Commit Graph

37 Commits

Author SHA1 Message Date
Howard Chu
83fb515555 Fixup cacert/cert/key options
Add get_option support, allow delete by setting a NULL arg.
2017-04-09 14:49:48 +01:00
Howard Chu
b402a2805f Add options to use DER format cert+keys directly
Instead of loading from files.
2017-04-09 00:13:42 +01:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Kurt Zeilenga
5c878c1bf2 Happy new year (belated) 2014-01-25 05:21:25 -08:00
Quanah Gibson-Mount
1a712bf18e Enable features that were hidden behind LDAP_DEVEL 2013-09-19 09:50:52 -07:00
Howard Chu
16f8b0902c ITS#7398 add LDAP_OPT_X_TLS_PEERCERT
retrieve peer cert for an active TLS session
2013-09-10 04:31:39 -07:00
Howard Chu
0045e56c34 ITS#7683 more for tls version/cipher info
Add LDAP_OPT_X_TLS_VERSION / LDAP_OPT_X_TLS_CIPHER for
retrieving from an LDAP session handle. Update ldap_get_option(3).
2013-09-09 11:52:10 -07:00
Howard Chu
7d6d6944c5 ITS#7683 log tls prot/cipher info
Note: I could not test the MozNSS patch due to the absence of
NSS PEM support on my machine. Given the review comments in
https://bugzilla.mozilla.org/show_bug.cgi?id=402712 I doubt that
trustworthy PEM support will be appearing for MozNSS any time soon.
2013-09-07 12:22:09 -07:00
Howard Chu
e631ce808e ITS#7595 Add Elliptic Curve support for OpenSSL 2013-09-07 09:47:40 -07:00
Howard Chu
ca310ebff4 Add channel binding support
Currently only implemented for OpenSSL.
Needs an option to set the criticality flag.
2013-08-26 23:31:48 -07:00
Kurt Zeilenga
0fd1bf30b8 Happy New Year 2013-01-02 10:22:57 -08:00
Ralf Haferkamp
c728ebf586 ITS#7428 Use non-blocking IO during SSL Handshake
If a timeout is set, perform the SSL Handshake using non-blocking IO.  This way
we can timeout if SSL Handshake gets stuck for whatever reason.

This code is currently hidden behind #ifdefs (LDAP_USE_NON_BLOCKING_TLS) and
disabled by default as there seem to be some problems using NON-blocking
I/O during the TLS Handshake when linking against NSS (either a bug in NSS
itself of in tls_m.c, see discussion on -devel)

This patch adds an additional parameter to ldap_int_poll() in order to indicate
if we're waiting in order to perform a read or write operation.
2012-11-21 14:25:18 +01:00
Kurt Zeilenga
2bbf9804b9 Happy New Year! 2012-01-01 07:10:53 -08:00
Howard Chu
c7d6c0fab3 Add a few NULL checks to defend against dumb API checkers.
Unfortunately automated checkers don't seem to read the documentation
for how APIs are expected to be used, and the C declaration syntax
isn't expressive enough to encode the documented usage.
2011-09-08 23:41:06 -07:00
Jan Vcelak
3dae953fd6 ITS#7014 TLS: don't check hostname if reqcert is 'allow'
If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.
2011-08-24 15:27:29 -07:00
Howard Chu
9f7d119ce3 Add LDAP_OPT_X_TLS_PACKAGE
to return the name of the underlying TLS implementation
2011-06-10 02:11:26 -07:00
Kurt Zeilenga
966cef8c9a Happy New Year 2011-01-05 00:42:37 +00:00
Howard Chu
8018924efd ITS#6741 support Bitstring in ldap_X509dn2bv() 2010-12-30 19:38:57 +00:00
Howard Chu
75bb972859 Partial fix for non-string types in cert DNs. (Need to add explicit support
for Bitstring, maybe a few others.)
2010-12-10 02:05:18 +00:00
Hallvard Furuseth
16b7df8397 ITS#6625 Remove some LDAP_R_COMPILEs 2010-12-06 11:31:58 +00:00
Kurt Zeilenga
3dadeb3efe happy belated New Year 2010-04-13 22:17:29 +00:00
Ralf Haferkamp
8fcdc29405 In case of certificate verification failures include failure reason
into the error message (openssl only)
2009-09-30 16:25:23 +00:00
Pierangelo Masarati
99fe30b326 (nearly blind) fix for NULL in TLS error message (ITS#6079) 2009-04-29 11:31:39 +00:00
Howard Chu
e5e9191aeb ITS#5976 check for cert/DN 2009-02-25 21:48:10 +00:00
Pierangelo Masarati
0d6e859846 fix ldap namespace (part of ITS#5974) 2009-02-24 21:09:41 +00:00
Quanah Gibson-Mount
3b743a3b79 Revert part of last commit
Remove erroneous comment
2009-02-17 21:47:09 +00:00
Quanah Gibson-Mount
83cb8883a6 More for ITS#5955
Also special case rand file bits that are OpenSSL only
2009-02-17 21:39:50 +00:00
Quanah Gibson-Mount
331a57fa37 ITS#5955 2009-02-17 21:32:09 +00:00
Pierangelo Masarati
040f945d36 fix misc warnings 2009-02-15 21:59:16 +00:00
Howard Chu
4bc8cb6336 ITS#5928 hide all ldap_pvt_tls APIs when !HAVE_TLS 2009-02-08 03:25:48 +00:00
Howard Chu
ff8838aa28 ITS#5920 restore old HAS_TLS test 2009-02-04 08:56:04 +00:00
Howard Chu
f9fd0f0cc4 ITS#5655 for new structure 2009-01-26 02:16:46 +00:00
Howard Chu
4dff3e6807 Switch to using modular TLS code, single-implementation version 2009-01-26 02:06:45 +00:00
Kurt Zeilenga
4af9eb9715 Update copyright notices 2009-01-22 00:40:04 +00:00
Howard Chu
a225b02f17 Modular TLS support, proof of concept. tls2.c would replace tls.c,
but I'm leaving tls.c intact for now.
2008-08-13 16:18:51 +00:00