Howard Chu
c0ff8e8a21
Delete extraneous #define
...
Was only for convenience during testing
2017-04-19 19:27:02 +01:00
Quanah Gibson-Mount
87f3477626
Fix autoca build with OpenSSL 1.1.0
2017-04-18 13:40:05 -07:00
Quanah Gibson-Mount
49e61a23cd
Regenerate configure
2017-04-18 08:23:18 -07:00
Quanah Gibson-Mount
626ba7eca7
Fix 9bafb16e1b
- autoca support
2017-04-18 08:22:56 -07:00
Quanah Gibson-Mount
45f131616b
ITS#8643 - Fix typo
2017-04-18 08:01:26 -07:00
Quanah Gibson-Mount
42bc6ed991
ITS#8634 - Fix DES API function calls to current DES API
2017-04-14 12:27:14 -07:00
Ondřej Kuzník
af78f2ef64
ITS#8632 request the correct type
2017-04-10 14:26:56 +01:00
Ondřej Kuzník
1b14198ad9
ITS#8631 Initialize sal
2017-04-10 14:24:56 +01:00
Howard Chu
29833786ad
Cleanup unused vars
2017-04-10 00:54:21 +01:00
Howard Chu
d089b3c0d1
Tweak privateKeyValidate
...
Only accept PKCS#8 private keys
2017-04-10 00:51:09 +01:00
Howard Chu
9e051001d4
Add GnuTLS support for direct DER config of cacert/cert/key
...
Followon to b402a2805f
2017-04-10 00:21:08 +01:00
Howard Chu
25dc9e99ea
Cleanup warnings, unused vars, etc.
2017-04-09 23:42:22 +01:00
Howard Chu
cff264c6e1
Fix autoca schema init
...
Wait for core.schema to get loaded
2017-04-09 22:45:36 +01:00
Howard Chu
44a3653d90
Cleanup test066 comments
2017-04-09 21:37:55 +01:00
Howard Chu
dacf15475f
autoca manpage updates
2017-04-09 20:48:37 +01:00
Howard Chu
9bafb16e1b
Add autoca test script
2017-04-09 20:33:50 +01:00
Howard Chu
268f71cb27
autoca fixups
...
Move install of CA cert to a pool thread, otherwise cn=config deadlocks
on dynamically loaded overlay.
Dup/release entry before attempting to modify it, to avoid deadlocks
in back-bdb/hdb.
Always use PKCS#8 format when storing private keys.
2017-04-09 20:31:11 +01:00
Howard Chu
f33c7d1ee6
Fixup for ;binary config attrs
...
Use the plain attributeDescription when searching config tables
2017-04-09 20:29:47 +01:00
Howard Chu
0f9ec8322f
Add localDN config
...
If a cert is generated for this DN, configure it as the local
TLS cert/key
2017-04-09 16:44:14 +01:00
Howard Chu
b939bb519e
Set the CA cert in cn=config if none was already set
2017-04-09 15:42:17 +01:00
Howard Chu
c9ccdf8554
Fixup pause handling, silence warnings
...
Don't try to resume the pool if pausing failed.
2017-04-09 15:41:16 +01:00
Howard Chu
13c39b98b5
Fixup handle_pause()
...
Return -1 if running on the main thread - which means there
are no worker threads to pause.
2017-04-09 15:39:44 +01:00
Howard Chu
2e011eeb67
Fixup cacert option
2017-04-09 15:39:13 +01:00
Howard Chu
a336241e0e
Add ldap_pvt_thread_pool_queues decl
...
Was missing from 0ef9e6107b
2017-04-09 15:35:05 +01:00
Howard Chu
7b41feed83
Support setting cacert/cert/key directly in cn=config entry
2017-04-09 14:51:25 +01:00
Howard Chu
83fb515555
Fixup cacert/cert/key options
...
Add get_option support, allow delete by setting a NULL arg.
2017-04-09 14:49:48 +01:00
Howard Chu
2860fd4c6c
Move privateKey schema into slapd
2017-04-09 14:16:56 +01:00
Howard Chu
6b573cea57
Flesh out experimental OIDs
2017-04-09 13:47:25 +01:00
Howard Chu
79284a06d3
Catalog of assigned OID arcs
...
With some specific elements as well, but not exhaustively listed.
Patches welcome.
2017-04-09 03:55:01 +01:00
Howard Chu
2012795d3b
Add config support for binary values
...
Use base64 for .conf files, straight binary for back-config
2017-04-09 02:26:41 +01:00
Howard Chu
b402a2805f
Add options to use DER format cert+keys directly
...
Instead of loading from files.
2017-04-09 00:13:42 +01:00
Howard Chu
2b920ecaec
Add autoca overlay
...
Automated certificate authority
2017-04-08 02:51:08 +01:00
Ondřej Kuzník
ec5af7b5e7
ITS#6545 Update accesslog format and syncrepl consumer
...
Make two successive modifications of the same attribute separate. This
lets the consumer interpret the log entry the same way as the server
that produced it.
Still depends on the log entry attributes being read in the same order
as they were written.
2017-04-07 14:39:07 -07:00
Quanah Gibson-Mount
eb8f1a7247
ITS#8353, ITS#8533 - Cleanup for libldap_r
2017-04-07 13:39:11 -07:00
Quanah Gibson-Mount
6ced84af79
ITS#8353, ITS#8533 - Fix libldap_r compilation
2017-04-06 15:12:02 -07:00
Quanah Gibson-Mount
01cbb7f4c6
ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later
2017-04-06 11:47:06 -07:00
Ondřej Kuzník
46c85a32ae
ITS#8266 Allow empty mods
2017-03-30 15:27:45 -07:00
Quanah Gibson-Mount
207fde15eb
ITS#7700 - Update documentation about the "limits" configuration option
2017-03-29 14:29:25 -07:00
Quanah Gibson-Mount
515ac60fdc
ITS#7700 - Update syncrepl configuration bits with missing parameters
2017-03-29 13:47:13 -07:00
Quanah Gibson-Mount
b1e1904a8c
ITS#7177, ITS#6339 - Fix VV option information
2017-03-29 12:36:42 -07:00
Jan Vcelak
54c4df72dd
ITS#7177 add SASL_NOCANON option to ldap.conf(5)
2017-03-29 12:35:09 -07:00
Quanah Gibson-Mount
92559cc663
ITS#7341 Fix typo in access control so that it is attrs= not attr=
2017-03-29 12:00:26 -07:00
Gerardo Santana
1ae58200fe
ITS#8499 Fix typo in admin guide
2017-03-29 10:52:48 -07:00
Ondřej Kuzník
59fbc28dbc
ITS#8513 Update TOTP README
2017-03-29 10:51:22 -07:00
Quanah Gibson-Mount
2c84446240
ITS#8587 - Fix typos
2017-03-29 10:44:55 -07:00
Ondřej Kuzník
e56a849e5d
ITS#8625 Separate Avlnode and TAvlnode types
...
Switch AVL_CHILD/AVL_THREAD values and set Avlnode bits to AVL_CHILD for
better compatibility between avl and tavl as suggested by Howard.
2017-03-29 14:52:44 +01:00
Howard Chu
a0cc1d9655
ITS#8054 add queue time to log
...
Show time spent in conn+threadpool queues before an op actually executes.
Also clean up timestamp handling
2017-03-16 14:21:31 +00:00
Howard Chu
e12ca8b6fe
Fixes for multiple threadpool queues
...
Remove poolq_hash, it wasn't distributing work evenly to the queues.
Just walk through all queues and use the one with smallest
active+pending count. Since pool_retract also relied on the hash,
a different means of locating the thread to retract was needed.
Add pool_submit2 which returns the threadpool task structure,
and record which poolq this task lives on.
2017-03-15 11:13:09 +00:00
Ondřej Kuzník
53c6c9d16b
ITS#8574 - Deal with rDN correctly
...
This fixes issues with values that need escaping in the rDN when an
incorrect value would be passed to the handler and back-ldif.
2017-03-08 15:32:17 -08:00
Howard Guo
4962dd6083
ITS#8529 Avoid hiding the error if user specified CA does not load
...
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.
This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
2017-02-22 09:56:17 -08:00