3dd7f70c8af8fe312a5979e9409573953cf93378 1589699 |
|
24-Apr-2014 |
trawick |
Follow-up to r1587607:
Export new mod_ssl APIs when using traditional Windows build mechanism |
b4e664baba9a4be0457c31f84b3dcc4c31f2cb07 1527295 |
|
29-Sep-2013 |
kbrand |
Improve ephemeral key handling (companion to r1526168):
- allow to configure custom DHE or ECDHE parameters via the
SSLCertificateFile directive, and adapt its documentation
accordingly (addresses PR 49559)
- add standardized DH parameters from RFCs 2409 and 3526,
use them based on the length of the certificate's RSA/DSA key,
and add a FAQ entry for clients which limit DH support
to 1024 bits (such as Java 7 and earlier)
- move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()
- drop ssl_engine_dh.c from mod_ssl
For the standardized DH parameters, OpenSSL version 0.9.8a
or later is required, which was therefore made a new minimum
requirement in r1527294. |
070235bcb25af37efebf6405b082413144968289 1154687 |
|
07-Aug-2011 |
kbrand |
Remove the ssl_toolkit_compat layer, which is no longer needed
after support for non-OpenSSL toolkits has been dropped.
Replace macros by their value proper where feasible, and keep
those definitions in ssl_private.h which depend on specific
OpenSSL versions. |
76a33192b55bef44bc6e6756a6b4e77d411127b9 1039204 |
|
25-Nov-2010 |
sf |
Fix some Windows build issues |
89b8bbc89404e7071e573c4f0a17f528996e855d 829619 |
|
25-Oct-2009 |
jorton |
Add support for OCSP "stapling":
* modules/ssl/ssl_util_stapling.c: New file.
* modules/ssl/config.m4, modules/ssl/mod_ssl.dsp: Build it.
* modules/ssl/ssl_toolkit_compat.h: Define HAVE_OCSP_STAPLING if
OpenSSL is of suitable version (>= 0.9.8g) and capability (TLS
extension support enabled).
* modules/ssl/mod_ssl.c: Add config directives.
* modules/ssl/ssl_private.h: Add prototypes for new functions.
(SSLModConfigRec): Add fields for stapling socache instance and
associated mutex.
(modssl_ctx_t): Add config fields for stapling.
* modules/ssl/ssl_engine_init.c (ssl_init_Module, ssl_init_Child):
Call the stapling initialization functions.
* modules/ssl/ssl_engine_config.c: Add config hooks.
* modules/ssl/ssl_scache.c: Create, initialize and destroy the socache
instance for OCSP responses.
Submitted by: Dr Stephen Henson <shenson oss-institute.org> |
0c03342b8653704633b5142989c01577a556278b 664238 |
|
07-Jun-2008 |
wrowe |
Catch up with cache changes |
bab094bcef36be6abaee3cff0b628796a2746b8a 607383 |
|
29-Dec-2007 |
wrowe |
Sander pointed out to me that as we added ENGINE logic support
for 0.9.8, we never touched win32. Resolve this for all of the
common win32 HAVE SSL related macros building against 0.9.8. |
39c7699ec0799d394d3f67145d4a12ed82f587b8 599385 |
|
29-Nov-2007 |
jorton |
mod_ssl: Add support for OCSP validation of client certificates:
* modules/ssl/ssl_engine_config.c (modssl_ctx_init,
modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
(ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
ssl_cmd_SSLOCSPEnable): Add functions.
* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.
* modules/ssl/ssl_private.h: Add prototypes, config options to
modssl_ctx_t.
* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
dispatching OCSP requests.
* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
OCSP validation.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
OCSP validation if configured, and the cert is so-far verified to be
trusted. Fail if OCSP validation is configured an the optional-no-ca
check tripped.
* modules/ssl/config.m4: Check for OCSP support, build new files.
* modules/ssl/mod_ssl.dsp: Build new files.
* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
interfaces.
PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org> |
94b262d3639149df0b02642a9daa6db8bff58577 495126 |
|
11-Jan-2007 |
wrowe |
Embed the .manifest files of all httpd binaries as a post-build
operation. This ensures the exported (Studio 97 generated) .mak
files create a usable Apache directly from the VC 8 (Studio 2005)
command line environment. |
37ad54b8fd2611b7a4f2b269eec3d27ed784a25d 419644 |
|
06-Jul-2006 |
wrowe |
Revert Revision 397647
While it solves the studio 2005 (we desire this), it breaks
the studio 6 packaging (we require this). Discussion on list
of practical solutions. |
e237b51d2e7a72b7f636f67ed4a9f5fe30f56375 397647 |
|
27-Apr-2006 |
wrowe |
This resource /D syntax was pretty horridly imported into VS 2005,
change the quotation to ensure a peaceful transition to sln/vcproj files. |
5ac28f3fe2417368757f29cf381338357605fd52 397407 |
|
27-Apr-2006 |
wrowe |
Remove all /machine:I386 references, these are getting in the way
of switching linkers from the x86 (default linker) to x64 or other
possible target platforms. (Also, this commit cleans up lingering
/GX switches from the 'BASE' options that are supposed to be unused). |
5c9ed98aaf96157cc7b31f7d17c9c5a26db2eceb 396670 |
|
24-Apr-2006 |
wrowe |
Move flex/bison/sed steps into a "mod_ssl - Win32 Lexical" grammer
build, outside of the normal "mod_ssl - Win32 Debug|Release" builds.
Continues on the path of eliminating external dependencies, we
strongly expect users to never modify the grammers during normal
builds. |
e1ad80c048e29e968221817698529d73098f07a4 395419 |
|
20-Apr-2006 |
wrowe |
s|/GX |/EHsc | because they were always synonyms, and Visual Studio
2005 edition complains bitterly and loudly that /GX is deprecated. |
8c8173f49dd7122e10636b3d20ae841551bd0b43 395418 |
|
20-Apr-2006 |
wrowe |
Remove a host of dependencies upon awk, using the same template for
nearly every .rc compilation (giving the output .res file a different
name for each component). Adds AP_SERVER_BASEPROJECT to ap_revision.h
so we can display the proper name of "Apache HTTP Server" as opposed
to AP_SERVER_BASEPRODUCT (which is, and should remain, simply "Apache"
for the server string tokens.) |
98a68fa36c298b60b612c4d187c1cf9fad36b505 209466 |
|
06-Jul-2005 |
wrowe |
Dev Studio automatically adds the intermediate and final directory
paths to each custom build target. However, the time stamps of these
directories will trigger a rebuild in bison where sources haven't
changed. These targets are not necessary, as these generated files
reside in the current directory (which, obviously, already exists.) |
56e85d89d42a6980f31b800266649efbed338da3 170253 |
|
15-May-2005 |
wrowe |
Reintroduce stack frame construction with /Oy- (removal was implied by /O2).
This makes binaries far easier to debug, during operation and for post-crash
.dmp analysis. Do not alter /Gs optimizations per brane.
Reviewed by: stoddard, brane |
46c5174a29501ac61f57e5f4e3407fe29fe60e7e 124284 |
|
05-Jan-2005 |
wrowe |
It's perferable to use a debug build of ssleay32/libeay32, but offer
a fallback if they are built as release libraries for creating
mod_ssl in debug mode. |
6cf1b7a1d099585583f6c1f35f3fa411957a8707 102938 |
|
11-Mar-2004 |
wrowe |
Pick up mod_status.h |
70535d6421eb979ac79d8f49d31cd94d75dd8b2f 102803 |
|
28-Feb-2004 |
jorton |
Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h
to be included even when mod_ssl is not enabled.
* Makefile.in (install-include): Only install mod_ssl.h.
* modules/ssl/ssl_private.h: New file.
* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.
* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h
* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.
* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them. |
a9ee8e9bd3dffd23ca49be8d0bdf0e33cd0bcce2 102227 |
|
08-Jan-2004 |
jorton |
Add support to mod_ssl for a distributed session cache using
distcache.
* LAYOUT: Update for removal of scache_shmht and addition of scache_dc.
* modules/ssl/config.m4: Check for libdistcache; build ssl_scache_dc.lo.
* modules/ssl/mod_ssl.dsp: Build ssl_scache_dc (with luck).
* modules/ssl/mod_ssl.h: Add SSL_SCMODE_DC and scache_dc_* prototypes.
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLSessionCache): Allow
use of dc: argument.
* modules/ssl/ssl_scache_dc.c: New file.
* modules/ssl/ssl_scache.c (ssl_scache_init, ssl_scache_kill,
ssl_scache_store, ssl_scache_retrieve, ssl_scache_remove,
ssl_ext_status_hook): Hook into scache_dc.
Submitted by: Geoff Thorpe <geoff@geoffthorpe.net> |
4972ae2e7d998f409c97336787477bed7ee46196 102062 |
|
15-Dec-2003 |
trawick |
get mod_ssl.dsp to load again
(we *x weenies have to be careful :) ) |
ca2504b59d48a926af23f6b18af550c1e892d8a6 101888 |
|
25-Nov-2003 |
jorton |
Remove shmht session cache in favour of shmcb; shmht has had
data corruption bugs since being apr_rmm'ified.
* config.m4, mod_ssl.dsp: Don't build ssl_util_table and
ssl_scache_shmht.
* ssl_util_table.h, ssl_util_table.c, ssl_scache_shmht.c: Removed
files.
* mod_ssl.h (SSLModConfigRec): Use a void * pointer for storing
the scache-specific data.
* ssl_engine_config.c (ssl_cmd_SSLSessionCache): Treat shmht: as
shmcb:.
* ssl_scache.c: Remove shmht hooks throughout.
* ssl_scache_shmcb.c: Remove casts to use the table_t * pointer as a
void *. |
6674f67af38a4c0241b253a77871836c43b7735f 101195 |
|
08-Sep-2003 |
wrowe |
Simplify includes - we always (in HTTPD 2.1 forward) are looking
for the openssl/foo.h headers explicitly. Fix the abs.dsp build
to define HAVE_OPENSSL instead of USE_SSL so the correct headers
are included upfront. |
59511adf950c05d0d406811681b56d97e939f9ae 99261 |
|
06-Apr-2003 |
wrowe |
Noop MS DevStudio IDE change
to include ssl_toolkit_compat.h
in the list of project headers. |
9445bfa269bf9dbd6e3b73b023831d845c92d86b 99182 |
|
03-Apr-2003 |
wrowe |
We presume to HAVE_OPENSSL - we were falling into the SSLC path :-(
Win32 is non-autoconf |
0628f5f0a55c2d0d3500cbb3bb3dfe12c2a193a8 99180 |
|
03-Apr-2003 |
wrowe |
HAVE_SSL_SET_STATE=1 is a product of autoconf for OpenSSL, which we
are missing on Win32. |
c0dd55c3843bc3bc89c5230441e54fa7e3b8b709 99107 |
|
29-Mar-2003 |
nd |
Fix mod_ssl.dsp and abs.dsp to use also the openssl-0.9.7-defines for
NO_MD5, NO_IDEA and NO_MDC2 (won't compile otherwise with 0.9.7+ and
restricted crypto algorithms) |
3082ab8b90e027fa27680f140987ea7e20df5088 98970 |
|
11-Mar-2003 |
wrowe |
After discussions at length on dev@apr/httpd, it is determined that
the older .dbg format symbols are not worth the interference with
generating complete .pdb symbolic debugging databases.
This patch further eliminates pdbtype:sept flags that interfere with
deciphering local symbols and type information. |
dcf1a2f80f16265f00fe147de1dbd91af9c32a42 98743 |
|
20-Feb-2003 |
wrowe |
After consultations on the APR list, it was decided that /map files are
fairly redundant when you retain rich .pdb debugging symbol files. We
have rarely used them, and generally .dbg and .pdb files prove much more
useful for the cases we have.
While eliminating /map files, we are also shrinking the size of the .dbg
files by stripping 'private' symbol information. Really this means less
rich diagnostics from Dr. Watson on NT or Win9x when they query the .dbg
symbols in creating a DrWatson log file. But it's more than compensated
for on newer OS'es where Dr. Watson will query the .pdb symbols, on all
Win32 flavors when WinDbg is used with the .pdb symbols, and the fact that
the distribution of binary symbols will use less bandwidth when less
information is duplicated from the .pdb format into the .dbg files. |
f1a6b66f00bc686cd247d727dfcc35eeaa58b535 98712 |
|
18-Feb-2003 |
wrowe |
foo.dbgmark turned out to be the same 8.3 name as foo.dbg itself, which
was badness. Twist this puppy to .dbr, the only name I could invent that
doesn't look like any database file extension I recall.
It stands for .dbg rebased. |
0bcc003d275c6b0a9060d43be89762b218cbc2c7 98596 |
|
07-Feb-2003 |
wrowe |
*) Introduce debugging symbols for Win32 release builds, both .pdb
and .dbg files (older debuggers and Dr. Watson-type utilities
on WinNT or Win9x don't support the newer .pdb flavor.)
[Allen Edwards, William Rowe] |
4e37bfe24d9ab0f4dc6e3a76c9ec2bc4231a61b8 98380 |
|
20-Jan-2003 |
wrowe |
Catch up with the changes to apr/build/win32ver.awk and name all loadable
httpd modules as .so, internally. Credit to Mladen Turk for identifing
the issue. |
465a21c6a8fb6ec27b789f7ea7167899be948a8e 94302 |
|
29-Mar-2002 |
dougm |
remove ssl_engine_ext.c |
e7be457c64a25be560279f5e4ae7637c1f31b9e4 93892 |
|
13-Mar-2002 |
dougm |
remove ssl_engine_ds.c |
b7b1be1eae40e731b776072d0d82b9b2614960b4 93381 |
|
13-Feb-2002 |
wrowe |
What happened? 0.9.6b built just dandy without the flags... 0.9.6c won't
build for jack without these changes. Of course they don't harm 0.9.6b
builders either, unless they are outside of the states/EU/AU and find
themselves free to ignore IP considerations.
I'd really like to know _why_ 0.9.6c doesn't configure itself rationally. |
1e83c8de3aa48b316b28057d53995272baf1260c 92804 |
|
10-Jan-2002 |
wrowe |
*) Split all Win32 modules [excluding the core components mod_core,
mod_so, mod_win32 and the winnt mpm] into individual loadable
modules, so the administrator may individually disable the former
compiled-in modules by simply commenting out their LoadModule
directives. [William Rowe]
*) Saved Win32 module authors and porters many future headaches, by
duplicating the appropriate .h files such as os.h into the include
directory, including in the build tree. [William Rowe]
Also noticed that version stamp resources weren't generated for proxy
modules, this too is now fixed. |
26b9ccb55ff33097af4914f2e4bd36fec99a039d 90686 |
|
26-Aug-2001 |
wrowe |
Toggle the /Zi flag to allow all supportd versions of VC (5, 6, 7) to
build 'out of the box' in debugging mode. |
48109e97ff9bd1a9af534a158dfd647834074beb 90458 |
|
21-Aug-2001 |
wrowe |
Changes for rbb's #include/build openssl/inc32 patch. |
a092e6811e647076fd5a106d1be1cb81f7632e52 90269 |
|
17-Aug-2001 |
wrowe |
The purpose of this patch is to toggle the debugging mode (default) to
Program Database (from Program Database for Modify on the fly debugging).
The net effect of this patch is to clean up all of the irrelevant entries
associated with either the debugging or release command line switches, and
generally straighten the projects as they would be exported from VC6/SP5.
The outcome of this patch is that VC5 users -should- be able to load and
build the workspace without any errors (as they used to have no symbols
database at all, the /ZI option doesn't work, they had to use cvtdsp.pl
to toggle these to /Zi.) |
4439ba95daf7b82794fe338726790e2dab89d119 90208 |
|
16-Aug-2001 |
wrowe |
More Versioning |
8d344f0b44de522322b4ad2947c8b297a4537dd3 89814 |
|
31-Jul-2001 |
wrowe |
Change lib locations for openssl's debugging default targets |
9b6a3b89e80ec95c27c1c330afbb81807f2685c2 89629 |
|
20-Jul-2001 |
wrowe |
We want the ssl_expr evaluators, now |
722d98b16fee74e4460f40da0e1b8a9eb235dc2b 89628 |
|
20-Jul-2001 |
wrowe |
Hope I've got these generated bits right. Note bison is more common
for Win32 then lexx. |
6a1afb1954c8a5e61f8a70727a5b33a8ece8458d 89622 |
|
19-Jul-2001 |
wrowe |
Uhmm... need to NOCRYPT away WinCrypt.h |
9741ee231e9ffe386c83dfa9e6a10e63b23e4571 89570 |
|
18-Jul-2001 |
wrowe |
Fix incl/libpath to / slashes for an upcoming patch to cvtdsp.c |
c1ef8002582924eaa4e9691c0be6e2fcd27898f8 89462 |
|
28-Jun-2001 |
wrowe |
Just something for experimenting, ssl_expr_parse and _scan are excluded
for right now (missing symbols.) |