to validate input dn's BEFORE sending dn's to server.
Also fixed getfilter to use REG_EXTENDED|REG_NOSUB. (and fixed one
case where REG_BASIC was still used).
s/strdup/LDAP_STRDUP/
Added ldap_pvt_str2lower/upper
reflect its purpose. Modify switch to support REG_EXTENDED expressions.
Use REG_EXTENDED instead of REG_BASIC everywhere.
Modify <ac/regex.h> to support <gnuregex.h> for testing purposes.
Requires: env CPPFLAGS="-DHAVE_GNUREGEX_H=1" LIBS=-lgnuregex ./configure
Needs a bit more work.
- global net/api timeouts are not inherited on session creation.
- need configure check for inet_aton() (coming soon)
- ioctl/fcntl portability issues (should share implementation
with lber routines)
time, skipping the filter, for instance. Also, we were parsing
twice the scope and the filter. I think this change is right,
but could use more eyeballs...
not yet user-settable. Defaults "on" for now.
Partial support for temporary RSA keys, skeleton for DH.
Add call to X509V3_add_standard_extensions() on init, mod_ssl
does this too, but I am unsure about what it does.
Move management of client CA certificates to a new routine, since
it is going to get more complex than the current code.
be implemented.
The rest of this change mostly contains random ideas taken from
mod_ssl. The purpose is to get the repository in sync with the
code I am testing. I still can't manage to make Netscape send
its certificate to slapd, though it works with Apache/mod_ssl
(with the same certificates). Trying s_client against both
does not shed any light. If anyone manages to make it work,
please let us know.
More error checking and reporting.
Slowly getting there, SSL_accept succeeds now, but connection breaks
immediately after that (my glue logic with slapd is broken).
Change temporarily the default protocol from TLSv1 to SSLv3 with
fallback to SSLv2. This seems necessary for slapd to accept connections
from Netscape.
Try to set the cipher list in the default context. Does not semm to
work yet.
