mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
15,099 Commits 38 Branches 307 Tags 74 MiB
00c2498543
Commit Graph

140 Commits

Author SHA1 Message Date
Howard Chu
a7870943f7 Fix TLS CTX ref counting 2006-07-02 22:38:01 +00:00
Howard Chu
15853f1e74 ITS#4583 use mutex around SSL_accept() 2006-06-08 19:35:42 +00:00
Howard Chu
25f81a48e6 Add SSL failure reason to TLS: can't connect message. 2006-05-13 00:29:28 +00:00
Howard Chu
eb0c92c7df Return rc for tls_init_def_ctx 2006-04-11 20:35:37 +00:00
Howard Chu
571ac24b33 Fix destruct sequencing 2006-04-07 02:41:58 +00:00
Howard Chu
9693c800bf Free/decrement SSL_CTX refcount when (re)setting it 2006-04-07 01:15:56 +00:00
Howard Chu
7709d4d89e Bump SSL_CTX refcount whenever it gets retrieved 2006-04-07 01:13:31 +00:00
Howard Chu
d18277eac9 ITS#4422, #4475 
Move TLS options into struct ldapoptions.
  Added ldap_int_tls_destroy()
  Added LDAP_OPT_X_TLS_NEWCTX to generate new SSL_CTX
 2006-04-07 00:52:38 +00:00
Howard Chu
fb4cba514d ITS#4354 only set DH callback if OPT_DHFILE has been set. 2006-01-19 18:12:15 +00:00
Kurt Zeilenga
acbb5cf689 Happy new year! 2006-01-03 23:11:52 +00:00
Howard Chu
146b2c5389 ITS#4082 tls ctx requirements are only applicable to servers, or clients 
with tls_opt_require_cert = TRY or DEMAND. Ignore requirements for clients.
 2005-11-08 13:42:10 +00:00
Pierangelo Masarati
a6453f28f8 silence warnings 2005-11-06 23:27:09 +00:00
Howard Chu
d67a2f2044 Move lconn_tls_ctx to ldo_tls_ctx. Otherwise clients cannot set it after 
ldap_initializ'ing an LD and before connecting on it. Really all of the
global TLS options belong in the ldapoptions struct, instead of static vars.
 2005-11-05 12:49:43 +00:00
Howard Chu
6fcfaedf90 ITS#4137 was returning with tls_def_ctx_mutex locked. 2005-11-02 23:43:19 +00:00
Howard Chu
4ebed09d81 ITS#4017, additional revisions for DH parameters 2005-10-28 05:35:19 +00:00
Kurt Zeilenga
0ea43c9d7d Assume TLS is properly configured if any one of 
keyfile, certfile, cacertfile, or cacertdir is
provided.  Note that TLS can be properly configured
without any of these when non-X.509 cipher suites
are used, so this might have be rethought.
 2005-10-12 20:31:04 +00:00
Howard Chu
f54bc26357 ITS#4072 ldap_pvt_tls_init_def_ctx() returns LDAP_NO_SUPPORT if not 
sufficiently configured. Update slapd/slurpd to act appropriately.
 2005-10-09 19:55:39 +00:00
Howard Chu
9095af5928 ITS#4017 support Diffie-Hellman parameters for multiple key lengths 2005-10-05 20:01:52 +00:00
Pierangelo Masarati
385aebc806 plug potential ld_error leak (ITS#4064) 2005-10-04 21:30:30 +00:00
Pierangelo Masarati
b3f366e0ba essentially address 3791 with a reworked patch 2005-08-11 15:13:29 +00:00
Pierangelo Masarati
ad62d9da1b expose ldap_tls_inplace() 2005-08-11 12:14:24 +00:00
Kurt Zeilenga
542f3634aa Add ldap_start_tls() and ldap_install_tls() to provide async version 
of ldap_start_tls_s().
 2005-02-01 23:53:17 +00:00
Kurt Zeilenga
dc0eacd40b Happy New Year! 2005-01-01 20:49:32 +00:00
Howard Chu
ae592801aa Add callbacks for client TLS connection establishment: 
LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG
with int (LDAP_TLS_CONNECT_CB) (LDAP *ld, SSL *ssl, SSL_CTX *ctx, void *arg)
To be called whenever the client library allocates a new SSL* handle.
 2004-11-23 03:48:09 +00:00
Ralf Haferkamp
93cec8b694 - Added autoconf test for CRL capable OpenSSL Version 
- #ifdef'd CRL checking code.
 2004-11-03 12:02:38 +00:00
Ralf Haferkamp
5704a2ef6e CRL checking options for ldap.conf and slapd.conf 2004-10-28 18:50:38 +00:00
Kurt Zeilenga
5f5d50aeb0 Add TLS cipher suite directive to ldap.conf(5) 2004-09-05 07:21:20 +00:00
Kurt Zeilenga
d611a4b49a unifdef -UNEW_LOGGING 2004-09-04 04:54:28 +00:00
Kurt Zeilenga
3484ddff18 cleanup 2004-06-22 20:20:47 +00:00
Kurt Zeilenga
5deea2b617 ITS#3134: support DNSname style wildcards in common name 
(This is not consistent with RFC 3280 or RFC 2830, but consistent
with current practices.)
Based upon patch submitted by Quanah Gibson-Mount <quanah@stanford.edu>.
 2004-05-19 02:47:30 +00:00
Kurt Zeilenga
7cfc2d1f37 back out last change 2004-04-25 04:46:45 +00:00
Kurt Zeilenga
b0830a744f Fail if default context is already initialized 2004-04-25 04:37:19 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Kurt Zeilenga
159de0f135 Updated notices and acknowledgements 2003-11-26 07:16:36 +00:00
Kurt Zeilenga
9184c3a18c Fix linking --with-cyrus-sasl and --without-tls 2003-10-17 04:27:32 +00:00
Kurt Zeilenga
2ed0725491 Fix typo in last commit 2003-05-06 15:00:58 +00:00
Kurt Zeilenga
ecb17fc30e ITS#2486: plug leak 2003-05-05 17:35:59 +00:00
Hallvard Furuseth
5ee9264465 Fix assignment of <char/int>* to unsigned <char/int>* and vice versa. 2003-05-02 13:29:28 +00:00
Howard Chu
1d2951bb5a For ITS#2424, move all SASL session management to ldap_int_sasl_bind. 2003-04-30 14:13:58 +00:00
Howard Chu
1874658ae3 More memory context tweaks 2003-04-11 01:02:08 +00:00
Kurt Zeilenga
cfd9449374 Mark a few error strings 2003-04-06 06:10:56 +00:00
Howard Chu
18df386b43 Fix ITS#2161, the check is meaningless anyway. 2003-01-30 00:28:36 +00:00
Hallvard Furuseth
120e39b533 Cast ctype.h arguments to unsigned char. 2003-01-19 14:05:23 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
d758296595 silence warnings 2002-12-23 12:02:29 +00:00
Howard Chu
0c2439f5ef Added subjectAltName:IPADDR tests to ldap_pvt_tls_check_hostname() 2002-12-18 21:43:17 +00:00
Hallvard Furuseth
3b591dd4f6 Fix const errors. 2002-12-11 08:30:29 +00:00
Pierangelo Masarati
256f5bbe57 silence warnings 2002-11-10 19:57:16 +00:00
Howard Chu
a9fed89e3f In sb_tls_bio_read/write, check for EAGAIN in addition to EWOULDBLOCK. 
According to read(2)/write(2) EAGAIN is the only one we're interested in.
Fixes HP-UX 11.
http://www.openldap.org/lists/openldap-software/200105/msg00564.html
 2002-10-11 06:22:24 +00:00
Howard Chu
af05dd5511 Set SSL session cache context ID 2002-09-04 07:17:31 +00:00