openldap

mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00

Author	SHA1	Message	Date
Kurt Zeilenga	5c878c1bf2	Happy new year (belated)	2014-01-25 05:21:25 -08:00
Howard Chu	16f8b0902c	ITS#7398 add LDAP_OPT_X_TLS_PEERCERT retrieve peer cert for an active TLS session	2013-09-10 04:31:39 -07:00
Howard Chu	721e46fe66	ITS#7595 don't try to use EC if OpenSSL lacks it	2013-09-08 06:32:23 -07:00
Howard Chu	7d6d6944c5	ITS#7683 log tls prot/cipher info Note: I could not test the MozNSS patch due to the absence of NSS PEM support on my machine. Given the review comments in https://bugzilla.mozilla.org/show_bug.cgi?id=402712 I doubt that trustworthy PEM support will be appearing for MozNSS any time soon.	2013-09-07 12:22:09 -07:00
Howard Chu	e631ce808e	ITS#7595 Add Elliptic Curve support for OpenSSL	2013-09-07 09:47:40 -07:00
Howard Chu	cfeb28412c	ITS#7506 fix prev commit The patch unconditionally enabled DHparams, which is a significant change of behavior. Reverting to previous behavior, which only enables DH use if a DHparam file was configured.	2013-09-07 06:39:53 -07:00
Ben Jencks	6f120920d3	ITS#7506 tls_o.c: Fix Diffie-Hellman parameter usage. If a DHParamFile or olcDHParamFile is specified, then it will be used, otherwise a hardcoded 1024 bit parameter will be used. This allows the use of larger parameters; previously only 512 or 1024 bit parameters would ever be used.	2013-09-07 06:33:39 -07:00
Howard Chu	ca310ebff4	Add channel binding support Currently only implemented for OpenSSL. Needs an option to set the criticality flag.	2013-08-26 23:31:48 -07:00
Philip Guenther	c6cf495247	ITS#7645 more OpenSSL TLS versions	2013-07-29 07:01:15 -07:00
Kurt Zeilenga	0fd1bf30b8	Happy New Year	2013-01-02 10:22:57 -08:00
Howard Chu	bb921063e0	ITS#7194 fix IPv6 URL detection	2012-03-08 19:35:44 -08:00
Hallvard Furuseth	1a931a86ee	Silence 'assign away const' warning	2012-01-24 01:45:51 +01:00
Kurt Zeilenga	2bbf9804b9	Happy New Year!	2012-01-01 07:10:53 -08:00
Kurt Zeilenga	966cef8c9a	Happy New Year	2011-01-05 00:42:37 +00:00
Hallvard Furuseth	16b7df8397	ITS#6625 Remove some LDAP_R_COMPILEs	2010-12-06 11:31:58 +00:00
Kurt Zeilenga	3dadeb3efe	happy belated New Year	2010-04-13 22:17:29 +00:00
Howard Chu	86c361cdb8	In tmp_rsa_cb, new API is in 0.9.8 inclusive, not exclusive	2010-04-12 03:21:05 +00:00
Hallvard Furuseth	7b22b22202	ITS#6355: Fix uninitialiezed lso_tmp_rsa_cb() return value	2009-10-30 17:08:57 +00:00
Ralf Haferkamp	8fcdc29405	In case of certificate verification failures include failure reason into the error message (openssl only)	2009-09-30 16:25:23 +00:00
Howard Chu	e0431681ad	On OpenSSL 0.9.8 and newer, use RSA_generate_key_ex since RSA_generate_key is deprecated	2009-09-25 23:31:24 +00:00
Pierangelo Masarati	9abaf38d1f	silence warnings	2009-08-19 12:23:27 +00:00
Hallvard Furuseth	791035d93f	Fix last commit: cast strcasecmp unsigned char* to char*	2009-08-07 21:46:25 +00:00
Howard Chu	e229b7c398	In session_chkhost get the last CN, not the first.	2009-08-07 11:59:42 +00:00
Howard Chu	d4f2a06887	Check for CN length match as well in chkhost	2009-07-30 21:52:09 +00:00
Howard Chu	de91bde800	ITS#6192 add all digests. Also stop using SSLeay-compatible function names, we're only concerned with OpenSSL these days.	2009-07-01 23:46:36 +00:00
Howard Chu	a1861fd162	ITS#5849 patch was wrong, don't X509_free session cert	2009-03-02 17:43:38 +00:00
Howard Chu	b886c2ad8a	ITS#5937 fix ancient IPv6 typo	2009-02-10 13:27:22 +00:00
Howard Chu	f9fd0f0cc4	ITS#5655 for new structure	2009-01-26 02:16:46 +00:00
Howard Chu	4dff3e6807	Switch to using modular TLS code, single-implementation version	2009-01-26 02:06:45 +00:00
Kurt Zeilenga	4af9eb9715	Update copyright notices	2009-01-22 00:40:04 +00:00
Howard Chu	187efdad6c	ITS#5849 free peer cert after retrieving DN	2008-12-05 09:00:24 +00:00
Howard Chu	a225b02f17	Modular TLS support, proof of concept. tls2.c would replace tls.c, but I'm leaving tls.c intact for now.	2008-08-13 16:18:51 +00:00

32 Commits