From thomas2.klute at uni-dortmund.de Tue Jun 21 20:22:18 2016 From: thomas2.klute at uni-dortmund.de (Thomas Klute) Date: Tue, 21 Jun 2016 20:22:18 +0200 Subject: [mod_gnutls-devel] ALPHA release: mod_gnutls 0.8.0-alpha Message-ID: <576985DA.8010000@uni-dortmund.de> Hello everyone, I've just uploaded the mod_gnutls/0.8.0-alpha tag to the mod.gnutls.org git repository [1] and my mirror on Github [2]. The biggest improvements are OCSP stapling support, proper locking for the DBM cache, and a bunch of fixed memory leaks affecting TLS proxy requests and config parsing. OCSP stapling is not yet release ready unless you're willing to provide the OCSP responses externally (see "Known Issues" below), but I'd like to get some feedback on the current state and the other changes, hence this alpha release. Help is welcome, too, though I recommend contacting me to avoid duplicated work. ;-) Changelog since version 0.7.5: * New: Support for OCSP stapling * Bugfix: Access to DBM cache is locked using global mutex "gnutls-cache" * Bugfix: GnuTLSSessionTickets is now disabled by default as described in the handbook * Fixed memory leak while checking proxy backend certificate * Fixed memory leaks in post_config * Safely delete session ticket key (requires GnuTLS >= 3.4) * Improved error handling in post_config hook * Various handbook updates * Unused code has been removed (conditionals for GnuTLS 2.x and Apache versions before 2.2, internal Lua bytecode structure last used in 2011). * Test suite: Fixed locking for access to the PGP keyring of the test certificate authority * mod_gnutls can be built using Clang (unsupported) Known Issues: * OCSP cache refresh stalls other requests on the virtual host and other vhosts that need a cache refresh at the same time. Requests to vhosts with a fresh response in the cache or OCSP stapling disabled are not affected. * Rate limiting for OCSP requests is not yet implemented. You can work around both issues using the GnuTLSOCSPResponseFile option. Regards, Thomas [1] https://mod.gnutls.org/git/mod_gnutls [2] https://github.com/airtower-luna/mod_gnutls.git -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: