Skip to content

@zandbelt zandbelt released this Oct 24, 2018 · 1 commit to master since this release

Features

  • add support for OAuth 2.0 Client Certificate Bound Access Tokens, see: https://www.ietf.org/id/draft-ietf-oauth-mtls-12.txt setting an environment variable TB_SSL_CLIENT_CERT_FINGERPRINT with the base64url encoded value of the SHA256 hash of the DER representation of the certificate

Notes

Assets 6

@zandbelt zandbelt released this Sep 13, 2018 · 5 commits to master since this release

Features

  • use (unpatched) OpenSSL 1.1.1 with modifications to token_bind

Bugfixes

  • also set Sec-Token-Binding-Context (if configured) when a verified Token Binding ID is found in the cache

Notes

Assets 5

@zandbelt zandbelt released this Aug 8, 2018 · 9 commits to master since this release

Features

  • allow specifying custom OpenSSL 1.1.x path to configure with --with-openssl=<dir>

Packaging

  • add CentOS 7 RPM

Notes

  • Depends on OpenSSL 1.1.x and Apache >= 2.4.26
Assets 4

@zandbelt zandbelt released this Aug 6, 2018 · 10 commits to master since this release

version 0.4.0: use standard mod_ssl primitives for registering hooks

so that mod_token_binding works with any stock Apache 2.x version now >=
2.4.26

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Assets 2

@zandbelt zandbelt released this Sep 13, 2017 · 21 commits to master since this release

support for TokenBindingPassVar; closes #1

- make the information/variables that are passed configurable through: 
  TokenBindingPassVar [provided|referred|context]+
- bump to version 0.3.5

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Assets 2

@zandbelt zandbelt released this Aug 2, 2017 · 23 commits to master since this release

version 0.3.4: support draft-ietf-tokbind-ttrp-01

prefix header/envvar names with "Sec-" conform
https://tools.ietf.org/html/draft-ietf-tokbind-ttrp-01

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Assets 2

@zandbelt zandbelt released this Jul 18, 2017 · 25 commits to master since this release

version 0.3.3: always remove Sec-Token-Binding header

conform draft-campbell-tokbind-ttrp-01#section-2.2

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Assets 2
You can’t perform that action at this time.