time, skipping the filter, for instance. Also, we were parsing
twice the scope and the filter. I think this change is right,
but could use more eyeballs...
by <who> <access> changed to by <who>+ <access> (joined with AND)
added peername=<regex> sockname=<regex> url=<regex>
removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower. Use where needed.
not yet user-settable. Defaults "on" for now.
Partial support for temporary RSA keys, skeleton for DH.
Add call to X509V3_add_standard_extensions() on init, mod_ssl
does this too, but I am unsure about what it does.
Move management of client CA certificates to a new routine, since
it is going to get more complex than the current code.
be implemented.
The rest of this change mostly contains random ideas taken from
mod_ssl. The purpose is to get the repository in sync with the
code I am testing. I still can't manage to make Netscape send
its certificate to slapd, though it works with Apache/mod_ssl
(with the same certificates). Trying s_client against both
does not shed any light. If anyone manages to make it work,
please let us know.
Includes support for update referral for each replicated backend.
Reworked replication test to use update referral.
Includes major rewrite of response encoding codes (result.c).
Includes reworked alias support and eliminates old suffix alias codes
(can be emulated using named alias).
Includes (untested) support for the Manage DSA IT control.
Works in LDAPv2 world. Still testing in LDAPv3 world.
Added default referral (test009) test.
More error checking and reporting.
Slowly getting there, SSL_accept succeeds now, but connection breaks
immediately after that (my glue logic with slapd is broken).
Change temporarily the default protocol from TLSv1 to SSLv3 with
fallback to SSLv2. This seems necessary for slapd to accept connections
from Netscape.
Try to set the cipher list in the default context. Does not semm to
work yet.
specific which methods may be used. This will facilate development
of a slapd config directive "passwordMethod ..." to specify which
methods should be allowed.