mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
13,339 Commits 38 Branches 307 Tags 74 MiB
f8d49b01be
Commit Graph

121 Commits

Author SHA1 Message Date
Pierangelo Masarati
b3f366e0ba essentially address 3791 with a reworked patch 2005-08-11 15:13:29 +00:00
Pierangelo Masarati
ad62d9da1b expose ldap_tls_inplace() 2005-08-11 12:14:24 +00:00
Kurt Zeilenga
542f3634aa Add ldap_start_tls() and ldap_install_tls() to provide async version 
of ldap_start_tls_s().
 2005-02-01 23:53:17 +00:00
Kurt Zeilenga
dc0eacd40b Happy New Year! 2005-01-01 20:49:32 +00:00
Howard Chu
ae592801aa Add callbacks for client TLS connection establishment: 
LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG
with int (LDAP_TLS_CONNECT_CB) (LDAP *ld, SSL *ssl, SSL_CTX *ctx, void *arg)
To be called whenever the client library allocates a new SSL* handle.
 2004-11-23 03:48:09 +00:00
Ralf Haferkamp
93cec8b694 - Added autoconf test for CRL capable OpenSSL Version 
- #ifdef'd CRL checking code.
 2004-11-03 12:02:38 +00:00
Ralf Haferkamp
5704a2ef6e CRL checking options for ldap.conf and slapd.conf 2004-10-28 18:50:38 +00:00
Kurt Zeilenga
5f5d50aeb0 Add TLS cipher suite directive to ldap.conf(5) 2004-09-05 07:21:20 +00:00
Kurt Zeilenga
d611a4b49a unifdef -UNEW_LOGGING 2004-09-04 04:54:28 +00:00
Kurt Zeilenga
3484ddff18 cleanup 2004-06-22 20:20:47 +00:00
Kurt Zeilenga
5deea2b617 ITS#3134: support DNSname style wildcards in common name 
(This is not consistent with RFC 3280 or RFC 2830, but consistent
with current practices.)
Based upon patch submitted by Quanah Gibson-Mount <quanah@stanford.edu>.
 2004-05-19 02:47:30 +00:00
Kurt Zeilenga
7cfc2d1f37 back out last change 2004-04-25 04:46:45 +00:00
Kurt Zeilenga
b0830a744f Fail if default context is already initialized 2004-04-25 04:37:19 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Kurt Zeilenga
159de0f135 Updated notices and acknowledgements 2003-11-26 07:16:36 +00:00
Kurt Zeilenga
9184c3a18c Fix linking --with-cyrus-sasl and --without-tls 2003-10-17 04:27:32 +00:00
Kurt Zeilenga
2ed0725491 Fix typo in last commit 2003-05-06 15:00:58 +00:00
Kurt Zeilenga
ecb17fc30e ITS#2486: plug leak 2003-05-05 17:35:59 +00:00
Hallvard Furuseth
5ee9264465 Fix assignment of <char/int>* to unsigned <char/int>* and vice versa. 2003-05-02 13:29:28 +00:00
Howard Chu
1d2951bb5a For ITS#2424, move all SASL session management to ldap_int_sasl_bind. 2003-04-30 14:13:58 +00:00
Howard Chu
1874658ae3 More memory context tweaks 2003-04-11 01:02:08 +00:00
Kurt Zeilenga
cfd9449374 Mark a few error strings 2003-04-06 06:10:56 +00:00
Howard Chu
18df386b43 Fix ITS#2161, the check is meaningless anyway. 2003-01-30 00:28:36 +00:00
Hallvard Furuseth
120e39b533 Cast ctype.h arguments to unsigned char. 2003-01-19 14:05:23 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Pierangelo Masarati
d758296595 silence warnings 2002-12-23 12:02:29 +00:00
Howard Chu
0c2439f5ef Added subjectAltName:IPADDR tests to ldap_pvt_tls_check_hostname() 2002-12-18 21:43:17 +00:00
Hallvard Furuseth
3b591dd4f6 Fix const errors. 2002-12-11 08:30:29 +00:00
Pierangelo Masarati
256f5bbe57 silence warnings 2002-11-10 19:57:16 +00:00
Howard Chu
a9fed89e3f In sb_tls_bio_read/write, check for EAGAIN in addition to EWOULDBLOCK. 
According to read(2)/write(2) EAGAIN is the only one we're interested in.
Fixes HP-UX 11.
http://www.openldap.org/lists/openldap-software/200105/msg00564.html
 2002-10-11 06:22:24 +00:00
Howard Chu
af05dd5511 Set SSL session cache context ID 2002-09-04 07:17:31 +00:00
Howard Chu
f83d30a727 Fix previous commit - still need X509_free for peer cert. 
Just not for local/my cert.
 2002-09-04 02:28:42 +00:00
Howard Chu
5d062ef54c Don't call X509_free after SSL_get_certificate, it's not a duplicate. 2002-09-04 01:56:09 +00:00
Howard Chu
17493164ea Fix previous commit 2002-08-31 06:23:46 +00:00
Howard Chu
e3304da727 OS/390 EBCDIC support 2002-08-31 05:14:43 +00:00
Howard Chu
d9eac72099 ITS#1995 return error text when ldap_pvt_tls_check_hostname fails 2002-08-01 03:23:29 +00:00
Howard Chu
5dc098dab0 Wrap get_ca_list opendir code with #if HAVE_DIRENT_H || dirent to avoid 
compile errors on incompatible build platforms.
 2002-07-24 19:36:03 +00:00
Julius Enarusai
6107ba67d2 Coverted LDAP_LOG macro to use subsystem ID int values instead of string values 2002-07-11 20:33:24 +00:00
Howard Chu
07ffaeaac8 ITS#1924 use GENERAL_NAMES_free instead of ext_free. 2002-07-05 21:59:02 +00:00
Howard Chu
6f8b100f6b Finish implementation of get_ca_list() 2002-06-14 06:09:24 +00:00
Howard Chu
3590877b77 Initialize authid in case ldap_pvt_tls_get_my_dn fails 2002-05-04 01:32:41 +00:00
Howard Chu
0390a171b9 Changed default tls_opt_require_cert value to LDAP_OPT_X_TLS_DEMAND; force 
a fatal error when TLS server cert verification fails.

Changed ldap_pvt_tls_check_hostname to return LDAP_SUCCESS when no cert is
found: this can now only occur if tls_opt_require_cert was explicitly set
to NEVER or ALLOW.

In tls_verify_cb, added a text translation of the verification error code
to the debug message.
 2002-05-04 00:05:48 +00:00
Kurt Zeilenga
d82d018f20 add an RFC 2849 check... but behind #if 0 as I'm now thinking this 
is not appropriate.
 2002-05-01 04:40:26 +00:00
Kurt Zeilenga
96483c8dcd cleanup before working on changes 2002-05-01 04:23:59 +00:00
Howard Chu
de3e81cebb Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result 
in dn parameter and return a result code.
 2002-04-30 13:50:56 +00:00
Howard Chu
5528772f23 In ldap_int_tls_start, authid is very temporary, not const. 2002-04-19 04:35:16 +00:00
Howard Chu
202aa8c793 Fix memory leak in previous commit 2002-04-18 16:02:02 +00:00
Howard Chu
17ae956518 Added ldap_X509dn2bv() 
deleted ldap_pvt_tls_get_peer()
  changed ldap_pvt_tls_get_peer_dn() to use ldap_X509dn2bv()
  added ldap_pvt_tls_get_my_dn()
 2002-04-18 12:29:30 +00:00
Pierangelo Masarati
4a8ab5dbf2 Mostly based on patches provided by Hallvard B. Furuseth 
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required

Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
        ambiguous operator precedence)

Kurt, please regenerate configure
 2002-04-08 09:43:22 +00:00
Howard Chu
5c70106657 ITS#1708 ldap_pvt_tls_sb_ctx() et al 2002-04-05 06:48:03 +00:00