diff options
| author | Yann Ylavic <ylavic@apache.org> | 2021-05-17 13:54:02 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2021-05-17 13:54:02 +0000 |
| commit | c3685c7a960c572f83d74ddbae23f7087a129979 (patch) | |
| tree | 7b2caf620d69807bcd2204348ab23225132c8b83 /CHANGES | |
| parent | c9ffde1c33e3e893ea39e1fa58eed21e49429882 (diff) | |
| download | httpd-c3685c7a960c572f83d74ddbae23f7087a129979.tar.gz | |
Sync CHANGES entries. [skip ci]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889961 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 30 |
1 files changed, 30 insertions, 0 deletions
@@ -1,6 +1,36 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) core: Fix a regression that stripped the ETag header from 304 responses. + PR 61820 [Ruediger Pluem, Roy T. Fielding] + + *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This + allows modules to access and provide OCSP response data without being tied + of each other. The data is exchanged in standard, portable formats (PEM encoded + certificates and DER encoded responses), so that the actual SSL/crypto + implementations used by the modules are independant of each other. + Registration and retrieval happen in the context of a server (server_rec) + which modules may use to decide if they are configured for this or not. + The area of changes: + 1. core: defines 2 functions in include/http_ssl.h, so that modules may + register a certificate, together with its issuer certificate for OCSP + response provisioning and ask for current response data (DER bytes) later. + Also, 2 hooks are defined that allow modules to implement this OCSP + provisioning. + 2. mod_ssl uses the new functions, in addition to what it did already, to + register its certificates this way. If no one is interested in providing + OCSP, it falls back to its own (if configured) stapling implementation. + 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending + on configuration, it will accept registrations of its own certificates only, + all certificates or none. + [Stefan Eissing] + + *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the + fallback to mod_proxy_http for WebSocket upgrade and tunneling. + [Yann Ylavic] + + *) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic] + *) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] *) mod_md: Tolerate a missing "revokeCert" or "keyChange" resource. |