summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=161958rcritten2006-08-093-15/+11
| | | | | | | | | | | | | | | The issue was that mod_ssl wasn't always picking up ssl-unclean-shutdown settings. This isn't an issue for mod_nss since it doesn't support separate shutdown modes, but this does simplify the code a bit. * mod_nss.h: Remove nss_hook_Translate. * nss_engine_kernel.c (nss_hook_ReadReq): Merge in nss_hook_Translate. (nss_hook_Translate): Remove. * mod_nss.c (nss_register_hooks): Ensure that _ReadReq hook runs after mod_setenvif.c; don't register translate_name hook.
* 200610rcritten2006-08-033-3/+12
| | | | | | | Change the kludge for determining the current version of Apache we're building against. Claim to be building against 2.0.55 if not told otherwise. The exact version matters less than knowing which API to use.
* 200855rcritten2006-08-021-6/+2
| | | | | | | Turns out I didn't need to defer startup at all, the LogLevel in nss.conf was enough. I actually had the compare reversed anyway, but that was the least of the problem. 30% of the time the server would core during shutdown due to a race condition.
* 200855rcritten2006-08-022-11/+21
| | | | | | | | | | | Defer loading the server certificates until the 2nd module load. Otherwise any problems with said certificate(s) will not be displayed because the VirtualHost logging hasn't been turned on yet. Switch a slew of APLOG_INFO to APLOG_ERR. And add a default LogLevel to nss.conf.in. This is not inherited from httpd.conf.
* 197681rcritten2006-07-051-0/+2
| | | | Initialize the ECC certificate and key pointers to NULL.
* mod_proxy support has been around for a while.rcritten2006-06-211-1/+3
| | | | We want SNI support as soon as NSS allows it.
* 196070rcritten2006-06-211-3/+15
| | | | | Fix some warnings related to not checking the return value of getcwd and chdir.
* Remove some invalid commentsrcritten2006-06-201-7/+2
| | | | | | No need to set LD_LIBRARY_PATH Fix location of certutil
* Drop dependency on ksh and use bash instead.rcritten2006-06-201-4/+12
| | | | | Improve hostname detection on Solaris by using the script /usr/lib/mail/sh/check-hostname if it exists.
* 196070rcritten2006-06-205-12/+14
| | | | Fix compilation warnings
* 188300rcritten2006-04-077-23/+28
| | | | Replace C++ style comments to make the Sun Forte compiler happy.
* force checkin of autoconf filesrcritten2006-03-030-0/+0
|
* Add support for Elliptical Curve Cryptography (ECC). This is disabledrcritten2006-03-0212-115/+271
| | | | by default. To enable it, pass --enable-ecc to configure.
* upgraded config.guess and config.sub to 2004-09-07 (same as mod_admserv)nhosoi2006-02-262-457/+726
|
* Checking in automatically generated aclocal.m4 and derived files.nhosoi2006-02-263-1622/+1090
| | | | aclocal-1.6; automake-1.6; autoconf
* [179394] HP-UX IPF/PA-RISC supportnhosoi2006-02-244-1671/+1119
| | | | | | | | updated hppa*64* with hppa2.* in aclocal.m4 to support 64 bit PA_RISC. CAUTION: this file could be automatically updated by "aclocal" command using libtool.m4, which contains the expression: "hppa*64*". But 64 bit PA_RISC generates, this string "build_cpu='hppa2.0w'", which does not match "hppa*64*". So, if aclocal.m4 is updated, hppa*64* needs to be replaced.
* Make configure automatically find the correct versions of apr-config and apxsrmeggins2006-01-314-1881/+2959
|
* [179394] HP-UX IPF supportnhosoi2006-01-301-2331/+13737
| | | | autoconf 2.59/libtool 1.5
* [179394] HP-UX IPF supportnhosoi2006-01-303-3412/+7628
| | | | autoconf 2.59/libtool 1.5
* This file was copied directly from the Apache distribution. Remove thercritten2006-01-041-477/+0
| | | | extra per-module stuff that doesn't apply.
* Changes to allow the mod_nss to work in Apache 2.2.0. Based on a patchrcritten2006-01-0413-797/+1252
| | | | | | | from Oden Eriksson. The conditional to determine which API to use is a bit weak at the moment but it works with Apache 2.0.54 and 2.2.0.
* Fix command-line argument miscounting caused by the addition of thercritten2005-11-181-1/+6
| | | | | | | | FIPS flag. The result was that the database prefix was always missed. Also check the return value of NSS_Initialize() and print and exit if the database is not opened.
* removed empty flavor from specrmeggins2005-11-031-1/+0
|
* had to recreate these on rhel3 because I nuked them on rhel4rmeggins2005-11-034-20089/+5843
|
* added mod_nss.spec and makerpm.shrmeggins2005-11-036-5808/+20322
|
* Add in check to be sure that the same server isn't initialized with SSLrcritten2005-10-281-0/+15
| | | | | | more than once. This avoids a crash during shutdown where the same certificates and keys will try to be released multiple times. This is based on ssl_init_server_check() from mod_ssl.
* Close the proxy model socket so NSS can be shutdown gracefully. Alsorcritten2005-10-111-4/+14
| | | | | correct an error where the PKCS#11 slot isn't closed unless a the certificate key is obtained. This also affected NSS_Shutdown().
* Add support for seeding the NSS Random Number Generator. This addsrcritten2005-10-039-6/+322
| | | | | a new directive, NSSRandomSeed based on the mod_ssl SSLRandomSeed directive.
* Remove a debug msg that was left in on accident.rcritten2005-09-291-2/+0
|
* Add proxy support to mod_nss. Most of the changes are related torcritten2005-09-295-110/+385
| | | | | | adding new configuration directives. For the others we need to initialize an NSS socket differently whether we will be acting as a client or a server.
* force checkin of autoconf filesrmeggins2005-09-260-0/+0
|
* separate with options for include and lib directories - use nspr and nss ↵rmeggins2005-09-262-29/+199
| | | | instead of mozilla-nspr and -nss
* Add missing copyright blockrcritten2005-09-161-0/+14
|
* Adding files required by the Apache 2.0 Licensercritten2005-09-162-0/+695
|
* Make SSL2 an optional protocol, disabled by default.rcritten2005-09-138-625/+1721
|
* Update to reflect changes to the NSSFIPS directivercritten2005-09-081-2/+13
|
* Improve FIPS configuration:rcritten2005-09-081-11/+59
| | | | | | | | | - The NSS ciphers are enumerated to find those that are FIPS approved - This list of approved ciphers is compared to the NSSCipherSuite entry and those enabled, approved ciphers are configured. This way you aren't forced to use all of the FIPS ciphers (in case you don't want a 56-bit cipher enabled). - Only TLSv1 should be enabled.
* Add short example of how to use certutil to generate a certificatercritten2005-09-081-0/+37
| | | | request suitable for submission to a 3rd party CA such as Verisign.
* Add information about how to use built-in CA's via libnssckbi.sorcritten2005-09-061-1/+8
|
* Add OCSP supportrcritten2005-09-065-4/+51
|
* Add a FIPS configuration option. This enables the FIPS internalrcritten2005-08-196-32/+135
| | | | | database module, configures for SSLv3 and TLSv1 and enables the 2 FIPS ciphers (and disables all the others).
* More correct detection of NSS version when determining whether wercritten2005-08-181-3/+1
| | | | | should expect PK11_TokenKeyGenWithFlags(). It hasn't been included as of NSS 3.10.0.
* Also clean up the SSL Session ID Cache when shutting down.rcritten2005-08-041-3/+13
| | | | | | If we are using the forked model, use the MP version of the Session ID cache. Don't call PR_Cleanup(), this could cause problems.
* Properly clean up the SSL environment so NSS can be shut down gracefully.rcritten2005-08-042-4/+32
|
* Changed 2 function names from SSL -> NSS I had missed in earlier cleanuprcritten2005-08-041-2/+2
|
* Added Database Management section.rcritten2005-08-031-9/+150
| | | | Added links to NSS and NSPR
* Add more information related to gencertrcritten2005-08-031-4/+18
| | | | Tell user's where to find more documentation
* Add libsoftokn3.so for nss_pcache.rcritten2005-07-212-2/+2
|
* Clarify things a bit, change directive name to match new naming scheme.rcritten2005-07-201-7/+9
|
* Don't assume that apr-config is in the PATH. Let the user specify whichrcritten2005-07-202-2080/+5902
| | | | one to run, just like with apxs.
generated by cgit (git 2.34.1) at 2025-07-02 04:06:24 +0000