Pierangelo Masarati
a95b8cd488
honor -1 timeout (ITS#6388)
2009-11-18 14:57:52 +00:00
Howard Chu
b99fdb6506
ITS#6283 add missing env options
2009-11-15 21:48:49 +00:00
Howard Chu
9a65f35f2e
partially revert prev commit
2009-11-06 02:20:40 +00:00
Howard Chu
86d9e86afd
Minor cleanup in strval2str
2009-11-06 01:37:09 +00:00
Hallvard Furuseth
7b22b22202
ITS#6355: Fix uninitialiezed lso_tmp_rsa_cb() return value
2009-10-30 17:08:57 +00:00
Howard Chu
585940984c
Fix prev commit, s/errno/err/g
2009-10-27 01:55:45 +00:00
Howard Chu
405c68abf9
For prev commit, check for EINTR/EAGAIN/EWOULDBLOCK
2009-10-26 23:52:55 +00:00
Howard Chu
a05d7015e0
ITS#6327, #6334 take ret=-1/EINTR into account
2009-10-26 23:36:39 +00:00
Howard Chu
30c55952d3
Cleanup prev commit
2009-10-26 19:19:20 +00:00
Howard Chu
1155f5ff20
ITS#6327 fix sb_sasl_generic_write retval for partial writes
2009-10-26 18:49:42 +00:00
Ralf Haferkamp
8fcdc29405
In case of certificate verification failures include failure reason
...
into the error message (openssl only)
2009-09-30 16:25:23 +00:00
Howard Chu
e0431681ad
On OpenSSL 0.9.8 and newer, use RSA_generate_key_ex since
...
RSA_generate_key is deprecated
2009-09-25 23:31:24 +00:00
Pierangelo Masarati
4b4db7b529
keep compatibility with slapd's gmtime_mutex (ITS#6262)
2009-09-08 23:21:21 +00:00
Howard Chu
2ba0e44ad1
ITS#6278 PEM support for MozNSS from rmeggins@redhat.com, with header cleanups
2009-08-29 03:41:53 +00:00
Pierangelo Masarati
ba2bddafbd
copy username, much like other string-valued options (more about ITS#6257)
2009-08-19 21:46:07 +00:00
Pierangelo Masarati
a846dad6fb
cleanup previous commit
2009-08-19 13:10:30 +00:00
Pierangelo Masarati
9abaf38d1f
silence warnings
2009-08-19 12:23:27 +00:00
Pierangelo Masarati
8776630509
address signedness issue
2009-08-19 12:06:04 +00:00
Hallvard Furuseth
f0d775609b
More ITS#6262: Also define ldap_pvt_gmtime_[un]lock if localtime_r is missing
2009-08-19 10:10:31 +00:00
Pierangelo Masarati
637182b8f4
fix previous commit
2009-08-19 00:12:39 +00:00
Pierangelo Masarati
f3cdcadf89
wrap gmtime for reentrancy (ITS#6262)
2009-08-18 23:48:15 +00:00
Pierangelo Masarati
5c916588b8
fix previous commit
2009-08-18 19:09:12 +00:00
Pierangelo Masarati
98a8b74d53
expose SASL_USERNAME when it makes sense (EXTERN needs work, much like SASL_SSL) (ITS#6257)
2009-08-18 18:47:56 +00:00
Howard Chu
b87553684a
More for prev commit
2009-08-14 20:02:08 +00:00
Howard Chu
9b764c3f9e
Fix prev commit again, IPPROTO_TCP is the documented correct approach
2009-08-13 21:35:38 +00:00
Howard Chu
f5bad5673b
Fix prev commit, it was not Linux-only as it claimed to be.
2009-08-13 20:55:04 +00:00
Hallvard Furuseth
791035d93f
Fix last commit: cast strcasecmp unsigned char* to char*
2009-08-07 21:46:25 +00:00
Howard Chu
e229b7c398
In session_chkhost get the last CN, not the first.
2009-08-07 11:59:42 +00:00
Howard Chu
d479db53e0
Minor cleanup
2009-07-31 03:26:03 +00:00
Howard Chu
403ee0b62e
Fix, reqcert == ALLOW should ignore cert verification failures
2009-07-31 01:51:34 +00:00
Howard Chu
3f2101198b
ITS#6239 use our own hostname checking for MozNSS
2009-07-31 01:32:51 +00:00
Howard Chu
d4f2a06887
Check for CN length match as well in chkhost
2009-07-30 21:52:09 +00:00
Howard Chu
91dc4501d4
Add VLV Error
2009-07-13 13:13:38 +00:00
Hallvard Furuseth
bbe015f65b
ITS#6197 - normalize & speed up ldap_err2string/ldap_perror():
...
Use same result code -> string mapping for both, removing ldap_int_error():
- Classify unknown error codes as API/extension/etc like _err2string did.
- Pass all strings through _(), i.e. the optional gettext, as _perror did.
Also use a switch instead of linear search for the code->string mapping.
Hopefully the compiler will optimize that. Though the extra gettext,
if anyone uses it, probably counters that speedup.
2009-07-07 20:05:09 +00:00
Howard Chu
8680c13c5f
Cleanup ciphernum
2009-07-03 02:06:24 +00:00
Howard Chu
d95bc8d2d8
Acknowledge richm
2009-07-02 23:19:44 +00:00
Howard Chu
4b8485c47a
ITS#5696 Additional MozNSS support from rmeggins@redhat.com
2009-07-02 23:10:23 +00:00
Howard Chu
de91bde800
ITS#6192 add all digests. Also stop using SSLeay-compatible function
...
names, we're only concerned with OpenSSL these days.
2009-07-01 23:46:36 +00:00
Hallvard Furuseth
13cbd433bd
Cast getpeername() arg from struct sockaddr_un* to struct sockaddr*
2009-06-11 16:21:52 +00:00
Ralf Haferkamp
5725d5d6e9
Introduce options to configure tcp-keepalive settings per connection. These
...
settings only work on Linux and are ignore when not supported (see
discussion on -devel)
2009-05-06 13:14:36 +00:00
Pierangelo Masarati
99fe30b326
(nearly blind) fix for NULL in TLS error message (ITS#6079)
2009-04-29 11:31:39 +00:00
Ralf Haferkamp
eec889f6d9
more warning fixes
2009-04-24 09:48:08 +00:00
Howard Chu
e223d0b124
ITS#6053 must use gnutls_x509_privkey_init()
2009-04-11 03:53:26 +00:00
Howard Chu
0ba084d8b0
More cleanup
2009-03-05 09:15:02 +00:00
Howard Chu
c3f8e67615
Tweak prev commit
2009-03-05 09:13:26 +00:00
Howard Chu
9bc829dbef
ITS#5991 build cert chain, GnuTLS doesn't do it for us
2009-03-05 08:04:49 +00:00
Howard Chu
54ed3779d6
ITS#5992 trust X509v1 CA certs
2009-03-05 04:35:49 +00:00
Howard Chu
bd312123d6
ITS#5980 clear res_matched after successfully chasing referral
2009-03-03 17:57:24 +00:00
Howard Chu
ee5b6762ae
ITS#5980 - find_connection should match URLs with empty hostname
2009-03-03 17:56:44 +00:00
Howard Chu
a1861fd162
ITS#5849 patch was wrong, don't X509_free session cert
2009-03-02 17:43:38 +00:00
Howard Chu
c3cff40c1c
ITS#5981 fix GnuTLS TLSVerifyClient try
2009-03-02 03:01:41 +00:00
Howard Chu
e5e9191aeb
ITS#5976 check for cert/DN
2009-02-25 21:48:10 +00:00
Howard Chu
64884e7c6c
Don't call NSS_Shutdown if someone else init'd the library
2009-02-25 10:14:00 +00:00
Pierangelo Masarati
0d6e859846
fix ldap namespace (part of ITS#5974)
2009-02-24 21:09:41 +00:00
Pierangelo Masarati
ed97e96944
re-fix ITS#5916
2009-02-20 01:07:00 +00:00
Quanah Gibson-Mount
3b743a3b79
Revert part of last commit
...
Remove erroneous comment
2009-02-17 21:47:09 +00:00
Quanah Gibson-Mount
83cb8883a6
More for ITS#5955
...
Also special case rand file bits that are OpenSSL only
2009-02-17 21:39:50 +00:00
Quanah Gibson-Mount
331a57fa37
ITS#5955
2009-02-17 21:32:09 +00:00
Pierangelo Masarati
040f945d36
fix misc warnings
2009-02-15 21:59:16 +00:00
Howard Chu
f38d2df19b
Add comments about ITS#3134, #5938 , RFC4513 for posterity. This
...
file will be moving to the Attic...
2009-02-11 01:35:56 +00:00
Howard Chu
b886c2ad8a
ITS#5937 fix ancient IPv6 typo
2009-02-10 13:27:22 +00:00
Howard Chu
80c6ea52ea
ITS#5853 restructure wait4msg / try_read1msg again. Consolidate
...
the two try_read1msg cases into one, bump refcnts to prevent
lconn's from being freed prematurely.
2009-02-10 09:51:31 +00:00
Howard Chu
fbf42baefa
ITS#5934 fix NULL pointer deref
2009-02-09 21:14:46 +00:00
Howard Chu
4bc8cb6336
ITS#5928 hide all ldap_pvt_tls APIs when !HAVE_TLS
2009-02-08 03:25:48 +00:00
Howard Chu
ff8838aa28
ITS#5920 restore old HAS_TLS test
2009-02-04 08:56:04 +00:00
Howard Chu
2b08e96b53
ITS#5916 - externally callable functions are ldap_pvt, not ldap_int.
2009-02-02 21:14:34 +00:00
Pierangelo Masarati
0ded1f16d5
Allow alias dereferencing in search C API; use new API in proxy backends (ITS#5916)
2009-01-31 10:27:07 +00:00
Howard Chu
08905d6792
ITS#5789 again
2009-01-26 21:08:55 +00:00
Howard Chu
f59ce2b9a1
ITS#5462 add randfile support for gcrypt 1.4
2009-01-26 03:41:27 +00:00
Howard Chu
2558951251
ITS#5887 add native support for cipher suites for GnuTLS >= 2.2.0
2009-01-26 03:21:16 +00:00
Howard Chu
f9fd0f0cc4
ITS#5655 for new structure
2009-01-26 02:16:46 +00:00
Howard Chu
4dff3e6807
Switch to using modular TLS code, single-implementation version
2009-01-26 02:06:45 +00:00
Howard Chu
988fb232d2
ITS#5896 don't return immediately on Intermediate responses
2009-01-24 07:18:35 +00:00
Howard Chu
cf1558659b
ITS#5655 TLS_PROTOCOL_MIN from Philip Guenther
2009-01-24 03:34:49 +00:00
Kurt Zeilenga
4af9eb9715
Update copyright notices
2009-01-22 00:40:04 +00:00
Ralf Haferkamp
af79710c4d
Fixed typo
2008-12-12 10:08:07 +00:00
Howard Chu
187efdad6c
ITS#5849 free peer cert after retrieving DN
2008-12-05 09:00:24 +00:00
Howard Chu
a6933cae27
Fix prev commit
2008-11-21 05:15:20 +00:00
Howard Chu
86b5de38be
ITS#5812 add SASL_NOCANON / -N option
2008-11-21 03:30:15 +00:00
Howard Chu
0bd6ce1062
ITS#4750 only read LDAP_CONF_FILE if geteuid() != getuid()
2008-11-21 02:15:47 +00:00
Pierangelo Masarati
2eeefd4985
check for bogus params to an LDAP routine (ITS#5817)
2008-11-18 16:27:50 +00:00
Hallvard Furuseth
c7002ffed5
ITS#5815: Fix typo "#elif defined( MAXHOSTNAMELEN".
2008-11-16 22:52:56 +00:00
Howard Chu
36124c715a
ITS#5789 GNUtls - allow CN matches against IP addresses
2008-11-04 11:21:52 +00:00
Howard Chu
24078323e2
ITS#5739 fix for ITS#4879 was too eager about IPv6 detection
2008-11-03 15:44:49 +00:00
Hallvard Furuseth
8690650121
ITS#4467: Fix ptr += snprintf buffer overflow tests (made out-of-range ptr).
...
Also avoid a buf[BUFSIZ] initialization.
2008-10-24 13:11:10 +00:00
Pierangelo Masarati
6bedf74c41
tag optional stuff
2008-10-22 23:38:09 +00:00
Pierangelo Masarati
91e14ca638
add support for (experimental) dereference control (ITS#5768); need to re-run autoconf (and autoheader?)
2008-10-22 22:19:49 +00:00
Pierangelo Masarati
2b95616768
missing $OpenLDAP$ header
2008-10-22 21:57:28 +00:00
Ralf Haferkamp
e8c1147b77
reset ld->ld_errno to avoid returning error codes of previously API calls (ITS#5762)
2008-10-21 16:17:41 +00:00
Hallvard Furuseth
08852acb80
Warning cleanup: signed meets unsigned, remove assert(unsigned >= 0).
2008-10-17 23:24:48 +00:00
Hallvard Furuseth
b464a790b8
Fix Debug(%d, scred->bv_len or -1) -> Debug(%ld, (long) scred->bv_len or -1L).
...
Cast sasl_encode() arg from unsigned char* to char*.
Warning cleanup: signed meets unsigned.
2008-10-17 20:46:44 +00:00
Hallvard Furuseth
1c85cf3c88
Warning cleanup: signed meets unsigned. ber_flatten2() returns -1 on
...
error, not LBER_ERROR.
2008-10-13 08:44:54 +00:00
Howard Chu
9078381252
Cleanup unused defs
2008-10-09 11:33:49 +00:00
Howard Chu
4294664aad
ITS#5369 SASL/GSSAPi refactoring from Stefan Metzmacher <metze@samba.org>
...
and Rafal Szczeniak <mimir@samba.org>, with minor cleanups
2008-10-09 11:10:28 +00:00
Howard Chu
f7484f78e6
ITS#5369 SASL/GSSAPi refactoring from Stefan Metzmacher <metze@samba.org>
...
and Rafal Szczeniak <mimir@samba.org>, with minor cleanups
2008-10-09 10:51:28 +00:00
Howard Chu
b2432fdbf2
Add SASL_MECHLIST option to retrieve list of known SASL mechs
2008-10-09 09:28:39 +00:00
Howard Chu
c51252633b
Accept X-starttls for prev commit
2008-10-07 03:13:00 +00:00
Howard Chu
809548c88b
Handle StartTLS in URL extensions
2008-10-07 03:06:44 +00:00
Howard Chu
99186a90e0
Fix prev commit
2008-09-30 22:22:31 +00:00
Howard Chu
721264db13
ITS#5720 fix ldap_utf8_strchr arguments
2008-09-30 05:05:53 +00:00