mod_auth_openid

This release adds support for HTML form submission (POSTs) per the 2.0 spec, adds a cookie path option, and is now using a more secure (more random) nonce.

The ability to specify an external program for authorization. No longer clears attribute exchange parameters; see the Wiki page for attribute exchange. A fix for a bug involving custom auth cookie names. A fix for a bug that left openid params in the referrer param after a custom login page redirect. A fix for a bug that resulted in the referrer param not having HTTP/S set correctly. A fix for a bug that resulted in an auth error when too many requests were hitting Session DB. A fix for a bug that set REMOTE_USER to normalized id rather than claimed id.

This release adds support for the OpenID 2.0 spec (support for the 1.1 spec is still maintained). Support for BDB has been removed; this release supports SQLite only.

A 302 Redirect issue was fixed. AuthOpenIDEnabled
is now allowed in .htaccess files. Links on the
default login page were fixed.

The openid.ax and openid.sreg parameters are no longer cleansed from URLs. An AuthOpenIDServerName configuration option has been added. The dependency on libpcre++ has been removed (libpcre is still required). A modauthopenid.referrer parameter has been added that is passed on to login pages. The code has been updated to work with the libopkele version 3 API.