Howard Chu
738723866e
ITS#8717 call connection delete callbacks
...
When TLS fails to start
2017-09-06 21:46:09 +01:00
Ryan Tandy
431c4af526
ITS#8648 init SASL library in global init
2017-05-07 21:29:44 +00:00
Ryan Tandy
e437b12277
ITS#8648 check result of ldap_int_initialize in ldap_{get,set}_option
2017-05-07 20:16:25 +00:00
Ryan Tandy
7b5181da8c
ITS#8650 retry gnutls_handshake after GNUTLS_E_AGAIN
2017-05-06 22:50:13 +00:00
Howard Chu
9e051001d4
Add GnuTLS support for direct DER config of cacert/cert/key
...
Followon to b402a2805f
2017-04-10 00:21:08 +01:00
Howard Chu
2e011eeb67
Fixup cacert option
2017-04-09 15:39:13 +01:00
Howard Chu
83fb515555
Fixup cacert/cert/key options
...
Add get_option support, allow delete by setting a NULL arg.
2017-04-09 14:49:48 +01:00
Howard Chu
b402a2805f
Add options to use DER format cert+keys directly
...
Instead of loading from files.
2017-04-09 00:13:42 +01:00
Quanah Gibson-Mount
eb8f1a7247
ITS#8353, ITS#8533 - Cleanup for libldap_r
2017-04-07 13:39:11 -07:00
Quanah Gibson-Mount
6ced84af79
ITS#8353, ITS#8533 - Fix libldap_r compilation
2017-04-06 15:12:02 -07:00
Quanah Gibson-Mount
01cbb7f4c6
ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later
2017-04-06 11:47:06 -07:00
Howard Guo
4962dd6083
ITS#8529 Avoid hiding the error if user specified CA does not load
...
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.
This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
2017-02-22 09:56:17 -08:00
Howard Chu
9773f43b11
ITS#8585 Fail ldap_result if handle is already bad
2017-02-07 13:00:05 +00:00
Howard Chu
2bf650d95e
ITS#8533 OpenSSL 1.1.0c compat
2017-01-11 14:12:45 +00:00
Quanah Gibson-Mount
1df85d3427
Happy New Year!
2017-01-03 12:36:47 -08:00
Howard Chu
283f3ae171
ITS#8385 Fix use-after-free with GnuTLS
2016-03-12 11:03:29 +00:00
Howard Chu
6bb6d5e3c6
ITS#8353 more for OpenSSL 1.1 compat
...
tmp_rsa callback has been removed from OpenSSL 1.1
Use new X509_NAME accessor function to retrieve DER bytes
2016-01-31 03:29:28 +00:00
Quanah Gibson-Mount
6c4d6c880b
Happy New Year!
2016-01-29 13:32:05 -06:00
Howard Chu
f3a7bf79db
ITS#8353 partial fix
...
Use newly added SSL_CTX_up_ref()
Still waiting for X509_NAME accessor
2016-01-26 18:06:46 +00:00
Howard Chu
f2d0aa7d22
ITS#8353 partial fixes
...
ERR_remove_state() is deprecated since OpenSSL 1.0.0
Use X509_NAME_ENTRY_get_object() instead of direct access.
2016-01-21 18:05:42 +00:00
Howard Chu
597ce61000
ITS#8295 fix Windows microsecond timer
...
Also add ldap_pvt_gettimeofday() to
emulate gettimeofday on Windows
2015-10-28 13:49:25 +00:00
Howard Chu
28a02271f0
ITS#8273 Windows file:// URL fixup
2015-10-19 08:52:28 +01:00
Howard Chu
db3175eaba
ITS#8262 more
...
extended ops
2015-10-02 05:14:53 +01:00
Howard Chu
34ccd14f3e
ITS#8262 add ldap_build_*_req functions
...
Basic ops except abandon and unbind; since they get no reply
it's not important for the caller to know their msgID.
2015-10-02 05:02:15 +01:00
Howard Chu
e75fbc953f
ITS#8201 LDAPSTACKGUARD feature
2015-07-16 18:58:23 +01:00
Howard Chu
4796f01209
ITS#8195 fix ITS#7027 regression, port number sign bit overflow
...
Another bug from 5de85b922a
2015-07-12 11:14:33 +01:00
Hallvard Furuseth
17853783df
Silence warnings
2015-05-04 21:07:02 +02:00
Mikko Auvinen
de76b8d1ce
ITS#8093 add LDAP_X_CONNECTING error string
2015-04-01 20:54:54 +01:00
Howard Chu
7aefa46b37
ITS#8090 fix for async connect
2015-04-01 20:54:12 +01:00
Quanah Gibson-Mount
1705fa7e55
Happy New Year
2015-02-11 15:36:57 -06:00
Howard Chu
79d90c3935
ITS#8050 fix ldap_get_option(LDAP_OPT_SESSION_REFCNT)
2015-02-04 03:16:20 +00:00
Howard Chu
e2b4366044
ITS#8028 fix ldap_new_connection
2015-01-21 01:02:12 +00:00
Howard Chu
fccca0ead9
Minor cleanup (coverity)
2015-01-14 16:59:54 +00:00
Howard Chu
bf4ed09c5e
Plug leak (coverity)
2015-01-14 14:16:24 +00:00
Howard Chu
ae6347bac1
ITS#8022 an async connect may still succeed immediately
2015-01-12 22:27:58 +00:00
Howard Chu
234931acb0
ITS#8001 fix ldap_sync_initialize
2014-12-10 22:58:33 +00:00
Mark Reynolds
7a7d941943
ITS#7979 MozNSS fix for TLS_PROTOCOL_MIN
...
Fix NSS code to check for TLS_PROCOTOL_MIN, and then set the SSL
version range(min and max). Also updated SSL version string map
table to support up to TLSv1.3
2014-11-13 15:11:40 +00:00
Howard Chu
d06073d0d6
Fix a1e3b1cf3c
...
copy/paste error
2014-10-15 11:11:08 +01:00
Howard Chu
b36bd703d7
ITS#7967 fix abandon regression
...
From ITS#7712, avoid double-free of request
2014-10-15 11:08:29 +01:00
Kurt Zeilenga
a1e3b1cf3c
Fix pointer incompatibility issue on some platforms
...
Don't assume tv_sec is a time_t.
2014-10-10 11:56:31 -07:00
Howard Chu
eef1ca007f
ITS#7027 actually implement RFC 2782 shuffle
2014-07-21 22:17:21 -07:00
Howard Chu
31995b535e
ITS#7027 fix bugs in prev commit
2014-07-21 22:12:22 -07:00
James M Leddy
5de85b922a
ITS#7027 Implement priority/weight for DNS SRV records
...
From RFC 2782:
A client MUST attempt to contact the target host with the
lowest-numbered priority it can reach.
This patch sorts the DNS SRV records by their priority, and
additionally gives records with a larger weight a higher probability
of appearing earlier. This way, the DNS SRV records are tried in the
order of their priority.
2014-07-21 19:31:59 -07:00
Howard Chu
3102cbbd55
ITS#7859 more for revert
2014-07-11 12:38:16 -07:00
Howard Chu
189f312d64
ITS#7859 refix
...
This was actually broken by 65e163d2
, ITS#6947. Reverting both
of those changes and fixing #6947 again.
2014-07-11 12:29:15 -07:00
Ryan Tandy
7d2f9c6277
ITS#7877 assume gnutls is at least 2.12.0
2014-06-30 20:08:38 -07:00
Ryan Tandy
0fd0f24f03
ITS#7877 assume gnutls provides cipher suites
2014-06-30 20:08:17 -07:00
Ryan Tandy
829027945f
ITS#7877 use nettle instead of gcrypt
2014-06-30 20:07:41 -07:00
Howard Chu
71ff674a02
ITS#7871 fix ldif-wrap length
...
Doc has been updated to note the default was actually 78.
The off-by-two error is fixed. Note that wrap=1 will still
output 2 columns, otherwise it can't output anything besides
the continuation character.
2014-06-04 00:52:01 -07:00
Howard Chu
b22a614224
ITS#7859 fix to read 4096-character lines
2014-05-26 11:08:14 -07:00