Howard Chu
52a7af8230
ITS#4815 get_option for TLS Cipher Suite was not implemented
2007-01-24 23:38:26 +00:00
Kurt Zeilenga
da6d9eb046
happy new year
2007-01-02 20:00:42 +00:00
Howard Chu
7540751392
ITS#4723 add CRYPTO_set_id_callback
2006-11-30 06:37:12 +00:00
Howard Chu
8e48a3c317
ITS#4726 call ldap_pvt_tls_init() in init_ctx() to make sure initialization
...
is done
2006-11-09 23:00:38 +00:00
Howard Chu
57c329a3af
ITS#4606 errno is not per-thread on WIN32, always use WSAGet/SetLastError
...
(with notable exceptions: ignore tests for EINTR which winsock never sets)
2006-09-14 06:35:34 +00:00
Howard Chu
a7870943f7
Fix TLS CTX ref counting
2006-07-02 22:38:01 +00:00
Howard Chu
15853f1e74
ITS#4583 use mutex around SSL_accept()
2006-06-08 19:35:42 +00:00
Howard Chu
25f81a48e6
Add SSL failure reason to TLS: can't connect message.
2006-05-13 00:29:28 +00:00
Howard Chu
eb0c92c7df
Return rc for tls_init_def_ctx
2006-04-11 20:35:37 +00:00
Howard Chu
571ac24b33
Fix destruct sequencing
2006-04-07 02:41:58 +00:00
Howard Chu
9693c800bf
Free/decrement SSL_CTX refcount when (re)setting it
2006-04-07 01:15:56 +00:00
Howard Chu
7709d4d89e
Bump SSL_CTX refcount whenever it gets retrieved
2006-04-07 01:13:31 +00:00
Howard Chu
d18277eac9
ITS#4422, #4475
...
Move TLS options into struct ldapoptions.
Added ldap_int_tls_destroy()
Added LDAP_OPT_X_TLS_NEWCTX to generate new SSL_CTX
2006-04-07 00:52:38 +00:00
Howard Chu
fb4cba514d
ITS#4354 only set DH callback if OPT_DHFILE has been set.
2006-01-19 18:12:15 +00:00
Kurt Zeilenga
acbb5cf689
Happy new year!
2006-01-03 23:11:52 +00:00
Howard Chu
146b2c5389
ITS#4082 tls ctx requirements are only applicable to servers, or clients
...
with tls_opt_require_cert = TRY or DEMAND. Ignore requirements for clients.
2005-11-08 13:42:10 +00:00
Pierangelo Masarati
a6453f28f8
silence warnings
2005-11-06 23:27:09 +00:00
Howard Chu
d67a2f2044
Move lconn_tls_ctx to ldo_tls_ctx. Otherwise clients cannot set it after
...
ldap_initializ'ing an LD and before connecting on it. Really all of the
global TLS options belong in the ldapoptions struct, instead of static vars.
2005-11-05 12:49:43 +00:00
Howard Chu
6fcfaedf90
ITS#4137 was returning with tls_def_ctx_mutex locked.
2005-11-02 23:43:19 +00:00
Howard Chu
4ebed09d81
ITS#4017, additional revisions for DH parameters
2005-10-28 05:35:19 +00:00
Kurt Zeilenga
0ea43c9d7d
Assume TLS is properly configured if any one of
...
keyfile, certfile, cacertfile, or cacertdir is
provided. Note that TLS can be properly configured
without any of these when non-X.509 cipher suites
are used, so this might have be rethought.
2005-10-12 20:31:04 +00:00
Howard Chu
f54bc26357
ITS#4072 ldap_pvt_tls_init_def_ctx() returns LDAP_NO_SUPPORT if not
...
sufficiently configured. Update slapd/slurpd to act appropriately.
2005-10-09 19:55:39 +00:00
Howard Chu
9095af5928
ITS#4017 support Diffie-Hellman parameters for multiple key lengths
2005-10-05 20:01:52 +00:00
Pierangelo Masarati
385aebc806
plug potential ld_error leak (ITS#4064)
2005-10-04 21:30:30 +00:00
Pierangelo Masarati
b3f366e0ba
essentially address 3791 with a reworked patch
2005-08-11 15:13:29 +00:00
Pierangelo Masarati
ad62d9da1b
expose ldap_tls_inplace()
2005-08-11 12:14:24 +00:00
Kurt Zeilenga
542f3634aa
Add ldap_start_tls() and ldap_install_tls() to provide async version
...
of ldap_start_tls_s().
2005-02-01 23:53:17 +00:00
Kurt Zeilenga
dc0eacd40b
Happy New Year!
2005-01-01 20:49:32 +00:00
Howard Chu
ae592801aa
Add callbacks for client TLS connection establishment:
...
LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG
with int (LDAP_TLS_CONNECT_CB) (LDAP *ld, SSL *ssl, SSL_CTX *ctx, void *arg)
To be called whenever the client library allocates a new SSL* handle.
2004-11-23 03:48:09 +00:00
Ralf Haferkamp
93cec8b694
- Added autoconf test for CRL capable OpenSSL Version
...
- #ifdef'd CRL checking code.
2004-11-03 12:02:38 +00:00
Ralf Haferkamp
5704a2ef6e
CRL checking options for ldap.conf and slapd.conf
2004-10-28 18:50:38 +00:00
Kurt Zeilenga
5f5d50aeb0
Add TLS cipher suite directive to ldap.conf(5)
2004-09-05 07:21:20 +00:00
Kurt Zeilenga
d611a4b49a
unifdef -UNEW_LOGGING
2004-09-04 04:54:28 +00:00
Kurt Zeilenga
3484ddff18
cleanup
2004-06-22 20:20:47 +00:00
Kurt Zeilenga
5deea2b617
ITS#3134: support DNSname style wildcards in common name
...
(This is not consistent with RFC 3280 or RFC 2830, but consistent
with current practices.)
Based upon patch submitted by Quanah Gibson-Mount <quanah@stanford.edu>.
2004-05-19 02:47:30 +00:00
Kurt Zeilenga
7cfc2d1f37
back out last change
2004-04-25 04:46:45 +00:00
Kurt Zeilenga
b0830a744f
Fail if default context is already initialized
2004-04-25 04:37:19 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Kurt Zeilenga
159de0f135
Updated notices and acknowledgements
2003-11-26 07:16:36 +00:00
Kurt Zeilenga
9184c3a18c
Fix linking --with-cyrus-sasl and --without-tls
2003-10-17 04:27:32 +00:00
Kurt Zeilenga
2ed0725491
Fix typo in last commit
2003-05-06 15:00:58 +00:00
Kurt Zeilenga
ecb17fc30e
ITS#2486: plug leak
2003-05-05 17:35:59 +00:00
Hallvard Furuseth
5ee9264465
Fix assignment of <char/int>* to unsigned <char/int>* and vice versa.
2003-05-02 13:29:28 +00:00
Howard Chu
1d2951bb5a
For ITS#2424, move all SASL session management to ldap_int_sasl_bind.
2003-04-30 14:13:58 +00:00
Howard Chu
1874658ae3
More memory context tweaks
2003-04-11 01:02:08 +00:00
Kurt Zeilenga
cfd9449374
Mark a few error strings
2003-04-06 06:10:56 +00:00
Howard Chu
18df386b43
Fix ITS#2161, the check is meaningless anyway.
2003-01-30 00:28:36 +00:00
Hallvard Furuseth
120e39b533
Cast ctype.h arguments to unsigned char.
2003-01-19 14:05:23 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
d758296595
silence warnings
2002-12-23 12:02:29 +00:00