mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
13,633 Commits 38 Branches 307 Tags 74 MiB
2f63454973
Commit Graph

127 Commits

Author SHA1 Message Date
Howard Chu
6fcfaedf90 ITS#4137 was returning with tls_def_ctx_mutex locked. 2005-11-02 23:43:19 +00:00
Howard Chu
4ebed09d81 ITS#4017, additional revisions for DH parameters 2005-10-28 05:35:19 +00:00
Kurt Zeilenga
0ea43c9d7d Assume TLS is properly configured if any one of 
keyfile, certfile, cacertfile, or cacertdir is
provided.  Note that TLS can be properly configured
without any of these when non-X.509 cipher suites
are used, so this might have be rethought.
 2005-10-12 20:31:04 +00:00
Howard Chu
f54bc26357 ITS#4072 ldap_pvt_tls_init_def_ctx() returns LDAP_NO_SUPPORT if not 
sufficiently configured. Update slapd/slurpd to act appropriately.
 2005-10-09 19:55:39 +00:00
Howard Chu
9095af5928 ITS#4017 support Diffie-Hellman parameters for multiple key lengths 2005-10-05 20:01:52 +00:00
Pierangelo Masarati
385aebc806 plug potential ld_error leak (ITS#4064) 2005-10-04 21:30:30 +00:00
Pierangelo Masarati
b3f366e0ba essentially address 3791 with a reworked patch 2005-08-11 15:13:29 +00:00
Pierangelo Masarati
ad62d9da1b expose ldap_tls_inplace() 2005-08-11 12:14:24 +00:00
Kurt Zeilenga
542f3634aa Add ldap_start_tls() and ldap_install_tls() to provide async version 
of ldap_start_tls_s().
 2005-02-01 23:53:17 +00:00
Kurt Zeilenga
dc0eacd40b Happy New Year! 2005-01-01 20:49:32 +00:00
Howard Chu
ae592801aa Add callbacks for client TLS connection establishment: 
LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG
with int (LDAP_TLS_CONNECT_CB) (LDAP *ld, SSL *ssl, SSL_CTX *ctx, void *arg)
To be called whenever the client library allocates a new SSL* handle.
 2004-11-23 03:48:09 +00:00
Ralf Haferkamp
93cec8b694 - Added autoconf test for CRL capable OpenSSL Version 
- #ifdef'd CRL checking code.
 2004-11-03 12:02:38 +00:00
Ralf Haferkamp
5704a2ef6e CRL checking options for ldap.conf and slapd.conf 2004-10-28 18:50:38 +00:00
Kurt Zeilenga
5f5d50aeb0 Add TLS cipher suite directive to ldap.conf(5) 2004-09-05 07:21:20 +00:00
Kurt Zeilenga
d611a4b49a unifdef -UNEW_LOGGING 2004-09-04 04:54:28 +00:00
Kurt Zeilenga
3484ddff18 cleanup 2004-06-22 20:20:47 +00:00
Kurt Zeilenga
5deea2b617 ITS#3134: support DNSname style wildcards in common name 
(This is not consistent with RFC 3280 or RFC 2830, but consistent
with current practices.)
Based upon patch submitted by Quanah Gibson-Mount <quanah@stanford.edu>.
 2004-05-19 02:47:30 +00:00
Kurt Zeilenga
7cfc2d1f37 back out last change 2004-04-25 04:46:45 +00:00
Kurt Zeilenga
b0830a744f Fail if default context is already initialized 2004-04-25 04:37:19 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Kurt Zeilenga
159de0f135 Updated notices and acknowledgements 2003-11-26 07:16:36 +00:00
Kurt Zeilenga
9184c3a18c Fix linking --with-cyrus-sasl and --without-tls 2003-10-17 04:27:32 +00:00
Kurt Zeilenga
2ed0725491 Fix typo in last commit 2003-05-06 15:00:58 +00:00
Kurt Zeilenga
ecb17fc30e ITS#2486: plug leak 2003-05-05 17:35:59 +00:00
Hallvard Furuseth
5ee9264465 Fix assignment of <char/int>* to unsigned <char/int>* and vice versa. 2003-05-02 13:29:28 +00:00
Howard Chu
1d2951bb5a For ITS#2424, move all SASL session management to ldap_int_sasl_bind. 2003-04-30 14:13:58 +00:00
Howard Chu
1874658ae3 More memory context tweaks 2003-04-11 01:02:08 +00:00
Kurt Zeilenga
cfd9449374 Mark a few error strings 2003-04-06 06:10:56 +00:00
Howard Chu
18df386b43 Fix ITS#2161, the check is meaningless anyway. 2003-01-30 00:28:36 +00:00
Hallvard Furuseth
120e39b533 Cast ctype.h arguments to unsigned char. 2003-01-19 14:05:23 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
d758296595 silence warnings 2002-12-23 12:02:29 +00:00
Howard Chu
0c2439f5ef Added subjectAltName:IPADDR tests to ldap_pvt_tls_check_hostname() 2002-12-18 21:43:17 +00:00
Hallvard Furuseth
3b591dd4f6 Fix const errors. 2002-12-11 08:30:29 +00:00
Pierangelo Masarati
256f5bbe57 silence warnings 2002-11-10 19:57:16 +00:00
Howard Chu
a9fed89e3f In sb_tls_bio_read/write, check for EAGAIN in addition to EWOULDBLOCK. 
According to read(2)/write(2) EAGAIN is the only one we're interested in.
Fixes HP-UX 11.
http://www.openldap.org/lists/openldap-software/200105/msg00564.html
 2002-10-11 06:22:24 +00:00
Howard Chu
af05dd5511 Set SSL session cache context ID 2002-09-04 07:17:31 +00:00
Howard Chu
f83d30a727 Fix previous commit - still need X509_free for peer cert. 
Just not for local/my cert.
 2002-09-04 02:28:42 +00:00
Howard Chu
5d062ef54c Don't call X509_free after SSL_get_certificate, it's not a duplicate. 2002-09-04 01:56:09 +00:00
Howard Chu
17493164ea Fix previous commit 2002-08-31 06:23:46 +00:00
Howard Chu
e3304da727 OS/390 EBCDIC support 2002-08-31 05:14:43 +00:00
Howard Chu
d9eac72099 ITS#1995 return error text when ldap_pvt_tls_check_hostname fails 2002-08-01 03:23:29 +00:00
Howard Chu
5dc098dab0 Wrap get_ca_list opendir code with #if HAVE_DIRENT_H || dirent to avoid 
compile errors on incompatible build platforms.
 2002-07-24 19:36:03 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Howard Chu
07ffaeaac8 ITS#1924 use GENERAL_NAMES_free instead of ext_free. 2002-07-05 21:59:02 +00:00
Howard Chu
6f8b100f6b Finish implementation of get_ca_list() 2002-06-14 06:09:24 +00:00
Howard Chu
3590877b77 Initialize authid in case ldap_pvt_tls_get_my_dn fails 2002-05-04 01:32:41 +00:00
Howard Chu
0390a171b9 Changed default tls_opt_require_cert value to LDAP_OPT_X_TLS_DEMAND; force 
a fatal error when TLS server cert verification fails.

Changed ldap_pvt_tls_check_hostname to return LDAP_SUCCESS when no cert is
found: this can now only occur if tls_opt_require_cert was explicitly set
to NEVER or ALLOW.

In tls_verify_cb, added a text translation of the verification error code
to the debug message.
 2002-05-04 00:05:48 +00:00
Kurt Zeilenga
d82d018f20 add an RFC 2849 check... but behind #if 0 as I'm now thinking this 
is not appropriate.
 2002-05-01 04:40:26 +00:00
Kurt Zeilenga
96483c8dcd cleanup before working on changes 2002-05-01 04:23:59 +00:00