Howard Chu
d4f2a06887
Check for CN length match as well in chkhost
2009-07-30 21:52:09 +00:00
Howard Chu
91dc4501d4
Add VLV Error
2009-07-13 13:13:38 +00:00
Hallvard Furuseth
bbe015f65b
ITS#6197 - normalize & speed up ldap_err2string/ldap_perror():
...
Use same result code -> string mapping for both, removing ldap_int_error():
- Classify unknown error codes as API/extension/etc like _err2string did.
- Pass all strings through _(), i.e. the optional gettext, as _perror did.
Also use a switch instead of linear search for the code->string mapping.
Hopefully the compiler will optimize that. Though the extra gettext,
if anyone uses it, probably counters that speedup.
2009-07-07 20:05:09 +00:00
Howard Chu
8680c13c5f
Cleanup ciphernum
2009-07-03 02:06:24 +00:00
Howard Chu
d95bc8d2d8
Acknowledge richm
2009-07-02 23:19:44 +00:00
Howard Chu
4b8485c47a
ITS#5696 Additional MozNSS support from rmeggins@redhat.com
2009-07-02 23:10:23 +00:00
Howard Chu
de91bde800
ITS#6192 add all digests. Also stop using SSLeay-compatible function
...
names, we're only concerned with OpenSSL these days.
2009-07-01 23:46:36 +00:00
Hallvard Furuseth
13cbd433bd
Cast getpeername() arg from struct sockaddr_un* to struct sockaddr*
2009-06-11 16:21:52 +00:00
Ralf Haferkamp
5725d5d6e9
Introduce options to configure tcp-keepalive settings per connection. These
...
settings only work on Linux and are ignore when not supported (see
discussion on -devel)
2009-05-06 13:14:36 +00:00
Pierangelo Masarati
99fe30b326
(nearly blind) fix for NULL in TLS error message (ITS#6079)
2009-04-29 11:31:39 +00:00
Ralf Haferkamp
eec889f6d9
more warning fixes
2009-04-24 09:48:08 +00:00
Howard Chu
e223d0b124
ITS#6053 must use gnutls_x509_privkey_init()
2009-04-11 03:53:26 +00:00
Howard Chu
0ba084d8b0
More cleanup
2009-03-05 09:15:02 +00:00
Howard Chu
c3f8e67615
Tweak prev commit
2009-03-05 09:13:26 +00:00
Howard Chu
9bc829dbef
ITS#5991 build cert chain, GnuTLS doesn't do it for us
2009-03-05 08:04:49 +00:00
Howard Chu
54ed3779d6
ITS#5992 trust X509v1 CA certs
2009-03-05 04:35:49 +00:00
Howard Chu
bd312123d6
ITS#5980 clear res_matched after successfully chasing referral
2009-03-03 17:57:24 +00:00
Howard Chu
ee5b6762ae
ITS#5980 - find_connection should match URLs with empty hostname
2009-03-03 17:56:44 +00:00
Howard Chu
a1861fd162
ITS#5849 patch was wrong, don't X509_free session cert
2009-03-02 17:43:38 +00:00
Howard Chu
c3cff40c1c
ITS#5981 fix GnuTLS TLSVerifyClient try
2009-03-02 03:01:41 +00:00
Howard Chu
e5e9191aeb
ITS#5976 check for cert/DN
2009-02-25 21:48:10 +00:00
Howard Chu
64884e7c6c
Don't call NSS_Shutdown if someone else init'd the library
2009-02-25 10:14:00 +00:00
Pierangelo Masarati
0d6e859846
fix ldap namespace (part of ITS#5974)
2009-02-24 21:09:41 +00:00
Pierangelo Masarati
ed97e96944
re-fix ITS#5916
2009-02-20 01:07:00 +00:00
Quanah Gibson-Mount
3b743a3b79
Revert part of last commit
...
Remove erroneous comment
2009-02-17 21:47:09 +00:00
Quanah Gibson-Mount
83cb8883a6
More for ITS#5955
...
Also special case rand file bits that are OpenSSL only
2009-02-17 21:39:50 +00:00
Quanah Gibson-Mount
331a57fa37
ITS#5955
2009-02-17 21:32:09 +00:00
Pierangelo Masarati
040f945d36
fix misc warnings
2009-02-15 21:59:16 +00:00
Howard Chu
f38d2df19b
Add comments about ITS#3134, #5938 , RFC4513 for posterity. This
...
file will be moving to the Attic...
2009-02-11 01:35:56 +00:00
Howard Chu
b886c2ad8a
ITS#5937 fix ancient IPv6 typo
2009-02-10 13:27:22 +00:00
Howard Chu
80c6ea52ea
ITS#5853 restructure wait4msg / try_read1msg again. Consolidate
...
the two try_read1msg cases into one, bump refcnts to prevent
lconn's from being freed prematurely.
2009-02-10 09:51:31 +00:00
Howard Chu
fbf42baefa
ITS#5934 fix NULL pointer deref
2009-02-09 21:14:46 +00:00
Howard Chu
4bc8cb6336
ITS#5928 hide all ldap_pvt_tls APIs when !HAVE_TLS
2009-02-08 03:25:48 +00:00
Howard Chu
ff8838aa28
ITS#5920 restore old HAS_TLS test
2009-02-04 08:56:04 +00:00
Howard Chu
2b08e96b53
ITS#5916 - externally callable functions are ldap_pvt, not ldap_int.
2009-02-02 21:14:34 +00:00
Pierangelo Masarati
0ded1f16d5
Allow alias dereferencing in search C API; use new API in proxy backends (ITS#5916)
2009-01-31 10:27:07 +00:00
Howard Chu
08905d6792
ITS#5789 again
2009-01-26 21:08:55 +00:00
Howard Chu
f59ce2b9a1
ITS#5462 add randfile support for gcrypt 1.4
2009-01-26 03:41:27 +00:00
Howard Chu
2558951251
ITS#5887 add native support for cipher suites for GnuTLS >= 2.2.0
2009-01-26 03:21:16 +00:00
Howard Chu
f9fd0f0cc4
ITS#5655 for new structure
2009-01-26 02:16:46 +00:00
Howard Chu
4dff3e6807
Switch to using modular TLS code, single-implementation version
2009-01-26 02:06:45 +00:00
Howard Chu
988fb232d2
ITS#5896 don't return immediately on Intermediate responses
2009-01-24 07:18:35 +00:00
Howard Chu
cf1558659b
ITS#5655 TLS_PROTOCOL_MIN from Philip Guenther
2009-01-24 03:34:49 +00:00
Kurt Zeilenga
4af9eb9715
Update copyright notices
2009-01-22 00:40:04 +00:00
Ralf Haferkamp
af79710c4d
Fixed typo
2008-12-12 10:08:07 +00:00
Howard Chu
187efdad6c
ITS#5849 free peer cert after retrieving DN
2008-12-05 09:00:24 +00:00
Howard Chu
a6933cae27
Fix prev commit
2008-11-21 05:15:20 +00:00
Howard Chu
86b5de38be
ITS#5812 add SASL_NOCANON / -N option
2008-11-21 03:30:15 +00:00
Howard Chu
0bd6ce1062
ITS#4750 only read LDAP_CONF_FILE if geteuid() != getuid()
2008-11-21 02:15:47 +00:00
Pierangelo Masarati
2eeefd4985
check for bogus params to an LDAP routine (ITS#5817)
2008-11-18 16:27:50 +00:00