summaryrefslogtreecommitdiffstats
path: root/nss_engine_kernel.c
Commit message (Collapse)AuthorAgeFilesLines
* Resolves: 241936rcritten2007-05-311-3/+3
| | | | | | | | | | | Bring in some updates based on diffs from 2.0.59 to 2.2.4 - Do explicit TRUE/FALSE tests with sc->enabled to see if SSL is enabled. Don't depend on the fact that TRUE == 1 - Remove some dead code - Minor update to the buffer code that buffers POST data during a renegotation - Optimize setting environment variables by using a switch statement.
* Merge in http://svn.apache.org/viewvc?view=rev&revision=354394rcritten2006-08-091-2/+5
| | | | | * nss_engine_kernel.c (nss_hook_Access): Omit further access control checks if SSL is not in use regardless of vhost settings.
* Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=290965rcritten2006-08-091-64/+26
| | | | | | | | | | | | | | | | | | Implement a (bounded) buffer of request body data to provide a limited but safe fix for the mod_nss renegotiation-vs-requests-with-bodies bug: * mod_nss.h (nss_io_buffer_fill): Add prototype. * nss_engine_io.c (nss_io_buffer_fill, nss_io_filter_buffer): New functions. * nss_engine_kernel.c (nss_hook_Access): If a renegotiation is needed, and the request has a non-zero content-length, or a t-e header (and 100-continue was not requested), call nss_io_buffer_fill to set aside the request body data if possible, then proceed with the negotiation. PR: 12355
* Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=104700rcritten2006-08-091-0/+1
| | | | | | | | | * nss_engine_vars.c (nss_var_lookup_ssl_cert_remain): New function. (nss_var_lookup_nss_cert): Support _V_REMAIN suffix for SSL_{SERVER,CLIENT} as number of days until certificate expires. * nss_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if +StdEnvVars is configured.
* Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=161958rcritten2006-08-091-12/+6
| | | | | | | | | | | | | | | The issue was that mod_ssl wasn't always picking up ssl-unclean-shutdown settings. This isn't an issue for mod_nss since it doesn't support separate shutdown modes, but this does simplify the code a bit. * mod_nss.h: Remove nss_hook_Translate. * nss_engine_kernel.c (nss_hook_ReadReq): Merge in nss_hook_Translate. (nss_hook_Translate): Remove. * mod_nss.c (nss_register_hooks): Ensure that _ReadReq hook runs after mod_setenvif.c; don't register translate_name hook.
* 188300rcritten2006-04-071-1/+1
| | | | Replace C++ style comments to make the Sun Forte compiler happy.
* Add support for Elliptical Curve Cryptography (ECC). This is disabledrcritten2006-03-021-1/+7
| | | | by default. To enable it, pass --enable-ecc to configure.
* Changed function and configuration names so mod_nss can peacefullyrcritten2005-05-311-30/+30
| | | | co-exist with mod_ssl.
* Add support for the SSL_CLIENT_CERT_CHAIN_ environment variable.rcritten2005-05-241-0/+25
| | | | | | SSL_CLIENT_I_DN_ was incorrectly parsing the client certificate subject instead of the issuer subject. Print out PEM files the same way as OpenSSL
* Initial import of mod_nssrcritten2005-05-171-0/+879
generated by cgit (git 2.34.1) at 2025-09-27 03:01:29 +0000