Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Pierangelo Masarati
d758296595
silence warnings
2002-12-23 12:02:29 +00:00
Howard Chu
0c2439f5ef
Added subjectAltName:IPADDR tests to ldap_pvt_tls_check_hostname()
2002-12-18 21:43:17 +00:00
Hallvard Furuseth
3b591dd4f6
Fix const errors.
2002-12-11 08:30:29 +00:00
Pierangelo Masarati
256f5bbe57
silence warnings
2002-11-10 19:57:16 +00:00
Howard Chu
a9fed89e3f
In sb_tls_bio_read/write, check for EAGAIN in addition to EWOULDBLOCK.
...
According to read(2)/write(2) EAGAIN is the only one we're interested in.
Fixes HP-UX 11.
http://www.openldap.org/lists/openldap-software/200105/msg00564.html
2002-10-11 06:22:24 +00:00
Howard Chu
af05dd5511
Set SSL session cache context ID
2002-09-04 07:17:31 +00:00
Howard Chu
f83d30a727
Fix previous commit - still need X509_free for peer cert.
...
Just not for local/my cert.
2002-09-04 02:28:42 +00:00
Howard Chu
5d062ef54c
Don't call X509_free after SSL_get_certificate, it's not a duplicate.
2002-09-04 01:56:09 +00:00
Howard Chu
17493164ea
Fix previous commit
2002-08-31 06:23:46 +00:00
Howard Chu
e3304da727
OS/390 EBCDIC support
2002-08-31 05:14:43 +00:00
Howard Chu
d9eac72099
ITS#1995 return error text when ldap_pvt_tls_check_hostname fails
2002-08-01 03:23:29 +00:00
Howard Chu
5dc098dab0
Wrap get_ca_list opendir code with #if HAVE_DIRENT_H || dirent to avoid
...
compile errors on incompatible build platforms.
2002-07-24 19:36:03 +00:00
Julius Enarusai
6107ba67d2
Coverted LDAP_LOG macro to use subsystem ID int values instead of string values
2002-07-11 20:33:24 +00:00
Howard Chu
07ffaeaac8
ITS#1924 use GENERAL_NAMES_free instead of ext_free.
2002-07-05 21:59:02 +00:00
Howard Chu
6f8b100f6b
Finish implementation of get_ca_list()
2002-06-14 06:09:24 +00:00
Howard Chu
3590877b77
Initialize authid in case ldap_pvt_tls_get_my_dn fails
2002-05-04 01:32:41 +00:00
Howard Chu
0390a171b9
Changed default tls_opt_require_cert value to LDAP_OPT_X_TLS_DEMAND; force
...
a fatal error when TLS server cert verification fails.
Changed ldap_pvt_tls_check_hostname to return LDAP_SUCCESS when no cert is
found: this can now only occur if tls_opt_require_cert was explicitly set
to NEVER or ALLOW.
In tls_verify_cb, added a text translation of the verification error code
to the debug message.
2002-05-04 00:05:48 +00:00
Kurt Zeilenga
d82d018f20
add an RFC 2849 check... but behind #if 0 as I'm now thinking this
...
is not appropriate.
2002-05-01 04:40:26 +00:00
Kurt Zeilenga
96483c8dcd
cleanup before working on changes
2002-05-01 04:23:59 +00:00
Howard Chu
de3e81cebb
Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result
...
in dn parameter and return a result code.
2002-04-30 13:50:56 +00:00
Howard Chu
5528772f23
In ldap_int_tls_start, authid is very temporary, not const.
2002-04-19 04:35:16 +00:00
Howard Chu
202aa8c793
Fix memory leak in previous commit
2002-04-18 16:02:02 +00:00
Howard Chu
17ae956518
Added ldap_X509dn2bv()
...
deleted ldap_pvt_tls_get_peer()
changed ldap_pvt_tls_get_peer_dn() to use ldap_X509dn2bv()
added ldap_pvt_tls_get_my_dn()
2002-04-18 12:29:30 +00:00
Pierangelo Masarati
4a8ab5dbf2
Mostly based on patches provided by Hallvard B. Furuseth
...
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required
Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
ambiguous operator precedence)
Kurt, please regenerate configure
2002-04-08 09:43:22 +00:00
Howard Chu
5c70106657
ITS#1708 ldap_pvt_tls_sb_ctx() et al
2002-04-05 06:48:03 +00:00
Kurt Zeilenga
b0b8546f05
Patch: More format bugs (ITS#1702)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
2002-04-02 18:56:26 +00:00
Julius Enarusai
e86782aab9
Added LDAP_LOG messages
2002-04-01 23:39:36 +00:00
Kurt Zeilenga
fcf9f451a5
Copyright 2001, Adrian Thurston, All rights reserved.
...
This software is not subject to any license of
Xandros Corporation.
This is free software; you can redistribute and use it under the same
terms as OpenLDAP itself.
-------------------------------------------------------------------
This patch adds an option to ldap_get_option which can be called after
ldap_start_tls in order to obtain the pointer to the SSL object used
2002-03-11 03:39:08 +00:00
Howard Chu
63a4a19732
Send a warning to the client if we try to use a bad cert.
2002-01-27 03:48:08 +00:00
Howard Chu
c3c85b4062
Extended TLS_REQCERT/TLSVerifyClient syntax to 4 states: never,allow,try,
...
and hard/demand.
2002-01-27 02:56:18 +00:00
Howard Chu
c81d2bb855
Fix, errno was incorrect after SSL_read returned 0 bytes, caused slapd to
...
close the connection prematurely.
2002-01-26 13:43:22 +00:00
Howard Chu
923e64156d
More cleanup in ldap_pvt_tls_destroy()
2002-01-12 02:31:41 +00:00
Howard Chu
07119f7342
Fix ldap_start_tls_s, don't check for TLS present on a non-existent sockbuf
2002-01-12 02:25:22 +00:00
Kurt Zeilenga
0e2af54a3f
Update copyright statements
2002-01-04 21:17:25 +00:00
Howard Chu
fca5613e98
Hide (make static) sb_bio_method and tls_sbio structures. They're
...
already completely hidden by accessor functions.
2002-01-02 22:29:11 +00:00
Kurt Zeilenga
943800a534
We "understand" localhost to be same as the local hostname as
...
returned by gethostname().
2001-12-17 23:56:16 +00:00
Howard Chu
88e3454654
Add #include <openssl/safestack.h> to fix ITS#1412
2001-11-30 02:37:39 +00:00
Howard Chu
33ace5610c
Added ldap_pvt_tls_destroy() to cleanup TLS library on shutdown
2001-11-06 20:52:59 +00:00
Pierangelo Masarati
192f83540c
missing leading quote
2001-10-25 18:56:06 +00:00
Kurt Zeilenga
187f190fb6
Don't pass NULL string pointers to Debug
2001-10-25 18:32:59 +00:00
Kurt Zeilenga
7a4b9e3c32
Minor cleanup
2001-09-18 17:35:47 +00:00
Howard Chu
e4d8a87ddc
Silence some typecast warnings
2001-09-18 05:22:53 +00:00
Howard Chu
966616b274
Don't pass NULL hostname to ldap_pvt_tls_check_hostname, use "localhost"
2001-09-18 05:19:55 +00:00
Kurt Zeilenga
241d6a558e
Remove dead code
2001-09-09 04:47:03 +00:00
Kurt Zeilenga
553d80cedd
Blindly fix TLS/SASL external interaction.
2001-09-09 03:42:26 +00:00
Kurt Zeilenga
05c9d4bfda
Fix TLS ldap.conf issues
2001-09-05 21:22:41 +00:00
Howard Chu
f3501cbf50
Fix ldap_int_tls_start to set its error codes in ld->ld_errno.
2001-09-02 12:06:41 +00:00
Howard Chu
b10e0029a5
Full implementation of server identity checking per RFC2830 section 3.6
2001-09-02 11:23:28 +00:00
Howard Chu
44a3160fec
Remove redundant call of SSL_set_info_callback, to allow users
...
to override it in the SSL_CTX.
2001-08-29 20:28:08 +00:00