Commit Graph

1841 Commits

Author SHA1 Message Date
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Howard Chu
79d90c3935 ITS#8050 fix ldap_get_option(LDAP_OPT_SESSION_REFCNT) 2015-02-04 03:16:20 +00:00
Howard Chu
e2b4366044 ITS#8028 fix ldap_new_connection 2015-01-21 01:02:12 +00:00
Howard Chu
fccca0ead9 Minor cleanup (coverity) 2015-01-14 16:59:54 +00:00
Howard Chu
bf4ed09c5e Plug leak (coverity) 2015-01-14 14:16:24 +00:00
Howard Chu
ae6347bac1 ITS#8022 an async connect may still succeed immediately 2015-01-12 22:27:58 +00:00
Howard Chu
234931acb0 ITS#8001 fix ldap_sync_initialize 2014-12-10 22:58:33 +00:00
Mark Reynolds
7a7d941943 ITS#7979 MozNSS fix for TLS_PROTOCOL_MIN
Fix NSS code to check for TLS_PROCOTOL_MIN, and then set the SSL
version range(min and max). Also updated SSL version string map
table to support up to TLSv1.3
2014-11-13 15:11:40 +00:00
Howard Chu
d06073d0d6 Fix a1e3b1cf3c
copy/paste error
2014-10-15 11:11:08 +01:00
Howard Chu
b36bd703d7 ITS#7967 fix abandon regression
From ITS#7712, avoid double-free of request
2014-10-15 11:08:29 +01:00
Kurt Zeilenga
a1e3b1cf3c Fix pointer incompatibility issue on some platforms
Don't assume tv_sec is a time_t.
2014-10-10 11:56:31 -07:00
Howard Chu
eef1ca007f ITS#7027 actually implement RFC 2782 shuffle 2014-07-21 22:17:21 -07:00
Howard Chu
31995b535e ITS#7027 fix bugs in prev commit 2014-07-21 22:12:22 -07:00
James M Leddy
5de85b922a ITS#7027 Implement priority/weight for DNS SRV records
From RFC 2782:

  A client MUST attempt to contact the target host with the
  lowest-numbered priority it can reach.

This patch sorts the DNS SRV records by their priority, and
additionally gives records with a larger weight a higher probability
of appearing earlier. This way, the DNS SRV records are tried in the
order of their priority.
2014-07-21 19:31:59 -07:00
Howard Chu
3102cbbd55 ITS#7859 more for revert 2014-07-11 12:38:16 -07:00
Howard Chu
189f312d64 ITS#7859 refix
This was actually broken by 65e163d2, ITS#6947. Reverting both
of those changes and fixing #6947 again.
2014-07-11 12:29:15 -07:00
Ryan Tandy
7d2f9c6277 ITS#7877 assume gnutls is at least 2.12.0 2014-06-30 20:08:38 -07:00
Ryan Tandy
0fd0f24f03 ITS#7877 assume gnutls provides cipher suites 2014-06-30 20:08:17 -07:00
Ryan Tandy
829027945f ITS#7877 use nettle instead of gcrypt 2014-06-30 20:07:41 -07:00
Howard Chu
71ff674a02 ITS#7871 fix ldif-wrap length
Doc has been updated to note the default was actually 78.
The off-by-two error is fixed. Note that wrap=1 will still
output 2 columns, otherwise it can't output anything besides
the continuation character.
2014-06-04 00:52:01 -07:00
Howard Chu
b22a614224 ITS#7859 fix to read 4096-character lines 2014-05-26 11:08:14 -07:00
Howard Chu
106a4b90aa More for ITS#4365 refix CR/LF handling
Was rejecting "-\r\n" in input LDIF
2014-02-07 00:31:23 -08:00
Kurt Zeilenga
5c878c1bf2 Happy new year (belated) 2014-01-25 05:21:25 -08:00
Howard Chu
14868fcab6 ITS#7783 workaround stupid NSPR bug
free(NULL) is supposed to be safe. "Portable wrapper libraries"
that fail to preserve this behavior are inherently broken.
But then again, this is Mozilla code, so that's redundant.
2014-01-12 13:51:09 -08:00
Pierangelo Masarati
2358b35c58 fix years old cut'n'paste 2013-12-28 11:12:42 +01:00
Howard Chu
79b12f2f93 ITS#7762 shortcut NULL RDNs 2013-12-11 04:41:48 -08:00
Howard Chu
80e6316d37 ITS#7759 avoid assert in parse_passwdpolicy_control 2013-12-07 08:36:14 -08:00
Howard Chu
f8efeb4278 ITS#7757 plug memleak 2013-12-03 14:16:20 -08:00
Stef Walter
743a9783d5 ITS#7694 Fix use of IPv6 with LDAP_CONNECTIONLESS
LDAP_CONNECTIONLESS code assumed that the size of an peer address
is equal to or smaller than sizeof (struct sockaddr).

Fix to use struct sockaddr_storage instead which is intended for
this purpose. Use getnameinfo() where appropriate so we don't
assume anything about the contents of struct sockaddr
2013-10-10 10:26:28 -07:00
Emily Backes
85003d8a54 ITS#7712 Fix lock ordering in libldap abandon 2013-09-30 15:31:27 -07:00
Quanah Gibson-Mount
1a712bf18e Enable features that were hidden behind LDAP_DEVEL 2013-09-19 09:50:52 -07:00
Howard Chu
16f8b0902c ITS#7398 add LDAP_OPT_X_TLS_PEERCERT
retrieve peer cert for an active TLS session
2013-09-10 04:31:39 -07:00
Howard Chu
0045e56c34 ITS#7683 more for tls version/cipher info
Add LDAP_OPT_X_TLS_VERSION / LDAP_OPT_X_TLS_CIPHER for
retrieving from an LDAP session handle. Update ldap_get_option(3).
2013-09-09 11:52:10 -07:00
Howard Chu
721e46fe66 ITS#7595 don't try to use EC if OpenSSL lacks it 2013-09-08 06:32:23 -07:00
Howard Chu
7d6d6944c5 ITS#7683 log tls prot/cipher info
Note: I could not test the MozNSS patch due to the absence of
NSS PEM support on my machine. Given the review comments in
https://bugzilla.mozilla.org/show_bug.cgi?id=402712 I doubt that
trustworthy PEM support will be appearing for MozNSS any time soon.
2013-09-07 12:22:09 -07:00
Howard Chu
e631ce808e ITS#7595 Add Elliptic Curve support for OpenSSL 2013-09-07 09:47:40 -07:00
Howard Chu
0205e83f46 ITS#7430 GnuTLS: Avoid use of deprecated function 2013-09-07 09:41:46 -07:00
Howard Chu
3e100bb54d Add GnuTLS channel binding support 2013-09-07 09:38:47 -07:00
Howard Chu
cb00bb0218 Fix double-free on ciphersuite parse failure
GnuTLS does an implicit free on failure.
2013-09-07 08:58:25 -07:00
Howard Chu
cfeb28412c ITS#7506 fix prev commit
The patch unconditionally enabled DHparams, which is a significant
change of behavior. Reverting to previous behavior, which only enables
DH use if a DHparam file was configured.
2013-09-07 06:39:53 -07:00
Ben Jencks
6f120920d3 ITS#7506 tls_o.c: Fix Diffie-Hellman parameter usage.
If a DHParamFile or olcDHParamFile is specified, then it will be used,
otherwise a hardcoded 1024 bit parameter will be used. This allows the use of
larger parameters; previously only 512 or 1024 bit parameters would ever be
used.
2013-09-07 06:33:39 -07:00
Howard Chu
a72d1ffe0f ITS#7506 cleanup prev commit 2013-09-07 06:31:58 -07:00
Ben Jencks
622d13a32e ITS#7506 tls_g.c: Properly support DHParamFile.
If a DHParamFile or olcDHParamFile is specified then it will be loaded. This
allows use of DHE/EDH cipher suites which was previously impossible with
GnuTLS.
2013-09-07 06:29:14 -07:00
Howard Chu
ca310ebff4 Add channel binding support
Currently only implemented for OpenSSL.
Needs an option to set the criticality flag.
2013-08-26 23:31:48 -07:00
Philip Guenther
c6cf495247 ITS#7645 more OpenSSL TLS versions 2013-07-29 07:01:15 -07:00
Stef Walter
ffe383c27b ITS#7583 Fix ldap_init_fd() for LDAP_PROTO_UDP
ldap_init_fd() tried to handle UDP sockets but was missing
certain key pieces to make it work. Fill in the address and
set the UDP flag correctly.
2013-05-23 12:40:09 -07:00
Howard Chu
63312f109f ITS#7582 CLDAP, avoid ref to uninit'd memory 2013-05-23 12:36:15 -07:00
Howard Chu
1e68029078 Drop ldap_int_sasl_mutex
It was introduced for Cyrus 1.5 in 2001; we've been on 2.x since 2002 and
Cyrus does its own locking when needed.
2013-04-24 00:52:52 -07:00
Howard Chu
461db2de1a ITS#7497 fix lineno overflow in ldif_read_record() 2013-01-23 02:19:02 +00:00
David Bender
8f52aa24d3 ITS#7476 Prevent EINTR from stopping otherwise successful connect 2013-01-09 09:11:35 -08:00