mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,156 Commits 38 Branches 307 Tags 74 MiB
b04483a6a2
Commit Graph

86 Commits

Author SHA1 Message Date
Howard Chu
d9eac72099 ITS#1995 return error text when ldap_pvt_tls_check_hostname fails 2002-08-01 03:23:29 +00:00
Howard Chu
5dc098dab0 Wrap get_ca_list opendir code with #if HAVE_DIRENT_H || dirent to avoid 
compile errors on incompatible build platforms.
 2002-07-24 19:36:03 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Howard Chu
07ffaeaac8 ITS#1924 use GENERAL_NAMES_free instead of ext_free. 2002-07-05 21:59:02 +00:00
Howard Chu
6f8b100f6b Finish implementation of get_ca_list() 2002-06-14 06:09:24 +00:00
Howard Chu
3590877b77 Initialize authid in case ldap_pvt_tls_get_my_dn fails 2002-05-04 01:32:41 +00:00
Howard Chu
0390a171b9 Changed default tls_opt_require_cert value to LDAP_OPT_X_TLS_DEMAND; force 
a fatal error when TLS server cert verification fails.

Changed ldap_pvt_tls_check_hostname to return LDAP_SUCCESS when no cert is
found: this can now only occur if tls_opt_require_cert was explicitly set
to NEVER or ALLOW.

In tls_verify_cb, added a text translation of the verification error code
to the debug message.
 2002-05-04 00:05:48 +00:00
Kurt Zeilenga
d82d018f20 add an RFC 2849 check... but behind #if 0 as I'm now thinking this 
is not appropriate.
 2002-05-01 04:40:26 +00:00
Kurt Zeilenga
96483c8dcd cleanup before working on changes 2002-05-01 04:23:59 +00:00
Howard Chu
de3e81cebb Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result 
in dn parameter and return a result code.
 2002-04-30 13:50:56 +00:00
Howard Chu
5528772f23 In ldap_int_tls_start, authid is very temporary, not const. 2002-04-19 04:35:16 +00:00
Howard Chu
202aa8c793 Fix memory leak in previous commit 2002-04-18 16:02:02 +00:00
Howard Chu
17ae956518 Added ldap_X509dn2bv() 
deleted ldap_pvt_tls_get_peer()
  changed ldap_pvt_tls_get_peer_dn() to use ldap_X509dn2bv()
  added ldap_pvt_tls_get_my_dn()
 2002-04-18 12:29:30 +00:00
Pierangelo Masarati
4a8ab5dbf2 Mostly based on patches provided by Hallvard B. Furuseth 
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required

Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
        ambiguous operator precedence)

Kurt, please regenerate configure
 2002-04-08 09:43:22 +00:00
Howard Chu
5c70106657 ITS#1708 ldap_pvt_tls_sb_ctx() et al 2002-04-05 06:48:03 +00:00
Kurt Zeilenga
b0b8546f05 Patch: More format bugs (ITS#1702) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
 2002-04-02 18:56:26 +00:00
Julius Enarusai
e86782aab9 Added LDAP_LOG messages 2002-04-01 23:39:36 +00:00
Kurt Zeilenga
fcf9f451a5 Copyright 2001, Adrian Thurston, All rights reserved. 
This software is not subject to any license of
Xandros Corporation.

This is free software; you can redistribute and use it under the same
terms as OpenLDAP itself.

 -------------------------------------------------------------------
This patch adds an option to ldap_get_option which can be called after
ldap_start_tls in order to obtain the pointer to the SSL object used
 2002-03-11 03:39:08 +00:00
Howard Chu
63a4a19732 Send a warning to the client if we try to use a bad cert. 2002-01-27 03:48:08 +00:00
Howard Chu
c3c85b4062 Extended TLS_REQCERT/TLSVerifyClient syntax to 4 states: never,allow,try, 
and hard/demand.
 2002-01-27 02:56:18 +00:00
Howard Chu
c81d2bb855 Fix, errno was incorrect after SSL_read returned 0 bytes, caused slapd to 
close the connection prematurely.
 2002-01-26 13:43:22 +00:00
Howard Chu
923e64156d More cleanup in ldap_pvt_tls_destroy() 2002-01-12 02:31:41 +00:00
Howard Chu
07119f7342 Fix ldap_start_tls_s, don't check for TLS present on a non-existent sockbuf 2002-01-12 02:25:22 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
fca5613e98 Hide (make static) sb_bio_method and tls_sbio structures. They're 
already completely hidden by accessor functions.
 2002-01-02 22:29:11 +00:00
Kurt Zeilenga
943800a534 We "understand" localhost to be same as the local hostname as 
returned by gethostname().
 2001-12-17 23:56:16 +00:00
Howard Chu
88e3454654 Add #include <openssl/safestack.h> to fix ITS#1412 2001-11-30 02:37:39 +00:00
Howard Chu
33ace5610c Added ldap_pvt_tls_destroy() to cleanup TLS library on shutdown 2001-11-06 20:52:59 +00:00
Pierangelo Masarati
192f83540c missing leading quote 2001-10-25 18:56:06 +00:00
Kurt Zeilenga
187f190fb6 Don't pass NULL string pointers to Debug 2001-10-25 18:32:59 +00:00
Kurt Zeilenga
7a4b9e3c32 Minor cleanup 2001-09-18 17:35:47 +00:00
Howard Chu
e4d8a87ddc Silence some typecast warnings 2001-09-18 05:22:53 +00:00
Howard Chu
966616b274 Don't pass NULL hostname to ldap_pvt_tls_check_hostname, use "localhost" 2001-09-18 05:19:55 +00:00
Kurt Zeilenga
241d6a558e Remove dead code 2001-09-09 04:47:03 +00:00
Kurt Zeilenga
553d80cedd Blindly fix TLS/SASL external interaction. 2001-09-09 03:42:26 +00:00
Kurt Zeilenga
05c9d4bfda Fix TLS ldap.conf issues 2001-09-05 21:22:41 +00:00
Howard Chu
f3501cbf50 Fix ldap_int_tls_start to set its error codes in ld->ld_errno. 2001-09-02 12:06:41 +00:00
Howard Chu
b10e0029a5 Full implementation of server identity checking per RFC2830 section 3.6 2001-09-02 11:23:28 +00:00
Howard Chu
44a3160fec Remove redundant call of SSL_set_info_callback, to allow users 
to override it in the SSL_CTX.
 2001-08-29 20:28:08 +00:00
Kurt Zeilenga
05960887bb Fix -H ldaps:// crashes due to rework of TLS code 2001-08-27 20:22:28 +00:00
Kurt Zeilenga
16fa8c4a21 Fix bug introduced during TLS rework 2001-08-02 04:20:11 +00:00
Kurt Zeilenga
77f776dfd1 Another round of TLS updates to support secure referral chasing 2001-06-25 19:17:42 +00:00
Kurt Zeilenga
350ffe6d15 Rework tls check 
Needs to be connection specific
 2001-06-25 18:20:14 +00:00
Kurt Zeilenga
c4f5497ac6 move TLS ctx to lconn struct in prep for supporting TLS with referrals 
need to rework cert check to use per lconn host name
 2001-06-25 07:33:42 +00:00
Kurt Zeilenga
4a23c08678 Fix up error handling 2001-06-22 21:01:04 +00:00
Kurt Zeilenga
deb9644a8a Should not be using reverse lookup names to check certificates. 2001-05-19 23:07:46 +00:00
Kurt Zeilenga
c0a06f25c2 Add ldap_pvt_tls_get_peer_dn() routine. Returns peer as an LDAP DN. 2001-01-18 00:40:58 +00:00
Kurt Zeilenga
1d1c1edf44 update rand file after use 2001-01-10 21:14:13 +00:00
Kurt Zeilenga
6053ed1058 ITS#903: validate hostname in server cert from Norbert Klasen 
adapted as needed.
 2000-11-22 20:23:38 +00:00
Kurt Zeilenga
511a84bc31 First cut of SASL/EXTERNAL 2000-10-31 23:00:35 +00:00