[mod_gnutls-devel] TLS proxy support for mod_gnutls

Thomas Klute thomas2.klute at uni-dortmund.de
Fri Apr 3 01:04:30 CEST 2015

Hi everyone,

this week I finally had time to implement some test cases for the TLS
proxy support added a while ago [1].

I now consider TLS proxy functional, though there's still room for
improvement: Checking the validity of the server certificate using OCSP
or CRLs would be good. However, neither of these is available for client
authentication, so I suppose my additions are at least on par with
preexisting code there. ;-)

While writing the proxy tests, I also improved the test suite and got
rid of the foreground sleep calls (well, almost - if you compile with
MSVA support, there'll be one) in favor of proper locking and background
waits, which massively speeds up the test suite.

As usual, feedback and patches are welcome.

And by the way, my security patch for TLS client auth made it into
Debian (and probably other distributions) a few weeks ago [2]. :-)


[1] https://github.com/airtower-luna/mod_gnutls/commits/tls-proxy
[2] https://www.debian.org/security/2015/dsa-3177

More information about the mod_gnutls-devel mailing list