- Since the update to NSS 3.35, the default NSS certificate
database format changed from Berkley DB to SQLite
- use %license tag
- Update to 1.0.15
* Try to auto-detect the NSS database format if not specified
* Update nss_pcache.8 man page to drop directory and prefix
* When a token is configured in password file only authenticate once
* Return an error when NSSPassPhraseDialog is invalid
* Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+
* Add -Werror=implicit-function-declaration to CFLAGS
* Handle group membership when testing for file permissions
* NSS system-wide policy now disables SSLv3, don't use it in tests
* Add missing error messages for libssl errors
* Fix doc typo in SSL_[SERVER|CLIENT]_SAN_IPaddr env variable name
* When including additional test config use specific extension
* Fix the TLS Session ID cache
* Make an invalid protocol setting fatal
* Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init()
* Add info log message when FIPS is enabled
* Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types
* Fix removal of CR from PEM certificates
* Add OCSP caching and timeout tuning knobs
* Check the NSS database directory permissions as well as the files
inside it for read access on startup.
* Add in simple aliases for ciphers to fix those that
don't follow the pattern (dhe_rsa_aes_128_sha256,
dhe_rsa_aes_256_sha256) and those with typos
(camelia_128_sha, camelia_256_sha)
* Fix semaphore leak (forwarded request 584463 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/585105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_nss?expand=0&rev=28
- don't disable SSLV2, because it doesn't work with NSS 3.24
(boo#993642)
* add mod_nss-dont_disable_SSLV2.patch
- remove deprecated NSSSessionCacheTimeout option from mod_nss.conf.in
(bsc#998176)
- change ownership of the gencert generated NSS database so apache
can read it (bsc#998180)
* add mod_nss-gencert-correct-ownership.patch
- use correct configuration path in mod_nss.conf.in (bsc#996282)
- remove %post migration code from the old alias directory
- generate dummy certificates if there aren't any in mod_nss.d (forwarded request 427944 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/428095
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_nss?expand=0&rev=22
- update to 1.0.14 (fixes boo#973996)
* OpenSSL ciphers stopped parsing at +, CVE-2016-3099
* Created valgrind suppression files to ease debugging
* Implement SSL_PPTYPE_FILTER to call executables to get
the key password pins. Can be used to prompt with systemd.
* Improvements to migrate.pl
- drop mod_nss_migrate.pl and use upstream migrate script instead
* add mod_nss-migrate.patch (forwarded request 390295 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/390637
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_nss?expand=0&rev=20
