openldap

mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00

Author	SHA1	Message	Date
Howard Chu	fb4cba514d	ITS#4354 only set DH callback if OPT_DHFILE has been set.	2006-01-19 18:12:15 +00:00
Kurt Zeilenga	acbb5cf689	Happy new year!	2006-01-03 23:11:52 +00:00
Howard Chu	146b2c5389	ITS#4082 tls ctx requirements are only applicable to servers, or clients with tls_opt_require_cert = TRY or DEMAND. Ignore requirements for clients.	2005-11-08 13:42:10 +00:00
Pierangelo Masarati	a6453f28f8	silence warnings	2005-11-06 23:27:09 +00:00
Howard Chu	d67a2f2044	Move lconn_tls_ctx to ldo_tls_ctx. Otherwise clients cannot set it after ldap_initializ'ing an LD and before connecting on it. Really all of the global TLS options belong in the ldapoptions struct, instead of static vars.	2005-11-05 12:49:43 +00:00
Howard Chu	6fcfaedf90	ITS#4137 was returning with tls_def_ctx_mutex locked.	2005-11-02 23:43:19 +00:00
Howard Chu	4ebed09d81	ITS#4017, additional revisions for DH parameters	2005-10-28 05:35:19 +00:00
Kurt Zeilenga	0ea43c9d7d	Assume TLS is properly configured if any one of keyfile, certfile, cacertfile, or cacertdir is provided. Note that TLS can be properly configured without any of these when non-X.509 cipher suites are used, so this might have be rethought.	2005-10-12 20:31:04 +00:00
Howard Chu	f54bc26357	ITS#4072 ldap_pvt_tls_init_def_ctx() returns LDAP_NO_SUPPORT if not sufficiently configured. Update slapd/slurpd to act appropriately.	2005-10-09 19:55:39 +00:00
Howard Chu	9095af5928	ITS#4017 support Diffie-Hellman parameters for multiple key lengths	2005-10-05 20:01:52 +00:00
Pierangelo Masarati	385aebc806	plug potential ld_error leak (ITS#4064)	2005-10-04 21:30:30 +00:00
Pierangelo Masarati	b3f366e0ba	essentially address 3791 with a reworked patch	2005-08-11 15:13:29 +00:00
Pierangelo Masarati	ad62d9da1b	expose ldap_tls_inplace()	2005-08-11 12:14:24 +00:00
Kurt Zeilenga	542f3634aa	Add ldap_start_tls() and ldap_install_tls() to provide async version of ldap_start_tls_s().	2005-02-01 23:53:17 +00:00
Kurt Zeilenga	dc0eacd40b	Happy New Year!	2005-01-01 20:49:32 +00:00
Howard Chu	ae592801aa	Add callbacks for client TLS connection establishment: LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG with int (LDAP_TLS_CONNECT_CB) (LDAP ld, SSL ssl, SSL_CTX ctx, void arg) To be called whenever the client library allocates a new SSL* handle.	2004-11-23 03:48:09 +00:00
Ralf Haferkamp	93cec8b694	- Added autoconf test for CRL capable OpenSSL Version - #ifdef'd CRL checking code.	2004-11-03 12:02:38 +00:00
Ralf Haferkamp	5704a2ef6e	CRL checking options for ldap.conf and slapd.conf	2004-10-28 18:50:38 +00:00
Kurt Zeilenga	5f5d50aeb0	Add TLS cipher suite directive to ldap.conf(5)	2004-09-05 07:21:20 +00:00
Kurt Zeilenga	d611a4b49a	unifdef -UNEW_LOGGING	2004-09-04 04:54:28 +00:00
Kurt Zeilenga	3484ddff18	cleanup	2004-06-22 20:20:47 +00:00
Kurt Zeilenga	5deea2b617	ITS#3134: support DNSname style wildcards in common name (This is not consistent with RFC 3280 or RFC 2830, but consistent with current practices.) Based upon patch submitted by Quanah Gibson-Mount <quanah@stanford.edu>.	2004-05-19 02:47:30 +00:00
Kurt Zeilenga	7cfc2d1f37	back out last change	2004-04-25 04:46:45 +00:00
Kurt Zeilenga	b0830a744f	Fail if default context is already initialized	2004-04-25 04:37:19 +00:00
Kurt Zeilenga	3c598e89fb	Happy new year	2004-01-01 19:15:16 +00:00
Kurt Zeilenga	159de0f135	Updated notices and acknowledgements	2003-11-26 07:16:36 +00:00
Kurt Zeilenga	9184c3a18c	Fix linking --with-cyrus-sasl and --without-tls	2003-10-17 04:27:32 +00:00
Kurt Zeilenga	2ed0725491	Fix typo in last commit	2003-05-06 15:00:58 +00:00
Kurt Zeilenga	ecb17fc30e	ITS#2486: plug leak	2003-05-05 17:35:59 +00:00
Hallvard Furuseth	5ee9264465	Fix assignment of <char/int>* to unsigned <char/int>* and vice versa.	2003-05-02 13:29:28 +00:00
Howard Chu	1d2951bb5a	For ITS#2424, move all SASL session management to ldap_int_sasl_bind.	2003-04-30 14:13:58 +00:00
Howard Chu	1874658ae3	More memory context tweaks	2003-04-11 01:02:08 +00:00
Kurt Zeilenga	cfd9449374	Mark a few error strings	2003-04-06 06:10:56 +00:00
Howard Chu	18df386b43	Fix ITS#2161, the check is meaningless anyway.	2003-01-30 00:28:36 +00:00
Hallvard Furuseth	120e39b533	Cast ctype.h arguments to unsigned char.	2003-01-19 14:05:23 +00:00
Kurt Zeilenga	6939c53170	Happy new year	2003-01-03 20:20:47 +00:00
Pierangelo Masarati	d758296595	silence warnings	2002-12-23 12:02:29 +00:00
Howard Chu	0c2439f5ef	Added subjectAltName:IPADDR tests to ldap_pvt_tls_check_hostname()	2002-12-18 21:43:17 +00:00
Hallvard Furuseth	3b591dd4f6	Fix const errors.	2002-12-11 08:30:29 +00:00
Pierangelo Masarati	256f5bbe57	silence warnings	2002-11-10 19:57:16 +00:00
Howard Chu	a9fed89e3f	In sb_tls_bio_read/write, check for EAGAIN in addition to EWOULDBLOCK. According to read(2)/write(2) EAGAIN is the only one we're interested in. Fixes HP-UX 11. http://www.openldap.org/lists/openldap-software/200105/msg00564.html	2002-10-11 06:22:24 +00:00
Howard Chu	af05dd5511	Set SSL session cache context ID	2002-09-04 07:17:31 +00:00
Howard Chu	f83d30a727	Fix previous commit - still need X509_free for peer cert. Just not for local/my cert.	2002-09-04 02:28:42 +00:00
Howard Chu	5d062ef54c	Don't call X509_free after SSL_get_certificate, it's not a duplicate.	2002-09-04 01:56:09 +00:00
Howard Chu	17493164ea	Fix previous commit	2002-08-31 06:23:46 +00:00
Howard Chu	e3304da727	OS/390 EBCDIC support	2002-08-31 05:14:43 +00:00
Howard Chu	d9eac72099	ITS#1995 return error text when ldap_pvt_tls_check_hostname fails	2002-08-01 03:23:29 +00:00
Howard Chu	5dc098dab0	Wrap get_ca_list opendir code with #if HAVE_DIRENT_H \|\| dirent to avoid compile errors on incompatible build platforms.	2002-07-24 19:36:03 +00:00
Julius Enarusai	6107ba67d2	Coverted LDAP_LOG macro to use subsystem ID int values instead of string values	2002-07-11 20:33:24 +00:00
Howard Chu	07ffaeaac8	ITS#1924 use GENERAL_NAMES_free instead of ext_free.	2002-07-05 21:59:02 +00:00

1 2 3

132 Commits