mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
22,197 Commits 38 Branches 307 Tags 74 MiB
a336241e0e
Commit Graph

44 Commits

Author SHA1 Message Date
Howard Chu
b402a2805f Add options to use DER format cert+keys directly 
Instead of loading from files.
 2017-04-09 00:13:42 +01:00
Quanah Gibson-Mount
eb8f1a7247 ITS#8353, ITS#8533 - Cleanup for libldap_r 2017-04-07 13:39:11 -07:00
Quanah Gibson-Mount
6ced84af79 ITS#8353, ITS#8533 - Fix libldap_r compilation 2017-04-06 15:12:02 -07:00
Quanah Gibson-Mount
01cbb7f4c6 ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later 2017-04-06 11:47:06 -07:00
Howard Guo
4962dd6083 ITS#8529 Avoid hiding the error if user specified CA does not load 
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.

This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
 2017-02-22 09:56:17 -08:00
Howard Chu
2bf650d95e ITS#8533 OpenSSL 1.1.0c compat 2017-01-11 14:12:45 +00:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Howard Chu
6bb6d5e3c6 ITS#8353 more for OpenSSL 1.1 compat 
tmp_rsa callback has been removed from OpenSSL 1.1
Use new X509_NAME accessor function to retrieve DER bytes
 2016-01-31 03:29:28 +00:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Howard Chu
f3a7bf79db ITS#8353 partial fix 
Use newly added SSL_CTX_up_ref()
Still waiting for X509_NAME accessor
 2016-01-26 18:06:46 +00:00
Howard Chu
f2d0aa7d22 ITS#8353 partial fixes 
ERR_remove_state() is deprecated since OpenSSL 1.0.0
Use X509_NAME_ENTRY_get_object() instead of direct access.
 2016-01-21 18:05:42 +00:00
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Kurt Zeilenga
5c878c1bf2 Happy new year (belated) 2014-01-25 05:21:25 -08:00
Howard Chu
16f8b0902c ITS#7398 add LDAP_OPT_X_TLS_PEERCERT 
retrieve peer cert for an active TLS session
 2013-09-10 04:31:39 -07:00
Howard Chu
721e46fe66 ITS#7595 don't try to use EC if OpenSSL lacks it 2013-09-08 06:32:23 -07:00
Howard Chu
7d6d6944c5 ITS#7683 log tls prot/cipher info 
Note: I could not test the MozNSS patch due to the absence of
NSS PEM support on my machine. Given the review comments in
https://bugzilla.mozilla.org/show_bug.cgi?id=402712 I doubt that
trustworthy PEM support will be appearing for MozNSS any time soon.
 2013-09-07 12:22:09 -07:00
Howard Chu
e631ce808e ITS#7595 Add Elliptic Curve support for OpenSSL 2013-09-07 09:47:40 -07:00
Howard Chu
cfeb28412c ITS#7506 fix prev commit 
The patch unconditionally enabled DHparams, which is a significant
change of behavior. Reverting to previous behavior, which only enables
DH use if a DHparam file was configured.
 2013-09-07 06:39:53 -07:00
Ben Jencks
6f120920d3 ITS#7506 tls_o.c: Fix Diffie-Hellman parameter usage. 
If a DHParamFile or olcDHParamFile is specified, then it will be used,
otherwise a hardcoded 1024 bit parameter will be used. This allows the use of
larger parameters; previously only 512 or 1024 bit parameters would ever be
used.
 2013-09-07 06:33:39 -07:00
Howard Chu
ca310ebff4 Add channel binding support 
Currently only implemented for OpenSSL.
Needs an option to set the criticality flag.
 2013-08-26 23:31:48 -07:00
Philip Guenther
c6cf495247 ITS#7645 more OpenSSL TLS versions 2013-07-29 07:01:15 -07:00
Kurt Zeilenga
0fd1bf30b8 Happy New Year 2013-01-02 10:22:57 -08:00
Howard Chu
bb921063e0 ITS#7194 fix IPv6 URL detection 2012-03-08 19:35:44 -08:00
Hallvard Furuseth
1a931a86ee Silence 'assign away const' warning 2012-01-24 01:45:51 +01:00
Kurt Zeilenga
2bbf9804b9 Happy New Year! 2012-01-01 07:10:53 -08:00
Kurt Zeilenga
966cef8c9a Happy New Year 2011-01-05 00:42:37 +00:00
Hallvard Furuseth
16b7df8397 ITS#6625 Remove some LDAP_R_COMPILEs 2010-12-06 11:31:58 +00:00
Kurt Zeilenga
3dadeb3efe happy belated New Year 2010-04-13 22:17:29 +00:00
Howard Chu
86c361cdb8 In tmp_rsa_cb, new API is in 0.9.8 inclusive, not exclusive 2010-04-12 03:21:05 +00:00
Hallvard Furuseth
7b22b22202 ITS#6355: Fix uninitialiezed lso_tmp_rsa_cb() return value 2009-10-30 17:08:57 +00:00
Ralf Haferkamp
8fcdc29405 In case of certificate verification failures include failure reason 
into the error message (openssl only)
 2009-09-30 16:25:23 +00:00
Howard Chu
e0431681ad On OpenSSL 0.9.8 and newer, use RSA_generate_key_ex since 
RSA_generate_key is deprecated
 2009-09-25 23:31:24 +00:00
Pierangelo Masarati
9abaf38d1f silence warnings 2009-08-19 12:23:27 +00:00
Hallvard Furuseth
791035d93f Fix last commit: cast strcasecmp unsigned char* to char* 2009-08-07 21:46:25 +00:00
Howard Chu
e229b7c398 In session_chkhost get the last CN, not the first. 2009-08-07 11:59:42 +00:00
Howard Chu
d4f2a06887 Check for CN length match as well in chkhost 2009-07-30 21:52:09 +00:00
Howard Chu
de91bde800 ITS#6192 add all digests. Also stop using SSLeay-compatible function 
names, we're only concerned with OpenSSL these days.
 2009-07-01 23:46:36 +00:00
Howard Chu
a1861fd162 ITS#5849 patch was wrong, don't X509_free session cert 2009-03-02 17:43:38 +00:00
Howard Chu
b886c2ad8a ITS#5937 fix ancient IPv6 typo 2009-02-10 13:27:22 +00:00
Howard Chu
f9fd0f0cc4 ITS#5655 for new structure 2009-01-26 02:16:46 +00:00
Howard Chu
4dff3e6807 Switch to using modular TLS code, single-implementation version 2009-01-26 02:06:45 +00:00
Kurt Zeilenga
4af9eb9715 Update copyright notices 2009-01-22 00:40:04 +00:00
Howard Chu
187efdad6c ITS#5849 free peer cert after retrieving DN 2008-12-05 09:00:24 +00:00
Howard Chu
a225b02f17 Modular TLS support, proof of concept. tls2.c would replace tls.c, 
but I'm leaving tls.c intact for now.
 2008-08-13 16:18:51 +00:00