[mod_gnutls-devel] ALPHA release: mod_gnutls 0.8.0-alpha
Thomas Klute
thomas2.klute at uni-dortmund.de
Tue Jun 21 20:22:18 CEST 2016
Hello everyone,
I've just uploaded the mod_gnutls/0.8.0-alpha tag to the mod.gnutls.org
git repository [1] and my mirror on Github [2]. The biggest improvements
are OCSP stapling support, proper locking for the DBM cache, and a bunch
of fixed memory leaks affecting TLS proxy requests and config parsing.
OCSP stapling is not yet release ready unless you're willing to provide
the OCSP responses externally (see "Known Issues" below), but I'd like
to get some feedback on the current state and the other changes, hence
this alpha release. Help is welcome, too, though I recommend contacting
me to avoid duplicated work. ;-)
Changelog since version 0.7.5:
* New: Support for OCSP stapling
* Bugfix: Access to DBM cache is locked using global mutex
"gnutls-cache"
* Bugfix: GnuTLSSessionTickets is now disabled by default as described
in the handbook
* Fixed memory leak while checking proxy backend certificate
* Fixed memory leaks in post_config
* Safely delete session ticket key (requires GnuTLS >= 3.4)
* Improved error handling in post_config hook
* Various handbook updates
* Unused code has been removed (conditionals for GnuTLS 2.x and Apache
versions before 2.2, internal Lua bytecode structure last used in
2011).
* Test suite: Fixed locking for access to the PGP keyring of the test
certificate authority
* mod_gnutls can be built using Clang (unsupported)
Known Issues:
* OCSP cache refresh stalls other requests on the virtual host and
other vhosts that need a cache refresh at the same time. Requests to
vhosts with a fresh response in the cache or OCSP stapling disabled
are not affected.
* Rate limiting for OCSP requests is not yet implemented.
You can work around both issues using the GnuTLSOCSPResponseFile
option.
Regards,
Thomas
[1] https://mod.gnutls.org/git/mod_gnutls
[2] https://github.com/airtower-luna/mod_gnutls.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160621/8afff636/attachment.sig>
More information about the mod_gnutls-devel
mailing list