-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) core: Fix a regression that stripped the ETag header from 304 responses.
+ PR 61820 [Ruediger Pluem, Roy T. Fielding]
+
+ *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This
+ allows modules to access and provide OCSP response data without being tied
+ of each other. The data is exchanged in standard, portable formats (PEM encoded
+ certificates and DER encoded responses), so that the actual SSL/crypto
+ implementations used by the modules are independant of each other.
+ Registration and retrieval happen in the context of a server (server_rec)
+ which modules may use to decide if they are configured for this or not.
+ The area of changes:
+ 1. core: defines 2 functions in include/http_ssl.h, so that modules may
+ register a certificate, together with its issuer certificate for OCSP
+ response provisioning and ask for current response data (DER bytes) later.
+ Also, 2 hooks are defined that allow modules to implement this OCSP
+ provisioning.
+ 2. mod_ssl uses the new functions, in addition to what it did already, to
+ register its certificates this way. If no one is interested in providing
+ OCSP, it falls back to its own (if configured) stapling implementation.
+ 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending
+ on configuration, it will accept registrations of its own certificates only,
+ all certificates or none.
+ [Stefan Eissing]
+
+ *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the
+ fallback to mod_proxy_http for WebSocket upgrade and tunneling.
+ [Yann Ylavic]
+
+ *) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic]
+
*) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem]
*) mod_md: Tolerate a missing "revokeCert" or "keyChange" resource.
+++ /dev/null
- *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This
- allows modules to access and provide OCSP response data without being tied
- of each other. The data is exchanged in standard, portable formats (PEM encoded
- certificates and DER encoded responses), so that the actual SSL/crypto
- implementations used by the modules are independant of each other.
- Registration and retrieval happen in the context of a server (server_rec)
- which modules may use to decide if they are configured for this or not.
- The area of changes:
- 1. core: defines 2 functions in include/http_ssl.h, so that modules may
- register a certificate, together with its issuer certificate for OCSP
- response provisioning and ask for current response data (DER bytes) later.
- Also, 2 hooks are defined that allow modules to implement this OCSP
- provisioning.
- 2. mod_ssl uses the new functions, in addition to what it did already, to
- register its certificates this way. If no one is interested in providing
- OCSP, it falls back to its own (if configured) stapling implementation.
- 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending
- on configuration, it will accept registrations of its own certificates only,
- all certificates or none.
- [Stefan Eissing]
projects / thirdparty / apache / httpd.git / commitdiff
