Ralf Haferkamp
5704a2ef6e
CRL checking options for ldap.conf and slapd.conf
2004-10-28 18:50:38 +00:00
Kurt Zeilenga
5f5d50aeb0
Add TLS cipher suite directive to ldap.conf(5)
2004-09-05 07:21:20 +00:00
Kurt Zeilenga
d611a4b49a
unifdef -UNEW_LOGGING
2004-09-04 04:54:28 +00:00
Kurt Zeilenga
3484ddff18
cleanup
2004-06-22 20:20:47 +00:00
Kurt Zeilenga
5deea2b617
ITS#3134: support DNSname style wildcards in common name
...
(This is not consistent with RFC 3280 or RFC 2830, but consistent
with current practices.)
Based upon patch submitted by Quanah Gibson-Mount <quanah@stanford.edu>.
2004-05-19 02:47:30 +00:00
Kurt Zeilenga
7cfc2d1f37
back out last change
2004-04-25 04:46:45 +00:00
Kurt Zeilenga
b0830a744f
Fail if default context is already initialized
2004-04-25 04:37:19 +00:00
Kurt Zeilenga
3c598e89fb
Happy new year
2004-01-01 19:15:16 +00:00
Kurt Zeilenga
159de0f135
Updated notices and acknowledgements
2003-11-26 07:16:36 +00:00
Kurt Zeilenga
9184c3a18c
Fix linking --with-cyrus-sasl and --without-tls
2003-10-17 04:27:32 +00:00
Kurt Zeilenga
2ed0725491
Fix typo in last commit
2003-05-06 15:00:58 +00:00
Kurt Zeilenga
ecb17fc30e
ITS#2486: plug leak
2003-05-05 17:35:59 +00:00
Hallvard Furuseth
5ee9264465
Fix assignment of <char/int>* to unsigned <char/int>* and vice versa.
2003-05-02 13:29:28 +00:00
Howard Chu
1d2951bb5a
For ITS#2424, move all SASL session management to ldap_int_sasl_bind.
2003-04-30 14:13:58 +00:00
Howard Chu
1874658ae3
More memory context tweaks
2003-04-11 01:02:08 +00:00
Kurt Zeilenga
cfd9449374
Mark a few error strings
2003-04-06 06:10:56 +00:00
Howard Chu
18df386b43
Fix ITS#2161, the check is meaningless anyway.
2003-01-30 00:28:36 +00:00
Hallvard Furuseth
120e39b533
Cast ctype.h arguments to unsigned char.
2003-01-19 14:05:23 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
d758296595
silence warnings
2002-12-23 12:02:29 +00:00
Howard Chu
0c2439f5ef
Added subjectAltName:IPADDR tests to ldap_pvt_tls_check_hostname()
2002-12-18 21:43:17 +00:00
Hallvard Furuseth
3b591dd4f6
Fix const errors.
2002-12-11 08:30:29 +00:00
Pierangelo Masarati
256f5bbe57
silence warnings
2002-11-10 19:57:16 +00:00
Howard Chu
a9fed89e3f
In sb_tls_bio_read/write, check for EAGAIN in addition to EWOULDBLOCK.
...
According to read(2)/write(2) EAGAIN is the only one we're interested in.
Fixes HP-UX 11.
http://www.openldap.org/lists/openldap-software/200105/msg00564.html
2002-10-11 06:22:24 +00:00
Howard Chu
af05dd5511
Set SSL session cache context ID
2002-09-04 07:17:31 +00:00
Howard Chu
f83d30a727
Fix previous commit - still need X509_free for peer cert.
...
Just not for local/my cert.
2002-09-04 02:28:42 +00:00
Howard Chu
5d062ef54c
Don't call X509_free after SSL_get_certificate, it's not a duplicate.
2002-09-04 01:56:09 +00:00
Howard Chu
17493164ea
Fix previous commit
2002-08-31 06:23:46 +00:00
Howard Chu
e3304da727
OS/390 EBCDIC support
2002-08-31 05:14:43 +00:00
Howard Chu
d9eac72099
ITS#1995 return error text when ldap_pvt_tls_check_hostname fails
2002-08-01 03:23:29 +00:00
Howard Chu
5dc098dab0
Wrap get_ca_list opendir code with #if HAVE_DIRENT_H || dirent to avoid
...
compile errors on incompatible build platforms.
2002-07-24 19:36:03 +00:00
Julius Enarusai
6107ba67d2
Coverted LDAP_LOG macro to use subsystem ID int values instead of string values
2002-07-11 20:33:24 +00:00
Howard Chu
07ffaeaac8
ITS#1924 use GENERAL_NAMES_free instead of ext_free.
2002-07-05 21:59:02 +00:00
Howard Chu
6f8b100f6b
Finish implementation of get_ca_list()
2002-06-14 06:09:24 +00:00
Howard Chu
3590877b77
Initialize authid in case ldap_pvt_tls_get_my_dn fails
2002-05-04 01:32:41 +00:00
Howard Chu
0390a171b9
Changed default tls_opt_require_cert value to LDAP_OPT_X_TLS_DEMAND; force
...
a fatal error when TLS server cert verification fails.
Changed ldap_pvt_tls_check_hostname to return LDAP_SUCCESS when no cert is
found: this can now only occur if tls_opt_require_cert was explicitly set
to NEVER or ALLOW.
In tls_verify_cb, added a text translation of the verification error code
to the debug message.
2002-05-04 00:05:48 +00:00
Kurt Zeilenga
d82d018f20
add an RFC 2849 check... but behind #if 0 as I'm now thinking this
...
is not appropriate.
2002-05-01 04:40:26 +00:00
Kurt Zeilenga
96483c8dcd
cleanup before working on changes
2002-05-01 04:23:59 +00:00
Howard Chu
de3e81cebb
Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result
...
in dn parameter and return a result code.
2002-04-30 13:50:56 +00:00
Howard Chu
5528772f23
In ldap_int_tls_start, authid is very temporary, not const.
2002-04-19 04:35:16 +00:00
Howard Chu
202aa8c793
Fix memory leak in previous commit
2002-04-18 16:02:02 +00:00
Howard Chu
17ae956518
Added ldap_X509dn2bv()
...
deleted ldap_pvt_tls_get_peer()
changed ldap_pvt_tls_get_peer_dn() to use ldap_X509dn2bv()
added ldap_pvt_tls_get_my_dn()
2002-04-18 12:29:30 +00:00
Pierangelo Masarati
4a8ab5dbf2
Mostly based on patches provided by Hallvard B. Furuseth
...
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required
Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
ambiguous operator precedence)
Kurt, please regenerate configure
2002-04-08 09:43:22 +00:00
Howard Chu
5c70106657
ITS#1708 ldap_pvt_tls_sb_ctx() et al
2002-04-05 06:48:03 +00:00
Kurt Zeilenga
b0b8546f05
Patch: More format bugs (ITS#1702)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
2002-04-02 18:56:26 +00:00
Julius Enarusai
e86782aab9
Added LDAP_LOG messages
2002-04-01 23:39:36 +00:00
Kurt Zeilenga
fcf9f451a5
Copyright 2001, Adrian Thurston, All rights reserved.
...
This software is not subject to any license of
Xandros Corporation.
This is free software; you can redistribute and use it under the same
terms as OpenLDAP itself.
-------------------------------------------------------------------
This patch adds an option to ldap_get_option which can be called after
ldap_start_tls in order to obtain the pointer to the SSL object used
2002-03-11 03:39:08 +00:00
Howard Chu
63a4a19732
Send a warning to the client if we try to use a bad cert.
2002-01-27 03:48:08 +00:00
Howard Chu
c3c85b4062
Extended TLS_REQCERT/TLSVerifyClient syntax to 4 states: never,allow,try,
...
and hard/demand.
2002-01-27 02:56:18 +00:00
Howard Chu
c81d2bb855
Fix, errno was incorrect after SSL_read returned 0 bytes, caused slapd to
...
close the connection prematurely.
2002-01-26 13:43:22 +00:00