| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a note to the table to indicate that the handhake is complete
so we don't set the extension every time data is read or written.
Drop NSSHandshakeCallback() as it didn't do anything and is replaced
by the proxy callback.
Extend the checks around calling SetURL to match those in mod_ssl:
- a hostname is available
- not SSLv3
- not an IP address
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Control the buffer size used on a POST when SSL renegotiation is
being done. The default is 128K.
Resolves BZ 1214366
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
When NSSOptions +FakeBasicAuth is set for a directory, and a certificate
is not provided with which the BasicAuth can be Faked, and the client
provides an Authorization header, the FakeBasicAuth code in mod_nss may
not properly reject an attempt to spoof.
BZ 702437
|
| |
|
|
|
|
|
|
| |
memcpy of overlapping memory is no longer allowed by glibc.
This is mod_ssl bug https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
Patch ported by Stephen Gallagher.
|
| |
|
|
|
|
|
| |
PR_Read().
In testing with TPS from dogtag this really seems to fix #620856 this
time.
|
| |
|
|
|
|
| |
This was discovered in the dogtag TPS subsystem. I haven't been able to
duplicate it outside of that but it is trivial inside. This seems to fix
it and brings the code closer to what mod_ssl does here as well.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This bug has lingered for so long since mod_nss wasn't able to be used
with mod_proxy until now. What one would see with this bug is sometimes
a page would work, sometimes not (just the headers would be retrieved).
The problem was we were return 0 which means EOF and was interpreted
by upper levels to mean the transfer was done rather than no data being
available.
484380
|
| |
|
|
|
|
|
|
|
|
|
| |
Bring in some updates based on diffs from 2.0.59 to 2.2.4
- Do explicit TRUE/FALSE tests with sc->enabled to see if SSL is enabled.
Don't depend on the fact that TRUE == 1
- Remove some dead code
- Minor update to the buffer code that buffers POST data during a
renegotation
- Optimize setting environment variables by using a switch statement.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a (bounded) buffer of request body data to provide a limited
but safe fix for the mod_nss renegotiation-vs-requests-with-bodies
bug:
* mod_nss.h (nss_io_buffer_fill): Add prototype.
* nss_engine_io.c (nss_io_buffer_fill,
nss_io_filter_buffer): New functions.
* nss_engine_kernel.c (nss_hook_Access): If a renegotiation is needed,
and the request has a non-zero content-length, or a t-e header (and
100-continue was not requested), call nss_io_buffer_fill to set aside
the request body data if possible, then proceed with the negotiation.
PR: 12355
|
| |
|
|
| |
Replace C++ style comments to make the Sun Forte compiler happy.
|
| |
|
|
| |
by default. To enable it, pass --enable-ecc to configure.
|
| | |
|
| |
|
|
| |
AP_BUCKET_IS_EOC. Define around it.
|
| |
|
|
| |
co-exist with mod_ssl.
|
| |
|
