The Wayback Machine - https://web.archive.org/web/20230306010258/https://github.com/zmartzone/mod_auth_openidc/commits/master
Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Commits on Mar 2, 2023

  1. refactor passing libcURL SSL options 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Mar 2, 2023
    4f2803e

  2. allow setting minumum and maximum versions of TLS used in HTTPs calls 

    via libcurl environment variable CURLOPT_SSL_OPTIONS e.g.:
SetEnvIfExpr true "CURLOPT_SSL_OPTIONS=CURL_SSLVERSION_TLSv1_3
CURL_SSLVERSION_MAX_TLSv1_3" ; bump to 2.4.13rc3

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Mar 2, 2023
    4958b8b

Commits on Mar 1, 2023

  1. 2.4.13rc2: revert accidentally removed libbrotli code in jose.c 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Mar 1, 2023
    1b72242

Commits on Feb 23, 2023

  1. Merge branch 'master' of https://github.com/zmartzone/mod_auth_openid… 

    …c.git
    @zandbelt
    zandbelt committed Feb 23, 2023
    7f28e72

  2. move rsa_* parameter declarations to start of oidc_jwk_rsa_bio_to_jwk 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Feb 23, 2023
    57755af

Commits on Feb 20, 2023

  1. Merge pull request #1021 from trantor/patch-1 

    mod_auth_openidc.c : Space added in log message
    @zandbelt
    zandbelt committed Feb 20, 2023
    3d10512

  2. mod_auth_openidc.c : Space added in log message 

    Added missing space in log message
    @trantor
    trantor committed Feb 20, 2023
    ec828b7

  3. oidc_jwt_sign: copy payload to jwt.payload.value.str if not compressed 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Feb 20, 2023
    114b1a5

Commits on Feb 19, 2023

  1. add - optional compilation time - support for brotli compression 

    of session and state cookies

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Feb 19, 2023
    cf6f208

  2. conditionally find and use zlib compression 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Feb 19, 2023
    90f08c0

Commits on Feb 17, 2023

  1. 2.4.13rc0: compress session and state cookies; add zlib as a dependency 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Feb 17, 2023
    126f4bf

  2. avoid (small) memory leak when using OpenSSL 3.x 

    when setting public/private keys (over graceful restarts) in the config
and/or importing JWKs with x5c specs

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Feb 17, 2023
    2b0fd2c

Commits on Jan 30, 2023

  1. remove obsolete "used only in dynamic client registration" references 

    in auth_openidc.conf, since these values can be used now to enforce
algorithms used by the OP

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 30, 2023
    44cb9ef

Commits on Jan 27, 2023

  1. reorganize files in root/test 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 27, 2023
    d9d0a61

  2. warn about claims size >8Kb since that is a common header size limit 

    (undocumented) override the warning limit with something like:
  SetEnvIfExpr true OIDC_SESSION_WARN_CLAIM_SIZE=32768
to log warnings only for claim value sizes > 32Kb

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 27, 2023
    e3204db

  3. increase maximum size of HTTP responses; sanity check claim sizes 

    - allow large response sizes e.g. from the token endpoint up to 10Mb;
see #998; thanks @mikehearn
- do a sanity check on the individual size of claim values stored in the
session, warn about blacklisting if > 256Kb
- bump to 2.4.12.4rc1

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 27, 2023
    2865154

Commits on Jan 23, 2023

  1. release 2.4.12.3 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 23, 2023
    ea389b4

Commits on Jan 20, 2023

  1. fix OIDCOAuthVerifyCertFiles #989; add OIDCProviderVerifyCertFiles #990 

    - add OIDCProviderVerifyCertFiles option to statically configure ID
token validation keys; see #989; thanks @madsfreek
- fix bug in OIDCOAuthVerifyCertFiles where cert(s) would be cast to
apr_hash_t instead of apr_array_header_t; see #990; thanks @bommo1
- bump to 2.4.12.3rc0

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 20, 2023
    7882d73

Commits on Jan 6, 2023

  1. clarify discussions forum 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 6, 2023
    37b1917

  2. security link is provided by default 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 6, 2023
    1f5c123

  3. switch to issue forms 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 6, 2023
    cd6215f

Commits on Jan 2, 2023

  1. update references to openidc.com 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
    @zandbelt
    zandbelt committed Jan 2, 2023
    3a5bb8c

  2. update copyright year 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Jan 2, 2023
    6ae0fc9

Commits on Dec 28, 2022

  1. update sample/test Dockerfile to Ubuntu Jammy 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 28, 2022
    f6565a2

Commits on Dec 22, 2022

  1. ignore src/cache/hiredis- leftovers 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 22, 2022
    7369f2b

  2. fix typo in comments about HTML 5 storage type 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 22, 2022
    e27c098

Commits on Dec 19, 2022

  1. remove leftover comment 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 19, 2022
    d8bef0e

  2. remove leftover references to OIDCScrubRequestHeaders; see #981 

    thanks @benoitsln

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 19, 2022
    1f753b0

Commits on Dec 13, 2022

  1. release 2.4.12.2: CVE-2022-23527 prevent open redirect in default setup 

    i.e. when OIDCRedirectURLsAllowed is not configured, see:
GHSA-q6f2-285m-gr53

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 13, 2022
    87119f4

Commits on Dec 8, 2022

  1. add oidc_cache_redis_disconnect to redis.h 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 8, 2022
    1fc47e8

  2. simplify redis context code 

    bump to 2.4.12.2rc1

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 8, 2022
    24afeaf

Commits on Dec 2, 2022

  1. add Quentin Gillet and Brent van Laere to AUTHORS 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Dec 2, 2022
    d8fc1e7

Commits on Nov 18, 2022

  1. allow overriding the type of lock used at compile time with OIDC_LOCK 

    bump to 2.4.12.2rc0

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Nov 18, 2022
    8d79cd2

Commits on Nov 15, 2022

  1. release 2.4.12.1 

    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Nov 15, 2022
    c2f4d64

Commits on Nov 13, 2022

  1. cache file backend fix: delete the correct file upon logout 

    closes #955; thanks @damisanet

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
    @zandbelt
    zandbelt committed Nov 13, 2022
    6565f4c
Older