mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-15 03:01:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,235 Commits 38 Branches 307 Tags 74 MiB
06a895ff2c
Commit Graph

2235 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kurt Zeilenga
12f481d657 Import patches mistakenly applied to OPENLDAP_DEVEL_REFERRALS. 
ldap_modify: delete of last attribute value should delete attribute (ITS#229)
thr_nt: use sleep to yield
 1999-07-18 00:33:30 +00:00
Kurt Zeilenga
f92d01c2bb fix substring_comp_candidates logic if intersection of candidates 
is ever empty.  See ITS#228.
 1999-07-16 22:26:57 +00:00
Kurt Zeilenga
059ee8c86d (re)introduce o_connid such that STATS doesn't need c_mutex (which it 
didn't bother to acquire)...
 1999-07-16 22:24:32 +00:00
Julio Sánchez Fernández
661102431a Document -T and -P 1999-07-16 20:03:53 +00:00
Julio Sánchez Fernández
fbd4c530ba Document a few TLS options that do something. 1999-07-16 19:56:32 +00:00
Hallvard Furuseth
48bb692d01 Add comment that socklen_t should be used 1999-07-16 18:59:37 +00:00
Hallvard Furuseth
425bab2c47 Add comment thatPass socklen_t* instead of int* to getsockopt, accept, getpeername, recvfrom 1999-07-16 18:57:11 +00:00
Julio Sánchez Fernández
0053b27ce0 Look on connection_read() if it returns positive so it has a chance 
to exhaust all protocol units received from the transport layer.
I think this is the necessary fix for the TLS-data-ready/
socket-not-ready issue, but I have not experimented that problem
yet, so I am unsure about its effectiveness.
Now, do we need something like that for connection_write?  How would
we go about implementing it?
 1999-07-16 18:53:30 +00:00
Julio Sánchez Fernández
ea8669c37d Clear c_needs_tls_acccept on ldap_pvt_tls_accept errors 1999-07-16 18:48:13 +00:00
Hallvard Furuseth
5ab862aee7 Pass socklen_t* instead of int* to getsockopt, accept, getpeername, recvfrom 1999-07-16 18:43:10 +00:00
Kurt Zeilenga
973f936ce7 Fix typo in last commit. 1999-07-16 17:07:53 +00:00
Kurt Zeilenga
afba0527a5 Don't use non-portable "ln -s -f". 1999-07-16 17:04:10 +00:00
Julio Sánchez Fernández
68b508d2f0 Move calls to ldap_pvt_tls_accept to connection_read instead of 
connection_init so that we get into the select() logic.
Make use of new flags in the connection.
BTW, and before I forget, it sort of works.  I have connected with
a Netscape client using a secure connection and did a failed
search (my test database is empty), but the trace looked correct.
Make sure you have your CA certificate in your Netscape preinstalled.
Otherwise, the connection fails with error 0xFFFFFFFF that is rather
uninformative.
 1999-07-16 15:52:17 +00:00
Julio Sánchez Fernández
85acec922f We were not remembering the allocated SSL thing in the Sockbuf. 
Set flags without relying on errno (this change may be gratuitous
or wrong).
 1999-07-16 15:46:15 +00:00
Julio Sánchez Fernández
a4a675f987 Two new flags in Connection. One to indicate that it is a raw TLS 
section (that is, not SASL).  The second to indicate that we need to
do SSL_accept on this connection.
 1999-07-16 15:43:47 +00:00
Julio Sánchez Fernández
8af470a543 Fix syntax oid for type 2.16.840.1.113730.3.1.34 (ref) 1999-07-16 10:51:31 +00:00
Julio Sánchez Fernández
ac49f25f75 Definitely, 'dn' and 'distinguishedName' are different things. The 
former is a pseudo attribute type used internally by slapd to represent
the distinguished name of an entry and its existance should not be
visible.  The latter is an "abstract" attribute type that is not meant
to exist in practice except as supertype of other dn-valued types.
So, the definition of attribute type 2.5.4.49 has been changed to be
just distinguishedName.  Work on the OPENLDAP_DEVEL_SCHEMA branch will
treat pseudo attributes especially and will not be visible to the
clients.
 1999-07-16 10:39:40 +00:00
Julio Sánchez Fernández
fd8b582aa9 We should stop using SSL to refer to TLS. This is a first step. 1999-07-16 10:28:51 +00:00
Kurt Zeilenga
afa4fde7c4 Add use ldap_*_ext() routines in clients project. 
Remove server side controls.
Add Digest-MD5 project.
 1999-07-16 03:03:34 +00:00
Kurt Zeilenga
73276e84ae Import experimental referral implementation from OPENLDAP_DEVEL_REFERRALS. 
Includes support for update referral for each replicated backend.
	Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world.  Still testing in LDAPv3 world.
Added default referral (test009) test.
 1999-07-16 02:45:46 +00:00
Kurt Zeilenga
9568a013a8 Backend lock wasn't being released properly. 1999-07-16 00:16:54 +00:00
Julio Sánchez Fernández
edb1d671f8 Initialize the TLS environment *after* reading the config files. 1999-07-15 21:07:01 +00:00
Julio Sánchez Fernández
fd49eacc4b Parse more TLS options in slapd.conf 1999-07-15 21:05:08 +00:00
Julio Sánchez Fernández
7a64fcf7b3 Set ciphers from slapd.conf. 
More error checking and reporting.
Slowly getting there, SSL_accept succeeds now, but connection breaks
immediately after that (my glue logic with slapd is broken).
 1999-07-15 21:03:47 +00:00
Julio Sánchez Fernández
27bcfd696d More options for TLS 1999-07-15 20:58:47 +00:00
Kurt Zeilenga
c7425738bb Add missing arg to Debug macro call 1999-07-15 20:00:05 +00:00
Julio Sánchez Fernández
d92c7c1c7d A couple of options for TLS configuration. Still a conflict here, 
the default context is initialized before the config file is read,
so the locations are not know at context initialization.
 1999-07-15 15:04:02 +00:00
Julio Sánchez Fernández
41de66a0b2 New routine tls_report_error to analyze errors from OpenSSL 
Change temporarily the default protocol from TLSv1 to SSLv3 with
fallback to SSLv2.  This seems necessary for slapd to accept connections
from Netscape.
Try to set the cipher list in the default context.  Does not semm to
work yet.
 1999-07-15 14:59:09 +00:00
Hallvard Furuseth
5bcdf362f3 Remove duplicate 'static' 1999-07-14 23:28:56 +00:00
Hallvard Furuseth
eb9f0359ef fix typo in rm command 1999-07-14 23:13:34 +00:00
Julio Sánchez Fernández
1df71e1814 Get rid of two compilation warnings. One is thought to be properly 
taken care of.  The second, however, on remove_old_locks is unclear.
 1999-07-14 19:51:35 +00:00
Julio Sánchez Fernández
e74ff638ba Parsing of flag -T was falling through to the default case. 
Init the TLS environment if necessary.  Lots of things needed here,
in particular, preparing properly the default context.
 1999-07-14 19:49:39 +00:00
Julio Sánchez Fernández
6d75d0f8fb connection_init now takes one more argument that indicates whether to 
use TLS right away or not on that connection.
 1999-07-14 19:44:18 +00:00
Kurt Zeilenga
6cd03236c1 Update configure due to Hallvard's openldap.m4 change 1999-07-14 17:50:40 +00:00
Kurt Zeilenga
2ce7c6859f Match xrpcomp change in devel 1999-07-14 17:07:39 +00:00
Julio Sánchez Fernández
c18d6e7ecf Only bind on TLS port if explicitly requested with -T, otherwise all 
kind of conflicts happen when running tests.
 1999-07-14 13:39:30 +00:00
Julio Sánchez Fernández
5b7babdee4 Bind and listen on TLS port too 1999-07-14 13:16:13 +00:00
Julio Sánchez Fernández
8542e45380 Extend slapd_args with TLS info 1999-07-14 13:14:54 +00:00
Julio Sánchez Fernández
153bf433ae Define LDAP_TLS_PORT as 636, the default port for LDAP over raw TLS 1999-07-14 13:12:51 +00:00
Hallvard Furuseth
5d19e04366 Fix typo in socklen_t comment (signal.h -> sys/types.h and sys/socket.h) 1999-07-14 12:08:58 +00:00
Julio Sánchez Fernández
184a966329 Fix detection of socklen_t 
Rebuild configure to reflect that
 1999-07-14 11:13:32 +00:00
Kurt Zeilenga
cbb5553b03 Newer versions of OpenSSL install headers in $prefix/include/openssl... 1999-07-14 00:03:52 +00:00
Julio Sánchez Fernández
509fdc1e6d Deal with sb_trans_needs_read and sb_trans_needs_write 1999-07-13 19:40:10 +00:00
Julio Sánchez Fernández
eeec88a8c4 Add a couple of control flags to sockbufs and macros to test them. 1999-07-13 19:38:01 +00:00
Julio Sánchez Fernández
710f697fb7 Get and set TLS options 1999-07-13 19:34:07 +00:00
Kurt Zeilenga
3a80a89061 Rebuild configure with TLS changes 1999-07-13 19:32:58 +00:00
Julio Sánchez Fernández
70fe83b1d2 First version with TLS. Untested. 1999-07-13 19:32:51 +00:00
Julio Sánchez Fernández
43fba8fcb1 First version with TLS. Untested. 1999-07-13 19:30:41 +00:00
Julio Sánchez Fernández
97a681910e Options for TLS 1999-07-13 19:29:19 +00:00
Julio Sánchez Fernández
739466b85d Add tls.c 
Add use of TLS_LIBS so that test tools compile
 1999-07-13 19:27:33 +00:00