summaryrefslogtreecommitdiffstats
path: root/mod_nss.c
Commit message (Collapse)AuthorAgeFilesLines
* Compare CN value of remote host with requested host in reverse proxy.rcritten2010-05-131-8/+17
| | | | | | Add configuration option to disable this, defaulting to on. 591224
* Add controls for managing SSL renegotiationrcritten2010-03-021-0/+8
| | | | | | | | | NSS is introducing some new controls in response to CVE-2009-3555, MITM attacks via session renegotiation. This patch adds some tuning so these options can be set at run time. Patch contributed by Kai Engert based on some early work by Rob Crittenden.
* If mod_ssl isn't loaded then register the hooks to mod_proxy so we canrcritten2007-10-181-0/+14
| | | | do at least secure proxy in front of an unsecure host.
* Resolves: 241936rcritten2007-05-311-1/+1
| | | | | | | | | | | Bring in some updates based on diffs from 2.0.59 to 2.2.4 - Do explicit TRUE/FALSE tests with sc->enabled to see if SSL is enabled. Don't depend on the fact that TRUE == 1 - Remove some dead code - Minor update to the buffer code that buffers POST data during a renegotation - Optimize setting environment variables by using a switch statement.
* 211612rcritten2006-10-201-0/+9
| | | | Add support for setting a default OCSP responder.
* Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=161958rcritten2006-08-091-2/+5
| | | | | | | | | | | | | | | The issue was that mod_ssl wasn't always picking up ssl-unclean-shutdown settings. This isn't an issue for mod_nss since it doesn't support separate shutdown modes, but this does simplify the code a bit. * mod_nss.h: Remove nss_hook_Translate. * nss_engine_kernel.c (nss_hook_ReadReq): Merge in nss_hook_Translate. (nss_hook_Translate): Remove. * mod_nss.c (nss_register_hooks): Ensure that _ReadReq hook runs after mod_setenvif.c; don't register translate_name hook.
* 200610rcritten2006-08-031-1/+1
| | | | | | | Change the kludge for determining the current version of Apache we're building against. Claim to be building against 2.0.55 if not told otherwise. The exact version matters less than knowing which API to use.
* 196070rcritten2006-06-201-2/+2
| | | | Fix compilation warnings
* Add support for Elliptical Curve Cryptography (ECC). This is disabledrcritten2006-03-021-1/+6
| | | | by default. To enable it, pass --enable-ecc to configure.
* Changes to allow the mod_nss to work in Apache 2.2.0. Based on a patchrcritten2006-01-041-2/+6
| | | | | | | from Oden Eriksson. The conditional to determine which API to use is a bit weak at the moment but it works with Apache 2.0.54 and 2.2.0.
* Add support for seeding the NSS Random Number Generator. This addsrcritten2005-10-031-0/+3
| | | | | a new directive, NSSRandomSeed based on the mod_ssl SSLRandomSeed directive.
* Add proxy support to mod_nss. Most of the changes are related torcritten2005-09-291-31/+98
| | | | | | adding new configuration directives. For the others we need to initialize an NSS socket differently whether we will be acting as a client or a server.
* Add OCSP supportrcritten2005-09-061-0/+3
|
* Add a FIPS configuration option. This enables the FIPS internalrcritten2005-08-191-0/+3
| | | | | database module, configures for SSLv3 and TLSv1 and enables the 2 FIPS ciphers (and disables all the others).
* Changed 2 function names from SSL -> NSS I had missed in earlier cleanuprcritten2005-08-041-2/+2
|
* Add NSS database prefix supportrcritten2005-06-291-0/+3
|
* Changed function and configuration names so mod_nss can peacefullyrcritten2005-05-311-47/+45
| | | | co-exist with mod_ssl.
* By default, don't start with an expired cert. Add optionrcritten2005-05-201-0/+3
| | | | | | SSLEnforceValid Cert on/off to allow one to start with a bad cert. Fix up some error messages and add in a missing cipher.
* Initial import of mod_nssrcritten2005-05-171-0/+342
generated by cgit (git 2.34.1) at 2025-09-27 02:37:47 +0000