lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
3,568 Commits 9 Branches 87 Tags 16 MiB
Commit Graph

14 Commits

Author SHA1 Message Date
Glenn Strauss 31fc3a0773 [TLS] server.feature-flags "ssl.session-cache" 
disabled by default, but can be enabled
(session tickets should be preferred)

applies to mod_openssl, mod_wolfssl, mod_nss

session cache is not currently implemented in mod_mbedtls or mod_gnutls
 2020-10-29 01:05:55 -04:00
Glenn Strauss f65b054887 [mod_nss] more nss includes fixes 2020-10-22 01:34:25 -04:00
Glenn Strauss 033209393e [multiple] test for nss includes 
some distro packages deploy NSS includes under nss/, others nss3/
(and similar for nspr/ vs nspr4/)
 2020-10-22 00:48:40 -04:00
Glenn Strauss d865d8c330 [TLS] ignore empty "CipherString" in ssl-conf-cmd 
e.g. ssl.openssl.ssl-conf-cmd = ("CipherString" => "")
 2020-10-19 21:40:14 -04:00
Glenn Strauss a46f519eb2 [multiple] use NSS crypto if no other crypto avail 
use NSS crypto if no other crypto avail, but NSS crypto is available

"NSS crypto support" is not included in tests/LightyTest.pm:has_crypto()
due to NSS libraries (freebl3) lacking public export for HMAC funcs
 2020-10-19 21:40:14 -04:00
Glenn Strauss 874707cd66 [TLS] use fdevent_load_file_bytes() for STEK file 
remove direct dependency on <unistd.h> from lighttpd TLS modules
 2020-10-11 12:19:27 -04:00
Glenn Strauss 16a70b9253 [multiple] TLS modules use chunkqueue_peek_data() 2020-10-11 12:19:27 -04:00
Glenn Strauss a330746f06 [TLS] error if inherit empty TLS cfg from globals 
error if $SERVER["socket"] inherits empty TLS config from global scope
and ssl.engine = "enable" in the $SERVER["socket"]
 2020-10-11 12:19:26 -04:00
Glenn Strauss bbcc2f229a [multiple] allow TLS ALPN "h2" if "server.h2proto" 2020-10-03 09:05:38 -04:00
Glenn Strauss 87428818a1 [mod_nss] func renames for consistency 
mod_nss was written using mod_mbedtls and mod_gnutls as templates,
but some code was accidentally committed with those other modules'
naming.
 2020-08-02 07:47:41 -04:00
Glenn Strauss 33c8cf41db [multiple] rename connection_reset hook to request 
rename connection_reset to handle_request_reset
 2020-08-02 07:47:41 -04:00
Glenn Strauss 164f7600b7 [multiple] con hooks store ctx in con->plugin_ctx 
modules with connection level hooks now store ctx in con->plugin_ctx
 2020-08-02 07:47:41 -04:00
Glenn Strauss 0ad57da55b [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file 
employ fdevent_load_file() to load CRL, X509 cert, and private key files
into memory
 2020-07-08 22:51:32 -04:00
Glenn Strauss e00deb5578 [mod_nss] NSS option for TLS (fixes #1218) 
(experimental)

WARNING: EXPERIMENTAL code sketch; mod_nss is INCOMPLETE and UNTESTED

mod_nss supports most ssl.* config options supported by mod_openssl

x-ref:
  "alternate ssl backend"
  https://redmine.lighttpd.net/issues/1218
 2020-07-08 22:51:32 -04:00