Orton jorton@apache.org 2005-04-19T20:02:09+00:00 645809dbba9341629b6469d6516786814428748b setting when configured e.g. as a reverse proxy: * modules/ssl/ssl_private.h: Remove ssl_hook_Translate. * modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in ssl_hook_Translate. (ssl_hook_Translate): Remove. * modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq hook runs after mod_setenvif.c; don't register translate_name hook. PR: 34452 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161958 13f79535-47bb-0310-9956-ffa450edef68 
setting when configured e.g. as a reverse proxy:

* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate.  (ssl_hook_Translate): Remove.

* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.

PR: 34452


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161958 13f79535-47bb-0310-9956-ffa450edef68
Update copyright year to 2005 and standardize on current copyright owner line. 2005-02-04T20:28:49+00:00 Justin Erenkrantz jerenkrantz@apache.org 2005-02-04T20:28:49+00:00 905cdf9f0b330131433f4d8ad2cb3905357dbc58 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151408 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151408 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/mod_ssl.c: Declare new config directives 2005-01-14T13:54:31+00:00 Joe Orton jorton@apache.org 2005-01-14T13:54:31+00:00 3f6c23e40aa1e05a76d4f57ad815d476237a8ac7 SSLCADNRequestFile and SSLCADNRequestPath. * modules/ssl/ssl_private.h (modssl_pk_server_t): Add ca_name_path, ca_name_file fields. * modules/ssl/ssl_engine_init.c (ssl_init_ctx_verify): If either of SSLCADNRequestFile or SSLCADNRequestPath are configured, load the CA DN list sent in the CertificateRequest from those certificates. * modules/ssl/ssl_engine_config.c (modssl_ctx_init_server): Use pcalloc to zero-initialize the entire modssl_pk_server_t structure. (ssl_config_server_new): Merge the ca_name_* fields. (ssl_cmd_SSLCADNRequestPath, ssl_cmd_SSLCADNRequestFile): New functions. PR: 32848 Submitted by: Tim Taylor <tim.taylor dfas.mil> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125165 13f79535-47bb-0310-9956-ffa450edef68 
SSLCADNRequestFile and SSLCADNRequestPath.

* modules/ssl/ssl_private.h (modssl_pk_server_t): Add ca_name_path,
ca_name_file fields.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_verify): If either of
SSLCADNRequestFile or SSLCADNRequestPath are configured, load the CA
DN list sent in the CertificateRequest from those certificates.

* modules/ssl/ssl_engine_config.c (modssl_ctx_init_server): Use
pcalloc to zero-initialize the entire modssl_pk_server_t structure.
(ssl_config_server_new): Merge the ca_name_* fields.
(ssl_cmd_SSLCADNRequestPath, ssl_cmd_SSLCADNRequestFile): New
functions.

PR: 32848
Submitted by: Tim Taylor <tim.taylor dfas.mil>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125165 13f79535-47bb-0310-9956-ffa450edef68