delta/apache/httpd.git/modules/ssl/ssl_private.h, branch fcgi-proxy-dev github.com: apache/httpd.git Implement a (bounded) buffer of request body data to provide a limited 2005-09-22T15:38:14+00:00 Joe Orton jorton@apache.org 2005-09-22T15:38:14+00:00 23a3c20db2ba540c8e3557772944c0513086f3ed but safe fix for the mod_ssl renegotiation-vs-requests-with-bodies bug: * modules/ssl/ssl_private.h (ssl_io_buffer_fill): Add prototype. * modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill, ssl_io_filter_buffer): New functions. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): If a renegotiation is needed, and the request has a non-zero content-length, or a t-e header (and 100-continue was not requested), call ssl_io_buffer_fill to set aside the request body data if possible, then proceed with the negotiation. PR: 12355 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290965 13f79535-47bb-0310-9956-ffa450edef68 
but safe fix for the mod_ssl renegotiation-vs-requests-with-bodies
bug:

* modules/ssl/ssl_private.h (ssl_io_buffer_fill): Add prototype.

* modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill,
ssl_io_filter_buffer): New functions.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): If a
renegotiation is needed, and the request has a non-zero
content-length, or a t-e header (and 100-continue was not requested),
call ssl_io_buffer_fill to set aside the request body data if
possible, then proceed with the negotiation.

PR: 12355


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290965 13f79535-47bb-0310-9956-ffa450edef68
- remove ssl_ext_lookup and replace it with ssl_ext_list 2005-09-16T09:03:49+00:00 David Reid dreid@apache.org 2005-09-16T09:03:49+00:00 42b3715533aac28a1a179c9ff72c08a10773ca75 - change ssl_expr_eval_oid to use ssl_ext_list This change provides for a singfle function that provides an array of all values from a certificate that match a given extension and removes the duplictaed code that was present. Reviewed by: Joe Orton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@289444 13f79535-47bb-0310-9956-ffa450edef68 
- change ssl_expr_eval_oid to use ssl_ext_list

This change provides for a singfle function that provides an array of all
values from a certificate that match a given extension and removes the
duplictaed code that was present.

Reviewed by: Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@289444 13f79535-47bb-0310-9956-ffa450edef68
Doxygen fixup / cleanup 2005-08-28T23:03:59+00:00 Ian Holsman ianh@apache.org 2005-08-28T23:03:59+00:00 8c1e315d3f23dd93529fd9605da571c4af9dfbf6 submited by: Neale Ranns neale ranns.org reviewed by: Ian Holsman git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263931 13f79535-47bb-0310-9956-ffa450edef68 
submited by: Neale Ranns neale ranns.org
reviewed by: Ian Holsman



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263931 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_expr_eval.c (ssl_expr_eval_oid): Remove unused 2005-07-25T12:51:28+00:00 Joe Orton jorton@apache.org 2005-07-25T12:51:28+00:00 7303aa9b0bc11489fec178eddf3e829830cb8d09 variable. * modules/ssl/ssl_private.h, modules/ssl/mod_ssl.h (ssl_extlist_by_oid): Move prototype to ssl_private.h. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@224722 13f79535-47bb-0310-9956-ffa450edef68 
variable.

* modules/ssl/ssl_private.h, modules/ssl/mod_ssl.h
(ssl_extlist_by_oid): Move prototype to ssl_private.h.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@224722 13f79535-47bb-0310-9956-ffa450edef68
Good suggestion from a private Email. name changes. 2005-07-08T15:58:46+00:00 Jim Jagielski jim@apache.org 2005-07-08T15:58:46+00:00 f4572909ff96047555bb53500a9098d0832cb20a git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209827 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209827 13f79535-47bb-0310-9956-ffa450edef68
Fix case where buggy OpenSSL internal cache continually grows. 2005-07-08T15:41:14+00:00 Jim Jagielski jim@apache.org 2005-07-08T15:41:14+00:00 073384b2624d94d92ade66816d35e9f4dff181d2 So don't bother to store it, but still force OpenSSL to provide a Session ID. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68 
So don't bother to store it, but still force OpenSSL
to provide a Session ID.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209821 13f79535-47bb-0310-9956-ffa450edef68
Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown 2005-04-19T20:02:09+00:00 Joe Orton jorton@apache.org 2005-04-19T20:02:09+00:00 645809dbba9341629b6469d6516786814428748b setting when configured e.g. as a reverse proxy: * modules/ssl/ssl_private.h: Remove ssl_hook_Translate. * modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in ssl_hook_Translate. (ssl_hook_Translate): Remove. * modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq hook runs after mod_setenvif.c; don't register translate_name hook. PR: 34452 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161958 13f79535-47bb-0310-9956-ffa450edef68 
setting when configured e.g. as a reverse proxy:

* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate.  (ssl_hook_Translate): Remove.

* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.

PR: 34452


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@161958 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/mod_ssl.h: Add ssl_ext_lookup optional hook declaration. 2005-02-15T12:39:45+00:00 Joe Orton jorton@apache.org 2005-02-15T12:39:45+00:00 a10288a95d1b8f7cd51c15946600e2806f0b614d * modules/ssl/ssl_engine_vars.c (ssl_ext_lookup): New function. (ssl_var_register): Register optional function. * modules/ssl/ssl_private.h (ssl_ext_lookup): Add prototype. Submitted by: David Reid, Joe Orton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153933 13f79535-47bb-0310-9956-ffa450edef68 
* modules/ssl/ssl_engine_vars.c (ssl_ext_lookup): New function.
(ssl_var_register): Register optional function.

* modules/ssl/ssl_private.h (ssl_ext_lookup): Add prototype.

Submitted by: David Reid, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153933 13f79535-47bb-0310-9956-ffa450edef68
Update copyright year to 2005 and standardize on current copyright owner line. 2005-02-04T20:28:49+00:00 Justin Erenkrantz jerenkrantz@apache.org 2005-02-04T20:28:49+00:00 905cdf9f0b330131433f4d8ad2cb3905357dbc58 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151408 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151408 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/mod_ssl.c: Declare new config directives 2005-01-14T13:54:31+00:00 Joe Orton jorton@apache.org 2005-01-14T13:54:31+00:00 3f6c23e40aa1e05a76d4f57ad815d476237a8ac7 SSLCADNRequestFile and SSLCADNRequestPath. * modules/ssl/ssl_private.h (modssl_pk_server_t): Add ca_name_path, ca_name_file fields. * modules/ssl/ssl_engine_init.c (ssl_init_ctx_verify): If either of SSLCADNRequestFile or SSLCADNRequestPath are configured, load the CA DN list sent in the CertificateRequest from those certificates. * modules/ssl/ssl_engine_config.c (modssl_ctx_init_server): Use pcalloc to zero-initialize the entire modssl_pk_server_t structure. (ssl_config_server_new): Merge the ca_name_* fields. (ssl_cmd_SSLCADNRequestPath, ssl_cmd_SSLCADNRequestFile): New functions. PR: 32848 Submitted by: Tim Taylor <tim.taylor dfas.mil> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125165 13f79535-47bb-0310-9956-ffa450edef68 
SSLCADNRequestFile and SSLCADNRequestPath.

* modules/ssl/ssl_private.h (modssl_pk_server_t): Add ca_name_path,
ca_name_file fields.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_verify): If either of
SSLCADNRequestFile or SSLCADNRequestPath are configured, load the CA
DN list sent in the CertificateRequest from those certificates.

* modules/ssl/ssl_engine_config.c (modssl_ctx_init_server): Use
pcalloc to zero-initialize the entire modssl_pk_server_t structure.
(ssl_config_server_new): Merge the ca_name_* fields.
(ssl_cmd_SSLCADNRequestPath, ssl_cmd_SSLCADNRequestFile): New
functions.

PR: 32848
Submitted by: Tim Taylor <tim.taylor dfas.mil>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125165 13f79535-47bb-0310-9956-ffa450edef68