| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
See if the configured user has read access to the NSS database
during initialization so the server can gracefully shutdown
rather than ending up in a forking loop because the database is
owned by root and is therefore unreadable once Apache starts
forking.
Adds a new configuration option, NSSSkipPermissionCheck <on/off>,
to skip this check in case something goes wrong.
https://fedorahosted.org/mod_nss/ticket/3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Issues reported from valgrind.
The invalid read came from using SNI hostInfo data directly. Just
use the copy we apr_strndup() instead and all is well.
The SNI hostInfo values were leaking. I had removed the calls
to SECITEM_FreweItem at some point and forgotten to re-add them.
mc->semid was not explicitly initialized so could have blown up
if the compiler didn't automatically set it to 0. Explicitly set
it to make warning go away (and to be safe).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Uses a hash table to pair up server names and nicknames and
a lookup is done during the handshake to determine which
nickname to be used, and therefore which VirtualHost.
Based heavily on patch from Stanislav Tokos <stokos@suse.de>
|
| |
|
|
|
|
| |
New server/vhost config option, NSSSessionTickets, to enable
or disable TLS Session Tickets support. This is off by default
in NSS.
|
| |
|
|
|
|
|
| |
Control the buffer size used on a POST when SSL renegotiation is
being done. The default is 128K.
Resolves BZ 1214366
|
| | |
|
| |
|
|
|
|
|
| |
pipe. Rarely requests to the pipe were getting overridden causing
that child to not enable SSL.
Fedora bug 677701
|
| |
|
|
|
|
| |
Add configuration option to disable this, defaulting to on.
591224
|
| |
|
|
|
|
|
|
|
| |
NSS is introducing some new controls in response to CVE-2009-3555,
MITM attacks via session renegotiation. This patch adds some tuning
so these options can be set at run time.
Patch contributed by Kai Engert based on some early work by Rob
Crittenden.
|
| |
|
|
| |
wasn't found.
|
| |
|
|
| |
Add support for setting a default OCSP responder.
|
| |
|
|
|
|
|
|
|
| |
Add new NSSPassPhraseDialog method, defer, where only the tokens that
are found in the file pointed to by this directive are initialized.
Otherwise every token that NSS finds it attempts to authenticate.
Syntax is: NSSPassPhraseDialog defer:/path/to/password.conf
|
| |
|
|
| |
Initialize the ECC certificate and key pointers to NULL.
|
| |
|
|
| |
Fix compilation warnings
|
| |
|
|
| |
by default. To enable it, pass --enable-ecc to configure.
|
| |
|
|
|
| |
a new directive, NSSRandomSeed based on the mod_ssl SSLRandomSeed
directive.
|
| |
|
|
|
|
| |
adding new configuration directives. For the others we need to
initialize an NSS socket differently whether we will be acting as a
client or a server.
|
| | |
|
| |
|
|
|
| |
database module, configures for SSLv3 and TLSv1 and enables the
2 FIPS ciphers (and disables all the others).
|
| | |
|
| | |
|
| |
|
|
| |
co-exist with mod_ssl.
|
| |
|
|
|
|
| |
SSLEnforceValid Cert on/off to allow one to start with a bad cert.
Fix up some error messages and add in a missing cipher.
|
| |
|
