Commit Graph

1865 Commits

Author SHA1 Message Date
Howard Chu
2e011eeb67 Fixup cacert option 2017-04-09 15:39:13 +01:00
Howard Chu
83fb515555 Fixup cacert/cert/key options
Add get_option support, allow delete by setting a NULL arg.
2017-04-09 14:49:48 +01:00
Howard Chu
b402a2805f Add options to use DER format cert+keys directly
Instead of loading from files.
2017-04-09 00:13:42 +01:00
Quanah Gibson-Mount
eb8f1a7247 ITS#8353, ITS#8533 - Cleanup for libldap_r 2017-04-07 13:39:11 -07:00
Quanah Gibson-Mount
6ced84af79 ITS#8353, ITS#8533 - Fix libldap_r compilation 2017-04-06 15:12:02 -07:00
Quanah Gibson-Mount
01cbb7f4c6 ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later 2017-04-06 11:47:06 -07:00
Howard Guo
4962dd6083 ITS#8529 Avoid hiding the error if user specified CA does not load
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.

This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
2017-02-22 09:56:17 -08:00
Howard Chu
9773f43b11 ITS#8585 Fail ldap_result if handle is already bad 2017-02-07 13:00:05 +00:00
Howard Chu
2bf650d95e ITS#8533 OpenSSL 1.1.0c compat 2017-01-11 14:12:45 +00:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Howard Chu
283f3ae171 ITS#8385 Fix use-after-free with GnuTLS 2016-03-12 11:03:29 +00:00
Howard Chu
6bb6d5e3c6 ITS#8353 more for OpenSSL 1.1 compat
tmp_rsa callback has been removed from OpenSSL 1.1
Use new X509_NAME accessor function to retrieve DER bytes
2016-01-31 03:29:28 +00:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Howard Chu
f3a7bf79db ITS#8353 partial fix
Use newly added SSL_CTX_up_ref()
Still waiting for X509_NAME accessor
2016-01-26 18:06:46 +00:00
Howard Chu
f2d0aa7d22 ITS#8353 partial fixes
ERR_remove_state() is deprecated since OpenSSL 1.0.0
Use X509_NAME_ENTRY_get_object() instead of direct access.
2016-01-21 18:05:42 +00:00
Howard Chu
597ce61000 ITS#8295 fix Windows microsecond timer
Also add ldap_pvt_gettimeofday() to
emulate gettimeofday on Windows
2015-10-28 13:49:25 +00:00
Howard Chu
28a02271f0 ITS#8273 Windows file:// URL fixup 2015-10-19 08:52:28 +01:00
Howard Chu
db3175eaba ITS#8262 more
extended ops
2015-10-02 05:14:53 +01:00
Howard Chu
34ccd14f3e ITS#8262 add ldap_build_*_req functions
Basic ops except abandon and unbind; since they get no reply
it's not important for the caller to know their msgID.
2015-10-02 05:02:15 +01:00
Howard Chu
e75fbc953f ITS#8201 LDAPSTACKGUARD feature 2015-07-16 18:58:23 +01:00
Howard Chu
4796f01209 ITS#8195 fix ITS#7027 regression, port number sign bit overflow
Another bug from 5de85b922a
2015-07-12 11:14:33 +01:00
Hallvard Furuseth
17853783df Silence warnings 2015-05-04 21:07:02 +02:00
Mikko Auvinen
de76b8d1ce ITS#8093 add LDAP_X_CONNECTING error string 2015-04-01 20:54:54 +01:00
Howard Chu
7aefa46b37 ITS#8090 fix for async connect 2015-04-01 20:54:12 +01:00
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Howard Chu
79d90c3935 ITS#8050 fix ldap_get_option(LDAP_OPT_SESSION_REFCNT) 2015-02-04 03:16:20 +00:00
Howard Chu
e2b4366044 ITS#8028 fix ldap_new_connection 2015-01-21 01:02:12 +00:00
Howard Chu
fccca0ead9 Minor cleanup (coverity) 2015-01-14 16:59:54 +00:00
Howard Chu
bf4ed09c5e Plug leak (coverity) 2015-01-14 14:16:24 +00:00
Howard Chu
ae6347bac1 ITS#8022 an async connect may still succeed immediately 2015-01-12 22:27:58 +00:00
Howard Chu
234931acb0 ITS#8001 fix ldap_sync_initialize 2014-12-10 22:58:33 +00:00
Mark Reynolds
7a7d941943 ITS#7979 MozNSS fix for TLS_PROTOCOL_MIN
Fix NSS code to check for TLS_PROCOTOL_MIN, and then set the SSL
version range(min and max). Also updated SSL version string map
table to support up to TLSv1.3
2014-11-13 15:11:40 +00:00
Howard Chu
d06073d0d6 Fix a1e3b1cf3c
copy/paste error
2014-10-15 11:11:08 +01:00
Howard Chu
b36bd703d7 ITS#7967 fix abandon regression
From ITS#7712, avoid double-free of request
2014-10-15 11:08:29 +01:00
Kurt Zeilenga
a1e3b1cf3c Fix pointer incompatibility issue on some platforms
Don't assume tv_sec is a time_t.
2014-10-10 11:56:31 -07:00
Howard Chu
eef1ca007f ITS#7027 actually implement RFC 2782 shuffle 2014-07-21 22:17:21 -07:00
Howard Chu
31995b535e ITS#7027 fix bugs in prev commit 2014-07-21 22:12:22 -07:00
James M Leddy
5de85b922a ITS#7027 Implement priority/weight for DNS SRV records
From RFC 2782:

  A client MUST attempt to contact the target host with the
  lowest-numbered priority it can reach.

This patch sorts the DNS SRV records by their priority, and
additionally gives records with a larger weight a higher probability
of appearing earlier. This way, the DNS SRV records are tried in the
order of their priority.
2014-07-21 19:31:59 -07:00
Howard Chu
3102cbbd55 ITS#7859 more for revert 2014-07-11 12:38:16 -07:00
Howard Chu
189f312d64 ITS#7859 refix
This was actually broken by 65e163d2, ITS#6947. Reverting both
of those changes and fixing #6947 again.
2014-07-11 12:29:15 -07:00
Ryan Tandy
7d2f9c6277 ITS#7877 assume gnutls is at least 2.12.0 2014-06-30 20:08:38 -07:00
Ryan Tandy
0fd0f24f03 ITS#7877 assume gnutls provides cipher suites 2014-06-30 20:08:17 -07:00
Ryan Tandy
829027945f ITS#7877 use nettle instead of gcrypt 2014-06-30 20:07:41 -07:00
Howard Chu
71ff674a02 ITS#7871 fix ldif-wrap length
Doc has been updated to note the default was actually 78.
The off-by-two error is fixed. Note that wrap=1 will still
output 2 columns, otherwise it can't output anything besides
the continuation character.
2014-06-04 00:52:01 -07:00
Howard Chu
b22a614224 ITS#7859 fix to read 4096-character lines 2014-05-26 11:08:14 -07:00
Howard Chu
106a4b90aa More for ITS#4365 refix CR/LF handling
Was rejecting "-\r\n" in input LDIF
2014-02-07 00:31:23 -08:00
Kurt Zeilenga
5c878c1bf2 Happy new year (belated) 2014-01-25 05:21:25 -08:00
Howard Chu
14868fcab6 ITS#7783 workaround stupid NSPR bug
free(NULL) is supposed to be safe. "Portable wrapper libraries"
that fail to preserve this behavior are inherently broken.
But then again, this is Mozilla code, so that's redundant.
2014-01-12 13:51:09 -08:00
Pierangelo Masarati
2358b35c58 fix years old cut'n'paste 2013-12-28 11:12:42 +01:00
Howard Chu
79b12f2f93 ITS#7762 shortcut NULL RDNs 2013-12-11 04:41:48 -08:00