aboutsummaryrefslogtreecommitdiffstats
path: root/README
blob: 557ba777cbf5627ff495d62b8dfbb583035436f9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

mod_gnutls 

This module started back in September of 2004 because I was tired of trying to
fix bugs in mod_ssl.  mod_ssl is a giant beast of a module -- no offense to it's 
authors is intended -- but I believe it has fallen prey to massive feature bloat.

When I started hacking on httpd, mod_ssl remained a great mystery to me, and 
when I actually looked at it, I ran away.  The shear ammount code is huge, and it 
does not conform to the style guidelines.  It was painful to read, and even harder
to debug.  I wanted to understand how it worked, and I had recently heard about 
GnuTLS, so long story short, I decided to implement a mod_gnutls.

Lines of Code in mod_ssl: 15,324
Lines of Code in mod_gnutls: 1,886

Because of writing mod_gnutls, I now understand how input and output filters work, 
better than I ever thought possible.  It was a little painful at times, and some parts
lift code and ideas directly from mod_ssl. Kudos to the original authors of mod_ssl.

----------------------------

Author: Paul Querna <chip force-elite.com

License: Apache Software License v2.0. (see the LICENSE file for details)

Current Status:
- SSL and TLS connections with all popular browsers work!
- Sets some enviromental vars for scripts
- Supports Memcached as a distributed SSL Session Cache
- Supports DBM as a local SSL Session Cache

Future Development:
- Support for Server Name Indication (partial support is in, but disabled)
- Support for Client Certificates

Basic Configuration:

LoadModule gnutls_module  modules/mod_gnutls.so

# mod_gnutls can optionaly use a memcached server to store it's SSL Sessions.
# This is useful in a cluster enviroment, where you want all of your servers 
# to share a single SSL Session Cache.
#GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"

# The Default method is to use a DBM backed Cache.  It isn't super fast, but 
# it is portable and does not require another server to be running like memcached.
GnuTLSCache dbm conf/gnutls_cache

<VirtualHost 1.2.3.4:443>
    # insert other directives ... here ...

    # This enables the mod_gnutls Handlers for this Virtual Host
    GnuTLSEnable On

    # This is the Private key for your server.
    GnuTLSKeyFile conf/server.key

    # This is the Server Certificate.  
    GnuTLSCertificateFile conf/server.cert
</VirtualHost>
generated by cgit (git 2.34.1) at 2026-03-10 21:20:53 +0000
kos Mavrogiannopoulos 2010-06-27 * Corrected issue with firefox and long post data (had to do ...Gravatar Nokis Mavrogiannopoulos 2010-03-15 * On connection termination be polite and send a bye (common handling of EOC an...Gravatar Nokis Mavrogiannopoulos 2009-07-21 * removed APR_BUCKET_IS_EOS. Doesn't seem appropriate at this point.Gravatar Nokis Mavrogiannopoulos 2009-07-21 * More fixes related to bug #102Gravatar Nokis Mavrogiannopoulos 2009-07-20 * Applied patch of jmdesp that allows certificate lists by client.Gravatar Nokis Mavrogiannopoulos 2009-07-20 * only call gnutls_bye on non null gnutls session.Gravatar Nokis Mavrogiannopoulos 2009-07-20 * Avoid requesting certificate from client when we already have it. Patch by Al...Gravatar Nokis Mavrogiannopoulos 2009-06-30 * Applied patch by AlainKnaff to correctly verify certificates per directory. P...Gravatar Nokis Mavrogiannopoulos 2009-06-30 * set srp username to empty string. Solves http://issues.outoforder.cc/view.php...Gravatar Nokis Mavrogiannopoulos 2009-06-30 * Try to avoid bug http://issues.outoforder.cc/view.php?id=102Gravatar Nokis Mavrogiannopoulos 2009-06-30 * Allow openpgp certificates that have infinite expiration time. Suggestion by ...