www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-12-24 15:01:03 +03:00
Code Activity
23,736 Commits 62 Branches 306 Tags
487f37f97c20a1e5d5aa4a2a8f746cb0d68c8667
Commit Graph

123 Commits

Author SHA1 Message Date
Eric Covener
de0b120a23 Use integer operators when comparing to TIME_HOUR 
Reported by Florian in comment#124.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1362506 13f79535-47bb-0310-9956-ffa450edef68
 2012-07-17 14:23:56 +00:00
Rich Bowen
2c5656ea8a Fixes to XML. rebuild. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1354086 13f79535-47bb-0310-9956-ffa450edef68
 2012-06-26 16:14:44 +00:00
Rich Bowen
d94b31aa57 Applies patch from PR 53201, from Walter (wgoulet) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1354027 13f79535-47bb-0310-9956-ffa450edef68
 2012-06-26 14:13:11 +00:00
Stefan Fritsch
36dc44a89f Expand the SRP reference documentation 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1350386 13f79535-47bb-0310-9956-ffa450edef68
 2012-06-14 20:22:41 +00:00
Stefan Fritsch
ccf77a856a Add support for TLS-SRP (Secure Remote Password key exchange 
for TLS, RFC 5054).

PR: 51075
Submitted by: Quinn Slack <sqs cs stanford edu>, Christophe Renou,
              Peter Sylvester


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1347980 13f79535-47bb-0310-9956-ffa450edef68
 2012-06-08 09:38:44 +00:00
Stefan Fritsch
510d3f904e Add new directive SSLCompression to disable SSL-level compression. 
PR: 53219
Submitted by: Björn Jacke <bjoern j3e de>, Stefan Fritsch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1345319 13f79535-47bb-0310-9956-ffa450edef68
 2012-06-01 19:36:37 +00:00
Daniel Gruno
d0337a6a7c Syntax updates for mod_ssl.xml (yes, everything is a freaky carnival tent now) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1331234 13f79535-47bb-0310-9956-ffa450edef68
 2012-04-27 06:14:04 +00:00
Daniel Gruno
b2171ac396 Fix some typos and grammatical errors and remove the usual unwanted adulations 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1327041 13f79535-47bb-0310-9956-ffa450edef68
 2012-04-17 11:00:14 +00:00
Igor Galić
7fc3fa369a remove misleading information about mod_ssl behaviour on FreeBSD. 
EDG is a dead project. rndcontrol has been removed 11 years ago.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1324709 13f79535-47bb-0310-9956-ffa450edef68
 2012-04-11 11:34:11 +00:00
Igor Galić
41216526ff pr#51958 : mod_ssl documentation is confusing re. SSLCipherSuite Directive 
clarify SSLCipherSuite behaviour by describing an example cipher suite from
our current configuration (courtesy to pquerna) and show output using an
OpenSSL version this century.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1324707 13f79535-47bb-0310-9956-ffa450edef68
 2012-04-11 11:30:09 +00:00
Eric Covener
b7eb896b94 PR50662: reword the hint about sslrequire expressions being parsed in 
htaccess so it doesn't apply non-perdir config.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1309193 13f79535-47bb-0310-9956-ffa450edef68
 2012-04-04 00:57:25 +00:00
Daniel Gruno
776571aab4 Add five little words to clear up that we mean in a .htaccess context 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1308707 13f79535-47bb-0310-9956-ffa450edef68
 2012-04-03 05:43:58 +00:00
Daniel Ruggeri
649b143bd6 Correct SSLCipherSuite + documentation (move rather than add) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1307670 13f79535-47bb-0310-9956-ffa450edef68
 2012-03-31 00:58:20 +00:00
Rich Bowen
99caf3eb4e It's not very nice to tell me all about how to use it, and *then* tell 
me it's deprecated.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1307211 13f79535-47bb-0310-9956-ffa450edef68
 2012-03-30 01:52:58 +00:00
Rich Bowen
87d5ae28a7 The referenced Makefile no longer exists, since mod_ssl is no longer a 
separate distribution. If someone would like to provide more detail
here, that would be great. This is in response to
https://issues.apache.org/bugzilla/show_bug.cgi?id=49562


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1296911 13f79535-47bb-0310-9956-ffa450edef68
 2012-03-05 00:37:27 +00:00
Kaspar Brand
1af61dfb2e SSLProtocol: allow explicit control of TLSv1.1 and TLSv1.2 flavors when 
compiled against OpenSSL 1.0.1 or later. Update documentation.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1222921 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-24 06:40:10 +00:00
Kaspar Brand
8d37f73ce7 Streamline TLS session ticket key handling (added in r1200040): 
- drop the SSLTicketKeyDefault directive, and only support a single
  ticket key per server/vhost
- rename the SSLTicketKeyFile directive to SSLSessionTicketKeyFile,
  remove the keyname parameter
- move ticket key parameters from SSLSrvConfigRec to modssl_ctx_t
- configure the tlsext_ticket_key_cb only when in server mode
- add documentation for SSLSessionTicketKeyFile


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1213380 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-12 19:21:35 +00:00
Graham Leggett
cdda948864 Add reference to the mod_socache modules in the mod_ssl docs. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1211528 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-07 16:47:32 +00:00
Graham Leggett
3775da2159 Create initial documentation for mod_socache_shmcb, mod_socache_dc, 
mod_socache_dbm and mod_socache_memcache.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1210951 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-06 14:53:23 +00:00
Kaspar Brand
304e9c4c08 drop SSLv2 support (set SSL_OP_NO_SSLv2 for any new SSL_CTX) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1203491 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-18 05:27:00 +00:00
Stefan Fritsch
f184e25627 grammar fix 
point to SSLRequire docs


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1178088 13f79535-47bb-0310-9956-ffa450edef68
 2011-10-01 20:41:30 +00:00
Jim Jagielski
69c1a5c854 Cleanup effort in prep for GA push: 
Trim trailing whitespace... no func change


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1174747 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-23 13:36:39 +00:00
Kaspar Brand
a149280ac1 mod_ssl: 
- document the SSLStapling* directives (code committed in
  r829619 for 2.2.3, see PR 43822)
- add SSLCARevocationCheck to the list of configuration changes
  in the 2.4 upgrade notes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1173755 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-21 16:54:18 +00:00
Daniel Ruggeri
47cf15b852 Modify SSLProxyMachineCertificateChainFile to use X509 instead of X509_INFO and use openssl to construct the chain 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1170833 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-14 20:16:02 +00:00
Kaspar Brand
2c24630059 Revamp CRL checking for client and remote servers: 
- completely delegate CRL processing to OpenSSL
- introduce a new [Proxy]CARevocationCheck directive
- drop ssl_callback_SSLVerify_CRL from ssl_engine_kernel.c
- remove X509_STORE from modssl_ctx_t
- drop CRL store helper functions from ssl_util_ssl.c
- avoid sending "certificate_expired" SSL alerts to peers
  when the nextUpdate field of a CRL is in the past


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1165056 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-04 15:57:03 +00:00
Daniel Ruggeri
e5df36d18a Add SSLProxyMachineCertificateChainFile directive and documentation for bug 50812 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1160863 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-23 19:35:07 +00:00
Stefan Fritsch
6572b94bc6 AFAICS, we don't have a default cipher suite but depend on openssl's default. 
Document the fact that this default depends on the openssl version.
Recommend !aNULL over !ADH, because the former also excludes !AECDH in openssl
1.0+


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1135241 13f79535-47bb-0310-9956-ffa450edef68
 2011-06-13 19:30:05 +00:00
Rich Bowen
6a7858862f Typo 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1086173 13f79535-47bb-0310-9956-ffa450edef68
 2011-03-28 10:09:29 +00:00
Rich Bowen
71b5bf3bf9 Clarify SSL/ENV vars paragraph, as per PR 50979 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1086023 13f79535-47bb-0310-9956-ffa450edef68
 2011-03-27 20:22:39 +00:00
Nick Kew
fbe5aa461c Fix typos leading to broken links! 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1075602 13f79535-47bb-0310-9956-ffa450edef68
 2011-03-01 00:59:42 +00:00
Stefan Fritsch
ff06d3078c Add some links and bits to the ap_expr docs 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1073543 13f79535-47bb-0310-9956-ffa450edef68
 2011-02-22 23:17:50 +00:00
Joe Orton
e0742ac982 * docs/manual/mod/: Play language lawyer with the SSL_*_DN_*_n variable 
description.

PR: 45875


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1070094 13f79535-47bb-0310-9956-ffa450edef68
 2011-02-12 15:41:17 +00:00
Joe Orton
271de81e7c * modules/ssl/ssl_engine_config.c, modules/ssl/ssl_private.h: Add 
config hooks for OCSP response time skew, maximum age, timeout.

* modules/ssl/ssl_engine_ocsp.c (verify_ocsp_status): Respect
  config settings for above.

* docs/: Update accordingly.

Submitted by: Kaspar Brand <httpd-dev.2011 velox.ch>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1059917 13f79535-47bb-0310-9956-ffa450edef68
 2011-01-17 13:27:03 +00:00
Stefan Fritsch
7403827278 Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables 
to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and 
escape other special characters with backslashes. The old format can
still be used with the LegacyDNStringFormat argument to SSLOptions.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1054323 13f79535-47bb-0310-9956-ffa450edef68
 2011-01-01 23:56:24 +00:00
Stefan Fritsch
7e4add122c ap_expr related fixes and enhancements 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1037510 13f79535-47bb-0310-9956-ffa450edef68
 2010-11-21 17:39:52 +00:00
Igor Galić
21965dac70 Crosslinking mod_ssl.html and expr.html 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1037347 13f79535-47bb-0310-9956-ffa450edef68
 2010-11-20 22:38:38 +00:00
Eric Covener
4a7e62c83c PR#48720: SSLProxyVerify is not per-directory, only per-server. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1031742 13f79535-47bb-0310-9956-ffa450edef68
 2010-11-05 19:35:23 +00:00
Rich Bowen
2a3b676d5b Be more forceful in talking about where SSLEngine On should go. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1031061 13f79535-47bb-0310-9956-ffa450edef68
 2010-11-04 16:22:24 +00:00
Daniel Earl Poirier
6b803976f2 Fix a number of typos and misspellings. Reported by Ville Skytta. 
PR48496.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1029134 13f79535-47bb-0310-9956-ffa450edef68
 2010-10-30 17:56:13 +00:00
Stefan Fritsch
b2a906c8af add a bit of doc for the new authz providers 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1003180 13f79535-47bb-0310-9956-ffa450edef68
 2010-09-30 17:37:55 +00:00
Mads Toftum
84e0e0821f FakeBasicAuth, not FakeBasic 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@999832 13f79535-47bb-0310-9956-ffa450edef68
 2010-09-22 09:35:03 +00:00
Stefan Fritsch
1ce02b2c33 Fix typo. 
Submitted by: Matt Selsky <selsky columbia edu>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@951933 13f79535-47bb-0310-9956-ffa450edef68
 2010-06-06 19:31:42 +00:00
Joe Orton
c3d1f4ba0e - wording tweaks for PeerExtList() 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@947561 13f79535-47bb-0310-9956-ffa450edef68
 2010-05-24 08:33:02 +00:00
Joe Orton
7d06c2e16f - amalgamate the sections describing the env vars available 
- update the docs for PeerExtList
- fix the markup of the SSLRequire example


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@946243 13f79535-47bb-0310-9956-ffa450edef68
 2010-05-19 15:56:53 +00:00
William A. Rowe Jr
7eb4e714ae Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all 
builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
build of openssl is required for 'SSLFIPS on'.  

PR: 46270  
Submitted by: Dr Stephen Henson <steve openssl.org>, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@925980 13f79535-47bb-0310-9956-ffa450edef68
 2010-03-22 06:53:41 +00:00
Jeff Trawick
a6159028f9 hyphenate some compound modifiers 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@924915 13f79535-47bb-0310-9956-ffa450edef68
 2010-03-18 17:39:48 +00:00
Igor Galić
2884c12869 Fixing SSLStrictSNIVHostCheck description, which made my head hurt. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@924843 13f79535-47bb-0310-9956-ffa450edef68
 2010-03-18 14:59:39 +00:00
Rainer Jung
a4d40096dd Correct referenced OpenSSL version. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@923313 13f79535-47bb-0310-9956-ffa450edef68
 2010-03-15 16:01:35 +00:00
Rainer Jung
3e7e9888cb Correct referenced OpenSSL version now that 0.9.8m 
was released.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@917235 13f79535-47bb-0310-9956-ffa450edef68
 2010-02-28 18:16:54 +00:00
André Malo
9730a2187a validate xml 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@916477 13f79535-47bb-0310-9956-ffa450edef68
 2010-02-25 22:13:20 +00:00